Associate your S3 Access Grants instance with an Amazon Web Services IAM Identity Center instance. Use this action if you want to create access grants for users or groups from your corporate identity directory. First, you must add your corporate identity directory to Amazon Web Services IAM Identity Center. Then, you can associate this IAM Identity Center instance with your S3 Access Grants instance.
You must have the s3:AssociateAccessGrantsIdentityCenter permission to use this operation.
You must also have the following permissions: sso:CreateApplication, sso:PutApplicationGrant, and sso:PutApplicationAuthenticationMethod.
Creates an access grant that gives a grantee access to your S3 data. The grantee can be an IAM user or role or a directory user, or group. Before you can create a grant, you must have an S3 Access Grants instance in the same Region as the S3 data. You can create an S3 Access Grants instance using the CreateAccessGrantsInstance. You must also have registered at least one S3 data location in your S3 Access Grants instance using CreateAccessGrantsLocation.
You must have the s3:CreateAccessGrant permission to use this operation.
For any directory identity - sso:DescribeInstance and sso:DescribeApplication
For directory users - identitystore:DescribeUser
For directory groups - identitystore:DescribeGroup
Creates an S3 Access Grants instance, which serves as a logical grouping for access grants. You can create one S3 Access Grants instance per Region per account.
You must have the s3:CreateAccessGrantsInstance permission to use this operation.
To associate an IAM Identity Center instance with your S3 Access Grants instance, you must also have the sso:DescribeInstance, sso:CreateApplication, sso:PutApplicationGrant, and sso:PutApplicationAuthenticationMethod permissions.
The S3 data location that you would like to register in your S3 Access Grants instance. Your S3 data must be in the same Region as your S3 Access Grants instance. The location can be one of the following:
The default S3 location s3://
A bucket - S3://<bucket-name>
A bucket and prefix - S3://<bucket-name>/<prefix>
When you register a location, you must include the IAM role that has permission to manage the S3 location that you are registering. Give S3 Access Grants permission to assume this role using a policy. S3 Access Grants assumes this role to manage access to the location and to vend temporary credentials to grantees or client applications.
You must have the s3:CreateAccessGrantsLocation permission to use this operation.
You must also have the following permission for the specified IAM role: iam:PassRole
This operation is not supported by directory buckets.
Creates an access point and associates it with the specified bucket. For more information, see Managing Data Access with Amazon S3 Access Points in the Amazon S3 User Guide.
S3 on Outposts only supports VPC-style access points.
For more information, see Accessing Amazon S3 on Outposts using virtual private cloud (VPC) only access points in the Amazon S3 User Guide.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.
The following actions are related to CreateAccessPoint:
This operation is not supported by directory buckets.
Creates an Object Lambda Access Point. For more information, see Transforming objects with Object Lambda Access Points in the Amazon S3 User Guide.
The following actions are related to CreateAccessPointForObjectLambda:
This action creates an Amazon S3 on Outposts bucket. To create an S3 bucket, see Create Bucket in the Amazon S3 API Reference.
Creates a new Outposts bucket. By creating the bucket, you become the bucket owner. To create an Outposts bucket, you must have S3 on Outposts. For more information, see Using Amazon S3 on Outposts in Amazon S3 User Guide.
Not every string is an acceptable bucket name. For information on bucket naming restrictions, see Working with Amazon S3 Buckets.
S3 on Outposts buckets support:
Tags
LifecycleConfigurations for deleting expired objects
For a complete list of restrictions and Amazon S3 feature limitations on S3 on Outposts, see Amazon S3 on Outposts Restrictions and Limitations.
For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and x-amz-outpost-id in your API request, see the Examples section.
The following actions are related to CreateBucket for Amazon S3 on Outposts:
This operation creates an S3 Batch Operations job.
You can use S3 Batch Operations to perform large-scale batch actions on Amazon S3 objects. Batch Operations can run a single action on lists of Amazon S3 objects that you specify. For more information, see S3 Batch Operations in the Amazon S3 User Guide.
For information about permissions required to use the Batch Operations, see Granting permissions for S3 Batch Operations in the Amazon S3 User Guide.
Related actions include:
", "endpoint": { "hostPrefix": "{AccountId}." }, "staticContextParams": { "RequiresAccountId": { "value": true } } }, "CreateMultiRegionAccessPoint": { "name": "CreateMultiRegionAccessPoint", "http": { "method": "POST", "requestUri": "/v20180820/async-requests/mrap/create" }, "input": { "shape": "CreateMultiRegionAccessPointRequest", "locationName": "CreateMultiRegionAccessPointRequest", "xmlNamespace": { "uri": "http://awss3control.amazonaws.com/doc/2018-08-20/" } }, "output": { "shape": "CreateMultiRegionAccessPointResult" }, "documentation": "This operation is not supported by directory buckets.
Creates a Multi-Region Access Point and associates it with the specified buckets. For more information about creating Multi-Region Access Points, see Creating Multi-Region Access Points in the Amazon S3 User Guide.
This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around working with Multi-Region Access Points, see Multi-Region Access Point restrictions and limitations in the Amazon S3 User Guide.
This request is asynchronous, meaning that you might receive a response before the command has completed. When this request provides a response, it provides a token that you can use to monitor the status of the request with DescribeMultiRegionAccessPointOperation.
The following actions are related to CreateMultiRegionAccessPoint:
Creates a new S3 Storage Lens group and associates it with the specified Amazon Web Services account ID. An S3 Storage Lens group is a custom grouping of objects based on prefix, suffix, object tags, object size, object age, or a combination of these filters. For each Storage Lens group that you’ve created, you can also optionally add Amazon Web Services resource tags. For more information about S3 Storage Lens groups, see Working with S3 Storage Lens groups.
To use this operation, you must have the permission to perform the s3:CreateStorageLensGroup action. If you’re trying to create a Storage Lens group with Amazon Web Services resource tags, you must also have permission to perform the s3:TagResource action. For more information about the required Storage Lens Groups permissions, see Setting account permissions to use S3 Storage Lens groups.
For information about Storage Lens groups errors, see List of Amazon S3 Storage Lens error codes.
", "endpoint": { "hostPrefix": "{AccountId}." }, "staticContextParams": { "RequiresAccountId": { "value": true } } }, "DeleteAccessGrant": { "name": "DeleteAccessGrant", "http": { "method": "DELETE", "requestUri": "/v20180820/accessgrantsinstance/grant/{id}" }, "input": { "shape": "DeleteAccessGrantRequest" }, "documentation": "Deletes the access grant from the S3 Access Grants instance. You cannot undo an access grant deletion and the grantee will no longer have access to the S3 data.
You must have the s3:DeleteAccessGrant permission to use this operation.
Deletes your S3 Access Grants instance. You must first delete the access grants and locations before S3 Access Grants can delete the instance. See DeleteAccessGrant and DeleteAccessGrantsLocation. If you have associated an IAM Identity Center instance with your S3 Access Grants instance, you must first dissassociate the Identity Center instance from the S3 Access Grants instance before you can delete the S3 Access Grants instance. See AssociateAccessGrantsIdentityCenter and DissociateAccessGrantsIdentityCenter.
You must have the s3:DeleteAccessGrantsInstance permission to use this operation.
Deletes the resource policy of the S3 Access Grants instance. The resource policy is used to manage cross-account access to your S3 Access Grants instance. By deleting the resource policy, you delete any cross-account permissions to your S3 Access Grants instance.
You must have the s3:DeleteAccessGrantsInstanceResourcePolicy permission to use this operation.
Deregisters a location from your S3 Access Grants instance. You can only delete a location registration from an S3 Access Grants instance if there are no grants associated with this location. See Delete a grant for information on how to delete grants. You need to have at least one registered location in your S3 Access Grants instance in order to create access grants.
You must have the s3:DeleteAccessGrantsLocation permission to use this operation.
This operation is not supported by directory buckets.
Deletes the specified access point.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.
The following actions are related to DeleteAccessPoint:
This operation is not supported by directory buckets.
Deletes the specified Object Lambda Access Point.
The following actions are related to DeleteAccessPointForObjectLambda:
This operation is not supported by directory buckets.
Deletes the access point policy for the specified access point.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.
The following actions are related to DeleteAccessPointPolicy:
This operation is not supported by directory buckets.
Removes the resource policy for an Object Lambda Access Point.
The following actions are related to DeleteAccessPointPolicyForObjectLambda:
This action deletes an Amazon S3 on Outposts bucket. To delete an S3 bucket, see DeleteBucket in the Amazon S3 API Reference.
Deletes the Amazon S3 on Outposts bucket. All objects (including all object versions and delete markers) in the bucket must be deleted before the bucket itself can be deleted. For more information, see Using Amazon S3 on Outposts in Amazon S3 User Guide.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.
Related Resources
", "endpoint": { "hostPrefix": "{AccountId}." }, "staticContextParams": { "RequiresAccountId": { "value": true } } }, "DeleteBucketLifecycleConfiguration": { "name": "DeleteBucketLifecycleConfiguration", "http": { "method": "DELETE", "requestUri": "/v20180820/bucket/{name}/lifecycleconfiguration" }, "input": { "shape": "DeleteBucketLifecycleConfigurationRequest" }, "documentation": "This action deletes an Amazon S3 on Outposts bucket's lifecycle configuration. To delete an S3 bucket's lifecycle configuration, see DeleteBucketLifecycle in the Amazon S3 API Reference.
Deletes the lifecycle configuration from the specified Outposts bucket. Amazon S3 on Outposts removes all the lifecycle configuration rules in the lifecycle subresource associated with the bucket. Your objects never expire, and Amazon S3 on Outposts no longer automatically deletes any objects on the basis of rules contained in the deleted lifecycle configuration. For more information, see Using Amazon S3 on Outposts in Amazon S3 User Guide.
To use this operation, you must have permission to perform the s3-outposts:PutLifecycleConfiguration action. By default, the bucket owner has this permission and the Outposts bucket owner can grant this permission to others.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.
For more information about object expiration, see Elements to Describe Lifecycle Actions.
Related actions include:
", "endpoint": { "hostPrefix": "{AccountId}." }, "staticContextParams": { "RequiresAccountId": { "value": true } } }, "DeleteBucketPolicy": { "name": "DeleteBucketPolicy", "http": { "method": "DELETE", "requestUri": "/v20180820/bucket/{name}/policy" }, "input": { "shape": "DeleteBucketPolicyRequest" }, "documentation": "This action deletes an Amazon S3 on Outposts bucket policy. To delete an S3 bucket policy, see DeleteBucketPolicy in the Amazon S3 API Reference.
This implementation of the DELETE action uses the policy subresource to delete the policy of a specified Amazon S3 on Outposts bucket. If you are using an identity other than the root user of the Amazon Web Services account that owns the bucket, the calling identity must have the s3-outposts:DeleteBucketPolicy permissions on the specified Outposts bucket and belong to the bucket owner's account to use this action. For more information, see Using Amazon S3 on Outposts in Amazon S3 User Guide.
If you don't have DeleteBucketPolicy permissions, Amazon S3 returns a 403 Access Denied error. If you have the correct permissions, but you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 405 Method Not Allowed error.
As a security precaution, the root user of the Amazon Web Services account that owns a bucket can always use this action, even if the policy explicitly denies the root user the ability to perform this action.
For more information about bucket policies, see Using Bucket Policies and User Policies.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.
The following actions are related to DeleteBucketPolicy:
This operation deletes an Amazon S3 on Outposts bucket's replication configuration. To delete an S3 bucket's replication configuration, see DeleteBucketReplication in the Amazon S3 API Reference.
Deletes the replication configuration from the specified S3 on Outposts bucket.
To use this operation, you must have permissions to perform the s3-outposts:PutReplicationConfiguration action. The Outposts bucket owner has this permission by default and can grant it to others. For more information about permissions, see Setting up IAM with S3 on Outposts and Managing access to S3 on Outposts buckets in the Amazon S3 User Guide.
It can take a while to propagate PUT or DELETE requests for a replication configuration to all S3 on Outposts systems. Therefore, the replication configuration that's returned by a GET request soon after a PUT or DELETE request might return a more recent result than what's on the Outpost. If an Outpost is offline, the delay in updating the replication configuration on that Outpost can be significant.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.
For information about S3 replication on Outposts configuration, see Replicating objects for S3 on Outposts in the Amazon S3 User Guide.
The following operations are related to DeleteBucketReplication:
This action deletes an Amazon S3 on Outposts bucket's tags. To delete an S3 bucket tags, see DeleteBucketTagging in the Amazon S3 API Reference.
Deletes the tags from the Outposts bucket. For more information, see Using Amazon S3 on Outposts in Amazon S3 User Guide.
To use this action, you must have permission to perform the PutBucketTagging action. By default, the bucket owner has this permission and can grant this permission to others.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.
The following actions are related to DeleteBucketTagging:
Removes the entire tag set from the specified S3 Batch Operations job.
To use the DeleteJobTagging operation, you must have permission to perform the s3:DeleteJobTagging action. For more information, see Controlling access and labeling jobs using tags in the Amazon S3 User Guide.
Related actions include:
", "endpoint": { "hostPrefix": "{AccountId}." }, "staticContextParams": { "RequiresAccountId": { "value": true } } }, "DeleteMultiRegionAccessPoint": { "name": "DeleteMultiRegionAccessPoint", "http": { "method": "POST", "requestUri": "/v20180820/async-requests/mrap/delete" }, "input": { "shape": "DeleteMultiRegionAccessPointRequest", "locationName": "DeleteMultiRegionAccessPointRequest", "xmlNamespace": { "uri": "http://awss3control.amazonaws.com/doc/2018-08-20/" } }, "output": { "shape": "DeleteMultiRegionAccessPointResult" }, "documentation": "This operation is not supported by directory buckets.
Deletes a Multi-Region Access Point. This action does not delete the buckets associated with the Multi-Region Access Point, only the Multi-Region Access Point itself.
This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around working with Multi-Region Access Points, see Multi-Region Access Point restrictions and limitations in the Amazon S3 User Guide.
This request is asynchronous, meaning that you might receive a response before the command has completed. When this request provides a response, it provides a token that you can use to monitor the status of the request with DescribeMultiRegionAccessPointOperation.
The following actions are related to DeleteMultiRegionAccessPoint:
This operation is not supported by directory buckets.
Removes the PublicAccessBlock configuration for an Amazon Web Services account. For more information, see Using Amazon S3 block public access.
Related actions include:
", "endpoint": { "hostPrefix": "{AccountId}." }, "staticContextParams": { "RequiresAccountId": { "value": true } } }, "DeleteStorageLensConfiguration": { "name": "DeleteStorageLensConfiguration", "http": { "method": "DELETE", "requestUri": "/v20180820/storagelens/{storagelensid}" }, "input": { "shape": "DeleteStorageLensConfigurationRequest" }, "documentation": "This operation is not supported by directory buckets.
Deletes the Amazon S3 Storage Lens configuration. For more information about S3 Storage Lens, see Assessing your storage activity and usage with Amazon S3 Storage Lens in the Amazon S3 User Guide.
To use this action, you must have permission to perform the s3:DeleteStorageLensConfiguration action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon S3 User Guide.
This operation is not supported by directory buckets.
Deletes the Amazon S3 Storage Lens configuration tags. For more information about S3 Storage Lens, see Assessing your storage activity and usage with Amazon S3 Storage Lens in the Amazon S3 User Guide.
To use this action, you must have permission to perform the s3:DeleteStorageLensConfigurationTagging action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon S3 User Guide.
Deletes an existing S3 Storage Lens group.
To use this operation, you must have the permission to perform the s3:DeleteStorageLensGroup action. For more information about the required Storage Lens Groups permissions, see Setting account permissions to use S3 Storage Lens groups.
For information about Storage Lens groups errors, see List of Amazon S3 Storage Lens error codes.
", "endpoint": { "hostPrefix": "{AccountId}." }, "staticContextParams": { "RequiresAccountId": { "value": true } } }, "DescribeJob": { "name": "DescribeJob", "http": { "method": "GET", "requestUri": "/v20180820/jobs/{id}" }, "input": { "shape": "DescribeJobRequest" }, "output": { "shape": "DescribeJobResult" }, "errors": [ { "shape": "BadRequestException" }, { "shape": "TooManyRequestsException" }, { "shape": "NotFoundException" }, { "shape": "InternalServiceException" } ], "documentation": "Retrieves the configuration parameters and status for a Batch Operations job. For more information, see S3 Batch Operations in the Amazon S3 User Guide.
To use the DescribeJob operation, you must have permission to perform the s3:DescribeJob action.
Related actions include:
", "endpoint": { "hostPrefix": "{AccountId}." }, "staticContextParams": { "RequiresAccountId": { "value": true } } }, "DescribeMultiRegionAccessPointOperation": { "name": "DescribeMultiRegionAccessPointOperation", "http": { "method": "GET", "requestUri": "/v20180820/async-requests/mrap/{request_token+}" }, "input": { "shape": "DescribeMultiRegionAccessPointOperationRequest" }, "output": { "shape": "DescribeMultiRegionAccessPointOperationResult" }, "documentation": "This operation is not supported by directory buckets.
Retrieves the status of an asynchronous request to manage a Multi-Region Access Point. For more information about managing Multi-Region Access Points and how asynchronous requests work, see Using Multi-Region Access Points in the Amazon S3 User Guide.
The following actions are related to GetMultiRegionAccessPoint:
Dissociates the Amazon Web Services IAM Identity Center instance from the S3 Access Grants instance.
You must have the s3:DissociateAccessGrantsIdentityCenter permission to use this operation.
You must have the sso:DeleteApplication permission to use this operation.
Get the details of an access grant from your S3 Access Grants instance.
You must have the s3:GetAccessGrant permission to use this operation.
Retrieves the S3 Access Grants instance for a Region in your account.
You must have the s3:GetAccessGrantsInstance permission to use this operation.
GetAccessGrantsInstance is not supported for cross-account access. You can only call the API from the account that owns the S3 Access Grants instance.
Retrieve the S3 Access Grants instance that contains a particular prefix.
You must have the s3:GetAccessGrantsInstanceForPrefix permission for the caller account to use this operation.
The prefix owner account must grant you the following permissions to their S3 Access Grants instance: s3:GetAccessGrantsInstanceForPrefix.
Returns the resource policy of the S3 Access Grants instance.
You must have the s3:GetAccessGrantsInstanceResourcePolicy permission to use this operation.
Retrieves the details of a particular location registered in your S3 Access Grants instance.
You must have the s3:GetAccessGrantsLocation permission to use this operation.
This operation is not supported by directory buckets.
Returns configuration information about the specified access point.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.
The following actions are related to GetAccessPoint:
This operation is not supported by directory buckets.
Returns configuration for an Object Lambda Access Point.
The following actions are related to GetAccessPointConfigurationForObjectLambda:
This operation is not supported by directory buckets.
Returns configuration information about the specified Object Lambda Access Point
The following actions are related to GetAccessPointForObjectLambda:
This operation is not supported by directory buckets.
Returns the access point policy associated with the specified access point.
The following actions are related to GetAccessPointPolicy:
This operation is not supported by directory buckets.
Returns the resource policy for an Object Lambda Access Point.
The following actions are related to GetAccessPointPolicyForObjectLambda:
This operation is not supported by directory buckets.
Indicates whether the specified access point currently has a policy that allows public access. For more information about public access through access points, see Managing Data Access with Amazon S3 access points in the Amazon S3 User Guide.
", "endpoint": { "hostPrefix": "{AccountId}." }, "staticContextParams": { "RequiresAccountId": { "value": true } } }, "GetAccessPointPolicyStatusForObjectLambda": { "name": "GetAccessPointPolicyStatusForObjectLambda", "http": { "method": "GET", "requestUri": "/v20180820/accesspointforobjectlambda/{name}/policyStatus" }, "input": { "shape": "GetAccessPointPolicyStatusForObjectLambdaRequest" }, "output": { "shape": "GetAccessPointPolicyStatusForObjectLambdaResult" }, "documentation": "This operation is not supported by directory buckets.
Returns the status of the resource policy associated with an Object Lambda Access Point.
", "endpoint": { "hostPrefix": "{AccountId}." }, "staticContextParams": { "RequiresAccountId": { "value": true } } }, "GetBucket": { "name": "GetBucket", "http": { "method": "GET", "requestUri": "/v20180820/bucket/{name}" }, "input": { "shape": "GetBucketRequest" }, "output": { "shape": "GetBucketResult" }, "documentation": "Gets an Amazon S3 on Outposts bucket. For more information, see Using Amazon S3 on Outposts in the Amazon S3 User Guide.
If you are using an identity other than the root user of the Amazon Web Services account that owns the Outposts bucket, the calling identity must have the s3-outposts:GetBucket permissions on the specified Outposts bucket and belong to the Outposts bucket owner's account in order to use this action. Only users from Outposts bucket owner account with the right permissions can perform actions on an Outposts bucket.
If you don't have s3-outposts:GetBucket permissions or you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 403 Access Denied error.
The following actions are related to GetBucket for Amazon S3 on Outposts:
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.
This action gets an Amazon S3 on Outposts bucket's lifecycle configuration. To get an S3 bucket's lifecycle configuration, see GetBucketLifecycleConfiguration in the Amazon S3 API Reference.
Returns the lifecycle configuration information set on the Outposts bucket. For more information, see Using Amazon S3 on Outposts and for information about lifecycle configuration, see Object Lifecycle Management in Amazon S3 User Guide.
To use this action, you must have permission to perform the s3-outposts:GetLifecycleConfiguration action. The Outposts bucket owner has this permission, by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.
GetBucketLifecycleConfiguration has the following special error:
Error code: NoSuchLifecycleConfiguration
Description: The lifecycle configuration does not exist.
HTTP Status Code: 404 Not Found
SOAP Fault Code Prefix: Client
The following actions are related to GetBucketLifecycleConfiguration:
This action gets a bucket policy for an Amazon S3 on Outposts bucket. To get a policy for an S3 bucket, see GetBucketPolicy in the Amazon S3 API Reference.
Returns the policy of a specified Outposts bucket. For more information, see Using Amazon S3 on Outposts in the Amazon S3 User Guide.
If you are using an identity other than the root user of the Amazon Web Services account that owns the bucket, the calling identity must have the GetBucketPolicy permissions on the specified bucket and belong to the bucket owner's account in order to use this action.
Only users from Outposts bucket owner account with the right permissions can perform actions on an Outposts bucket. If you don't have s3-outposts:GetBucketPolicy permissions or you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 403 Access Denied error.
As a security precaution, the root user of the Amazon Web Services account that owns a bucket can always use this action, even if the policy explicitly denies the root user the ability to perform this action.
For more information about bucket policies, see Using Bucket Policies and User Policies.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.
The following actions are related to GetBucketPolicy:
This operation gets an Amazon S3 on Outposts bucket's replication configuration. To get an S3 bucket's replication configuration, see GetBucketReplication in the Amazon S3 API Reference.
Returns the replication configuration of an S3 on Outposts bucket. For more information about S3 on Outposts, see Using Amazon S3 on Outposts in the Amazon S3 User Guide. For information about S3 replication on Outposts configuration, see Replicating objects for S3 on Outposts in the Amazon S3 User Guide.
It can take a while to propagate PUT or DELETE requests for a replication configuration to all S3 on Outposts systems. Therefore, the replication configuration that's returned by a GET request soon after a PUT or DELETE request might return a more recent result than what's on the Outpost. If an Outpost is offline, the delay in updating the replication configuration on that Outpost can be significant.
This action requires permissions for the s3-outposts:GetReplicationConfiguration action. The Outposts bucket owner has this permission by default and can grant it to others. For more information about permissions, see Setting up IAM with S3 on Outposts and Managing access to S3 on Outposts bucket in the Amazon S3 User Guide.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.
If you include the Filter element in a replication configuration, you must also include the DeleteMarkerReplication, Status, and Priority elements. The response also returns those elements.
For information about S3 on Outposts replication failure reasons, see Replication failure reasons in the Amazon S3 User Guide.
The following operations are related to GetBucketReplication:
This action gets an Amazon S3 on Outposts bucket's tags. To get an S3 bucket tags, see GetBucketTagging in the Amazon S3 API Reference.
Returns the tag set associated with the Outposts bucket. For more information, see Using Amazon S3 on Outposts in the Amazon S3 User Guide.
To use this action, you must have permission to perform the GetBucketTagging action. By default, the bucket owner has this permission and can grant this permission to others.
GetBucketTagging has the following special error:
Error code: NoSuchTagSetError
Description: There is no tag set associated with the bucket.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.
The following actions are related to GetBucketTagging:
This operation returns the versioning state for S3 on Outposts buckets only. To return the versioning state for an S3 bucket, see GetBucketVersioning in the Amazon S3 API Reference.
Returns the versioning state for an S3 on Outposts bucket. With S3 Versioning, you can save multiple distinct copies of your objects and recover from unintended user actions and application failures.
If you've never set versioning on your bucket, it has no versioning state. In that case, the GetBucketVersioning request does not return a versioning state value.
For more information about versioning, see Versioning in the Amazon S3 User Guide.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.
The following operations are related to GetBucketVersioning for S3 on Outposts.
Returns a temporary access credential from S3 Access Grants to the grantee or client application. The temporary credential is an Amazon Web Services STS token that grants them access to the S3 data.
You must have the s3:GetDataAccess permission to use this operation.
The IAM role that S3 Access Grants assumes must have the following permissions specified in the trust policy when registering the location: sts:AssumeRole, for directory users or groups sts:SetContext, and for IAM users or roles sts:SetSourceIdentity.
Returns the tags on an S3 Batch Operations job.
To use the GetJobTagging operation, you must have permission to perform the s3:GetJobTagging action. For more information, see Controlling access and labeling jobs using tags in the Amazon S3 User Guide.
Related actions include:
", "endpoint": { "hostPrefix": "{AccountId}." }, "staticContextParams": { "RequiresAccountId": { "value": true } } }, "GetMultiRegionAccessPoint": { "name": "GetMultiRegionAccessPoint", "http": { "method": "GET", "requestUri": "/v20180820/mrap/instances/{name+}" }, "input": { "shape": "GetMultiRegionAccessPointRequest" }, "output": { "shape": "GetMultiRegionAccessPointResult" }, "documentation": "This operation is not supported by directory buckets.
Returns configuration information about the specified Multi-Region Access Point.
This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around working with Multi-Region Access Points, see Multi-Region Access Point restrictions and limitations in the Amazon S3 User Guide.
The following actions are related to GetMultiRegionAccessPoint:
This operation is not supported by directory buckets.
Returns the access control policy of the specified Multi-Region Access Point.
This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around working with Multi-Region Access Points, see Multi-Region Access Point restrictions and limitations in the Amazon S3 User Guide.
The following actions are related to GetMultiRegionAccessPointPolicy:
This operation is not supported by directory buckets.
Indicates whether the specified Multi-Region Access Point has an access control policy that allows public access.
This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around working with Multi-Region Access Points, see Multi-Region Access Point restrictions and limitations in the Amazon S3 User Guide.
The following actions are related to GetMultiRegionAccessPointPolicyStatus:
This operation is not supported by directory buckets.
Returns the routing configuration for a Multi-Region Access Point, indicating which Regions are active or passive.
To obtain routing control changes and failover requests, use the Amazon S3 failover control infrastructure endpoints in these five Amazon Web Services Regions:
us-east-1
us-west-2
ap-southeast-2
ap-northeast-1
eu-west-1
This operation is not supported by directory buckets.
Retrieves the PublicAccessBlock configuration for an Amazon Web Services account. For more information, see Using Amazon S3 block public access.
Related actions include:
", "endpoint": { "hostPrefix": "{AccountId}." }, "staticContextParams": { "RequiresAccountId": { "value": true } } }, "GetStorageLensConfiguration": { "name": "GetStorageLensConfiguration", "http": { "method": "GET", "requestUri": "/v20180820/storagelens/{storagelensid}" }, "input": { "shape": "GetStorageLensConfigurationRequest" }, "output": { "shape": "GetStorageLensConfigurationResult" }, "documentation": "This operation is not supported by directory buckets.
Gets the Amazon S3 Storage Lens configuration. For more information, see Assessing your storage activity and usage with Amazon S3 Storage Lens in the Amazon S3 User Guide. For a complete list of S3 Storage Lens metrics, see S3 Storage Lens metrics glossary in the Amazon S3 User Guide.
To use this action, you must have permission to perform the s3:GetStorageLensConfiguration action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon S3 User Guide.
This operation is not supported by directory buckets.
Gets the tags of Amazon S3 Storage Lens configuration. For more information about S3 Storage Lens, see Assessing your storage activity and usage with Amazon S3 Storage Lens in the Amazon S3 User Guide.
To use this action, you must have permission to perform the s3:GetStorageLensConfigurationTagging action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon S3 User Guide.
Retrieves the Storage Lens group configuration details.
To use this operation, you must have the permission to perform the s3:GetStorageLensGroup action. For more information about the required Storage Lens Groups permissions, see Setting account permissions to use S3 Storage Lens groups.
For information about Storage Lens groups errors, see List of Amazon S3 Storage Lens error codes.
", "endpoint": { "hostPrefix": "{AccountId}." }, "staticContextParams": { "RequiresAccountId": { "value": true } } }, "ListAccessGrants": { "name": "ListAccessGrants", "http": { "method": "GET", "requestUri": "/v20180820/accessgrantsinstance/grants" }, "input": { "shape": "ListAccessGrantsRequest" }, "output": { "shape": "ListAccessGrantsResult" }, "documentation": "Returns the list of access grants in your S3 Access Grants instance.
You must have the s3:ListAccessGrants permission to use this operation.
Returns a list of S3 Access Grants instances. An S3 Access Grants instance serves as a logical grouping for your individual access grants. You can only have one S3 Access Grants instance per Region per account.
You must have the s3:ListAccessGrantsInstances permission to use this operation.
Returns a list of the locations registered in your S3 Access Grants instance.
You must have the s3:ListAccessGrantsLocations permission to use this operation.
This operation is not supported by directory buckets.
Returns a list of the access points that are owned by the current account that's associated with the specified bucket. You can retrieve up to 1000 access points per call. If the specified bucket has more than 1,000 access points (or the number specified in maxResults, whichever is less), the response will include a continuation token that you can use to list the additional access points.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.
The following actions are related to ListAccessPoints:
This operation is not supported by directory buckets.
Returns some or all (up to 1,000) access points associated with the Object Lambda Access Point per call. If there are more access points than what can be returned in one call, the response will include a continuation token that you can use to list the additional access points.
The following actions are related to ListAccessPointsForObjectLambda:
Returns a list of the access grants that were given to the caller using S3 Access Grants and that allow the caller to access the S3 data of the Amazon Web Services account specified in the request.
You must have the s3:ListCallerAccessGrants permission to use this operation.
Lists current S3 Batch Operations jobs as well as the jobs that have ended within the last 90 days for the Amazon Web Services account making the request. For more information, see S3 Batch Operations in the Amazon S3 User Guide.
To use the ListJobs operation, you must have permission to perform the s3:ListJobs action.
Related actions include:
", "endpoint": { "hostPrefix": "{AccountId}." }, "staticContextParams": { "RequiresAccountId": { "value": true } } }, "ListMultiRegionAccessPoints": { "name": "ListMultiRegionAccessPoints", "http": { "method": "GET", "requestUri": "/v20180820/mrap/instances" }, "input": { "shape": "ListMultiRegionAccessPointsRequest" }, "output": { "shape": "ListMultiRegionAccessPointsResult" }, "documentation": "This operation is not supported by directory buckets.
Returns a list of the Multi-Region Access Points currently associated with the specified Amazon Web Services account. Each call can return up to 100 Multi-Region Access Points, the maximum number of Multi-Region Access Points that can be associated with a single account.
This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around working with Multi-Region Access Points, see Multi-Region Access Point restrictions and limitations in the Amazon S3 User Guide.
The following actions are related to ListMultiRegionAccessPoint:
This operation is not supported by directory buckets.
Returns a list of all Outposts buckets in an Outpost that are owned by the authenticated sender of the request. For more information, see Using Amazon S3 on Outposts in the Amazon S3 User Guide.
For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and x-amz-outpost-id in your request, see the Examples section.
This operation is not supported by directory buckets.
Gets a list of Amazon S3 Storage Lens configurations. For more information about S3 Storage Lens, see Assessing your storage activity and usage with Amazon S3 Storage Lens in the Amazon S3 User Guide.
To use this action, you must have permission to perform the s3:ListStorageLensConfigurations action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon S3 User Guide.
Lists all the Storage Lens groups in the specified home Region.
To use this operation, you must have the permission to perform the s3:ListStorageLensGroups action. For more information about the required Storage Lens Groups permissions, see Setting account permissions to use S3 Storage Lens groups.
For information about Storage Lens groups errors, see List of Amazon S3 Storage Lens error codes.
", "endpoint": { "hostPrefix": "{AccountId}." }, "staticContextParams": { "RequiresAccountId": { "value": true } } }, "ListTagsForResource": { "name": "ListTagsForResource", "http": { "method": "GET", "requestUri": "/v20180820/tags/{resourceArn+}" }, "input": { "shape": "ListTagsForResourceRequest" }, "output": { "shape": "ListTagsForResourceResult" }, "documentation": "This operation allows you to list all the Amazon Web Services resource tags for a specified resource. Each tag is a label consisting of a user-defined key and value. Tags can help you manage, identify, organize, search for, and filter resources.
You must have the s3:ListTagsForResource permission to use this operation.
This operation is only supported for S3 Storage Lens groups and for S3 Access Grants. The tagged resource can be an S3 Storage Lens group or S3 Access Grants instance, registered location, or grant.
For more information about the required Storage Lens Groups permissions, see Setting account permissions to use S3 Storage Lens groups.
For information about S3 Tagging errors, see List of Amazon S3 Tagging error codes.
", "endpoint": { "hostPrefix": "{AccountId}." }, "staticContextParams": { "RequiresAccountId": { "value": true } } }, "PutAccessGrantsInstanceResourcePolicy": { "name": "PutAccessGrantsInstanceResourcePolicy", "http": { "method": "PUT", "requestUri": "/v20180820/accessgrantsinstance/resourcepolicy" }, "input": { "shape": "PutAccessGrantsInstanceResourcePolicyRequest", "locationName": "PutAccessGrantsInstanceResourcePolicyRequest", "xmlNamespace": { "uri": "http://awss3control.amazonaws.com/doc/2018-08-20/" } }, "output": { "shape": "PutAccessGrantsInstanceResourcePolicyResult" }, "documentation": "Updates the resource policy of the S3 Access Grants instance.
You must have the s3:PutAccessGrantsInstanceResourcePolicy permission to use this operation.
This operation is not supported by directory buckets.
Replaces configuration for an Object Lambda Access Point.
The following actions are related to PutAccessPointConfigurationForObjectLambda:
This operation is not supported by directory buckets.
Associates an access policy with the specified access point. Each access point can have only one policy, so a request made to this API replaces any existing policy associated with the specified access point.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.
The following actions are related to PutAccessPointPolicy:
This operation is not supported by directory buckets.
Creates or replaces resource policy for an Object Lambda Access Point. For an example policy, see Creating Object Lambda Access Points in the Amazon S3 User Guide.
The following actions are related to PutAccessPointPolicyForObjectLambda:
This action puts a lifecycle configuration to an Amazon S3 on Outposts bucket. To put a lifecycle configuration to an S3 bucket, see PutBucketLifecycleConfiguration in the Amazon S3 API Reference.
Creates a new lifecycle configuration for the S3 on Outposts bucket or replaces an existing lifecycle configuration. Outposts buckets only support lifecycle configurations that delete/expire objects after a certain period of time and abort incomplete multipart uploads.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.
The following actions are related to PutBucketLifecycleConfiguration:
This action puts a bucket policy to an Amazon S3 on Outposts bucket. To put a policy on an S3 bucket, see PutBucketPolicy in the Amazon S3 API Reference.
Applies an Amazon S3 bucket policy to an Outposts bucket. For more information, see Using Amazon S3 on Outposts in the Amazon S3 User Guide.
If you are using an identity other than the root user of the Amazon Web Services account that owns the Outposts bucket, the calling identity must have the PutBucketPolicy permissions on the specified Outposts bucket and belong to the bucket owner's account in order to use this action.
If you don't have PutBucketPolicy permissions, Amazon S3 returns a 403 Access Denied error. If you have the correct permissions, but you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 405 Method Not Allowed error.
As a security precaution, the root user of the Amazon Web Services account that owns a bucket can always use this action, even if the policy explicitly denies the root user the ability to perform this action.
For more information about bucket policies, see Using Bucket Policies and User Policies.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.
The following actions are related to PutBucketPolicy:
This action creates an Amazon S3 on Outposts bucket's replication configuration. To create an S3 bucket's replication configuration, see PutBucketReplication in the Amazon S3 API Reference.
Creates a replication configuration or replaces an existing one. For information about S3 replication on Outposts configuration, see Replicating objects for S3 on Outposts in the Amazon S3 User Guide.
It can take a while to propagate PUT or DELETE requests for a replication configuration to all S3 on Outposts systems. Therefore, the replication configuration that's returned by a GET request soon after a PUT or DELETE request might return a more recent result than what's on the Outpost. If an Outpost is offline, the delay in updating the replication configuration on that Outpost can be significant.
Specify the replication configuration in the request body. In the replication configuration, you provide the following information:
The name of the destination bucket or buckets where you want S3 on Outposts to replicate objects
The Identity and Access Management (IAM) role that S3 on Outposts can assume to replicate objects on your behalf
Other relevant information, such as replication rules
A replication configuration must include at least one rule and can contain a maximum of 100. Each rule identifies a subset of objects to replicate by filtering the objects in the source Outposts bucket. To choose additional subsets of objects to replicate, add a rule for each subset.
To specify a subset of the objects in the source Outposts bucket to apply a replication rule to, add the Filter element as a child of the Rule element. You can filter objects based on an object key prefix, one or more object tags, or both. When you add the Filter element in the configuration, you must also add the following elements: DeleteMarkerReplication, Status, and Priority.
Using PutBucketReplication on Outposts requires that both the source and destination buckets must have versioning enabled. For information about enabling versioning on a bucket, see Managing S3 Versioning for your S3 on Outposts bucket.
For information about S3 on Outposts replication failure reasons, see Replication failure reasons in the Amazon S3 User Guide.
Handling Replication of Encrypted Objects
Outposts buckets are encrypted at all times. All the objects in the source Outposts bucket are encrypted and can be replicated. Also, all the replicas in the destination Outposts bucket are encrypted with the same encryption key as the objects in the source Outposts bucket.
Permissions
To create a PutBucketReplication request, you must have s3-outposts:PutReplicationConfiguration permissions for the bucket. The Outposts bucket owner has this permission by default and can grant it to others. For more information about permissions, see Setting up IAM with S3 on Outposts and Managing access to S3 on Outposts buckets.
To perform this operation, the user or role must also have the iam:CreateRole and iam:PassRole permissions. For more information, see Granting a user permissions to pass a role to an Amazon Web Services service.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.
The following operations are related to PutBucketReplication:
This action puts tags on an Amazon S3 on Outposts bucket. To put tags on an S3 bucket, see PutBucketTagging in the Amazon S3 API Reference.
Sets the tags for an S3 on Outposts bucket. For more information, see Using Amazon S3 on Outposts in the Amazon S3 User Guide.
Use tags to organize your Amazon Web Services bill to reflect your own cost structure. To do this, sign up to get your Amazon Web Services account bill with tag key values included. Then, to see the cost of combined resources, organize your billing information according to resources with the same tag key values. For example, you can tag several resources with a specific application name, and then organize your billing information to see the total cost of that application across several services. For more information, see Cost allocation and tagging.
Within a bucket, if you add a tag that has the same key as an existing tag, the new value overwrites the old value. For more information, see Using cost allocation in Amazon S3 bucket tags.
To use this action, you must have permissions to perform the s3-outposts:PutBucketTagging action. The Outposts bucket owner has this permission by default and can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing access permissions to your Amazon S3 resources.
PutBucketTagging has the following special errors:
Error code: InvalidTagError
Description: The tag provided was not a valid tag. This error can occur if the tag did not pass input validation. For information about tag restrictions, see User-Defined Tag Restrictions and Amazon Web Services-Generated Cost Allocation Tag Restrictions.
Error code: MalformedXMLError
Description: The XML provided does not match the schema.
Error code: OperationAbortedError
Description: A conflicting conditional action is currently in progress against this resource. Try again.
Error code: InternalError
Description: The service was unable to apply the provided tag to the bucket.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.
The following actions are related to PutBucketTagging:
This operation sets the versioning state for S3 on Outposts buckets only. To set the versioning state for an S3 bucket, see PutBucketVersioning in the Amazon S3 API Reference.
Sets the versioning state for an S3 on Outposts bucket. With S3 Versioning, you can save multiple distinct copies of your objects and recover from unintended user actions and application failures.
You can set the versioning state to one of the following:
Enabled - Enables versioning for the objects in the bucket. All objects added to the bucket receive a unique version ID.
Suspended - Suspends versioning for the objects in the bucket. All objects added to the bucket receive the version ID null.
If you've never set versioning on your bucket, it has no versioning state. In that case, a GetBucketVersioning request does not return a versioning state value.
When you enable S3 Versioning, for each object in your bucket, you have a current version and zero or more noncurrent versions. You can configure your bucket S3 Lifecycle rules to expire noncurrent versions after a specified time period. For more information, see Creating and managing a lifecycle configuration for your S3 on Outposts bucket in the Amazon S3 User Guide.
If you have an object expiration lifecycle configuration in your non-versioned bucket and you want to maintain the same permanent delete behavior when you enable versioning, you must add a noncurrent expiration policy. The noncurrent expiration lifecycle configuration will manage the deletes of the noncurrent object versions in the version-enabled bucket. For more information, see Versioning in the Amazon S3 User Guide.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.
The following operations are related to PutBucketVersioning for S3 on Outposts.
Sets the supplied tag-set on an S3 Batch Operations job.
A tag is a key-value pair. You can associate S3 Batch Operations tags with any job by sending a PUT request against the tagging subresource that is associated with the job. To modify the existing tag set, you can either replace the existing tag set entirely, or make changes within the existing tag set by retrieving the existing tag set using GetJobTagging, modify that tag set, and use this operation to replace the tag set with the one you modified. For more information, see Controlling access and labeling jobs using tags in the Amazon S3 User Guide.
If you send this request with an empty tag set, Amazon S3 deletes the existing tag set on the Batch Operations job. If you use this method, you are charged for a Tier 1 Request (PUT). For more information, see Amazon S3 pricing.
For deleting existing tags for your Batch Operations job, a DeleteJobTagging request is preferred because it achieves the same result without incurring charges.
A few things to consider about using tags:
Amazon S3 limits the maximum number of tags to 50 tags per job.
You can associate up to 50 tags with a job as long as they have unique tag keys.
A tag key can be up to 128 Unicode characters in length, and tag values can be up to 256 Unicode characters in length.
The key and values are case sensitive.
For tagging-related restrictions related to characters and encodings, see User-Defined Tag Restrictions in the Billing and Cost Management User Guide.
To use the PutJobTagging operation, you must have permission to perform the s3:PutJobTagging action.
Related actions include:
", "endpoint": { "hostPrefix": "{AccountId}." }, "staticContextParams": { "RequiresAccountId": { "value": true } } }, "PutMultiRegionAccessPointPolicy": { "name": "PutMultiRegionAccessPointPolicy", "http": { "method": "POST", "requestUri": "/v20180820/async-requests/mrap/put-policy" }, "input": { "shape": "PutMultiRegionAccessPointPolicyRequest", "locationName": "PutMultiRegionAccessPointPolicyRequest", "xmlNamespace": { "uri": "http://awss3control.amazonaws.com/doc/2018-08-20/" } }, "output": { "shape": "PutMultiRegionAccessPointPolicyResult" }, "documentation": "This operation is not supported by directory buckets.
Associates an access control policy with the specified Multi-Region Access Point. Each Multi-Region Access Point can have only one policy, so a request made to this action replaces any existing policy that is associated with the specified Multi-Region Access Point.
This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around working with Multi-Region Access Points, see Multi-Region Access Point restrictions and limitations in the Amazon S3 User Guide.
The following actions are related to PutMultiRegionAccessPointPolicy:
This operation is not supported by directory buckets.
Creates or modifies the PublicAccessBlock configuration for an Amazon Web Services account. For this operation, users must have the s3:PutAccountPublicAccessBlock permission. For more information, see Using Amazon S3 block public access.
Related actions include:
", "endpoint": { "hostPrefix": "{AccountId}." }, "staticContextParams": { "RequiresAccountId": { "value": true } } }, "PutStorageLensConfiguration": { "name": "PutStorageLensConfiguration", "http": { "method": "PUT", "requestUri": "/v20180820/storagelens/{storagelensid}" }, "input": { "shape": "PutStorageLensConfigurationRequest", "locationName": "PutStorageLensConfigurationRequest", "xmlNamespace": { "uri": "http://awss3control.amazonaws.com/doc/2018-08-20/" } }, "documentation": "This operation is not supported by directory buckets.
Puts an Amazon S3 Storage Lens configuration. For more information about S3 Storage Lens, see Working with Amazon S3 Storage Lens in the Amazon S3 User Guide. For a complete list of S3 Storage Lens metrics, see S3 Storage Lens metrics glossary in the Amazon S3 User Guide.
To use this action, you must have permission to perform the s3:PutStorageLensConfiguration action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon S3 User Guide.
This operation is not supported by directory buckets.
Put or replace tags on an existing Amazon S3 Storage Lens configuration. For more information about S3 Storage Lens, see Assessing your storage activity and usage with Amazon S3 Storage Lens in the Amazon S3 User Guide.
To use this action, you must have permission to perform the s3:PutStorageLensConfigurationTagging action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon S3 User Guide.
This operation is not supported by directory buckets.
Submits an updated route configuration for a Multi-Region Access Point. This API operation updates the routing status for the specified Regions from active to passive, or from passive to active. A value of 0 indicates a passive status, which means that traffic won't be routed to the specified Region. A value of 100 indicates an active status, which means that traffic will be routed to the specified Region. At least one Region must be active at all times.
When the routing configuration is changed, any in-progress operations (uploads, copies, deletes, and so on) to formerly active Regions will continue to run to their final completion state (success or failure). The routing configurations of any Regions that aren’t specified remain unchanged.
Updated routing configurations might not be immediately applied. It can take up to 2 minutes for your changes to take effect.
To submit routing control changes and failover requests, use the Amazon S3 failover control infrastructure endpoints in these five Amazon Web Services Regions:
us-east-1
us-west-2
ap-southeast-2
ap-northeast-1
eu-west-1
Creates a new Amazon Web Services resource tag or updates an existing resource tag. Each tag is a label consisting of a user-defined key and value. Tags can help you manage, identify, organize, search for, and filter resources. You can add up to 50 Amazon Web Services resource tags for each S3 resource.
This operation is only supported for S3 Storage Lens groups and for S3 Access Grants. The tagged resource can be an S3 Storage Lens group or S3 Access Grants instance, registered location, or grant.
You must have the s3:TagResource permission to use this operation.
For more information about the required Storage Lens Groups permissions, see Setting account permissions to use S3 Storage Lens groups.
For information about S3 Tagging errors, see List of Amazon S3 Tagging error codes.
", "endpoint": { "hostPrefix": "{AccountId}." }, "staticContextParams": { "RequiresAccountId": { "value": true } } }, "UntagResource": { "name": "UntagResource", "http": { "method": "DELETE", "requestUri": "/v20180820/tags/{resourceArn+}", "responseCode": 204 }, "input": { "shape": "UntagResourceRequest" }, "output": { "shape": "UntagResourceResult" }, "documentation": "This operation removes the specified Amazon Web Services resource tags from an S3 resource. Each tag is a label consisting of a user-defined key and value. Tags can help you manage, identify, organize, search for, and filter resources.
This operation is only supported for S3 Storage Lens groups and for S3 Access Grants. The tagged resource can be an S3 Storage Lens group or S3 Access Grants instance, registered location, or grant.
You must have the s3:UntagResource permission to use this operation.
For more information about the required Storage Lens Groups permissions, see Setting account permissions to use S3 Storage Lens groups.
For information about S3 Tagging errors, see List of Amazon S3 Tagging error codes.
", "endpoint": { "hostPrefix": "{AccountId}." }, "staticContextParams": { "RequiresAccountId": { "value": true } } }, "UpdateAccessGrantsLocation": { "name": "UpdateAccessGrantsLocation", "http": { "method": "PUT", "requestUri": "/v20180820/accessgrantsinstance/location/{id}" }, "input": { "shape": "UpdateAccessGrantsLocationRequest", "locationName": "UpdateAccessGrantsLocationRequest", "xmlNamespace": { "uri": "http://awss3control.amazonaws.com/doc/2018-08-20/" } }, "output": { "shape": "UpdateAccessGrantsLocationResult" }, "documentation": "Updates the IAM role of a registered location in your S3 Access Grants instance.
You must have the s3:UpdateAccessGrantsLocation permission to use this operation.
You must also have the following permission: iam:PassRole
Updates an existing S3 Batch Operations job's priority. For more information, see S3 Batch Operations in the Amazon S3 User Guide.
To use the UpdateJobPriority operation, you must have permission to perform the s3:UpdateJobPriority action.
Related actions include:
", "endpoint": { "hostPrefix": "{AccountId}." }, "staticContextParams": { "RequiresAccountId": { "value": true } } }, "UpdateJobStatus": { "name": "UpdateJobStatus", "http": { "method": "POST", "requestUri": "/v20180820/jobs/{id}/status" }, "input": { "shape": "UpdateJobStatusRequest" }, "output": { "shape": "UpdateJobStatusResult" }, "errors": [ { "shape": "BadRequestException" }, { "shape": "TooManyRequestsException" }, { "shape": "NotFoundException" }, { "shape": "JobStatusException" }, { "shape": "InternalServiceException" } ], "documentation": "Updates the status for the specified job. Use this operation to confirm that you want to run a job or to cancel an existing job. For more information, see S3 Batch Operations in the Amazon S3 User Guide.
To use the UpdateJobStatus operation, you must have permission to perform the s3:UpdateJobStatus action.
Related actions include:
", "endpoint": { "hostPrefix": "{AccountId}." }, "staticContextParams": { "RequiresAccountId": { "value": true } } }, "UpdateStorageLensGroup": { "name": "UpdateStorageLensGroup", "http": { "method": "PUT", "requestUri": "/v20180820/storagelensgroup/{name}", "responseCode": 204 }, "input": { "shape": "UpdateStorageLensGroupRequest", "locationName": "UpdateStorageLensGroupRequest", "xmlNamespace": { "uri": "http://awss3control.amazonaws.com/doc/2018-08-20/" } }, "documentation": "Updates the existing Storage Lens group.
To use this operation, you must have the permission to perform the s3:UpdateStorageLensGroup action. For more information about the required Storage Lens Groups permissions, see Setting account permissions to use S3 Storage Lens groups.
For information about Storage Lens groups errors, see List of Amazon S3 Storage Lens error codes.
", "endpoint": { "hostPrefix": "{AccountId}." }, "staticContextParams": { "RequiresAccountId": { "value": true } } } }, "shapes": { "AbortIncompleteMultipartUpload": { "type": "structure", "members": { "DaysAfterInitiation": { "shape": "DaysAfterInitiation", "documentation": "Specifies the number of days after which Amazon S3 aborts an incomplete multipart upload to the Outposts bucket.
" } }, "documentation": "The container for abort incomplete multipart upload
" }, "AccessControlTranslation": { "type": "structure", "required": [ "Owner" ], "members": { "Owner": { "shape": "OwnerOverride", "documentation": "Specifies the replica ownership.
" } }, "documentation": "A container for information about access control for replicas.
This is not supported by Amazon S3 on Outposts buckets.
The S3SubPrefix is appended to the location scope creating the grant scope. Use this field to narrow the scope of the grant to a subset of the location scope. This field is required if the location scope is the default location s3:// because you cannot create a grant for all of your S3 data in the Region and must narrow the scope. For example, if the location scope is the default location s3://, the S3SubPrefx can be a <bucket-name>/*, so the full grant scope path would be s3://<bucket-name>/*. Or the S3SubPrefx can be <bucket-name>/<prefix-name>*, so the full grant scope path would be or s3://<bucket-name>/<prefix-name>*.
If the S3SubPrefix includes a prefix, append the wildcard character * after the prefix to indicate that you want to include all object key names in the bucket that start with that prefix.
The configuration options of the S3 Access Grants location. It contains the S3SubPrefix field. The grant scope, the data to which you are granting access, is the result of appending the Subprefix field to the scope of the registered location.
The name of this access point.
" }, "NetworkOrigin": { "shape": "NetworkOrigin", "documentation": "Indicates whether this access point allows access from the public internet. If VpcConfiguration is specified for this access point, then NetworkOrigin is VPC, and the access point doesn't allow access from the public internet. Otherwise, NetworkOrigin is Internet, and the access point allows access from the public internet, subject to the access point and bucket access policies.
The virtual private cloud (VPC) configuration for this access point, if one exists.
This element is empty if this access point is an Amazon S3 on Outposts access point that is used by other Amazon Web Servicesservices.
The name of the bucket associated with this access point.
" }, "AccessPointArn": { "shape": "S3AccessPointArn", "documentation": "The ARN for the access point.
" }, "Alias": { "shape": "Alias", "documentation": "The name or alias of the access point.
" }, "BucketAccountId": { "shape": "AccountId", "documentation": "The Amazon Web Services account ID associated with the S3 bucket associated with this access point.
" } }, "documentation": "An access point used to access a bucket.
" }, "AccessPointList": { "type": "list", "member": { "shape": "AccessPoint", "locationName": "AccessPoint" } }, "AccessPointName": { "type": "string", "max": 255, "min": 3 }, "AccountId": { "type": "string", "max": 64, "pattern": "^\\d{12}$" }, "AccountLevel": { "type": "structure", "required": [ "BucketLevel" ], "members": { "ActivityMetrics": { "shape": "ActivityMetrics", "documentation": "A container element for S3 Storage Lens activity metrics.
" }, "BucketLevel": { "shape": "BucketLevel", "documentation": "A container element for the S3 Storage Lens bucket-level configuration.
" }, "AdvancedCostOptimizationMetrics": { "shape": "AdvancedCostOptimizationMetrics", "documentation": "A container element for S3 Storage Lens advanced cost-optimization metrics.
" }, "AdvancedDataProtectionMetrics": { "shape": "AdvancedDataProtectionMetrics", "documentation": "A container element for S3 Storage Lens advanced data-protection metrics.
" }, "DetailedStatusCodesMetrics": { "shape": "DetailedStatusCodesMetrics", "documentation": "A container element for detailed status code metrics.
" }, "StorageLensGroupLevel": { "shape": "StorageLensGroupLevel", "documentation": "A container element for S3 Storage Lens groups metrics.
" } }, "documentation": "A container element for the account-level Amazon S3 Storage Lens configuration.
For more information about S3 Storage Lens, see Assessing your storage activity and usage with S3 Storage Lens in the Amazon S3 User Guide. For a complete list of S3 Storage Lens metrics, see S3 Storage Lens metrics glossary in the Amazon S3 User Guide.
" }, "ActivityMetrics": { "type": "structure", "members": { "IsEnabled": { "shape": "IsEnabled", "documentation": "A container that indicates whether activity metrics are enabled.
" } }, "documentation": "The container element for Amazon S3 Storage Lens activity metrics. Activity metrics show details about how your storage is requested, such as requests (for example, All requests, Get requests, Put requests), bytes uploaded or downloaded, and errors.
For more information about S3 Storage Lens, see Assessing your storage activity and usage with S3 Storage Lens in the Amazon S3 User Guide. For a complete list of S3 Storage Lens metrics, see S3 Storage Lens metrics glossary in the Amazon S3 User Guide.
" }, "AdvancedCostOptimizationMetrics": { "type": "structure", "members": { "IsEnabled": { "shape": "IsEnabled", "documentation": "A container that indicates whether advanced cost-optimization metrics are enabled.
" } }, "documentation": "The container element for Amazon S3 Storage Lens advanced cost-optimization metrics. Advanced cost-optimization metrics provide insights that you can use to manage and optimize your storage costs, for example, lifecycle rule counts for transitions, expirations, and incomplete multipart uploads.
For more information about S3 Storage Lens, see Assessing your storage activity and usage with S3 Storage Lens in the Amazon S3 User Guide. For a complete list of S3 Storage Lens metrics, see S3 Storage Lens metrics glossary in the Amazon S3 User Guide.
" }, "AdvancedDataProtectionMetrics": { "type": "structure", "members": { "IsEnabled": { "shape": "IsEnabled", "documentation": "A container that indicates whether advanced data-protection metrics are enabled.
" } }, "documentation": "The container element for Amazon S3 Storage Lens advanced data-protection metrics. Advanced data-protection metrics provide insights that you can use to perform audits and protect your data, for example replication rule counts within and across Regions.
For more information about S3 Storage Lens, see Assessing your storage activity and usage with S3 Storage Lens in the Amazon S3 User Guide. For a complete list of S3 Storage Lens metrics, see S3 Storage Lens metrics glossary in the Amazon S3 User Guide.
" }, "Alias": { "type": "string", "max": 63, "pattern": "^[0-9a-z\\\\-]{63}" }, "AssociateAccessGrantsIdentityCenterRequest": { "type": "structure", "required": [ "AccountId", "IdentityCenterArn" ], "members": { "AccountId": { "shape": "AccountId", "documentation": "The Amazon Web Services account ID of the S3 Access Grants instance.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" }, "IdentityCenterArn": { "shape": "IdentityCenterArn", "documentation": "The Amazon Resource Name (ARN) of the Amazon Web Services IAM Identity Center instance that you are associating with your S3 Access Grants instance. An IAM Identity Center instance is your corporate identity directory that you added to the IAM Identity Center. You can use the ListInstances API operation to retrieve a list of your Identity Center instances and their ARNs.
" } } }, "AsyncCreationTimestamp": { "type": "timestamp" }, "AsyncErrorDetails": { "type": "structure", "members": { "Code": { "shape": "MaxLength1024String", "documentation": "A string that uniquely identifies the error condition.
" }, "Message": { "shape": "MaxLength1024String", "documentation": "A generic description of the error condition in English.
" }, "Resource": { "shape": "MaxLength1024String", "documentation": "The identifier of the resource associated with the error.
" }, "RequestId": { "shape": "MaxLength1024String", "documentation": "The ID of the request associated with the error.
" } }, "documentation": "Error details for the failed asynchronous operation.
" }, "AsyncOperation": { "type": "structure", "members": { "CreationTime": { "shape": "AsyncCreationTimestamp", "documentation": "The time that the request was sent to the service.
" }, "Operation": { "shape": "AsyncOperationName", "documentation": "The specific operation for the asynchronous request.
" }, "RequestTokenARN": { "shape": "AsyncRequestTokenARN", "documentation": "The request token associated with the request.
" }, "RequestParameters": { "shape": "AsyncRequestParameters", "documentation": "The parameters associated with the request.
" }, "RequestStatus": { "shape": "AsyncRequestStatus", "documentation": "The current status of the request.
" }, "ResponseDetails": { "shape": "AsyncResponseDetails", "documentation": "The details of the response.
" } }, "documentation": "A container for the information about an asynchronous operation.
" }, "AsyncOperationName": { "type": "string", "enum": [ "CreateMultiRegionAccessPoint", "DeleteMultiRegionAccessPoint", "PutMultiRegionAccessPointPolicy" ] }, "AsyncRequestParameters": { "type": "structure", "members": { "CreateMultiRegionAccessPointRequest": { "shape": "CreateMultiRegionAccessPointInput", "documentation": "A container of the parameters for a CreateMultiRegionAccessPoint request.
" }, "DeleteMultiRegionAccessPointRequest": { "shape": "DeleteMultiRegionAccessPointInput", "documentation": "A container of the parameters for a DeleteMultiRegionAccessPoint request.
" }, "PutMultiRegionAccessPointPolicyRequest": { "shape": "PutMultiRegionAccessPointPolicyInput", "documentation": "A container of the parameters for a PutMultiRegionAccessPoint request.
" } }, "documentation": "A container for the request parameters associated with an asynchronous request.
" }, "AsyncRequestStatus": { "type": "string" }, "AsyncRequestTokenARN": { "type": "string", "max": 1024, "min": 1, "pattern": "arn:.+" }, "AsyncResponseDetails": { "type": "structure", "members": { "MultiRegionAccessPointDetails": { "shape": "MultiRegionAccessPointsAsyncResponse", "documentation": "The details for the Multi-Region Access Point.
" }, "ErrorDetails": { "shape": "AsyncErrorDetails", "documentation": "Error details for an asynchronous request.
" } }, "documentation": "A container for the response details that are returned when querying about an asynchronous request.
" }, "AwsLambdaTransformation": { "type": "structure", "required": [ "FunctionArn" ], "members": { "FunctionArn": { "shape": "FunctionArnString", "documentation": "The Amazon Resource Name (ARN) of the Lambda function.
" }, "FunctionPayload": { "shape": "AwsLambdaTransformationPayload", "documentation": "Additional JSON that provides supplemental data to the Lambda function used to transform objects.
" } }, "documentation": "Lambda function used to transform objects through an Object Lambda Access Point.
" }, "AwsLambdaTransformationPayload": { "type": "string" }, "AwsOrgArn": { "type": "string", "max": 1024, "min": 1, "pattern": "arn:[a-z\\-]+:organizations::\\d{12}:organization\\/o-[a-z0-9]{10,32}" }, "Boolean": { "type": "boolean" }, "BucketCannedACL": { "type": "string", "enum": [ "private", "public-read", "public-read-write", "authenticated-read" ] }, "BucketIdentifierString": { "type": "string" }, "BucketLevel": { "type": "structure", "members": { "ActivityMetrics": { "shape": "ActivityMetrics", "documentation": "A container for the bucket-level activity metrics for S3 Storage Lens.
" }, "PrefixLevel": { "shape": "PrefixLevel", "documentation": "A container for the prefix-level metrics for S3 Storage Lens.
" }, "AdvancedCostOptimizationMetrics": { "shape": "AdvancedCostOptimizationMetrics", "documentation": "A container for bucket-level advanced cost-optimization metrics for S3 Storage Lens.
" }, "AdvancedDataProtectionMetrics": { "shape": "AdvancedDataProtectionMetrics", "documentation": "A container for bucket-level advanced data-protection metrics for S3 Storage Lens.
" }, "DetailedStatusCodesMetrics": { "shape": "DetailedStatusCodesMetrics", "documentation": "A container for bucket-level detailed status code metrics for S3 Storage Lens.
" } }, "documentation": "A container for the bucket-level configuration for Amazon S3 Storage Lens.
For more information about S3 Storage Lens, see Assessing your storage activity and usage with S3 Storage Lens in the Amazon S3 User Guide.
" }, "BucketLocationConstraint": { "type": "string", "enum": [ "EU", "eu-west-1", "us-west-1", "us-west-2", "ap-south-1", "ap-southeast-1", "ap-southeast-2", "ap-northeast-1", "sa-east-1", "cn-north-1", "eu-central-1" ] }, "BucketName": { "type": "string", "max": 255, "min": 3 }, "BucketVersioningStatus": { "type": "string", "enum": [ "Enabled", "Suspended" ] }, "Buckets": { "type": "list", "member": { "shape": "S3BucketArnString", "locationName": "Arn" } }, "CallerAccessGrantsList": { "type": "list", "member": { "shape": "ListCallerAccessGrantsEntry", "locationName": "AccessGrant" } }, "CloudWatchMetrics": { "type": "structure", "required": [ "IsEnabled" ], "members": { "IsEnabled": { "shape": "IsEnabled", "documentation": "A container that indicates whether CloudWatch publishing for S3 Storage Lens metrics is enabled. A value of true indicates that CloudWatch publishing for S3 Storage Lens metrics is enabled.
A container for enabling Amazon CloudWatch publishing for S3 Storage Lens metrics.
For more information about publishing S3 Storage Lens metrics to CloudWatch, see Monitor S3 Storage Lens metrics in CloudWatch in the Amazon S3 User Guide.
" }, "ConfigId": { "type": "string", "max": 64, "min": 1, "pattern": "[a-zA-Z0-9\\-\\_\\.]+" }, "ConfirmRemoveSelfBucketAccess": { "type": "boolean" }, "ConfirmationRequired": { "type": "boolean" }, "ContinuationToken": { "type": "string" }, "CreateAccessGrantRequest": { "type": "structure", "required": [ "AccountId", "AccessGrantsLocationId", "Grantee", "Permission" ], "members": { "AccountId": { "shape": "AccountId", "documentation": "The Amazon Web Services account ID of the S3 Access Grants instance.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" }, "AccessGrantsLocationId": { "shape": "AccessGrantsLocationId", "documentation": "The ID of the registered location to which you are granting access. S3 Access Grants assigns this ID when you register the location. S3 Access Grants assigns the ID default to the default location s3:// and assigns an auto-generated ID to other locations that you register.
If you are passing the default location, you cannot create an access grant for the entire default location. You must also specify a bucket or a bucket and prefix in the Subprefix field.
The configuration options of the grant location. The grant location is the S3 path to the data to which you are granting access. It contains the S3SubPrefix field. The grant scope is the result of appending the subprefix to the location scope of the registered location.
The user, group, or role to which you are granting access. You can grant access to an IAM user or role. If you have added your corporate directory to Amazon Web Services IAM Identity Center and associated your Identity Center instance with your S3 Access Grants instance, the grantee can also be a corporate directory user or group.
" }, "Permission": { "shape": "Permission", "documentation": "The type of access that you are granting to your S3 data, which can be set to one of the following values:
READ – Grant read-only access to the S3 data.
WRITE – Grant write-only access to the S3 data.
READWRITE – Grant both read and write access to the S3 data.
The Amazon Resource Name (ARN) of an Amazon Web Services IAM Identity Center application associated with your Identity Center instance. If an application ARN is included in the request to create an access grant, the grantee can only access the S3 data through this application.
" }, "S3PrefixType": { "shape": "S3PrefixType", "documentation": "The type of S3SubPrefix. The only possible value is Object. Pass this value if the access grant scope is an object. Do not pass this value if the access grant scope is a bucket or a bucket and a prefix.
The Amazon Web Services resource tags that you are adding to the access grant. Each tag is a label consisting of a user-defined key and value. Tags can help you manage, identify, organize, search for, and filter resources.
" } } }, "CreateAccessGrantResult": { "type": "structure", "members": { "CreatedAt": { "shape": "CreationTimestamp", "documentation": "The date and time when you created the access grant.
" }, "AccessGrantId": { "shape": "AccessGrantId", "documentation": "The ID of the access grant. S3 Access Grants auto-generates this ID when you create the access grant.
" }, "AccessGrantArn": { "shape": "AccessGrantArn", "documentation": "The Amazon Resource Name (ARN) of the access grant.
" }, "Grantee": { "shape": "Grantee", "documentation": "The user, group, or role to which you are granting access. You can grant access to an IAM user or role. If you have added your corporate directory to Amazon Web Services IAM Identity Center and associated your Identity Center instance with your S3 Access Grants instance, the grantee can also be a corporate directory user or group.
" }, "AccessGrantsLocationId": { "shape": "AccessGrantsLocationId", "documentation": "The ID of the registered location to which you are granting access. S3 Access Grants assigns this ID when you register the location. S3 Access Grants assigns the ID default to the default location s3:// and assigns an auto-generated ID to other locations that you register.
The configuration options of the grant location. The grant location is the S3 path to the data to which you are granting access.
" }, "Permission": { "shape": "Permission", "documentation": "The type of access that you are granting to your S3 data, which can be set to one of the following values:
READ – Grant read-only access to the S3 data.
WRITE – Grant write-only access to the S3 data.
READWRITE – Grant both read and write access to the S3 data.
The Amazon Resource Name (ARN) of an Amazon Web Services IAM Identity Center application associated with your Identity Center instance. If the grant includes an application ARN, the grantee can only access the S3 data through this application.
" }, "GrantScope": { "shape": "S3Prefix", "documentation": "The S3 path of the data to which you are granting access. It is the result of appending the Subprefix to the location scope.
The Amazon Web Services account ID of the S3 Access Grants instance.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" }, "IdentityCenterArn": { "shape": "IdentityCenterArn", "documentation": "If you would like to associate your S3 Access Grants instance with an Amazon Web Services IAM Identity Center instance, use this field to pass the Amazon Resource Name (ARN) of the Amazon Web Services IAM Identity Center instance that you are associating with your S3 Access Grants instance. An IAM Identity Center instance is your corporate identity directory that you added to the IAM Identity Center. You can use the ListInstances API operation to retrieve a list of your Identity Center instances and their ARNs.
" }, "Tags": { "shape": "TagList", "documentation": "The Amazon Web Services resource tags that you are adding to the S3 Access Grants instance. Each tag is a label consisting of a user-defined key and value. Tags can help you manage, identify, organize, search for, and filter resources.
" } } }, "CreateAccessGrantsInstanceResult": { "type": "structure", "members": { "CreatedAt": { "shape": "CreationTimestamp", "documentation": "The date and time when you created the S3 Access Grants instance.
" }, "AccessGrantsInstanceId": { "shape": "AccessGrantsInstanceId", "documentation": "The ID of the S3 Access Grants instance. The ID is default. You can have one S3 Access Grants instance per Region per account.
The Amazon Resource Name (ARN) of the Amazon Web Services IAM Identity Center instance that you are associating with your S3 Access Grants instance. An IAM Identity Center instance is your corporate identity directory that you added to the IAM Identity Center. You can use the ListInstances API operation to retrieve a list of your Identity Center instances and their ARNs.
" }, "IdentityCenterArn": { "shape": "IdentityCenterArn", "documentation": "If you associated your S3 Access Grants instance with an Amazon Web Services IAM Identity Center instance, this field returns the Amazon Resource Name (ARN) of the IAM Identity Center instance application; a subresource of the original Identity Center instance. S3 Access Grants creates this Identity Center application for the specific S3 Access Grants instance.
", "deprecated": true, "deprecatedMessage": "IdentityCenterArn has been deprecated. Use IdentityCenterInstanceArn or IdentityCenterApplicationArn." }, "IdentityCenterInstanceArn": { "shape": "IdentityCenterArn", "documentation": "The Amazon Resource Name (ARN) of the Amazon Web Services IAM Identity Center instance that you are associating with your S3 Access Grants instance. An IAM Identity Center instance is your corporate identity directory that you added to the IAM Identity Center. You can use the ListInstances API operation to retrieve a list of your Identity Center instances and their ARNs.
" }, "IdentityCenterApplicationArn": { "shape": "IdentityCenterApplicationArn", "documentation": "If you associated your S3 Access Grants instance with an Amazon Web Services IAM Identity Center instance, this field returns the Amazon Resource Name (ARN) of the IAM Identity Center instance application; a subresource of the original Identity Center instance. S3 Access Grants creates this Identity Center application for the specific S3 Access Grants instance.
" } } }, "CreateAccessGrantsLocationRequest": { "type": "structure", "required": [ "AccountId", "LocationScope", "IAMRoleArn" ], "members": { "AccountId": { "shape": "AccountId", "documentation": "The Amazon Web Services account ID of the S3 Access Grants instance.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" }, "LocationScope": { "shape": "S3Prefix", "documentation": "The S3 path to the location that you are registering. The location scope can be the default S3 location s3://, the S3 path to a bucket s3://<bucket>, or the S3 path to a bucket and prefix s3://<bucket>/<prefix>. A prefix in S3 is a string of characters at the beginning of an object key name used to organize the objects that you store in your S3 buckets. For example, object key names that start with the engineering/ prefix or object key names that start with the marketing/campaigns/ prefix.
The Amazon Resource Name (ARN) of the IAM role for the registered location. S3 Access Grants assumes this role to manage access to the registered location.
" }, "Tags": { "shape": "TagList", "documentation": "The Amazon Web Services resource tags that you are adding to the S3 Access Grants location. Each tag is a label consisting of a user-defined key and value. Tags can help you manage, identify, organize, search for, and filter resources.
" } } }, "CreateAccessGrantsLocationResult": { "type": "structure", "members": { "CreatedAt": { "shape": "CreationTimestamp", "documentation": "The date and time when you registered the location.
" }, "AccessGrantsLocationId": { "shape": "AccessGrantsLocationId", "documentation": "The ID of the registered location to which you are granting access. S3 Access Grants assigns this ID when you register the location. S3 Access Grants assigns the ID default to the default location s3:// and assigns an auto-generated ID to other locations that you register.
The Amazon Resource Name (ARN) of the location you are registering.
" }, "LocationScope": { "shape": "S3Prefix", "documentation": "The S3 URI path to the location that you are registering. The location scope can be the default S3 location s3://, the S3 path to a bucket, or the S3 path to a bucket and prefix. A prefix in S3 is a string of characters at the beginning of an object key name used to organize the objects that you store in your S3 buckets. For example, object key names that start with the engineering/ prefix or object key names that start with the marketing/campaigns/ prefix.
The Amazon Resource Name (ARN) of the IAM role for the registered location. S3 Access Grants assumes this role to manage access to the registered location.
" } } }, "CreateAccessPointForObjectLambdaRequest": { "type": "structure", "required": [ "AccountId", "Name", "Configuration" ], "members": { "AccountId": { "shape": "AccountId", "documentation": "The Amazon Web Services account ID for owner of the specified Object Lambda Access Point.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" }, "Name": { "shape": "ObjectLambdaAccessPointName", "documentation": "The name you want to assign to this Object Lambda Access Point.
", "location": "uri", "locationName": "name" }, "Configuration": { "shape": "ObjectLambdaConfiguration", "documentation": "Object Lambda Access Point configuration as a JSON document.
" } } }, "CreateAccessPointForObjectLambdaResult": { "type": "structure", "members": { "ObjectLambdaAccessPointArn": { "shape": "ObjectLambdaAccessPointArn", "documentation": "Specifies the ARN for the Object Lambda Access Point.
" }, "Alias": { "shape": "ObjectLambdaAccessPointAlias", "documentation": "The alias of the Object Lambda Access Point.
" } } }, "CreateAccessPointRequest": { "type": "structure", "required": [ "AccountId", "Name", "Bucket" ], "members": { "AccountId": { "shape": "AccountId", "documentation": "The Amazon Web Services account ID for the account that owns the specified access point.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" }, "Name": { "shape": "AccessPointName", "documentation": "The name you want to assign to this access point.
", "location": "uri", "locationName": "name" }, "Bucket": { "shape": "BucketName", "documentation": "The name of the bucket that you want to associate this access point with.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>. For example, to access the bucket reports through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports. The value must be URL encoded.
If you include this field, Amazon S3 restricts access to this access point to requests from the specified virtual private cloud (VPC).
This is required for creating an access point for Amazon S3 on Outposts buckets.
The PublicAccessBlock configuration that you want to apply to the access point.
The Amazon Web Services account ID associated with the S3 bucket associated with this access point.
For same account access point when your bucket and access point belong to the same account owner, the BucketAccountId is not required. For cross-account access point when your bucket and access point are not in the same account, the BucketAccountId is required.
The ARN of the access point.
This is only supported by Amazon S3 on Outposts.
The name or alias of the access point.
" } } }, "CreateBucketConfiguration": { "type": "structure", "members": { "LocationConstraint": { "shape": "BucketLocationConstraint", "documentation": "Specifies the Region where the bucket will be created. If you are creating a bucket on the US East (N. Virginia) Region (us-east-1), you do not need to specify the location.
This is not supported by Amazon S3 on Outposts buckets.
The container for the bucket configuration.
This is not supported by Amazon S3 on Outposts buckets.
The canned ACL to apply to the bucket.
This is not supported by Amazon S3 on Outposts buckets.
The name of the bucket.
", "contextParam": { "name": "Bucket" }, "location": "uri", "locationName": "name" }, "CreateBucketConfiguration": { "shape": "CreateBucketConfiguration", "documentation": "The configuration information for the bucket.
This is not supported by Amazon S3 on Outposts buckets.
Allows grantee the read, write, read ACP, and write ACP permissions on the bucket.
This is not supported by Amazon S3 on Outposts buckets.
Allows grantee to list the objects in the bucket.
This is not supported by Amazon S3 on Outposts buckets.
Allows grantee to read the bucket ACL.
This is not supported by Amazon S3 on Outposts buckets.
Allows grantee to create, overwrite, and delete any object in the bucket.
This is not supported by Amazon S3 on Outposts buckets.
Allows grantee to write the ACL for the applicable bucket.
This is not supported by Amazon S3 on Outposts buckets.
Specifies whether you want S3 Object Lock to be enabled for the new bucket.
This is not supported by Amazon S3 on Outposts buckets.
The ID of the Outposts where the bucket is being created.
This ID is required by Amazon S3 on Outposts buckets.
The location of the bucket.
", "location": "header", "locationName": "Location" }, "BucketArn": { "shape": "S3RegionalBucketArn", "documentation": "The Amazon Resource Name (ARN) of the bucket.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>. For example, to access the bucket reports through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports. The value must be URL encoded.
The Amazon Web Services account ID that creates the job.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" }, "ConfirmationRequired": { "shape": "ConfirmationRequired", "documentation": "Indicates whether confirmation is required before Amazon S3 runs the job. Confirmation is only required for jobs created through the Amazon S3 console.
", "box": true }, "Operation": { "shape": "JobOperation", "documentation": "The action that you want this job to perform on every object listed in the manifest. For more information about the available actions, see Operations in the Amazon S3 User Guide.
" }, "Report": { "shape": "JobReport", "documentation": "Configuration parameters for the optional job-completion report.
" }, "ClientRequestToken": { "shape": "NonEmptyMaxLength64String", "documentation": "An idempotency token to ensure that you don't accidentally submit the same request twice. You can use any string up to the maximum length.
", "idempotencyToken": true }, "Manifest": { "shape": "JobManifest", "documentation": "Configuration parameters for the manifest.
" }, "Description": { "shape": "NonEmptyMaxLength256String", "documentation": "A description for this job. You can use any string within the permitted length. Descriptions don't need to be unique and can be used for multiple jobs.
" }, "Priority": { "shape": "JobPriority", "documentation": "The numerical priority for this job. Higher numbers indicate higher priority.
", "box": true }, "RoleArn": { "shape": "IAMRoleArn", "documentation": "The Amazon Resource Name (ARN) for the Identity and Access Management (IAM) role that Batch Operations will use to run this job's action on every object in the manifest.
" }, "Tags": { "shape": "S3TagSet", "documentation": "A set of tags to associate with the S3 Batch Operations job. This is an optional parameter.
" }, "ManifestGenerator": { "shape": "JobManifestGenerator", "documentation": "The attribute container for the ManifestGenerator details. Jobs must be created with either a manifest file or a ManifestGenerator, but not both.
" } } }, "CreateJobResult": { "type": "structure", "members": { "JobId": { "shape": "JobId", "documentation": "The ID for this job. Amazon S3 generates this ID automatically and returns it after a successful Create Job request.
The name of the Multi-Region Access Point associated with this request.
" }, "PublicAccessBlock": { "shape": "PublicAccessBlockConfiguration" }, "Regions": { "shape": "RegionCreationList", "documentation": "The buckets in different Regions that are associated with the Multi-Region Access Point.
" } }, "documentation": "A container for the information associated with a CreateMultiRegionAccessPoint request.
" }, "CreateMultiRegionAccessPointRequest": { "type": "structure", "required": [ "AccountId", "ClientToken", "Details" ], "members": { "AccountId": { "shape": "AccountId", "documentation": "The Amazon Web Services account ID for the owner of the Multi-Region Access Point. The owner of the Multi-Region Access Point also must own the underlying buckets.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" }, "ClientToken": { "shape": "MultiRegionAccessPointClientToken", "documentation": "An idempotency token used to identify the request and guarantee that requests are unique.
", "idempotencyToken": true }, "Details": { "shape": "CreateMultiRegionAccessPointInput", "documentation": "A container element containing details about the Multi-Region Access Point.
" } } }, "CreateMultiRegionAccessPointResult": { "type": "structure", "members": { "RequestTokenARN": { "shape": "AsyncRequestTokenARN", "documentation": "The request token associated with the request. You can use this token with DescribeMultiRegionAccessPointOperation to determine the status of asynchronous requests.
" } } }, "CreateStorageLensGroupRequest": { "type": "structure", "required": [ "AccountId", "StorageLensGroup" ], "members": { "AccountId": { "shape": "AccountId", "documentation": "The Amazon Web Services account ID that the Storage Lens group is created from and associated with.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" }, "StorageLensGroup": { "shape": "StorageLensGroup", "documentation": "The Storage Lens group configuration.
" }, "Tags": { "shape": "TagList", "documentation": "The Amazon Web Services resource tags that you're adding to your Storage Lens group. This parameter is optional.
" } } }, "CreationDate": { "type": "timestamp" }, "CreationTimestamp": { "type": "timestamp" }, "Credentials": { "type": "structure", "members": { "AccessKeyId": { "shape": "AccessKeyId", "documentation": "The unique access key ID of the Amazon Web Services STS temporary credential that S3 Access Grants vends to grantees and client applications.
" }, "SecretAccessKey": { "shape": "SecretAccessKey", "documentation": "The secret access key of the Amazon Web Services STS temporary credential that S3 Access Grants vends to grantees and client applications.
" }, "SessionToken": { "shape": "SessionToken", "documentation": "The Amazon Web Services STS temporary credential that S3 Access Grants vends to grantees and client applications.
" }, "Expiration": { "shape": "Expiration", "documentation": "The expiration date and time of the temporary credential that S3 Access Grants vends to grantees and client applications.
" } }, "documentation": "The Amazon Web Services Security Token Service temporary credential that S3 Access Grants vends to grantees and client applications.
", "sensitive": true }, "Date": { "type": "timestamp" }, "Days": { "type": "integer" }, "DaysAfterInitiation": { "type": "integer" }, "DeleteAccessGrantRequest": { "type": "structure", "required": [ "AccountId", "AccessGrantId" ], "members": { "AccountId": { "shape": "AccountId", "documentation": "The Amazon Web Services account ID of the S3 Access Grants instance.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" }, "AccessGrantId": { "shape": "AccessGrantId", "documentation": "The ID of the access grant. S3 Access Grants auto-generates this ID when you create the access grant.
", "location": "uri", "locationName": "id" } } }, "DeleteAccessGrantsInstanceRequest": { "type": "structure", "required": [ "AccountId" ], "members": { "AccountId": { "shape": "AccountId", "documentation": "The Amazon Web Services account ID of the S3 Access Grants instance.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" } } }, "DeleteAccessGrantsInstanceResourcePolicyRequest": { "type": "structure", "required": [ "AccountId" ], "members": { "AccountId": { "shape": "AccountId", "documentation": "The Amazon Web Services account ID of the S3 Access Grants instance.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" } } }, "DeleteAccessGrantsLocationRequest": { "type": "structure", "required": [ "AccountId", "AccessGrantsLocationId" ], "members": { "AccountId": { "shape": "AccountId", "documentation": "The Amazon Web Services account ID of the S3 Access Grants instance.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" }, "AccessGrantsLocationId": { "shape": "AccessGrantsLocationId", "documentation": "The ID of the registered location that you are deregistering from your S3 Access Grants instance. S3 Access Grants assigned this ID when you registered the location. S3 Access Grants assigns the ID default to the default location s3:// and assigns an auto-generated ID to other locations that you register.
The account ID for the account that owns the specified Object Lambda Access Point.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" }, "Name": { "shape": "ObjectLambdaAccessPointName", "documentation": "The name of the access point you want to delete.
", "location": "uri", "locationName": "name" } } }, "DeleteAccessPointPolicyForObjectLambdaRequest": { "type": "structure", "required": [ "AccountId", "Name" ], "members": { "AccountId": { "shape": "AccountId", "documentation": "The account ID for the account that owns the specified Object Lambda Access Point.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" }, "Name": { "shape": "ObjectLambdaAccessPointName", "documentation": "The name of the Object Lambda Access Point you want to delete the policy for.
", "location": "uri", "locationName": "name" } } }, "DeleteAccessPointPolicyRequest": { "type": "structure", "required": [ "AccountId", "Name" ], "members": { "AccountId": { "shape": "AccountId", "documentation": "The account ID for the account that owns the specified access point.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" }, "Name": { "shape": "AccessPointName", "documentation": "The name of the access point whose policy you want to delete.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the access point accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/accesspoint/<my-accesspoint-name>. For example, to access the access point reports-ap through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/accesspoint/reports-ap. The value must be URL encoded.
The Amazon Web Services account ID for the account that owns the specified access point.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" }, "Name": { "shape": "AccessPointName", "documentation": "The name of the access point you want to delete.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the access point accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/accesspoint/<my-accesspoint-name>. For example, to access the access point reports-ap through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/accesspoint/reports-ap. The value must be URL encoded.
The account ID of the lifecycle configuration to delete.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" }, "Bucket": { "shape": "BucketName", "documentation": "Specifies the bucket.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>. For example, to access the bucket reports through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports. The value must be URL encoded.
The account ID of the Outposts bucket.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" }, "Bucket": { "shape": "BucketName", "documentation": "Specifies the bucket.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>. For example, to access the bucket reports through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports. The value must be URL encoded.
The Amazon Web Services account ID of the Outposts bucket to delete the replication configuration for.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" }, "Bucket": { "shape": "BucketName", "documentation": "Specifies the S3 on Outposts bucket to delete the replication configuration for.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>. For example, to access the bucket reports through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports. The value must be URL encoded.
The account ID that owns the Outposts bucket.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" }, "Bucket": { "shape": "BucketName", "documentation": "Specifies the bucket being deleted.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>. For example, to access the bucket reports through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports. The value must be URL encoded.
The Amazon Web Services account ID of the Outposts bucket tag set to be removed.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" }, "Bucket": { "shape": "BucketName", "documentation": "The bucket ARN that has the tag set to be removed.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>. For example, to access the bucket reports through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports. The value must be URL encoded.
The Amazon Web Services account ID associated with the S3 Batch Operations job.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" }, "JobId": { "shape": "JobId", "documentation": "The ID for the S3 Batch Operations job whose tags you want to delete.
", "location": "uri", "locationName": "id" } } }, "DeleteJobTaggingResult": { "type": "structure", "members": {} }, "DeleteMarkerReplication": { "type": "structure", "required": [ "Status" ], "members": { "Status": { "shape": "DeleteMarkerReplicationStatus", "documentation": "Indicates whether to replicate delete markers.
" } }, "documentation": "Specifies whether S3 on Outposts replicates delete markers. If you specify a Filter element in your replication configuration, you must also include a DeleteMarkerReplication element. If your Filter includes a Tag element, the DeleteMarkerReplication element's Status child element must be set to Disabled, because S3 on Outposts does not support replicating delete markers for tag-based rules.
For more information about delete marker replication, see How delete operations affect replication in the Amazon S3 User Guide.
" }, "DeleteMarkerReplicationStatus": { "type": "string", "enum": [ "Enabled", "Disabled" ] }, "DeleteMultiRegionAccessPointInput": { "type": "structure", "required": [ "Name" ], "members": { "Name": { "shape": "MultiRegionAccessPointName", "documentation": "The name of the Multi-Region Access Point associated with this request.
" } }, "documentation": "A container for the information associated with a DeleteMultiRegionAccessPoint request.
" }, "DeleteMultiRegionAccessPointRequest": { "type": "structure", "required": [ "AccountId", "ClientToken", "Details" ], "members": { "AccountId": { "shape": "AccountId", "documentation": "The Amazon Web Services account ID for the owner of the Multi-Region Access Point.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" }, "ClientToken": { "shape": "MultiRegionAccessPointClientToken", "documentation": "An idempotency token used to identify the request and guarantee that requests are unique.
", "idempotencyToken": true }, "Details": { "shape": "DeleteMultiRegionAccessPointInput", "documentation": "A container element containing details about the Multi-Region Access Point.
" } } }, "DeleteMultiRegionAccessPointResult": { "type": "structure", "members": { "RequestTokenARN": { "shape": "AsyncRequestTokenARN", "documentation": "The request token associated with the request. You can use this token with DescribeMultiRegionAccessPointOperation to determine the status of asynchronous requests.
" } } }, "DeletePublicAccessBlockRequest": { "type": "structure", "required": [ "AccountId" ], "members": { "AccountId": { "shape": "AccountId", "documentation": "The account ID for the Amazon Web Services account whose PublicAccessBlock configuration you want to remove.
The ID of the S3 Storage Lens configuration.
", "location": "uri", "locationName": "storagelensid" }, "AccountId": { "shape": "AccountId", "documentation": "The account ID of the requester.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" } } }, "DeleteStorageLensConfigurationTaggingRequest": { "type": "structure", "required": [ "ConfigId", "AccountId" ], "members": { "ConfigId": { "shape": "ConfigId", "documentation": "The ID of the S3 Storage Lens configuration.
", "location": "uri", "locationName": "storagelensid" }, "AccountId": { "shape": "AccountId", "documentation": "The account ID of the requester.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" } } }, "DeleteStorageLensConfigurationTaggingResult": { "type": "structure", "members": {} }, "DeleteStorageLensGroupRequest": { "type": "structure", "required": [ "Name", "AccountId" ], "members": { "Name": { "shape": "StorageLensGroupName", "documentation": "The name of the Storage Lens group that you're trying to delete.
", "location": "uri", "locationName": "name" }, "AccountId": { "shape": "AccountId", "documentation": "The Amazon Web Services account ID used to create the Storage Lens group that you're trying to delete.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" } } }, "DescribeJobRequest": { "type": "structure", "required": [ "AccountId", "JobId" ], "members": { "AccountId": { "shape": "AccountId", "documentation": "The Amazon Web Services account ID associated with the S3 Batch Operations job.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" }, "JobId": { "shape": "JobId", "documentation": "The ID for the job whose information you want to retrieve.
", "location": "uri", "locationName": "id" } } }, "DescribeJobResult": { "type": "structure", "members": { "Job": { "shape": "JobDescriptor", "documentation": "Contains the configuration parameters and status for the job specified in the Describe Job request.
The Amazon Web Services account ID for the owner of the Multi-Region Access Point.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" }, "RequestTokenARN": { "shape": "AsyncRequestTokenARN", "documentation": "The request token associated with the request you want to know about. This request token is returned as part of the response when you make an asynchronous request. You provide this token to query about the status of the asynchronous action.
", "location": "uri", "locationName": "request_token" } } }, "DescribeMultiRegionAccessPointOperationResult": { "type": "structure", "members": { "AsyncOperation": { "shape": "AsyncOperation", "documentation": "A container element containing the details of the asynchronous operation.
" } } }, "Destination": { "type": "structure", "required": [ "Bucket" ], "members": { "Account": { "shape": "AccountId", "documentation": "The destination bucket owner's account ID.
" }, "Bucket": { "shape": "BucketIdentifierString", "documentation": "The Amazon Resource Name (ARN) of the access point for the destination bucket where you want S3 on Outposts to store the replication results.
" }, "ReplicationTime": { "shape": "ReplicationTime", "documentation": "A container that specifies S3 Replication Time Control (S3 RTC) settings, including whether S3 RTC is enabled and the time when all objects and operations on objects must be replicated. Must be specified together with a Metrics block.
This is not supported by Amazon S3 on Outposts buckets.
Specify this property only in a cross-account scenario (where the source and destination bucket owners are not the same), and you want to change replica ownership to the Amazon Web Services account that owns the destination bucket. If this property is not specified in the replication configuration, the replicas are owned by same Amazon Web Services account that owns the source object.
This is not supported by Amazon S3 on Outposts buckets.
A container that provides information about encryption. If SourceSelectionCriteria is specified, you must specify this element.
This is not supported by Amazon S3 on Outposts buckets.
A container that specifies replication metrics-related settings.
" }, "StorageClass": { "shape": "ReplicationStorageClass", "documentation": " The storage class to use when replicating objects. All objects stored on S3 on Outposts are stored in the OUTPOSTS storage class. S3 on Outposts uses the OUTPOSTS storage class to create the object replicas.
Values other than OUTPOSTS aren't supported by Amazon S3 on Outposts.
Specifies information about the replication destination bucket and its settings for an S3 on Outposts replication configuration.
" }, "DetailedStatusCodesMetrics": { "type": "structure", "members": { "IsEnabled": { "shape": "IsEnabled", "documentation": "A container that indicates whether detailed status code metrics are enabled.
" } }, "documentation": "The container element for Amazon S3 Storage Lens detailed status code metrics. Detailed status code metrics generate metrics for HTTP status codes, such as 200 OK, 403 Forbidden, 503 Service Unavailable and others.
For more information about S3 Storage Lens, see Assessing your storage activity and usage with S3 Storage Lens in the Amazon S3 User Guide. For a complete list of S3 Storage Lens metrics, see S3 Storage Lens metrics glossary in the Amazon S3 User Guide.
" }, "DissociateAccessGrantsIdentityCenterRequest": { "type": "structure", "required": [ "AccountId" ], "members": { "AccountId": { "shape": "AccountId", "documentation": "The Amazon Web Services account ID of the S3 Access Grants instance.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" } } }, "DurationSeconds": { "type": "integer", "box": true, "max": 43200, "min": 900 }, "EncryptionConfiguration": { "type": "structure", "members": { "ReplicaKmsKeyID": { "shape": "ReplicaKmsKeyID", "documentation": "Specifies the ID of the customer managed KMS key that's stored in Key Management Service (KMS) for the destination bucket. This ID is either the Amazon Resource Name (ARN) for the KMS key or the alias ARN for the KMS key. Amazon S3 uses this KMS key to encrypt replica objects. Amazon S3 supports only symmetric encryption KMS keys. For more information, see Symmetric encryption KMS keys in the Amazon Web Services Key Management Service Developer Guide.
", "box": true } }, "documentation": "Specifies encryption-related information for an Amazon S3 bucket that is a destination for replicated objects. If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner.
This is not supported by Amazon S3 on Outposts buckets.
The details of the last established policy.
" } }, "documentation": "The last established access control policy for a Multi-Region Access Point.
When you update the policy, the update is first listed as the proposed policy. After the update is finished and all Regions have been updated, the proposed policy is listed as the established policy. If both policies have the same version number, the proposed policy is the established policy.
" }, "Exclude": { "type": "structure", "members": { "Buckets": { "shape": "Buckets", "documentation": "A container for the S3 Storage Lens bucket excludes.
" }, "Regions": { "shape": "Regions", "documentation": "A container for the S3 Storage Lens Region excludes.
" } }, "documentation": "A container for what Amazon S3 Storage Lens will exclude.
" }, "ExistingObjectReplication": { "type": "structure", "required": [ "Status" ], "members": { "Status": { "shape": "ExistingObjectReplicationStatus", "documentation": "Specifies whether Amazon S3 replicates existing source bucket objects.
" } }, "documentation": "An optional configuration to replicate existing source bucket objects.
This is not supported by Amazon S3 on Outposts buckets.
Specifies the use of SSE-S3 to encrypt generated manifest objects.
", "locationName": "SSE-S3" }, "SSEKMS": { "shape": "SSEKMSEncryption", "documentation": "Configuration details on how SSE-KMS is used to encrypt generated manifest objects.
", "locationName": "SSE-KMS" } }, "documentation": "The encryption configuration to use when storing the generated manifest.
" }, "GeneratedManifestFormat": { "type": "string", "enum": [ "S3InventoryReport_CSV_20211130" ] }, "GetAccessGrantRequest": { "type": "structure", "required": [ "AccountId", "AccessGrantId" ], "members": { "AccountId": { "shape": "AccountId", "documentation": "The Amazon Web Services account ID of the S3 Access Grants instance.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" }, "AccessGrantId": { "shape": "AccessGrantId", "documentation": "The ID of the access grant. S3 Access Grants auto-generates this ID when you create the access grant.
", "location": "uri", "locationName": "id" } } }, "GetAccessGrantResult": { "type": "structure", "members": { "CreatedAt": { "shape": "CreationTimestamp", "documentation": "The date and time when you created the access grant.
" }, "AccessGrantId": { "shape": "AccessGrantId", "documentation": "The ID of the access grant. S3 Access Grants auto-generates this ID when you create the access grant.
" }, "AccessGrantArn": { "shape": "AccessGrantArn", "documentation": "The Amazon Resource Name (ARN) of the access grant.
" }, "Grantee": { "shape": "Grantee", "documentation": "The user, group, or role to which you are granting access. You can grant access to an IAM user or role. If you have added a corporate directory to Amazon Web Services IAM Identity Center and associated this Identity Center instance with the S3 Access Grants instance, the grantee can also be a corporate directory user or group.
" }, "Permission": { "shape": "Permission", "documentation": "The type of permission that was granted in the access grant. Can be one of the following values:
READ – Grant read-only access to the S3 data.
WRITE – Grant write-only access to the S3 data.
READWRITE – Grant both read and write access to the S3 data.
The ID of the registered location to which you are granting access. S3 Access Grants assigns this ID when you register the location. S3 Access Grants assigns the ID default to the default location s3:// and assigns an auto-generated ID to other locations that you register.
The configuration options of the grant location. The grant location is the S3 path to the data to which you are granting access.
" }, "GrantScope": { "shape": "S3Prefix", "documentation": "The S3 path of the data to which you are granting access. It is the result of appending the Subprefix to the location scope.
The Amazon Resource Name (ARN) of an Amazon Web Services IAM Identity Center application associated with your Identity Center instance. If the grant includes an application ARN, the grantee can only access the S3 data through this application.
" } } }, "GetAccessGrantsInstanceForPrefixRequest": { "type": "structure", "required": [ "AccountId", "S3Prefix" ], "members": { "AccountId": { "shape": "AccountId", "documentation": "The ID of the Amazon Web Services account that is making this request.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" }, "S3Prefix": { "shape": "S3Prefix", "documentation": "The S3 prefix of the access grants that you would like to retrieve.
", "location": "querystring", "locationName": "s3prefix" } } }, "GetAccessGrantsInstanceForPrefixResult": { "type": "structure", "members": { "AccessGrantsInstanceArn": { "shape": "AccessGrantsInstanceArn", "documentation": "The Amazon Resource Name (ARN) of the S3 Access Grants instance.
" }, "AccessGrantsInstanceId": { "shape": "AccessGrantsInstanceId", "documentation": "The ID of the S3 Access Grants instance. The ID is default. You can have one S3 Access Grants instance per Region per account.
The Amazon Web Services account ID of the S3 Access Grants instance.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" } } }, "GetAccessGrantsInstanceResourcePolicyRequest": { "type": "structure", "required": [ "AccountId" ], "members": { "AccountId": { "shape": "AccountId", "documentation": "The Amazon Web Services account ID of the S3 Access Grants instance.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" } } }, "GetAccessGrantsInstanceResourcePolicyResult": { "type": "structure", "members": { "Policy": { "shape": "PolicyDocument", "documentation": "The resource policy of the S3 Access Grants instance.
" }, "Organization": { "shape": "Organization", "documentation": "The Organization of the resource policy of the S3 Access Grants instance.
" }, "CreatedAt": { "shape": "CreationTimestamp", "documentation": "The date and time when you created the S3 Access Grants instance resource policy.
" } } }, "GetAccessGrantsInstanceResult": { "type": "structure", "members": { "AccessGrantsInstanceArn": { "shape": "AccessGrantsInstanceArn", "documentation": "The Amazon Resource Name (ARN) of the S3 Access Grants instance.
" }, "AccessGrantsInstanceId": { "shape": "AccessGrantsInstanceId", "documentation": "The ID of the S3 Access Grants instance. The ID is default. You can have one S3 Access Grants instance per Region per account.
If you associated your S3 Access Grants instance with an Amazon Web Services IAM Identity Center instance, this field returns the Amazon Resource Name (ARN) of the IAM Identity Center instance application; a subresource of the original Identity Center instance. S3 Access Grants creates this Identity Center application for the specific S3 Access Grants instance.
", "deprecated": true, "deprecatedMessage": "IdentityCenterArn has been deprecated. Use IdentityCenterInstanceArn or IdentityCenterApplicationArn." }, "IdentityCenterInstanceArn": { "shape": "IdentityCenterArn", "documentation": "The Amazon Resource Name (ARN) of the Amazon Web Services IAM Identity Center instance that you are associating with your S3 Access Grants instance. An IAM Identity Center instance is your corporate identity directory that you added to the IAM Identity Center. You can use the ListInstances API operation to retrieve a list of your Identity Center instances and their ARNs.
" }, "IdentityCenterApplicationArn": { "shape": "IdentityCenterApplicationArn", "documentation": "If you associated your S3 Access Grants instance with an Amazon Web Services IAM Identity Center instance, this field returns the Amazon Resource Name (ARN) of the IAM Identity Center instance application; a subresource of the original Identity Center instance. S3 Access Grants creates this Identity Center application for the specific S3 Access Grants instance.
" }, "CreatedAt": { "shape": "CreationTimestamp", "documentation": "The date and time when you created the S3 Access Grants instance.
" } } }, "GetAccessGrantsLocationRequest": { "type": "structure", "required": [ "AccountId", "AccessGrantsLocationId" ], "members": { "AccountId": { "shape": "AccountId", "documentation": "The Amazon Web Services account ID of the S3 Access Grants instance.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" }, "AccessGrantsLocationId": { "shape": "AccessGrantsLocationId", "documentation": "The ID of the registered location that you are retrieving. S3 Access Grants assigns this ID when you register the location. S3 Access Grants assigns the ID default to the default location s3:// and assigns an auto-generated ID to other locations that you register.
The date and time when you registered the location.
" }, "AccessGrantsLocationId": { "shape": "AccessGrantsLocationId", "documentation": "The ID of the registered location to which you are granting access. S3 Access Grants assigns this ID when you register the location. S3 Access Grants assigns the ID default to the default location s3:// and assigns an auto-generated ID to other locations that you register.
The Amazon Resource Name (ARN) of the registered location.
" }, "LocationScope": { "shape": "S3Prefix", "documentation": "The S3 URI path to the registered location. The location scope can be the default S3 location s3://, the S3 path to a bucket, or the S3 path to a bucket and prefix. A prefix in S3 is a string of characters at the beginning of an object key name used to organize the objects that you store in your S3 buckets. For example, object key names that start with the engineering/ prefix or object key names that start with the marketing/campaigns/ prefix.
The Amazon Resource Name (ARN) of the IAM role for the registered location. S3 Access Grants assumes this role to manage access to the registered location.
" } } }, "GetAccessPointConfigurationForObjectLambdaRequest": { "type": "structure", "required": [ "AccountId", "Name" ], "members": { "AccountId": { "shape": "AccountId", "documentation": "The account ID for the account that owns the specified Object Lambda Access Point.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" }, "Name": { "shape": "ObjectLambdaAccessPointName", "documentation": "The name of the Object Lambda Access Point you want to return the configuration for.
", "location": "uri", "locationName": "name" } } }, "GetAccessPointConfigurationForObjectLambdaResult": { "type": "structure", "members": { "Configuration": { "shape": "ObjectLambdaConfiguration", "documentation": "Object Lambda Access Point configuration document.
" } } }, "GetAccessPointForObjectLambdaRequest": { "type": "structure", "required": [ "AccountId", "Name" ], "members": { "AccountId": { "shape": "AccountId", "documentation": "The account ID for the account that owns the specified Object Lambda Access Point.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" }, "Name": { "shape": "ObjectLambdaAccessPointName", "documentation": "The name of the Object Lambda Access Point.
", "location": "uri", "locationName": "name" } } }, "GetAccessPointForObjectLambdaResult": { "type": "structure", "members": { "Name": { "shape": "ObjectLambdaAccessPointName", "documentation": "The name of the Object Lambda Access Point.
" }, "PublicAccessBlockConfiguration": { "shape": "PublicAccessBlockConfiguration", "documentation": "Configuration to block all public access. This setting is turned on and can not be edited.
" }, "CreationDate": { "shape": "CreationDate", "documentation": "The date and time when the specified Object Lambda Access Point was created.
" }, "Alias": { "shape": "ObjectLambdaAccessPointAlias", "documentation": "The alias of the Object Lambda Access Point.
" } } }, "GetAccessPointPolicyForObjectLambdaRequest": { "type": "structure", "required": [ "AccountId", "Name" ], "members": { "AccountId": { "shape": "AccountId", "documentation": "The account ID for the account that owns the specified Object Lambda Access Point.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" }, "Name": { "shape": "ObjectLambdaAccessPointName", "documentation": "The name of the Object Lambda Access Point.
", "location": "uri", "locationName": "name" } } }, "GetAccessPointPolicyForObjectLambdaResult": { "type": "structure", "members": { "Policy": { "shape": "ObjectLambdaPolicy", "documentation": "Object Lambda Access Point resource policy document.
" } } }, "GetAccessPointPolicyRequest": { "type": "structure", "required": [ "AccountId", "Name" ], "members": { "AccountId": { "shape": "AccountId", "documentation": "The account ID for the account that owns the specified access point.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" }, "Name": { "shape": "AccessPointName", "documentation": "The name of the access point whose policy you want to retrieve.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the access point accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/accesspoint/<my-accesspoint-name>. For example, to access the access point reports-ap through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/accesspoint/reports-ap. The value must be URL encoded.
The access point policy associated with the specified access point.
" } } }, "GetAccessPointPolicyStatusForObjectLambdaRequest": { "type": "structure", "required": [ "AccountId", "Name" ], "members": { "AccountId": { "shape": "AccountId", "documentation": "The account ID for the account that owns the specified Object Lambda Access Point.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" }, "Name": { "shape": "ObjectLambdaAccessPointName", "documentation": "The name of the Object Lambda Access Point.
", "location": "uri", "locationName": "name" } } }, "GetAccessPointPolicyStatusForObjectLambdaResult": { "type": "structure", "members": { "PolicyStatus": { "shape": "PolicyStatus" } } }, "GetAccessPointPolicyStatusRequest": { "type": "structure", "required": [ "AccountId", "Name" ], "members": { "AccountId": { "shape": "AccountId", "documentation": "The account ID for the account that owns the specified access point.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" }, "Name": { "shape": "AccessPointName", "documentation": "The name of the access point whose policy status you want to retrieve.
", "contextParam": { "name": "AccessPointName" }, "location": "uri", "locationName": "name" } } }, "GetAccessPointPolicyStatusResult": { "type": "structure", "members": { "PolicyStatus": { "shape": "PolicyStatus", "documentation": "Indicates the current policy status of the specified access point.
" } } }, "GetAccessPointRequest": { "type": "structure", "required": [ "AccountId", "Name" ], "members": { "AccountId": { "shape": "AccountId", "documentation": "The Amazon Web Services account ID for the account that owns the specified access point.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" }, "Name": { "shape": "AccessPointName", "documentation": "The name of the access point whose configuration information you want to retrieve.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the access point accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/accesspoint/<my-accesspoint-name>. For example, to access the access point reports-ap through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/accesspoint/reports-ap. The value must be URL encoded.
The name of the specified access point.
" }, "Bucket": { "shape": "BucketName", "documentation": "The name of the bucket associated with the specified access point.
" }, "NetworkOrigin": { "shape": "NetworkOrigin", "documentation": "Indicates whether this access point allows access from the public internet. If VpcConfiguration is specified for this access point, then NetworkOrigin is VPC, and the access point doesn't allow access from the public internet. Otherwise, NetworkOrigin is Internet, and the access point allows access from the public internet, subject to the access point and bucket access policies.
This will always be true for an Amazon S3 on Outposts access point
" }, "VpcConfiguration": { "shape": "VpcConfiguration", "documentation": "Contains the virtual private cloud (VPC) configuration for the specified access point.
This element is empty if this access point is an Amazon S3 on Outposts access point that is used by other Amazon Web Servicesservices.
The date and time when the specified access point was created.
" }, "Alias": { "shape": "Alias", "documentation": "The name or alias of the access point.
" }, "AccessPointArn": { "shape": "S3AccessPointArn", "documentation": "The ARN of the access point.
" }, "Endpoints": { "shape": "Endpoints", "documentation": "The VPC endpoint for the access point.
" }, "BucketAccountId": { "shape": "AccountId", "documentation": "The Amazon Web Services account ID associated with the S3 bucket associated with this access point.
" } } }, "GetBucketLifecycleConfigurationRequest": { "type": "structure", "required": [ "AccountId", "Bucket" ], "members": { "AccountId": { "shape": "AccountId", "documentation": "The Amazon Web Services account ID of the Outposts bucket.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" }, "Bucket": { "shape": "BucketName", "documentation": "The Amazon Resource Name (ARN) of the bucket.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>. For example, to access the bucket reports through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports. The value must be URL encoded.
Container for the lifecycle rule of the Outposts bucket.
" } } }, "GetBucketPolicyRequest": { "type": "structure", "required": [ "AccountId", "Bucket" ], "members": { "AccountId": { "shape": "AccountId", "documentation": "The Amazon Web Services account ID of the Outposts bucket.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" }, "Bucket": { "shape": "BucketName", "documentation": "Specifies the bucket.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>. For example, to access the bucket reports through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports. The value must be URL encoded.
The policy of the Outposts bucket.
" } } }, "GetBucketReplicationRequest": { "type": "structure", "required": [ "AccountId", "Bucket" ], "members": { "AccountId": { "shape": "AccountId", "documentation": "The Amazon Web Services account ID of the Outposts bucket.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" }, "Bucket": { "shape": "BucketName", "documentation": "Specifies the bucket to get the replication information for.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>. For example, to access the bucket reports through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports. The value must be URL encoded.
A container for one or more replication rules. A replication configuration must have at least one rule and you can add up to 100 rules. The maximum size of a replication configuration is 128 KB.
" } } }, "GetBucketRequest": { "type": "structure", "required": [ "AccountId", "Bucket" ], "members": { "AccountId": { "shape": "AccountId", "documentation": "The Amazon Web Services account ID of the Outposts bucket.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" }, "Bucket": { "shape": "BucketName", "documentation": "Specifies the bucket.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>. For example, to access the bucket reports through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports. The value must be URL encoded.
The Outposts bucket requested.
" }, "PublicAccessBlockEnabled": { "shape": "PublicAccessBlockEnabled", "documentation": "" }, "CreationDate": { "shape": "CreationDate", "documentation": "The creation date of the Outposts bucket.
" } } }, "GetBucketTaggingRequest": { "type": "structure", "required": [ "AccountId", "Bucket" ], "members": { "AccountId": { "shape": "AccountId", "documentation": "The Amazon Web Services account ID of the Outposts bucket.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" }, "Bucket": { "shape": "BucketName", "documentation": "Specifies the bucket.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>. For example, to access the bucket reports through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports. The value must be URL encoded.
The tags set of the Outposts bucket.
" } } }, "GetBucketVersioningRequest": { "type": "structure", "required": [ "AccountId", "Bucket" ], "members": { "AccountId": { "shape": "AccountId", "documentation": "The Amazon Web Services account ID of the S3 on Outposts bucket.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" }, "Bucket": { "shape": "BucketName", "documentation": "The S3 on Outposts bucket to return the versioning state for.
", "contextParam": { "name": "Bucket" }, "location": "uri", "locationName": "name" } } }, "GetBucketVersioningResult": { "type": "structure", "members": { "Status": { "shape": "BucketVersioningStatus", "documentation": "The versioning state of the S3 on Outposts bucket.
" }, "MFADelete": { "shape": "MFADeleteStatus", "documentation": "Specifies whether MFA delete is enabled in the bucket versioning configuration. This element is returned only if the bucket has been configured with MFA delete. If MFA delete has never been configured for the bucket, this element is not returned.
", "locationName": "MfaDelete" } } }, "GetDataAccessRequest": { "type": "structure", "required": [ "AccountId", "Target", "Permission" ], "members": { "AccountId": { "shape": "AccountId", "documentation": "The Amazon Web Services account ID of the S3 Access Grants instance.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" }, "Target": { "shape": "S3Prefix", "documentation": "The S3 URI path of the data to which you are requesting temporary access credentials. If the requesting account has an access grant for this data, S3 Access Grants vends temporary access credentials in the response.
", "location": "querystring", "locationName": "target" }, "Permission": { "shape": "Permission", "documentation": "The type of permission granted to your S3 data, which can be set to one of the following values:
READ – Grant read-only access to the S3 data.
WRITE – Grant write-only access to the S3 data.
READWRITE – Grant both read and write access to the S3 data.
The session duration, in seconds, of the temporary access credential that S3 Access Grants vends to the grantee or client application. The default value is 1 hour, but the grantee can specify a range from 900 seconds (15 minutes) up to 43200 seconds (12 hours). If the grantee requests a value higher than this maximum, the operation fails.
", "location": "querystring", "locationName": "durationSeconds" }, "Privilege": { "shape": "Privilege", "documentation": "The scope of the temporary access credential that S3 Access Grants vends to the grantee or client application.
Default – The scope of the returned temporary access token is the scope of the grant that is closest to the target scope.
Minimal – The scope of the returned temporary access token is the same as the requested target scope as long as the requested scope is the same as or a subset of the grant scope.
The type of Target. The only possible value is Object. Pass this value if the target data that you would like to access is a path to an object. Do not pass this value if the target data is a bucket or a bucket and a prefix.
The temporary credential token that S3 Access Grants vends.
" }, "MatchedGrantTarget": { "shape": "S3Prefix", "documentation": "The S3 URI path of the data to which you are being granted temporary access credentials.
" } } }, "GetJobTaggingRequest": { "type": "structure", "required": [ "AccountId", "JobId" ], "members": { "AccountId": { "shape": "AccountId", "documentation": "The Amazon Web Services account ID associated with the S3 Batch Operations job.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" }, "JobId": { "shape": "JobId", "documentation": "The ID for the S3 Batch Operations job whose tags you want to retrieve.
", "location": "uri", "locationName": "id" } } }, "GetJobTaggingResult": { "type": "structure", "members": { "Tags": { "shape": "S3TagSet", "documentation": "The set of tags associated with the S3 Batch Operations job.
" } } }, "GetMultiRegionAccessPointPolicyRequest": { "type": "structure", "required": [ "AccountId", "Name" ], "members": { "AccountId": { "shape": "AccountId", "documentation": "The Amazon Web Services account ID for the owner of the Multi-Region Access Point.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" }, "Name": { "shape": "MultiRegionAccessPointName", "documentation": "Specifies the Multi-Region Access Point. The name of the Multi-Region Access Point is different from the alias. For more information about the distinction between the name and the alias of an Multi-Region Access Point, see Rules for naming Amazon S3 Multi-Region Access Points in the Amazon S3 User Guide.
", "location": "uri", "locationName": "name" } } }, "GetMultiRegionAccessPointPolicyResult": { "type": "structure", "members": { "Policy": { "shape": "MultiRegionAccessPointPolicyDocument", "documentation": "The policy associated with the specified Multi-Region Access Point.
" } } }, "GetMultiRegionAccessPointPolicyStatusRequest": { "type": "structure", "required": [ "AccountId", "Name" ], "members": { "AccountId": { "shape": "AccountId", "documentation": "The Amazon Web Services account ID for the owner of the Multi-Region Access Point.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" }, "Name": { "shape": "MultiRegionAccessPointName", "documentation": "Specifies the Multi-Region Access Point. The name of the Multi-Region Access Point is different from the alias. For more information about the distinction between the name and the alias of an Multi-Region Access Point, see Rules for naming Amazon S3 Multi-Region Access Points in the Amazon S3 User Guide.
", "location": "uri", "locationName": "name" } } }, "GetMultiRegionAccessPointPolicyStatusResult": { "type": "structure", "members": { "Established": { "shape": "PolicyStatus" } } }, "GetMultiRegionAccessPointRequest": { "type": "structure", "required": [ "AccountId", "Name" ], "members": { "AccountId": { "shape": "AccountId", "documentation": "The Amazon Web Services account ID for the owner of the Multi-Region Access Point.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" }, "Name": { "shape": "MultiRegionAccessPointName", "documentation": "The name of the Multi-Region Access Point whose configuration information you want to receive. The name of the Multi-Region Access Point is different from the alias. For more information about the distinction between the name and the alias of an Multi-Region Access Point, see Rules for naming Amazon S3 Multi-Region Access Points in the Amazon S3 User Guide.
", "location": "uri", "locationName": "name" } } }, "GetMultiRegionAccessPointResult": { "type": "structure", "members": { "AccessPoint": { "shape": "MultiRegionAccessPointReport", "documentation": "A container element containing the details of the requested Multi-Region Access Point.
" } } }, "GetMultiRegionAccessPointRoutesRequest": { "type": "structure", "required": [ "AccountId", "Mrap" ], "members": { "AccountId": { "shape": "AccountId", "documentation": "The Amazon Web Services account ID for the owner of the Multi-Region Access Point.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" }, "Mrap": { "shape": "MultiRegionAccessPointId", "documentation": "The Multi-Region Access Point ARN.
", "location": "uri", "locationName": "mrap" } } }, "GetMultiRegionAccessPointRoutesResult": { "type": "structure", "members": { "Mrap": { "shape": "MultiRegionAccessPointId", "documentation": "The Multi-Region Access Point ARN.
" }, "Routes": { "shape": "RouteList", "documentation": "The different routes that make up the route configuration. Active routes return a value of 100, and passive routes return a value of 0.
The PublicAccessBlock configuration currently in effect for this Amazon Web Services account.
The account ID for the Amazon Web Services account whose PublicAccessBlock configuration you want to retrieve.
The ID of the Amazon S3 Storage Lens configuration.
", "location": "uri", "locationName": "storagelensid" }, "AccountId": { "shape": "AccountId", "documentation": "The account ID of the requester.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" } } }, "GetStorageLensConfigurationResult": { "type": "structure", "members": { "StorageLensConfiguration": { "shape": "StorageLensConfiguration", "documentation": "The S3 Storage Lens configuration requested.
" } }, "payload": "StorageLensConfiguration" }, "GetStorageLensConfigurationTaggingRequest": { "type": "structure", "required": [ "ConfigId", "AccountId" ], "members": { "ConfigId": { "shape": "ConfigId", "documentation": "The ID of the Amazon S3 Storage Lens configuration.
", "location": "uri", "locationName": "storagelensid" }, "AccountId": { "shape": "AccountId", "documentation": "The account ID of the requester.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" } } }, "GetStorageLensConfigurationTaggingResult": { "type": "structure", "members": { "Tags": { "shape": "StorageLensTags", "documentation": "The tags of S3 Storage Lens configuration requested.
" } } }, "GetStorageLensGroupRequest": { "type": "structure", "required": [ "Name", "AccountId" ], "members": { "Name": { "shape": "StorageLensGroupName", "documentation": "The name of the Storage Lens group that you're trying to retrieve the configuration details for.
", "location": "uri", "locationName": "name" }, "AccountId": { "shape": "AccountId", "documentation": "The Amazon Web Services account ID associated with the Storage Lens group that you're trying to retrieve the details for.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" } } }, "GetStorageLensGroupResult": { "type": "structure", "members": { "StorageLensGroup": { "shape": "StorageLensGroup", "documentation": "The name of the Storage Lens group that you're trying to retrieve the configuration details for.
" } }, "payload": "StorageLensGroup" }, "GrantFullControl": { "type": "string" }, "GrantRead": { "type": "string" }, "GrantReadACP": { "type": "string" }, "GrantWrite": { "type": "string" }, "GrantWriteACP": { "type": "string" }, "Grantee": { "type": "structure", "members": { "GranteeType": { "shape": "GranteeType", "documentation": "The type of the grantee to which access has been granted. It can be one of the following values:
IAM - An IAM user or role.
DIRECTORY_USER - Your corporate directory user. You can use this option if you have added your corporate identity directory to IAM Identity Center and associated the IAM Identity Center instance with your S3 Access Grants instance.
DIRECTORY_GROUP - Your corporate directory group. You can use this option if you have added your corporate identity directory to IAM Identity Center and associated the IAM Identity Center instance with your S3 Access Grants instance.
The unique identifier of the Grantee. If the grantee type is IAM, the identifier is the IAM Amazon Resource Name (ARN) of the user or role. If the grantee type is a directory user or group, the identifier is 128-bit universally unique identifier (UUID) in the format a1b2c3d4-5678-90ab-cdef-EXAMPLE11111. You can obtain this UUID from your Amazon Web Services IAM Identity Center instance.
The user, group, or role to which you are granting access. You can grant access to an IAM user or role. If you have added your corporate directory to Amazon Web Services IAM Identity Center and associated your Identity Center instance with your S3 Access Grants instance, the grantee can also be a corporate directory user or group.
" }, "GranteeIdentifier": { "type": "string" }, "GranteeType": { "type": "string", "enum": [ "DIRECTORY_USER", "DIRECTORY_GROUP", "IAM" ] }, "IAMRoleArn": { "type": "string", "max": 2048, "min": 1, "pattern": "arn:[^:]+:iam::\\d{12}:role/.*" }, "ID": { "type": "string" }, "IdentityCenterApplicationArn": { "type": "string", "max": 1224, "min": 10, "pattern": "arn:[^:]+:sso::\\d{12}:application/.*$" }, "IdentityCenterArn": { "type": "string", "max": 1224, "min": 10, "pattern": "arn:[^:]+:sso::(\\d{12}){0,1}:instance/.*$" }, "Include": { "type": "structure", "members": { "Buckets": { "shape": "Buckets", "documentation": "A container for the S3 Storage Lens bucket includes.
" }, "Regions": { "shape": "Regions", "documentation": "A container for the S3 Storage Lens Region includes.
" } }, "documentation": "A container for what Amazon S3 Storage Lens configuration includes.
" }, "IsEnabled": { "type": "boolean" }, "IsPublic": { "type": "boolean" }, "JobArn": { "type": "string", "max": 1024, "min": 1, "pattern": "arn:[^:]+:s3:[a-zA-Z0-9\\-]+:\\d{12}:job\\/.*" }, "JobCreationTime": { "type": "timestamp" }, "JobDescriptor": { "type": "structure", "members": { "JobId": { "shape": "JobId", "documentation": "The ID for the specified job.
" }, "ConfirmationRequired": { "shape": "ConfirmationRequired", "documentation": "Indicates whether confirmation is required before Amazon S3 begins running the specified job. Confirmation is required only for jobs created through the Amazon S3 console.
", "box": true }, "Description": { "shape": "NonEmptyMaxLength256String", "documentation": "The description for this job, if one was provided in this job's Create Job request.
The Amazon Resource Name (ARN) for this job.
", "box": true }, "Status": { "shape": "JobStatus", "documentation": "The current status of the specified job.
" }, "Manifest": { "shape": "JobManifest", "documentation": "The configuration information for the specified job's manifest object.
", "box": true }, "Operation": { "shape": "JobOperation", "documentation": "The operation that the specified job is configured to run on the objects listed in the manifest.
", "box": true }, "Priority": { "shape": "JobPriority", "documentation": "The priority of the specified job.
" }, "ProgressSummary": { "shape": "JobProgressSummary", "documentation": "Describes the total number of tasks that the specified job has run, the number of tasks that succeeded, and the number of tasks that failed.
", "box": true }, "StatusUpdateReason": { "shape": "JobStatusUpdateReason", "documentation": "The reason for updating the job.
", "box": true }, "FailureReasons": { "shape": "JobFailureList", "documentation": "If the specified job failed, this field contains information describing the failure.
", "box": true }, "Report": { "shape": "JobReport", "documentation": "Contains the configuration information for the job-completion report if you requested one in the Create Job request.
A timestamp indicating when this job was created.
" }, "TerminationDate": { "shape": "JobTerminationDate", "documentation": "A timestamp indicating when this job terminated. A job's termination date is the date and time when it succeeded, failed, or was canceled.
", "box": true }, "RoleArn": { "shape": "IAMRoleArn", "documentation": "The Amazon Resource Name (ARN) for the Identity and Access Management (IAM) role assigned to run the tasks for this job.
", "box": true }, "SuspendedDate": { "shape": "SuspendedDate", "documentation": "The timestamp when this job was suspended, if it has been suspended.
", "box": true }, "SuspendedCause": { "shape": "SuspendedCause", "documentation": "The reason why the specified job was suspended. A job is only suspended if you create it through the Amazon S3 console. When you create the job, it enters the Suspended state to await confirmation before running. After you confirm the job, it automatically exits the Suspended state.
The manifest generator that was used to generate a job manifest for this job.
" }, "GeneratedManifestDescriptor": { "shape": "S3GeneratedManifestDescriptor", "documentation": "The attribute of the JobDescriptor containing details about the job's generated manifest.
" } }, "documentation": "A container element for the job configuration and status information returned by a Describe Job request.
The failure code, if any, for the specified job.
" }, "FailureReason": { "shape": "JobFailureReason", "documentation": "The failure reason, if any, for the specified job.
" } }, "documentation": "If this job failed, this element indicates why the job failed.
" }, "JobFailureCode": { "type": "string", "max": 64, "min": 1 }, "JobFailureList": { "type": "list", "member": { "shape": "JobFailure" } }, "JobFailureReason": { "type": "string", "max": 256, "min": 1 }, "JobId": { "type": "string", "max": 36, "min": 5, "pattern": "[a-zA-Z0-9\\-\\_]+" }, "JobListDescriptor": { "type": "structure", "members": { "JobId": { "shape": "JobId", "documentation": "The ID for the specified job.
" }, "Description": { "shape": "NonEmptyMaxLength256String", "documentation": "The user-specified description that was included in the specified job's Create Job request.
The operation that the specified job is configured to run on every object listed in the manifest.
" }, "Priority": { "shape": "JobPriority", "documentation": "The current priority for the specified job.
" }, "Status": { "shape": "JobStatus", "documentation": "The specified job's current status.
" }, "CreationTime": { "shape": "JobCreationTime", "documentation": "A timestamp indicating when the specified job was created.
" }, "TerminationDate": { "shape": "JobTerminationDate", "documentation": "A timestamp indicating when the specified job terminated. A job's termination date is the date and time when it succeeded, failed, or was canceled.
" }, "ProgressSummary": { "shape": "JobProgressSummary", "documentation": "Describes the total number of tasks that the specified job has run, the number of tasks that succeeded, and the number of tasks that failed.
" } }, "documentation": "Contains the configuration and status information for a single job retrieved as part of a job list.
" }, "JobListDescriptorList": { "type": "list", "member": { "shape": "JobListDescriptor" } }, "JobManifest": { "type": "structure", "required": [ "Spec", "Location" ], "members": { "Spec": { "shape": "JobManifestSpec", "documentation": "Describes the format of the specified job's manifest. If the manifest is in CSV format, also describes the columns contained within the manifest.
" }, "Location": { "shape": "JobManifestLocation", "documentation": "Contains the information required to locate the specified job's manifest. Manifests can't be imported from directory buckets. For more information, see Directory buckets.
" } }, "documentation": "Contains the configuration information for a job's manifest.
" }, "JobManifestFieldList": { "type": "list", "member": { "shape": "JobManifestFieldName" } }, "JobManifestFieldName": { "type": "string", "enum": [ "Ignore", "Bucket", "Key", "VersionId" ] }, "JobManifestFormat": { "type": "string", "enum": [ "S3BatchOperations_CSV_20180820", "S3InventoryReport_CSV_20161130" ] }, "JobManifestGenerator": { "type": "structure", "members": { "S3JobManifestGenerator": { "shape": "S3JobManifestGenerator", "documentation": "The S3 job ManifestGenerator's configuration details.
" } }, "documentation": "Configures the type of the job's ManifestGenerator.
", "union": true }, "JobManifestGeneratorFilter": { "type": "structure", "members": { "EligibleForReplication": { "shape": "Boolean", "documentation": "Include objects in the generated manifest only if they are eligible for replication according to the Replication configuration on the source bucket.
", "box": true }, "CreatedAfter": { "shape": "ObjectCreationTime", "documentation": "If provided, the generated manifest includes only source bucket objects that were created after this time.
" }, "CreatedBefore": { "shape": "ObjectCreationTime", "documentation": "If provided, the generated manifest includes only source bucket objects that were created before this time.
" }, "ObjectReplicationStatuses": { "shape": "ReplicationStatusFilterList", "documentation": "If provided, the generated manifest includes only source bucket objects that have one of the specified Replication statuses.
" }, "KeyNameConstraint": { "shape": "KeyNameConstraint", "documentation": "If provided, the generated manifest includes only source bucket objects whose object keys match the string constraints specified for MatchAnyPrefix, MatchAnySuffix, and MatchAnySubstring.
If provided, the generated manifest includes only source bucket objects whose file size is greater than the specified number of bytes.
", "box": true }, "ObjectSizeLessThanBytes": { "shape": "ObjectSizeLessThanBytes", "documentation": "If provided, the generated manifest includes only source bucket objects whose file size is less than the specified number of bytes.
", "box": true }, "MatchAnyStorageClass": { "shape": "StorageClassList", "documentation": "If provided, the generated manifest includes only source bucket objects that are stored with the specified storage class.
" } }, "documentation": "The filter used to describe a set of objects for the job's manifest.
" }, "JobManifestLocation": { "type": "structure", "required": [ "ObjectArn", "ETag" ], "members": { "ObjectArn": { "shape": "S3KeyArnString", "documentation": "The Amazon Resource Name (ARN) for a manifest object.
When you're using XML requests, you must replace special characters (such as carriage returns) in object keys with their equivalent XML entity codes. For more information, see XML-related object key constraints in the Amazon S3 User Guide.
The optional version ID to identify a specific version of the manifest object.
", "box": true }, "ETag": { "shape": "NonEmptyMaxLength1024String", "documentation": "The ETag for the specified manifest object.
" } }, "documentation": "Contains the information required to locate a manifest object. Manifests can't be imported from directory buckets. For more information, see Directory buckets.
" }, "JobManifestSpec": { "type": "structure", "required": [ "Format" ], "members": { "Format": { "shape": "JobManifestFormat", "documentation": "Indicates which of the available formats the specified manifest uses.
" }, "Fields": { "shape": "JobManifestFieldList", "documentation": "If the specified manifest object is in the S3BatchOperations_CSV_20180820 format, this element describes which columns contain the required data.
Describes the format of a manifest. If the manifest is in CSV format, also describes the columns contained within the manifest.
" }, "JobNumberOfTasksFailed": { "type": "long", "min": 0 }, "JobNumberOfTasksSucceeded": { "type": "long", "min": 0 }, "JobOperation": { "type": "structure", "members": { "LambdaInvoke": { "shape": "LambdaInvokeOperation", "documentation": "Directs the specified job to invoke an Lambda function on every object in the manifest.
", "box": true }, "S3PutObjectCopy": { "shape": "S3CopyObjectOperation", "documentation": "Directs the specified job to run a PUT Copy object call on every object in the manifest.
", "box": true }, "S3PutObjectAcl": { "shape": "S3SetObjectAclOperation", "documentation": "Directs the specified job to run a PutObjectAcl call on every object in the manifest.
This functionality is not supported by directory buckets.
Directs the specified job to run a PUT Object tagging call on every object in the manifest.
This functionality is not supported by directory buckets.
Directs the specified job to execute a DELETE Object tagging call on every object in the manifest.
This functionality is not supported by directory buckets.
Directs the specified job to initiate restore requests for every archived object in the manifest.
This functionality is not supported by directory buckets.
Directs the specified job to invoke ReplicateObject on every object in the job's manifest.
This functionality is not supported by directory buckets.
The operation that you want this job to perform on every object listed in the manifest. For more information about the available operations, see Operations in the Amazon S3 User Guide.
" }, "JobPriority": { "type": "integer", "max": 2147483647, "min": 0 }, "JobProgressSummary": { "type": "structure", "members": { "TotalNumberOfTasks": { "shape": "JobTotalNumberOfTasks", "documentation": "", "box": true }, "NumberOfTasksSucceeded": { "shape": "JobNumberOfTasksSucceeded", "documentation": "", "box": true }, "NumberOfTasksFailed": { "shape": "JobNumberOfTasksFailed", "documentation": "", "box": true }, "Timers": { "shape": "JobTimers", "documentation": "The JobTimers attribute of a job's progress summary.
" } }, "documentation": "Describes the total number of tasks that the specified job has started, the number of tasks that succeeded, and the number of tasks that failed.
" }, "JobReport": { "type": "structure", "required": [ "Enabled" ], "members": { "Bucket": { "shape": "S3BucketArnString", "documentation": "The Amazon Resource Name (ARN) for the bucket where specified job-completion report will be stored.
Directory buckets - Directory buckets aren't supported as a location for Batch Operations to store job completion reports.
The format of the specified job-completion report.
", "box": true }, "Enabled": { "shape": "Boolean", "documentation": "Indicates whether the specified job will generate a job-completion report.
" }, "Prefix": { "shape": "ReportPrefixString", "documentation": "An optional prefix to describe where in the specified bucket the job-completion report will be stored. Amazon S3 stores the job-completion report at <prefix>/job-<job-id>/report.json.
Indicates whether the job-completion report will include details of all tasks or only failed tasks.
", "box": true } }, "documentation": "Contains the configuration parameters for a job-completion report.
" }, "JobReportFormat": { "type": "string", "enum": [ "Report_CSV_20180820" ] }, "JobReportScope": { "type": "string", "enum": [ "AllTasks", "FailedTasksOnly" ] }, "JobStatus": { "type": "string", "enum": [ "Active", "Cancelled", "Cancelling", "Complete", "Completing", "Failed", "Failing", "New", "Paused", "Pausing", "Preparing", "Ready", "Suspended" ] }, "JobStatusList": { "type": "list", "member": { "shape": "JobStatus" } }, "JobStatusUpdateReason": { "type": "string", "max": 256, "min": 1 }, "JobTerminationDate": { "type": "timestamp" }, "JobTimeInStateSeconds": { "type": "long", "min": 0 }, "JobTimers": { "type": "structure", "members": { "ElapsedTimeInActiveSeconds": { "shape": "JobTimeInStateSeconds", "documentation": "Indicates the elapsed time in seconds the job has been in the Active job state.
", "box": true } }, "documentation": "Provides timing details for the job.
" }, "JobTotalNumberOfTasks": { "type": "long", "min": 0 }, "KeyNameConstraint": { "type": "structure", "members": { "MatchAnyPrefix": { "shape": "NonEmptyMaxLength1024StringList", "documentation": "If provided, the generated manifest includes objects where the specified string appears at the start of the object key string. Each KeyNameConstraint filter accepts an array of strings with a length of 1 string.
" }, "MatchAnySuffix": { "shape": "NonEmptyMaxLength1024StringList", "documentation": "If provided, the generated manifest includes objects where the specified string appears at the end of the object key string. Each KeyNameConstraint filter accepts an array of strings with a length of 1 string.
" }, "MatchAnySubstring": { "shape": "NonEmptyMaxLength1024StringList", "documentation": "If provided, the generated manifest includes objects where the specified string appears anywhere within the object key string. Each KeyNameConstraint filter accepts an array of strings with a length of 1 string.
" } }, "documentation": "If provided, the generated manifest includes only source bucket objects whose object keys match the string constraints specified for MatchAnyPrefix, MatchAnySuffix, and MatchAnySubstring.
The Amazon Resource Name (ARN) for the Lambda function that the specified job will invoke on every object in the manifest.
" }, "InvocationSchemaVersion": { "shape": "NonEmptyMaxLength64String", "documentation": "Specifies the schema version for the payload that Batch Operations sends when invoking an Lambda function. Version 1.0 is the default. Version 2.0 is required when you use Batch Operations to invoke Lambda functions that act on directory buckets, or if you need to specify UserArguments. For more information, see Automate object processing in Amazon S3 directory buckets with S3 Batch Operations and Lambda in the Amazon Web Services Storage Blog.
Ensure that your Lambda function code expects InvocationSchemaVersion 2.0 and uses bucket name rather than bucket ARN. If the InvocationSchemaVersion does not match what your Lambda function expects, your function might not work as expected.
Directory buckets - To initiate Amazon Web Services Lambda function to perform custom actions on objects in directory buckets, you must specify 2.0.
Key-value pairs that are passed in the payload that Batch Operations sends when invoking an Lambda function. You must specify InvocationSchemaVersion 2.0 for LambdaInvoke operations that include UserArguments. For more information, see Automate object processing in Amazon S3 directory buckets with S3 Batch Operations and Lambda in the Amazon Web Services Storage Blog.
Contains the configuration parameters for a Lambda Invoke operation.
A lifecycle rule for individual objects in an Outposts bucket.
" } }, "documentation": "The container for the Outposts bucket lifecycle configuration.
" }, "LifecycleExpiration": { "type": "structure", "members": { "Date": { "shape": "Date", "documentation": "Indicates at what date the object is to be deleted. Should be in GMT ISO 8601 format.
" }, "Days": { "shape": "Days", "documentation": "Indicates the lifetime, in days, of the objects that are subject to the rule. The value must be a non-zero positive integer.
" }, "ExpiredObjectDeleteMarker": { "shape": "ExpiredObjectDeleteMarker", "documentation": "Indicates whether Amazon S3 will remove a delete marker with no noncurrent versions. If set to true, the delete marker will be expired. If set to false, the policy takes no action. This cannot be specified with Days or Date in a Lifecycle Expiration Policy.
" } }, "documentation": "The container of the Outposts bucket lifecycle expiration.
" }, "LifecycleRule": { "type": "structure", "required": [ "Status" ], "members": { "Expiration": { "shape": "LifecycleExpiration", "documentation": "Specifies the expiration for the lifecycle of the object in the form of date, days and, whether the object has a delete marker.
" }, "ID": { "shape": "ID", "documentation": "Unique identifier for the rule. The value cannot be longer than 255 characters.
" }, "Filter": { "shape": "LifecycleRuleFilter", "documentation": "The container for the filter of lifecycle rule.
" }, "Status": { "shape": "ExpirationStatus", "documentation": "If 'Enabled', the rule is currently being applied. If 'Disabled', the rule is not currently being applied.
" }, "Transitions": { "shape": "TransitionList", "documentation": "Specifies when an Amazon S3 object transitions to a specified storage class.
This is not supported by Amazon S3 on Outposts buckets.
Specifies the transition rule for the lifecycle rule that describes when noncurrent objects transition to a specific storage class. If your bucket is versioning-enabled (or versioning is suspended), you can set this action to request that Amazon S3 transition noncurrent object versions to a specific storage class at a set period in the object's lifetime.
This is not supported by Amazon S3 on Outposts buckets.
The noncurrent version expiration of the lifecycle rule.
" }, "AbortIncompleteMultipartUpload": { "shape": "AbortIncompleteMultipartUpload", "documentation": "Specifies the days since the initiation of an incomplete multipart upload that Amazon S3 waits before permanently removing all parts of the upload. For more information, see Aborting Incomplete Multipart Uploads Using a Bucket Lifecycle Configuration in the Amazon S3 User Guide.
" } }, "documentation": "The container for the Outposts bucket lifecycle rule.
" }, "LifecycleRuleAndOperator": { "type": "structure", "members": { "Prefix": { "shape": "Prefix", "documentation": "Prefix identifying one or more objects to which the rule applies.
" }, "Tags": { "shape": "S3TagSet", "documentation": "All of these tags must exist in the object's tag set in order for the rule to apply.
" }, "ObjectSizeGreaterThan": { "shape": "ObjectSizeGreaterThanBytes", "documentation": "The non-inclusive minimum object size for the lifecycle rule. Setting this property to 7 means the rule applies to objects with a size that is greater than 7.
", "box": true }, "ObjectSizeLessThan": { "shape": "ObjectSizeLessThanBytes", "documentation": "The non-inclusive maximum object size for the lifecycle rule. Setting this property to 77 means the rule applies to objects with a size that is less than 77.
", "box": true } }, "documentation": "The container for the Outposts bucket lifecycle rule and operator.
" }, "LifecycleRuleFilter": { "type": "structure", "members": { "Prefix": { "shape": "Prefix", "documentation": "Prefix identifying one or more objects to which the rule applies.
When you're using XML requests, you must replace special characters (such as carriage returns) in object keys with their equivalent XML entity codes. For more information, see XML-related object key constraints in the Amazon S3 User Guide.
The container for the AND condition for the lifecycle rule.
Minimum object size to which the rule applies.
", "box": true }, "ObjectSizeLessThan": { "shape": "ObjectSizeLessThanBytes", "documentation": "Maximum object size to which the rule applies.
", "box": true } }, "documentation": "The container for the filter of the lifecycle rule.
" }, "LifecycleRules": { "type": "list", "member": { "shape": "LifecycleRule", "locationName": "Rule" } }, "ListAccessGrantEntry": { "type": "structure", "members": { "CreatedAt": { "shape": "CreationTimestamp", "documentation": "The date and time when you created the S3 Access Grants instance.
" }, "AccessGrantId": { "shape": "AccessGrantId", "documentation": "The ID of the access grant. S3 Access Grants auto-generates this ID when you create the access grant.
" }, "AccessGrantArn": { "shape": "AccessGrantArn", "documentation": "The Amazon Resource Name (ARN) of the access grant.
" }, "Grantee": { "shape": "Grantee", "documentation": "The user, group, or role to which you are granting access. You can grant access to an IAM user or role. If you have added your corporate directory to Amazon Web Services IAM Identity Center and associated your Identity Center instance with your S3 Access Grants instance, the grantee can also be a corporate directory user or group.
" }, "Permission": { "shape": "Permission", "documentation": "The type of access granted to your S3 data, which can be set to one of the following values:
READ – Grant read-only access to the S3 data.
WRITE – Grant write-only access to the S3 data.
READWRITE – Grant both read and write access to the S3 data.
The ID of the registered location to which you are granting access. S3 Access Grants assigns this ID when you register the location. S3 Access Grants assigns the ID default to the default location s3:// and assigns an auto-generated ID to other locations that you register.
The configuration options of the grant location. The grant location is the S3 path to the data to which you are granting access.
" }, "GrantScope": { "shape": "S3Prefix", "documentation": "The S3 path of the data to which you are granting access. It is the result of appending the Subprefix to the location scope.
The Amazon Resource Name (ARN) of an Amazon Web Services IAM Identity Center application associated with your Identity Center instance. If the grant includes an application ARN, the grantee can only access the S3 data through this application.
" } }, "documentation": "Information about the access grant.
" }, "ListAccessGrantsInstanceEntry": { "type": "structure", "members": { "AccessGrantsInstanceId": { "shape": "AccessGrantsInstanceId", "documentation": "The ID of the S3 Access Grants instance. The ID is default. You can have one S3 Access Grants instance per Region per account.
The Amazon Resource Name (ARN) of the S3 Access Grants instance.
" }, "CreatedAt": { "shape": "CreationTimestamp", "documentation": "The date and time when you created the S3 Access Grants instance.
" }, "IdentityCenterArn": { "shape": "IdentityCenterArn", "documentation": "If you associated your S3 Access Grants instance with an Amazon Web Services IAM Identity Center instance, this field returns the Amazon Resource Name (ARN) of the IAM Identity Center instance application; a subresource of the original Identity Center instance. S3 Access Grants creates this Identity Center application for the specific S3 Access Grants instance.
", "deprecated": true, "deprecatedMessage": "IdentityCenterArn has been deprecated. Use IdentityCenterInstanceArn or IdentityCenterApplicationArn." }, "IdentityCenterInstanceArn": { "shape": "IdentityCenterArn", "documentation": "The Amazon Resource Name (ARN) of the Amazon Web Services IAM Identity Center instance that you are associating with your S3 Access Grants instance. An IAM Identity Center instance is your corporate identity directory that you added to the IAM Identity Center. You can use the ListInstances API operation to retrieve a list of your Identity Center instances and their ARNs.
" }, "IdentityCenterApplicationArn": { "shape": "IdentityCenterApplicationArn", "documentation": "If you associated your S3 Access Grants instance with an Amazon Web Services IAM Identity Center instance, this field returns the Amazon Resource Name (ARN) of the IAM Identity Center instance application; a subresource of the original Identity Center instance. S3 Access Grants creates this Identity Center application for the specific S3 Access Grants instance.
" } }, "documentation": "Information about the S3 Access Grants instance.
" }, "ListAccessGrantsInstancesRequest": { "type": "structure", "required": [ "AccountId" ], "members": { "AccountId": { "shape": "AccountId", "documentation": "The Amazon Web Services account ID of the S3 Access Grants instance.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" }, "NextToken": { "shape": "ContinuationToken", "documentation": "A pagination token to request the next page of results. Pass this value into a subsequent List Access Grants Instances request in order to retrieve the next page of results.
The maximum number of access grants that you would like returned in the List Access Grants response. If the results include the pagination token NextToken, make another call using the NextToken to determine if there are more results.
A pagination token to request the next page of results. Pass this value into a subsequent List Access Grants Instances request in order to retrieve the next page of results.
A container for a list of S3 Access Grants instances.
" } } }, "ListAccessGrantsLocationsEntry": { "type": "structure", "members": { "CreatedAt": { "shape": "CreationTimestamp", "documentation": "The date and time when you registered the location.
" }, "AccessGrantsLocationId": { "shape": "AccessGrantsLocationId", "documentation": "The ID of the registered location to which you are granting access. S3 Access Grants assigns this ID when you register the location. S3 Access Grants assigns the ID default to the default location s3:// and assigns an auto-generated ID to other locations that you register.
The Amazon Resource Name (ARN) of the registered location.
" }, "LocationScope": { "shape": "S3Prefix", "documentation": "The S3 path to the location that you are registering. The location scope can be the default S3 location s3://, the S3 path to a bucket s3://<bucket>, or the S3 path to a bucket and prefix s3://<bucket>/<prefix>. A prefix in S3 is a string of characters at the beginning of an object key name used to organize the objects that you store in your S3 buckets. For example, object key names that start with the engineering/ prefix or object key names that start with the marketing/campaigns/ prefix.
The Amazon Resource Name (ARN) of the IAM role for the registered location. S3 Access Grants assumes this role to manage access to the registered location.
" } }, "documentation": "A container for information about the registered location.
" }, "ListAccessGrantsLocationsRequest": { "type": "structure", "required": [ "AccountId" ], "members": { "AccountId": { "shape": "AccountId", "documentation": "The Amazon Web Services account ID of the S3 Access Grants instance.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" }, "NextToken": { "shape": "ContinuationToken", "documentation": "A pagination token to request the next page of results. Pass this value into a subsequent List Access Grants Locations request in order to retrieve the next page of results.
The maximum number of access grants that you would like returned in the List Access Grants response. If the results include the pagination token NextToken, make another call using the NextToken to determine if there are more results.
The S3 path to the location that you are registering. The location scope can be the default S3 location s3://, the S3 path to a bucket s3://<bucket>, or the S3 path to a bucket and prefix s3://<bucket>/<prefix>. A prefix in S3 is a string of characters at the beginning of an object key name used to organize the objects that you store in your S3 buckets. For example, object key names that start with the engineering/ prefix or object key names that start with the marketing/campaigns/ prefix.
A pagination token to request the next page of results. Pass this value into a subsequent List Access Grants Locations request in order to retrieve the next page of results.
A container for a list of registered locations in an S3 Access Grants instance.
" } } }, "ListAccessGrantsRequest": { "type": "structure", "required": [ "AccountId" ], "members": { "AccountId": { "shape": "AccountId", "documentation": "The Amazon Web Services account ID of the S3 Access Grants instance.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" }, "NextToken": { "shape": "ContinuationToken", "documentation": "A pagination token to request the next page of results. Pass this value into a subsequent List Access Grants request in order to retrieve the next page of results.
The maximum number of access grants that you would like returned in the List Access Grants response. If the results include the pagination token NextToken, make another call using the NextToken to determine if there are more results.
The type of the grantee to which access has been granted. It can be one of the following values:
IAM - An IAM user or role.
DIRECTORY_USER - Your corporate directory user. You can use this option if you have added your corporate identity directory to IAM Identity Center and associated the IAM Identity Center instance with your S3 Access Grants instance.
DIRECTORY_GROUP - Your corporate directory group. You can use this option if you have added your corporate identity directory to IAM Identity Center and associated the IAM Identity Center instance with your S3 Access Grants instance.
The unique identifer of the Grantee. If the grantee type is IAM, the identifier is the IAM Amazon Resource Name (ARN) of the user or role. If the grantee type is a directory user or group, the identifier is 128-bit universally unique identifier (UUID) in the format a1b2c3d4-5678-90ab-cdef-EXAMPLE11111. You can obtain this UUID from your Amazon Web Services IAM Identity Center instance.
The type of permission granted to your S3 data, which can be set to one of the following values:
READ – Grant read-only access to the S3 data.
WRITE – Grant write-only access to the S3 data.
READWRITE – Grant both read and write access to the S3 data.
The S3 path of the data to which you are granting access. It is the result of appending the Subprefix to the location scope.
The Amazon Resource Name (ARN) of an Amazon Web Services IAM Identity Center application associated with your Identity Center instance. If the grant includes an application ARN, the grantee can only access the S3 data through this application.
", "location": "querystring", "locationName": "application_arn" } } }, "ListAccessGrantsResult": { "type": "structure", "members": { "NextToken": { "shape": "ContinuationToken", "documentation": "A pagination token to request the next page of results. Pass this value into a subsequent List Access Grants request in order to retrieve the next page of results.
A container for a list of grants in an S3 Access Grants instance.
" } } }, "ListAccessPointsForObjectLambdaRequest": { "type": "structure", "required": [ "AccountId" ], "members": { "AccountId": { "shape": "AccountId", "documentation": "The account ID for the account that owns the specified Object Lambda Access Point.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" }, "NextToken": { "shape": "NonEmptyMaxLength1024String", "documentation": "If the list has more access points than can be returned in one call to this API, this field contains a continuation token that you can provide in subsequent calls to this API to retrieve additional access points.
", "location": "querystring", "locationName": "nextToken" }, "MaxResults": { "shape": "MaxResults", "documentation": "The maximum number of access points that you want to include in the list. The response may contain fewer access points but will never contain more. If there are more than this number of access points, then the response will include a continuation token in the NextToken field that you can use to retrieve the next page of access points.
Returns list of Object Lambda Access Points.
" }, "NextToken": { "shape": "NonEmptyMaxLength1024String", "documentation": "If the list has more access points than can be returned in one call to this API, this field contains a continuation token that you can provide in subsequent calls to this API to retrieve additional access points.
" } } }, "ListAccessPointsRequest": { "type": "structure", "required": [ "AccountId" ], "members": { "AccountId": { "shape": "AccountId", "documentation": "The Amazon Web Services account ID for the account that owns the specified access points.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" }, "Bucket": { "shape": "BucketName", "documentation": "The name of the bucket whose associated access points you want to list.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>. For example, to access the bucket reports through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports. The value must be URL encoded.
A continuation token. If a previous call to ListAccessPoints returned a continuation token in the NextToken field, then providing that value here causes Amazon S3 to retrieve the next page of results.
The maximum number of access points that you want to include in the list. If the specified bucket has more than this number of access points, then the response will include a continuation token in the NextToken field that you can use to retrieve the next page of access points.
Contains identification and configuration information for one or more access points associated with the specified bucket.
" }, "NextToken": { "shape": "NonEmptyMaxLength1024String", "documentation": "If the specified bucket has more access points than can be returned in one call to this API, this field contains a continuation token that you can provide in subsequent calls to this API to retrieve additional access points.
" } } }, "ListCallerAccessGrantsEntry": { "type": "structure", "members": { "Permission": { "shape": "Permission", "documentation": "The type of permission granted, which can be one of the following values:
READ - Grants read-only access to the S3 data.
WRITE - Grants write-only access to the S3 data.
READWRITE - Grants both read and write access to the S3 data.
The S3 path of the data to which you have been granted access.
" }, "ApplicationArn": { "shape": "IdentityCenterApplicationArn", "documentation": "The Amazon Resource Name (ARN) of an Amazon Web Services IAM Identity Center application associated with your Identity Center instance. If the grant includes an application ARN, the grantee can only access the S3 data through this application.
" } }, "documentation": "Part of ListCallerAccessGrantsResult. Each entry includes the permission level (READ, WRITE, or READWRITE) and the grant scope of the access grant. If the grant also includes an application ARN, the grantee can only access the S3 data through this application.
The Amazon Web Services account ID of the S3 Access Grants instance.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" }, "GrantScope": { "shape": "S3Prefix", "documentation": "The S3 path of the data that you would like to access. Must start with s3://. You can optionally pass only the beginning characters of a path, and S3 Access Grants will search for all applicable grants for the path fragment.
A pagination token to request the next page of results. Pass this value into a subsequent List Caller Access Grants request in order to retrieve the next page of results.
The maximum number of access grants that you would like returned in the List Caller Access Grants response. If the results include the pagination token NextToken, make another call using the NextToken to determine if there are more results.
If this optional parameter is passed in the request, a filter is applied to the results. The results will include only the access grants for the caller's Identity Center application or for any other applications (ALL).
A pagination token that you can use to request the next page of results. Pass this value into a subsequent List Caller Access Grants request in order to retrieve the next page of results.
A list of the caller's access grants that were created using S3 Access Grants and that grant the caller access to the S3 data of the Amazon Web Services account ID that was specified in the request.
" } } }, "ListJobsRequest": { "type": "structure", "required": [ "AccountId" ], "members": { "AccountId": { "shape": "AccountId", "documentation": "The Amazon Web Services account ID associated with the S3 Batch Operations job.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" }, "JobStatuses": { "shape": "JobStatusList", "documentation": "The List Jobs request returns jobs that match the statuses listed in this element.
A pagination token to request the next page of results. Use the token that Amazon S3 returned in the NextToken element of the ListJobsResult from the previous List Jobs request.
The maximum number of jobs that Amazon S3 will include in the List Jobs response. If there are more jobs than this number, the response will include a pagination token in the NextToken field to enable you to retrieve the next page of results.
If the List Jobs request produced more than the maximum number of results, you can pass this value into a subsequent List Jobs request in order to retrieve the next page of results.
The list of current jobs and jobs that have ended within the last 30 days.
" } } }, "ListMultiRegionAccessPointsRequest": { "type": "structure", "required": [ "AccountId" ], "members": { "AccountId": { "shape": "AccountId", "documentation": "The Amazon Web Services account ID for the owner of the Multi-Region Access Point.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" }, "NextToken": { "shape": "NonEmptyMaxLength1024String", "documentation": "Not currently used. Do not use this parameter.
", "location": "querystring", "locationName": "nextToken" }, "MaxResults": { "shape": "MaxResults", "documentation": "Not currently used. Do not use this parameter.
", "location": "querystring", "locationName": "maxResults" } } }, "ListMultiRegionAccessPointsResult": { "type": "structure", "members": { "AccessPoints": { "shape": "MultiRegionAccessPointReportList", "documentation": "The list of Multi-Region Access Points associated with the user.
" }, "NextToken": { "shape": "NonEmptyMaxLength1024String", "documentation": "If the specified bucket has more Multi-Region Access Points than can be returned in one call to this action, this field contains a continuation token. You can use this token tin subsequent calls to this action to retrieve additional Multi-Region Access Points.
" } } }, "ListRegionalBucketsRequest": { "type": "structure", "required": [ "AccountId" ], "members": { "AccountId": { "shape": "AccountId", "documentation": "The Amazon Web Services account ID of the Outposts bucket.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" }, "NextToken": { "shape": "NonEmptyMaxLength1024String", "documentation": "", "location": "querystring", "locationName": "nextToken" }, "MaxResults": { "shape": "MaxResults", "documentation": "", "location": "querystring", "locationName": "maxResults" }, "OutpostId": { "shape": "NonEmptyMaxLength64String", "documentation": "The ID of the Outposts resource.
This ID is required by Amazon S3 on Outposts buckets.
NextToken is sent when isTruncated is true, which means there are more buckets that can be listed. The next list requests to Amazon S3 can be continued with this NextToken. NextToken is obfuscated and is not a real key.
A container for the S3 Storage Lens configuration ID.
" }, "StorageLensArn": { "shape": "StorageLensArn", "documentation": "The ARN of the S3 Storage Lens configuration. This property is read-only.
" }, "HomeRegion": { "shape": "S3AWSRegion", "documentation": "A container for the S3 Storage Lens home Region. Your metrics data is stored and retained in your designated S3 Storage Lens home Region.
" }, "IsEnabled": { "shape": "IsEnabled", "documentation": "A container for whether the S3 Storage Lens configuration is enabled. This property is required.
" } }, "documentation": "Part of ListStorageLensConfigurationResult. Each entry includes the description of the S3 Storage Lens configuration, its home Region, whether it is enabled, its Amazon Resource Name (ARN), and config ID.
The account ID of the requester.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" }, "NextToken": { "shape": "ContinuationToken", "documentation": "A pagination token to request the next page of results.
", "location": "querystring", "locationName": "nextToken" } } }, "ListStorageLensConfigurationsResult": { "type": "structure", "members": { "NextToken": { "shape": "ContinuationToken", "documentation": "If the request produced more than the maximum number of S3 Storage Lens configuration results, you can pass this value into a subsequent request to retrieve the next page of results.
" }, "StorageLensConfigurationList": { "shape": "StorageLensConfigurationList", "documentation": "A list of S3 Storage Lens configurations.
" } } }, "ListStorageLensGroupEntry": { "type": "structure", "required": [ "Name", "StorageLensGroupArn", "HomeRegion" ], "members": { "Name": { "shape": "StorageLensGroupName", "documentation": "Contains the name of the Storage Lens group that exists in the specified home Region.
" }, "StorageLensGroupArn": { "shape": "StorageLensGroupArn", "documentation": "Contains the Amazon Resource Name (ARN) of the Storage Lens group. This property is read-only.
" }, "HomeRegion": { "shape": "S3AWSRegion", "documentation": "Contains the Amazon Web Services Region where the Storage Lens group was created.
" } }, "documentation": "Each entry contains a Storage Lens group that exists in the specified home Region.
" }, "ListStorageLensGroupsRequest": { "type": "structure", "required": [ "AccountId" ], "members": { "AccountId": { "shape": "AccountId", "documentation": "The Amazon Web Services account ID that owns the Storage Lens groups.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" }, "NextToken": { "shape": "ContinuationToken", "documentation": "The token for the next set of results, or null if there are no more results.
If NextToken is returned, there are more Storage Lens groups results available. The value of NextToken is a unique pagination token for each page. Make the call again using the returned token to retrieve the next page. Keep all other arguments unchanged. Each pagination token expires after 24 hours.
The list of Storage Lens groups that exist in the specified home Region.
" } } }, "ListTagsForResourceRequest": { "type": "structure", "required": [ "AccountId", "ResourceArn" ], "members": { "AccountId": { "shape": "AccountId", "documentation": "The Amazon Web Services account ID of the resource owner.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" }, "ResourceArn": { "shape": "S3ResourceArn", "documentation": "The Amazon Resource Name (ARN) of the S3 resource that you want to list the tags for. The tagged resource can be an S3 Storage Lens group or S3 Access Grants instance, registered location, or grant.
", "location": "uri", "locationName": "resourceArn" } } }, "ListTagsForResourceResult": { "type": "structure", "members": { "Tags": { "shape": "TagList", "documentation": "The Amazon Web Services resource tags that are associated with the resource.
" } } }, "Location": { "type": "string" }, "MFA": { "type": "string" }, "MFADelete": { "type": "string", "enum": [ "Enabled", "Disabled" ] }, "MFADeleteStatus": { "type": "string", "enum": [ "Enabled", "Disabled" ] }, "ManifestPrefixString": { "type": "string", "max": 512, "min": 1 }, "MatchAnyPrefix": { "type": "list", "member": { "shape": "Prefix", "locationName": "Prefix" } }, "MatchAnySuffix": { "type": "list", "member": { "shape": "Suffix", "locationName": "Suffix" } }, "MatchAnyTag": { "type": "list", "member": { "shape": "S3Tag", "locationName": "Tag" } }, "MatchObjectAge": { "type": "structure", "members": { "DaysGreaterThan": { "shape": "ObjectAgeValue", "documentation": "Specifies the maximum object age in days. Must be a positive whole number, greater than the minimum object age and less than or equal to 2,147,483,647.
" }, "DaysLessThan": { "shape": "ObjectAgeValue", "documentation": "Specifies the minimum object age in days. The value must be a positive whole number, greater than 0 and less than or equal to 2,147,483,647.
" } }, "documentation": "A filter condition that specifies the object age range of included objects in days. Only integers are supported.
" }, "MatchObjectSize": { "type": "structure", "members": { "BytesGreaterThan": { "shape": "ObjectSizeValue", "documentation": "Specifies the minimum object size in Bytes. The value must be a positive number, greater than 0 and less than 5 TB.
" }, "BytesLessThan": { "shape": "ObjectSizeValue", "documentation": "Specifies the maximum object size in Bytes. The value must be a positive number, greater than the minimum object size and less than 5 TB.
" } }, "documentation": "A filter condition that specifies the object size range of included objects in bytes. Only integers are supported.
" }, "MaxLength1024String": { "type": "string", "max": 1024 }, "MaxResults": { "type": "integer", "max": 1000, "min": 0 }, "Metrics": { "type": "structure", "required": [ "Status" ], "members": { "Status": { "shape": "MetricsStatus", "documentation": "Specifies whether replication metrics are enabled.
" }, "EventThreshold": { "shape": "ReplicationTimeValue", "documentation": "A container that specifies the time threshold for emitting the s3:Replication:OperationMissedThreshold event.
This is not supported by Amazon S3 on Outposts buckets.
A container that specifies replication metrics-related settings.
" }, "MetricsStatus": { "type": "string", "enum": [ "Enabled", "Disabled" ] }, "MinStorageBytesPercentage": { "type": "double", "max": 100, "min": 0.1 }, "Minutes": { "type": "integer" }, "MultiRegionAccessPointAlias": { "type": "string", "max": 63, "pattern": "^[a-z][a-z0-9]*[.]mrap$" }, "MultiRegionAccessPointClientToken": { "type": "string", "max": 64, "pattern": "\\S+" }, "MultiRegionAccessPointId": { "type": "string", "max": 200, "pattern": "^[a-zA-Z0-9\\:.-]{3,200}$" }, "MultiRegionAccessPointName": { "type": "string", "max": 50, "pattern": "^[a-z0-9][-a-z0-9]{1,48}[a-z0-9]$" }, "MultiRegionAccessPointPolicyDocument": { "type": "structure", "members": { "Established": { "shape": "EstablishedMultiRegionAccessPointPolicy", "documentation": "The last established policy for the Multi-Region Access Point.
" }, "Proposed": { "shape": "ProposedMultiRegionAccessPointPolicy", "documentation": "The proposed policy for the Multi-Region Access Point.
" } }, "documentation": "The Multi-Region Access Point access control policy.
When you update the policy, the update is first listed as the proposed policy. After the update is finished and all Regions have been updated, the proposed policy is listed as the established policy. If both policies have the same version number, the proposed policy is the established policy.
" }, "MultiRegionAccessPointRegionalResponse": { "type": "structure", "members": { "Name": { "shape": "RegionName", "documentation": "The name of the Region in the Multi-Region Access Point.
" }, "RequestStatus": { "shape": "AsyncRequestStatus", "documentation": "The current status of the Multi-Region Access Point in this Region.
" } }, "documentation": "Status information for a single Multi-Region Access Point Region.
" }, "MultiRegionAccessPointRegionalResponseList": { "type": "list", "member": { "shape": "MultiRegionAccessPointRegionalResponse", "locationName": "Region" } }, "MultiRegionAccessPointReport": { "type": "structure", "members": { "Name": { "shape": "MultiRegionAccessPointName", "documentation": "The name of the Multi-Region Access Point.
" }, "Alias": { "shape": "MultiRegionAccessPointAlias", "documentation": "The alias for the Multi-Region Access Point. For more information about the distinction between the name and the alias of an Multi-Region Access Point, see Rules for naming Amazon S3 Multi-Region Access Points.
" }, "CreatedAt": { "shape": "CreationTimestamp", "documentation": "When the Multi-Region Access Point create request was received.
" }, "PublicAccessBlock": { "shape": "PublicAccessBlockConfiguration" }, "Status": { "shape": "MultiRegionAccessPointStatus", "documentation": "The current status of the Multi-Region Access Point.
CREATING and DELETING are temporary states that exist while the request is propagating and being completed. If a Multi-Region Access Point has a status of PARTIALLY_CREATED, you can retry creation or send a request to delete the Multi-Region Access Point. If a Multi-Region Access Point has a status of PARTIALLY_DELETED, you can retry a delete request to finish the deletion of the Multi-Region Access Point.
A collection of the Regions and buckets associated with the Multi-Region Access Point.
" } }, "documentation": "A collection of statuses for a Multi-Region Access Point in the various Regions it supports.
" }, "MultiRegionAccessPointReportList": { "type": "list", "member": { "shape": "MultiRegionAccessPointReport", "locationName": "AccessPoint" } }, "MultiRegionAccessPointRoute": { "type": "structure", "required": [ "TrafficDialPercentage" ], "members": { "Bucket": { "shape": "BucketName", "documentation": "The name of the Amazon S3 bucket for which you'll submit a routing configuration change. Either the Bucket or the Region value must be provided. If both are provided, the bucket must be in the specified Region.
The Amazon Web Services Region to which you'll be submitting a routing configuration change. Either the Bucket or the Region value must be provided. If both are provided, the bucket must be in the specified Region.
The traffic state for the specified bucket or Amazon Web Services Region.
A value of 0 indicates a passive state, which means that no new traffic will be routed to the Region.
A value of 100 indicates an active state, which means that traffic will be routed to the specified Region.
When the routing configuration for a Region is changed from active to passive, any in-progress operations (uploads, copies, deletes, and so on) to the formerly active Region will continue to run to until a final success or failure status is reached.
If all Regions in the routing configuration are designated as passive, you'll receive an InvalidRequest error.
A structure for a Multi-Region Access Point that indicates where Amazon S3 traffic can be routed. Routes can be either active or passive. Active routes can process Amazon S3 requests through the Multi-Region Access Point, but passive routes are not eligible to process Amazon S3 requests.
Each route contains the Amazon S3 bucket name and the Amazon Web Services Region that the bucket is located in. The route also includes the TrafficDialPercentage value, which shows whether the bucket and Region are active (indicated by a value of 100) or passive (indicated by a value of 0).
A collection of status information for the different Regions that a Multi-Region Access Point supports.
" } }, "documentation": "The Multi-Region Access Point details that are returned when querying about an asynchronous request.
" }, "NetworkOrigin": { "type": "string", "enum": [ "Internet", "VPC" ] }, "NonEmptyMaxLength1024String": { "type": "string", "max": 1024, "min": 1 }, "NonEmptyMaxLength1024StringList": { "type": "list", "member": { "shape": "NonEmptyMaxLength1024String" } }, "NonEmptyMaxLength2048String": { "type": "string", "max": 2048, "min": 1 }, "NonEmptyMaxLength256String": { "type": "string", "max": 256, "min": 1 }, "NonEmptyMaxLength64String": { "type": "string", "max": 64, "min": 1 }, "NoncurrentVersionCount": { "type": "integer" }, "NoncurrentVersionExpiration": { "type": "structure", "members": { "NoncurrentDays": { "shape": "Days", "documentation": "Specifies the number of days an object is noncurrent before Amazon S3 can perform the associated action. For information about the noncurrent days calculations, see How Amazon S3 Calculates When an Object Became Noncurrent in the Amazon S3 User Guide.
" }, "NewerNoncurrentVersions": { "shape": "NoncurrentVersionCount", "documentation": "Specifies how many noncurrent versions S3 on Outposts will retain. If there are this many more recent noncurrent versions, S3 on Outposts will take the associated action. For more information about noncurrent versions, see Lifecycle configuration elements in the Amazon S3 User Guide.
", "box": true } }, "documentation": "The container of the noncurrent version expiration.
" }, "NoncurrentVersionTransition": { "type": "structure", "members": { "NoncurrentDays": { "shape": "Days", "documentation": "Specifies the number of days an object is noncurrent before Amazon S3 can perform the associated action. For information about the noncurrent days calculations, see How Amazon S3 Calculates How Long an Object Has Been Noncurrent in the Amazon S3 User Guide.
" }, "StorageClass": { "shape": "TransitionStorageClass", "documentation": "The class of storage used to store the object.
" } }, "documentation": "The container for the noncurrent version transition.
" }, "NoncurrentVersionTransitionList": { "type": "list", "member": { "shape": "NoncurrentVersionTransition", "locationName": "NoncurrentVersionTransition" } }, "ObjectAgeValue": { "type": "integer" }, "ObjectCreationTime": { "type": "timestamp" }, "ObjectLambdaAccessPoint": { "type": "structure", "required": [ "Name" ], "members": { "Name": { "shape": "ObjectLambdaAccessPointName", "documentation": "The name of the Object Lambda Access Point.
" }, "ObjectLambdaAccessPointArn": { "shape": "ObjectLambdaAccessPointArn", "documentation": "Specifies the ARN for the Object Lambda Access Point.
" }, "Alias": { "shape": "ObjectLambdaAccessPointAlias", "documentation": "The alias of the Object Lambda Access Point.
" } }, "documentation": "An access point with an attached Lambda function used to access transformed data from an Amazon S3 bucket.
" }, "ObjectLambdaAccessPointAlias": { "type": "structure", "members": { "Value": { "shape": "ObjectLambdaAccessPointAliasValue", "documentation": "The alias value of the Object Lambda Access Point.
" }, "Status": { "shape": "ObjectLambdaAccessPointAliasStatus", "documentation": "The status of the Object Lambda Access Point alias. If the status is PROVISIONING, the Object Lambda Access Point is provisioning the alias and the alias is not ready for use yet. If the status is READY, the Object Lambda Access Point alias is successfully provisioned and ready for use.
The alias of an Object Lambda Access Point. For more information, see How to use a bucket-style alias for your S3 bucket Object Lambda Access Point.
" }, "ObjectLambdaAccessPointAliasStatus": { "type": "string", "enum": [ "PROVISIONING", "READY" ], "max": 16, "min": 2 }, "ObjectLambdaAccessPointAliasValue": { "type": "string", "max": 63, "min": 3, "pattern": "^[0-9a-z\\\\-]{3,63}" }, "ObjectLambdaAccessPointArn": { "type": "string", "max": 2048, "min": 1, "pattern": "arn:[^:]+:s3-object-lambda:[^:]*:\\d{12}:accesspoint/.*" }, "ObjectLambdaAccessPointList": { "type": "list", "member": { "shape": "ObjectLambdaAccessPoint", "locationName": "ObjectLambdaAccessPoint" } }, "ObjectLambdaAccessPointName": { "type": "string", "max": 45, "min": 3, "pattern": "^[a-z0-9]([a-z0-9\\-]*[a-z0-9])?$" }, "ObjectLambdaAllowedFeature": { "type": "string", "enum": [ "GetObject-Range", "GetObject-PartNumber", "HeadObject-Range", "HeadObject-PartNumber" ] }, "ObjectLambdaAllowedFeaturesList": { "type": "list", "member": { "shape": "ObjectLambdaAllowedFeature", "locationName": "AllowedFeature" } }, "ObjectLambdaConfiguration": { "type": "structure", "required": [ "SupportingAccessPoint", "TransformationConfigurations" ], "members": { "SupportingAccessPoint": { "shape": "ObjectLambdaSupportingAccessPointArn", "documentation": "Standard access point associated with the Object Lambda Access Point.
" }, "CloudWatchMetricsEnabled": { "shape": "Boolean", "documentation": "A container for whether the CloudWatch metrics configuration is enabled.
" }, "AllowedFeatures": { "shape": "ObjectLambdaAllowedFeaturesList", "documentation": "A container for allowed features. Valid inputs are GetObject-Range, GetObject-PartNumber, HeadObject-Range, and HeadObject-PartNumber.
A container for transformation configurations for an Object Lambda Access Point.
" } }, "documentation": "A configuration used when creating an Object Lambda Access Point.
" }, "ObjectLambdaContentTransformation": { "type": "structure", "members": { "AwsLambda": { "shape": "AwsLambdaTransformation", "documentation": "A container for an Lambda function.
" } }, "documentation": "A container for AwsLambdaTransformation.
", "union": true }, "ObjectLambdaPolicy": { "type": "string" }, "ObjectLambdaSupportingAccessPointArn": { "type": "string", "max": 2048, "min": 1, "pattern": "arn:[^:]+:s3:[^:]*:\\d{12}:accesspoint/.*" }, "ObjectLambdaTransformationConfiguration": { "type": "structure", "required": [ "Actions", "ContentTransformation" ], "members": { "Actions": { "shape": "ObjectLambdaTransformationConfigurationActionsList", "documentation": "A container for the action of an Object Lambda Access Point configuration. Valid inputs are GetObject, ListObjects, HeadObject, and ListObjectsV2.
A container for the content transformation of an Object Lambda Access Point configuration.
" } }, "documentation": "A configuration used when creating an Object Lambda Access Point transformation.
" }, "ObjectLambdaTransformationConfigurationAction": { "type": "string", "enum": [ "GetObject", "HeadObject", "ListObjects", "ListObjectsV2" ] }, "ObjectLambdaTransformationConfigurationActionsList": { "type": "list", "member": { "shape": "ObjectLambdaTransformationConfigurationAction", "locationName": "Action" } }, "ObjectLambdaTransformationConfigurationsList": { "type": "list", "member": { "shape": "ObjectLambdaTransformationConfiguration", "locationName": "TransformationConfiguration" } }, "ObjectLockEnabledForBucket": { "type": "boolean" }, "ObjectSizeGreaterThanBytes": { "type": "long" }, "ObjectSizeLessThanBytes": { "type": "long" }, "ObjectSizeValue": { "type": "long" }, "OperationName": { "type": "string", "enum": [ "LambdaInvoke", "S3PutObjectCopy", "S3PutObjectAcl", "S3PutObjectTagging", "S3DeleteObjectTagging", "S3InitiateRestoreObject", "S3PutObjectLegalHold", "S3PutObjectRetention", "S3ReplicateObject" ] }, "Organization": { "type": "string", "max": 34, "min": 12, "pattern": "^o-[a-z0-9]{10,32}$" }, "OutputSchemaVersion": { "type": "string", "enum": [ "V_1" ] }, "OwnerOverride": { "type": "string", "enum": [ "Destination" ] }, "Permission": { "type": "string", "enum": [ "READ", "WRITE", "READWRITE" ] }, "Policy": { "type": "string" }, "PolicyDocument": { "type": "string", "max": 350000, "min": 1 }, "PolicyStatus": { "type": "structure", "members": { "IsPublic": { "shape": "IsPublic", "documentation": "", "locationName": "IsPublic" } }, "documentation": "Indicates whether this access point policy is public. For more information about how Amazon S3 evaluates policies to determine whether they are public, see The Meaning of \"Public\" in the Amazon S3 User Guide.
" }, "Prefix": { "type": "string" }, "PrefixLevel": { "type": "structure", "required": [ "StorageMetrics" ], "members": { "StorageMetrics": { "shape": "PrefixLevelStorageMetrics", "documentation": "A container for the prefix-level storage metrics for S3 Storage Lens.
" } }, "documentation": "A container for the prefix-level configuration.
" }, "PrefixLevelStorageMetrics": { "type": "structure", "members": { "IsEnabled": { "shape": "IsEnabled", "documentation": "A container for whether prefix-level storage metrics are enabled.
" }, "SelectionCriteria": { "shape": "SelectionCriteria" } }, "documentation": "A container for the prefix-level storage metrics for S3 Storage Lens.
" }, "Priority": { "type": "integer" }, "Privilege": { "type": "string", "enum": [ "Minimal", "Default" ] }, "ProposedMultiRegionAccessPointPolicy": { "type": "structure", "members": { "Policy": { "shape": "Policy", "documentation": "The details of the proposed policy.
" } }, "documentation": "The proposed access control policy for the Multi-Region Access Point.
When you update the policy, the update is first listed as the proposed policy. After the update is finished and all Regions have been updated, the proposed policy is listed as the established policy. If both policies have the same version number, the proposed policy is the established policy.
" }, "PublicAccessBlockConfiguration": { "type": "structure", "members": { "BlockPublicAcls": { "shape": "Setting", "documentation": "Specifies whether Amazon S3 should block public access control lists (ACLs) for buckets in this account. Setting this element to TRUE causes the following behavior:
PutBucketAcl and PutObjectAcl calls fail if the specified ACL is public.
PUT Object calls fail if the request includes a public ACL.
PUT Bucket calls fail if the request includes a public ACL.
Enabling this setting doesn't affect existing policies or ACLs.
This property is not supported for Amazon S3 on Outposts.
", "locationName": "BlockPublicAcls" }, "IgnorePublicAcls": { "shape": "Setting", "documentation": "Specifies whether Amazon S3 should ignore public ACLs for buckets in this account. Setting this element to TRUE causes Amazon S3 to ignore all public ACLs on buckets in this account and any objects that they contain.
Enabling this setting doesn't affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set.
This property is not supported for Amazon S3 on Outposts.
", "locationName": "IgnorePublicAcls" }, "BlockPublicPolicy": { "shape": "Setting", "documentation": "Specifies whether Amazon S3 should block public bucket policies for buckets in this account. Setting this element to TRUE causes Amazon S3 to reject calls to PUT Bucket policy if the specified bucket policy allows public access.
Enabling this setting doesn't affect existing bucket policies.
This property is not supported for Amazon S3 on Outposts.
", "locationName": "BlockPublicPolicy" }, "RestrictPublicBuckets": { "shape": "Setting", "documentation": "Specifies whether Amazon S3 should restrict public bucket policies for buckets in this account. Setting this element to TRUE restricts access to buckets with public policies to only Amazon Web Servicesservice principals and authorized users within this account.
Enabling this setting doesn't affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked.
This property is not supported for Amazon S3 on Outposts.
", "locationName": "RestrictPublicBuckets" } }, "documentation": "The PublicAccessBlock configuration that you want to apply to this Amazon S3 account. You can enable the configuration options in any combination. For more information about when Amazon S3 considers a bucket or object public, see The Meaning of \"Public\" in the Amazon S3 User Guide.
This data type is not supported for Amazon S3 on Outposts.
" }, "PublicAccessBlockEnabled": { "type": "boolean" }, "PutAccessGrantsInstanceResourcePolicyRequest": { "type": "structure", "required": [ "AccountId", "Policy" ], "members": { "AccountId": { "shape": "AccountId", "documentation": "The Amazon Web Services account ID of the S3 Access Grants instance.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" }, "Policy": { "shape": "PolicyDocument", "documentation": "The resource policy of the S3 Access Grants instance that you are updating.
" }, "Organization": { "shape": "Organization", "documentation": "The Organization of the resource policy of the S3 Access Grants instance.
" } } }, "PutAccessGrantsInstanceResourcePolicyResult": { "type": "structure", "members": { "Policy": { "shape": "PolicyDocument", "documentation": "The updated resource policy of the S3 Access Grants instance.
" }, "Organization": { "shape": "Organization", "documentation": "The Organization of the resource policy of the S3 Access Grants instance.
" }, "CreatedAt": { "shape": "CreationTimestamp", "documentation": "The date and time when you created the S3 Access Grants instance resource policy.
" } } }, "PutAccessPointConfigurationForObjectLambdaRequest": { "type": "structure", "required": [ "AccountId", "Name", "Configuration" ], "members": { "AccountId": { "shape": "AccountId", "documentation": "The account ID for the account that owns the specified Object Lambda Access Point.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" }, "Name": { "shape": "ObjectLambdaAccessPointName", "documentation": "The name of the Object Lambda Access Point.
", "location": "uri", "locationName": "name" }, "Configuration": { "shape": "ObjectLambdaConfiguration", "documentation": "Object Lambda Access Point configuration document.
" } } }, "PutAccessPointPolicyForObjectLambdaRequest": { "type": "structure", "required": [ "AccountId", "Name", "Policy" ], "members": { "AccountId": { "shape": "AccountId", "documentation": "The account ID for the account that owns the specified Object Lambda Access Point.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" }, "Name": { "shape": "ObjectLambdaAccessPointName", "documentation": "The name of the Object Lambda Access Point.
", "location": "uri", "locationName": "name" }, "Policy": { "shape": "ObjectLambdaPolicy", "documentation": "Object Lambda Access Point resource policy document.
" } } }, "PutAccessPointPolicyRequest": { "type": "structure", "required": [ "AccountId", "Name", "Policy" ], "members": { "AccountId": { "shape": "AccountId", "documentation": "The Amazon Web Services account ID for owner of the bucket associated with the specified access point.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" }, "Name": { "shape": "AccessPointName", "documentation": "The name of the access point that you want to associate with the specified policy.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the access point accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/accesspoint/<my-accesspoint-name>. For example, to access the access point reports-ap through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/accesspoint/reports-ap. The value must be URL encoded.
The policy that you want to apply to the specified access point. For more information about access point policies, see Managing data access with Amazon S3 access points in the Amazon S3 User Guide.
" } } }, "PutBucketLifecycleConfigurationRequest": { "type": "structure", "required": [ "AccountId", "Bucket" ], "members": { "AccountId": { "shape": "AccountId", "documentation": "The Amazon Web Services account ID of the Outposts bucket.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" }, "Bucket": { "shape": "BucketName", "documentation": "The name of the bucket for which to set the configuration.
", "contextParam": { "name": "Bucket" }, "location": "uri", "locationName": "name" }, "LifecycleConfiguration": { "shape": "LifecycleConfiguration", "documentation": "Container for lifecycle rules. You can add as many as 1,000 rules.
", "locationName": "LifecycleConfiguration", "xmlNamespace": { "uri": "http://awss3control.amazonaws.com/doc/2018-08-20/" } } }, "payload": "LifecycleConfiguration" }, "PutBucketPolicyRequest": { "type": "structure", "required": [ "AccountId", "Bucket", "Policy" ], "members": { "AccountId": { "shape": "AccountId", "documentation": "The Amazon Web Services account ID of the Outposts bucket.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" }, "Bucket": { "shape": "BucketName", "documentation": "Specifies the bucket.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>. For example, to access the bucket reports through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports. The value must be URL encoded.
Set this parameter to true to confirm that you want to remove your permissions to change this bucket policy in the future.
This is not supported by Amazon S3 on Outposts buckets.
The bucket policy as a JSON document.
" } } }, "PutBucketReplicationRequest": { "type": "structure", "required": [ "AccountId", "Bucket", "ReplicationConfiguration" ], "members": { "AccountId": { "shape": "AccountId", "documentation": "The Amazon Web Services account ID of the Outposts bucket.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" }, "Bucket": { "shape": "BucketName", "documentation": "Specifies the S3 on Outposts bucket to set the configuration for.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>. For example, to access the bucket reports through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports. The value must be URL encoded.
The Amazon Web Services account ID of the Outposts bucket.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" }, "Bucket": { "shape": "BucketName", "documentation": "The Amazon Resource Name (ARN) of the bucket.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>. For example, to access the bucket reports through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports. The value must be URL encoded.
The Amazon Web Services account ID of the S3 on Outposts bucket.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" }, "Bucket": { "shape": "BucketName", "documentation": "The S3 on Outposts bucket to set the versioning state for.
", "contextParam": { "name": "Bucket" }, "location": "uri", "locationName": "name" }, "MFA": { "shape": "MFA", "documentation": "The concatenation of the authentication device's serial number, a space, and the value that is displayed on your authentication device.
", "location": "header", "locationName": "x-amz-mfa" }, "VersioningConfiguration": { "shape": "VersioningConfiguration", "documentation": "The root-level tag for the VersioningConfiguration parameters.
The Amazon Web Services account ID associated with the S3 Batch Operations job.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" }, "JobId": { "shape": "JobId", "documentation": "The ID for the S3 Batch Operations job whose tags you want to replace.
", "location": "uri", "locationName": "id" }, "Tags": { "shape": "S3TagSet", "documentation": "The set of tags to associate with the S3 Batch Operations job.
" } } }, "PutJobTaggingResult": { "type": "structure", "members": {} }, "PutMultiRegionAccessPointPolicyInput": { "type": "structure", "required": [ "Name", "Policy" ], "members": { "Name": { "shape": "MultiRegionAccessPointName", "documentation": "The name of the Multi-Region Access Point associated with the request.
" }, "Policy": { "shape": "Policy", "documentation": "The policy details for the PutMultiRegionAccessPoint request.
A container for the information associated with a PutMultiRegionAccessPoint request.
" }, "PutMultiRegionAccessPointPolicyRequest": { "type": "structure", "required": [ "AccountId", "ClientToken", "Details" ], "members": { "AccountId": { "shape": "AccountId", "documentation": "The Amazon Web Services account ID for the owner of the Multi-Region Access Point.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" }, "ClientToken": { "shape": "MultiRegionAccessPointClientToken", "documentation": "An idempotency token used to identify the request and guarantee that requests are unique.
", "idempotencyToken": true }, "Details": { "shape": "PutMultiRegionAccessPointPolicyInput", "documentation": "A container element containing the details of the policy for the Multi-Region Access Point.
" } } }, "PutMultiRegionAccessPointPolicyResult": { "type": "structure", "members": { "RequestTokenARN": { "shape": "AsyncRequestTokenARN", "documentation": "The request token associated with the request. You can use this token with DescribeMultiRegionAccessPointOperation to determine the status of asynchronous requests.
" } } }, "PutPublicAccessBlockRequest": { "type": "structure", "required": [ "PublicAccessBlockConfiguration", "AccountId" ], "members": { "PublicAccessBlockConfiguration": { "shape": "PublicAccessBlockConfiguration", "documentation": "The PublicAccessBlock configuration that you want to apply to the specified Amazon Web Services account.
The account ID for the Amazon Web Services account whose PublicAccessBlock configuration you want to set.
The ID of the S3 Storage Lens configuration.
", "location": "uri", "locationName": "storagelensid" }, "AccountId": { "shape": "AccountId", "documentation": "The account ID of the requester.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" }, "StorageLensConfiguration": { "shape": "StorageLensConfiguration", "documentation": "The S3 Storage Lens configuration.
" }, "Tags": { "shape": "StorageLensTags", "documentation": "The tag set of the S3 Storage Lens configuration.
You can set up to a maximum of 50 tags.
The ID of the S3 Storage Lens configuration.
", "location": "uri", "locationName": "storagelensid" }, "AccountId": { "shape": "AccountId", "documentation": "The account ID of the requester.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" }, "Tags": { "shape": "StorageLensTags", "documentation": "The tag set of the S3 Storage Lens configuration.
You can set up to a maximum of 50 tags.
The name of the associated bucket for the Region.
" }, "BucketAccountId": { "shape": "AccountId", "documentation": "The Amazon Web Services account ID that owns the Amazon S3 bucket that's associated with this Multi-Region Access Point.
" } }, "documentation": "A Region that supports a Multi-Region Access Point as well as the associated bucket for the Region.
" }, "RegionCreationList": { "type": "list", "member": { "shape": "Region", "locationName": "Region" } }, "RegionName": { "type": "string", "max": 64, "min": 1 }, "RegionReport": { "type": "structure", "members": { "Bucket": { "shape": "BucketName", "documentation": "The name of the bucket.
" }, "Region": { "shape": "RegionName", "documentation": "The name of the Region.
" }, "BucketAccountId": { "shape": "AccountId", "documentation": "The Amazon Web Services account ID that owns the Amazon S3 bucket that's associated with this Multi-Region Access Point.
" } }, "documentation": "A combination of a bucket and Region that's part of a Multi-Region Access Point.
" }, "RegionReportList": { "type": "list", "member": { "shape": "RegionReport", "locationName": "Region" } }, "RegionalBucket": { "type": "structure", "required": [ "Bucket", "PublicAccessBlockEnabled", "CreationDate" ], "members": { "Bucket": { "shape": "BucketName", "documentation": "" }, "BucketArn": { "shape": "S3RegionalBucketArn", "documentation": "The Amazon Resource Name (ARN) for the regional bucket.
" }, "PublicAccessBlockEnabled": { "shape": "PublicAccessBlockEnabled", "documentation": "" }, "CreationDate": { "shape": "CreationDate", "documentation": "The creation date of the regional bucket
" }, "OutpostId": { "shape": "NonEmptyMaxLength64String", "documentation": "The Outposts ID of the regional bucket.
" } }, "documentation": "The container for the regional bucket.
" }, "RegionalBucketList": { "type": "list", "member": { "shape": "RegionalBucket", "locationName": "RegionalBucket" } }, "Regions": { "type": "list", "member": { "shape": "S3AWSRegion", "locationName": "Region" } }, "ReplicaKmsKeyID": { "type": "string" }, "ReplicaModifications": { "type": "structure", "required": [ "Status" ], "members": { "Status": { "shape": "ReplicaModificationsStatus", "documentation": "Specifies whether S3 on Outposts replicates modifications to object metadata on replicas.
" } }, "documentation": "A filter that you can use to specify whether replica modification sync is enabled. S3 on Outposts replica modification sync can help you keep object metadata synchronized between replicas and source objects. By default, S3 on Outposts replicates metadata from the source objects to the replicas only. When replica modification sync is enabled, S3 on Outposts replicates metadata changes made to the replica copies back to the source object, making the replication bidirectional.
To replicate object metadata modifications on replicas, you can specify this element and set the Status of this element to Enabled.
You must enable replica modification sync on the source and destination buckets to replicate replica metadata changes between the source and the replicas.
The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role that S3 on Outposts assumes when replicating objects. For information about S3 replication on Outposts configuration, see Setting up replication in the Amazon S3 User Guide.
" }, "Rules": { "shape": "ReplicationRules", "documentation": "A container for one or more replication rules. A replication configuration must have at least one rule and can contain an array of 100 rules at the most.
" } }, "documentation": "A container for one or more replication rules. A replication configuration must have at least one rule and you can add up to 100 rules. The maximum size of a replication configuration is 128 KB.
" }, "ReplicationRule": { "type": "structure", "required": [ "Status", "Destination", "Bucket" ], "members": { "ID": { "shape": "ID", "documentation": "A unique identifier for the rule. The maximum value is 255 characters.
" }, "Priority": { "shape": "Priority", "documentation": "The priority indicates which rule has precedence whenever two or more replication rules conflict. S3 on Outposts attempts to replicate objects according to all replication rules. However, if there are two or more rules with the same destination Outposts bucket, then objects will be replicated according to the rule with the highest priority. The higher the number, the higher the priority.
For more information, see Creating replication rules on Outposts in the Amazon S3 User Guide.
", "box": true }, "Prefix": { "shape": "Prefix", "documentation": "An object key name prefix that identifies the object or objects to which the rule applies. The maximum prefix length is 1,024 characters. To include all objects in an Outposts bucket, specify an empty string.
When you're using XML requests, you must replace special characters (such as carriage returns) in object keys with their equivalent XML entity codes. For more information, see XML-related object key constraints in the Amazon S3 User Guide.
A filter that identifies the subset of objects to which the replication rule applies. A Filter element must specify exactly one Prefix, Tag, or And child element.
Specifies whether the rule is enabled.
" }, "SourceSelectionCriteria": { "shape": "SourceSelectionCriteria", "documentation": "A container that describes additional filters for identifying the source Outposts objects that you want to replicate. You can choose to enable or disable the replication of these objects.
" }, "ExistingObjectReplication": { "shape": "ExistingObjectReplication", "documentation": "An optional configuration to replicate existing source bucket objects.
This is not supported by Amazon S3 on Outposts buckets.
A container for information about the replication destination and its configurations.
" }, "DeleteMarkerReplication": { "shape": "DeleteMarkerReplication", "documentation": "Specifies whether S3 on Outposts replicates delete markers. If you specify a Filter element in your replication configuration, you must also include a DeleteMarkerReplication element. If your Filter includes a Tag element, the DeleteMarkerReplication element's Status child element must be set to Disabled, because S3 on Outposts doesn't support replicating delete markers for tag-based rules.
For more information about delete marker replication, see How delete operations affect replication in the Amazon S3 User Guide.
" }, "Bucket": { "shape": "BucketIdentifierString", "documentation": "The Amazon Resource Name (ARN) of the access point for the source Outposts bucket that you want S3 on Outposts to replicate the objects from.
" } }, "documentation": "Specifies which S3 on Outposts objects to replicate and where to store the replicas.
" }, "ReplicationRuleAndOperator": { "type": "structure", "members": { "Prefix": { "shape": "Prefix", "documentation": "An object key name prefix that identifies the subset of objects that the rule applies to.
" }, "Tags": { "shape": "S3TagSet", "documentation": "An array of tags that contain key and value pairs.
" } }, "documentation": "A container for specifying rule filters. The filters determine the subset of objects to which the rule applies. This element is required only if you specify more than one filter.
For example:
If you specify both a Prefix and a Tag filter, wrap these filters in an And element.
If you specify a filter based on multiple tags, wrap the Tag elements in an And element.
An object key name prefix that identifies the subset of objects that the rule applies to.
When you're using XML requests, you must replace special characters (such as carriage returns) in object keys with their equivalent XML entity codes. For more information, see XML-related object key constraints in the Amazon S3 User Guide.
A container for specifying rule filters. The filters determine the subset of objects that the rule applies to. This element is required only if you specify more than one filter. For example:
If you specify both a Prefix and a Tag filter, wrap these filters in an And element.
If you specify a filter based on multiple tags, wrap the Tag elements in an And element.
A filter that identifies the subset of objects to which the replication rule applies. A Filter element must specify exactly one Prefix, Tag, or And child element.
Specifies whether S3 Replication Time Control (S3 RTC) is enabled.
" }, "Time": { "shape": "ReplicationTimeValue", "documentation": "A container that specifies the time by which replication should be complete for all objects and operations on objects.
" } }, "documentation": "A container that specifies S3 Replication Time Control (S3 RTC) related information, including whether S3 RTC is enabled and the time when all objects and operations on objects must be replicated.
This is not supported by Amazon S3 on Outposts buckets.
Contains an integer that specifies the time period in minutes.
Valid value: 15
", "box": true } }, "documentation": "A container that specifies the time value for S3 Replication Time Control (S3 RTC). This value is also used for the replication metrics EventThreshold element.
This is not supported by Amazon S3 on Outposts buckets.
The schema version of the export file.
" }, "AccountId": { "shape": "AccountId", "documentation": "The account ID of the owner of the S3 Storage Lens metrics export bucket.
" }, "Arn": { "shape": "S3BucketArnString", "documentation": "The Amazon Resource Name (ARN) of the bucket. This property is read-only and follows the following format: arn:aws:s3:us-east-1:example-account-id:bucket/your-destination-bucket-name
The prefix of the destination bucket where the metrics export will be delivered.
" }, "Encryption": { "shape": "StorageLensDataExportEncryption", "documentation": "The container for the type encryption of the metrics exports in this bucket.
" } }, "documentation": "A container for the bucket where the Amazon S3 Storage Lens metrics export files are located.
" }, "S3CannedAccessControlList": { "type": "string", "enum": [ "private", "public-read", "public-read-write", "aws-exec-read", "authenticated-read", "bucket-owner-read", "bucket-owner-full-control" ] }, "S3ChecksumAlgorithm": { "type": "string", "enum": [ "CRC32", "CRC32C", "SHA1", "SHA256" ] }, "S3ContentLength": { "type": "long", "min": 0 }, "S3CopyObjectOperation": { "type": "structure", "members": { "TargetResource": { "shape": "S3RegionalOrS3ExpressBucketArnString", "documentation": "Specifies the destination bucket Amazon Resource Name (ARN) for the batch copy operation.
General purpose buckets - For example, to copy objects to a general purpose bucket named destinationBucket, set the TargetResource property to arn:aws:s3:::destinationBucket.
Directory buckets - For example, to copy objects to a directory bucket named destinationBucket in the Availability Zone; identified by the AZ ID usw2-az1, set the TargetResource property to arn:aws:s3express:region:account_id:/bucket/destination_bucket_base_name--usw2-az1--x-s3.
This functionality is not supported by directory buckets.
This functionality is not supported by directory buckets.
If you don't provide this parameter, Amazon S3 copies all the metadata from the original objects. If you specify an empty set, the new objects will have no tags. Otherwise, Amazon S3 assigns the supplied tags to the new objects.
" }, "NewObjectTagging": { "shape": "S3TagSet", "documentation": "Specifies a list of tags to add to the destination objects after they are copied. If NewObjectTagging is not specified, the tags of the source objects are copied to destination objects by default.
Directory buckets - Tags aren't supported by directory buckets. If your source objects have tags and your destination bucket is a directory bucket, specify an empty tag set in the NewObjectTagging field to prevent copying the source object tags to the directory bucket.
If the destination bucket is configured as a website, specifies an optional metadata property for website redirects, x-amz-website-redirect-location. Allows webpage redirects if the object copy is accessed through a website endpoint.
This functionality is not supported by directory buckets.
This functionality is not supported by directory buckets.
Specify the storage class for the destination objects in a Copy operation.
Directory buckets - This functionality is not supported by directory buckets.
This functionality is not supported by directory buckets.
Specifies the folder prefix that you want the objects to be copied into. For example, to copy objects into a folder named Folder1 in the destination bucket, set the TargetKeyPrefix property to Folder1.
The legal hold status to be applied to all objects in the Batch Operations job.
This functionality is not supported by directory buckets.
The retention mode to be applied to all objects in the Batch Operations job.
This functionality is not supported by directory buckets.
The date when the applied object retention configuration expires on all objects in the Batch Operations job.
This functionality is not supported by directory buckets.
Specifies whether Amazon S3 should use an S3 Bucket Key for object encryption with server-side encryption using Amazon Web Services KMS (SSE-KMS). Setting this header to true causes Amazon S3 to use an S3 Bucket Key for object encryption with SSE-KMS.
Specifying this header with an object action doesn’t affect bucket-level settings for S3 Bucket Key.
This functionality is not supported by directory buckets.
Indicates the algorithm that you want Amazon S3 to use to create the checksum. For more information, see Checking object integrity in the Amazon S3 User Guide.
" } }, "documentation": "Contains the configuration parameters for a PUT Copy object operation. S3 Batch Operations passes every object to the underlying CopyObject API operation. For more information about the parameters for this operation, see CopyObject.
Contains no configuration parameters because the DELETE Object tagging (DeleteObjectTagging) API operation accepts only the bucket name and key name as parameters, which are defined in the job's manifest.
The format of the generated manifest.
" }, "Location": { "shape": "JobManifestLocation" } }, "documentation": "Describes the specified job's generated manifest. Batch Operations jobs created with a ManifestGenerator populate details of this descriptor after execution of the ManifestGenerator.
" }, "S3GlacierJobTier": { "type": "string", "enum": [ "BULK", "STANDARD" ] }, "S3Grant": { "type": "structure", "members": { "Grantee": { "shape": "S3Grantee", "documentation": "" }, "Permission": { "shape": "S3Permission", "documentation": "" } }, "documentation": "" }, "S3GrantList": { "type": "list", "member": { "shape": "S3Grant" } }, "S3Grantee": { "type": "structure", "members": { "TypeIdentifier": { "shape": "S3GranteeTypeIdentifier", "documentation": "" }, "Identifier": { "shape": "NonEmptyMaxLength1024String", "documentation": "", "box": true }, "DisplayName": { "shape": "NonEmptyMaxLength1024String", "documentation": "" } }, "documentation": "" }, "S3GranteeTypeIdentifier": { "type": "string", "enum": [ "id", "emailAddress", "uri" ] }, "S3InitiateRestoreObjectOperation": { "type": "structure", "members": { "ExpirationInDays": { "shape": "S3ExpirationInDays", "documentation": "This argument specifies how long the S3 Glacier or S3 Glacier Deep Archive object remains available in Amazon S3. S3 Initiate Restore Object jobs that target S3 Glacier and S3 Glacier Deep Archive objects require ExpirationInDays set to 1 or greater.
Conversely, do not set ExpirationInDays when creating S3 Initiate Restore Object jobs that target S3 Intelligent-Tiering Archive Access and Deep Archive Access tier objects. Objects in S3 Intelligent-Tiering archive access tiers are not subject to restore expiry, so specifying ExpirationInDays results in restore request failure.
S3 Batch Operations jobs can operate either on S3 Glacier and S3 Glacier Deep Archive storage class objects or on S3 Intelligent-Tiering Archive Access and Deep Archive Access storage tier objects, but not both types in the same job. If you need to restore objects of both types you must create separate Batch Operations jobs.
", "box": true }, "GlacierJobTier": { "shape": "S3GlacierJobTier", "documentation": "S3 Batch Operations supports STANDARD and BULK retrieval tiers, but not the EXPEDITED retrieval tier.
Contains the configuration parameters for a POST Object restore job. S3 Batch Operations passes every object to the underlying RestoreObject API operation. For more information about the parameters for this operation, see RestoreObject.
The Amazon Web Services account ID that owns the bucket the generated manifest is written to. If provided the generated manifest bucket's owner Amazon Web Services account ID must match this value, else the job fails.
" }, "SourceBucket": { "shape": "S3BucketArnString", "documentation": "The ARN of the source bucket used by the ManifestGenerator.
Directory buckets - Directory buckets aren't supported as the source buckets used by S3JobManifestGenerator to generate the job manifest.
Specifies the location the generated manifest will be written to. Manifests can't be written to directory buckets. For more information, see Directory buckets.
" }, "Filter": { "shape": "JobManifestGeneratorFilter", "documentation": "Specifies rules the S3JobManifestGenerator should use to decide whether an object in the source bucket should or should not be included in the generated job manifest.
" }, "EnableManifestOutput": { "shape": "Boolean", "documentation": "Determines whether or not to write the job's generated manifest to a bucket.
" } }, "documentation": "The container for the service that will create the S3 manifest.
" }, "S3KeyArnString": { "type": "string", "max": 2000, "min": 1, "pattern": "arn:[^:]+:s3:.*" }, "S3ManifestOutputLocation": { "type": "structure", "required": [ "Bucket", "ManifestFormat" ], "members": { "ExpectedManifestBucketOwner": { "shape": "AccountId", "documentation": "The Account ID that owns the bucket the generated manifest is written to.
" }, "Bucket": { "shape": "S3BucketArnString", "documentation": "The bucket ARN the generated manifest should be written to.
Directory buckets - Directory buckets aren't supported as the buckets to store the generated manifest.
Prefix identifying one or more objects to which the manifest applies.
" }, "ManifestEncryption": { "shape": "GeneratedManifestEncryption", "documentation": "Specifies what encryption should be used when the generated manifest objects are written.
" }, "ManifestFormat": { "shape": "GeneratedManifestFormat", "documentation": "The format of the generated manifest.
" } }, "documentation": "Location details for where the generated manifest should be written.
" }, "S3MetadataDirective": { "type": "string", "enum": [ "COPY", "REPLACE" ] }, "S3ObjectLockLegalHold": { "type": "structure", "required": [ "Status" ], "members": { "Status": { "shape": "S3ObjectLockLegalHoldStatus", "documentation": "The Object Lock legal hold status to be applied to all objects in the Batch Operations job.
" } }, "documentation": "Whether S3 Object Lock legal hold will be applied to objects in an S3 Batch Operations job.
" }, "S3ObjectLockLegalHoldStatus": { "type": "string", "enum": [ "OFF", "ON" ] }, "S3ObjectLockMode": { "type": "string", "enum": [ "COMPLIANCE", "GOVERNANCE" ] }, "S3ObjectLockRetentionMode": { "type": "string", "enum": [ "COMPLIANCE", "GOVERNANCE" ] }, "S3ObjectMetadata": { "type": "structure", "members": { "CacheControl": { "shape": "NonEmptyMaxLength1024String", "documentation": "" }, "ContentDisposition": { "shape": "NonEmptyMaxLength1024String", "documentation": "" }, "ContentEncoding": { "shape": "NonEmptyMaxLength1024String", "documentation": "" }, "ContentLanguage": { "shape": "NonEmptyMaxLength1024String", "documentation": "" }, "UserMetadata": { "shape": "S3UserMetadata", "documentation": "" }, "ContentLength": { "shape": "S3ContentLength", "documentation": "This member has been deprecated.
", "box": true }, "ContentMD5": { "shape": "NonEmptyMaxLength1024String", "documentation": "This member has been deprecated.
" }, "ContentType": { "shape": "NonEmptyMaxLength1024String", "documentation": "" }, "HttpExpiresDate": { "shape": "TimeStamp", "documentation": "" }, "RequesterCharged": { "shape": "Boolean", "documentation": "This member has been deprecated.
" }, "SSEAlgorithm": { "shape": "S3SSEAlgorithm", "documentation": "For directory buckets, only the server-side encryption with Amazon S3 managed keys (SSE-S3) (AES256) is supported.
Directs the specified job to invoke ReplicateObject on every object in the job's manifest.
The date when the applied Object Lock retention will expire on all objects set by the Batch Operations job.
" }, "Mode": { "shape": "S3ObjectLockRetentionMode", "documentation": "The Object Lock retention mode to be applied to all objects in the Batch Operations job.
" } }, "documentation": "Contains the S3 Object Lock retention mode to be applied to all objects in the S3 Batch Operations job. If you don't provide Mode and RetainUntilDate data types in your operation, you will remove the retention from your objects. For more information, see Using S3 Object Lock retention with S3 Batch Operations in the Amazon S3 User Guide.
Contains the configuration parameters for a PUT Object ACL operation. S3 Batch Operations passes every object to the underlying PutObjectAcl API operation. For more information about the parameters for this operation, see PutObjectAcl.
Contains the Object Lock legal hold status to be applied to all objects in the Batch Operations job.
" } }, "documentation": "Contains the configuration for an S3 Object Lock legal hold operation that an S3 Batch Operations job passes to every object to the underlying PutObjectLegalHold API operation. For more information, see Using S3 Object Lock legal hold with S3 Batch Operations in the Amazon S3 User Guide.
This functionality is not supported by directory buckets.
Indicates if the action should be applied to objects in the Batch Operations job even if they have Object Lock GOVERNANCE type in place.
Contains the Object Lock retention mode to be applied to all objects in the Batch Operations job. For more information, see Using S3 Object Lock retention with S3 Batch Operations in the Amazon S3 User Guide.
" } }, "documentation": "Contains the configuration parameters for the Object Lock retention action for an S3 Batch Operations job. Batch Operations passes every object to the underlying PutObjectRetention API operation. For more information, see Using S3 Object Lock retention with S3 Batch Operations in the Amazon S3 User Guide.
This functionality is not supported by directory buckets.
Contains the configuration parameters for a PUT Object Tagging operation. S3 Batch Operations passes every object to the underlying PutObjectTagging API operation. For more information about the parameters for this operation, see PutObjectTagging.
Key of the tag
" }, "Value": { "shape": "TagValueString", "documentation": "Value of the tag
" } }, "documentation": "A container for a key-value name pair.
" }, "S3TagSet": { "type": "list", "member": { "shape": "S3Tag" } }, "S3UserMetadata": { "type": "map", "key": { "shape": "NonEmptyMaxLength1024String" }, "value": { "shape": "MaxLength1024String" }, "max": 8192 }, "SSEKMS": { "type": "structure", "required": [ "KeyId" ], "members": { "KeyId": { "shape": "SSEKMSKeyId", "documentation": "A container for the ARN of the SSE-KMS encryption. This property is read-only and follows the following format: arn:aws:kms:us-east-1:example-account-id:key/example-9a73-4afc-8d29-8f5900cef44e
Specifies the ID of the Amazon Web Services Key Management Service (Amazon Web Services KMS) symmetric encryption customer managed key to use for encrypting generated manifest objects.
" } }, "documentation": "Configuration for the use of SSE-KMS to encrypt generated manifest objects.
", "locationName": "SSE-KMS" }, "SSEKMSKeyId": { "type": "string" }, "SSES3": { "type": "structure", "members": {}, "documentation": "", "locationName": "SSE-S3" }, "SSES3Encryption": { "type": "structure", "members": {}, "documentation": "Configuration for the use of SSE-S3 to encrypt generated manifest objects.
", "locationName": "SSE-S3" }, "SecretAccessKey": { "type": "string", "sensitive": true }, "SelectionCriteria": { "type": "structure", "members": { "Delimiter": { "shape": "StorageLensPrefixLevelDelimiter", "documentation": "A container for the delimiter of the selection criteria being used.
" }, "MaxDepth": { "shape": "StorageLensPrefixLevelMaxDepth", "documentation": "The max depth of the selection criteria
" }, "MinStorageBytesPercentage": { "shape": "MinStorageBytesPercentage", "documentation": "The minimum number of storage bytes percentage whose metrics will be selected.
You must choose a value greater than or equal to 1.0.
A filter that you can use to select Amazon S3 objects that are encrypted with server-side encryption by using Key Management Service (KMS) keys. If you include SourceSelectionCriteria in the replication configuration, this element is required.
This is not supported by Amazon S3 on Outposts buckets.
A filter that you can use to specify whether replica modification sync is enabled. S3 on Outposts replica modification sync can help you keep object metadata synchronized between replicas and source objects. By default, S3 on Outposts replicates metadata from the source objects to the replicas only. When replica modification sync is enabled, S3 on Outposts replicates metadata changes made to the replica copies back to the source object, making the replication bidirectional.
To replicate object metadata modifications on replicas, you can specify this element and set the Status of this element to Enabled.
You must enable replica modification sync on the source and destination buckets to replicate replica metadata changes between the source and the replicas.
A container that describes additional filters for identifying the source objects that you want to replicate. You can choose to enable or disable the replication of these objects.
" }, "SseKmsEncryptedObjects": { "type": "structure", "required": [ "Status" ], "members": { "Status": { "shape": "SseKmsEncryptedObjectsStatus", "documentation": "Specifies whether Amazon S3 replicates objects that are created with server-side encryption by using an KMS key stored in Key Management Service.
" } }, "documentation": "A container for filter information that you can use to select S3 objects that are encrypted with Key Management Service (KMS).
This is not supported by Amazon S3 on Outposts buckets.
A container for the Amazon Resource Name (ARN) of the Amazon Web Services organization. This property is read-only and follows the following format: arn:aws:organizations:us-east-1:example-account-id:organization/o-ex2l495dck
The Amazon Web Services organization for your S3 Storage Lens.
" }, "StorageLensConfiguration": { "type": "structure", "required": [ "Id", "AccountLevel", "IsEnabled" ], "members": { "Id": { "shape": "ConfigId", "documentation": "A container for the Amazon S3 Storage Lens configuration ID.
" }, "AccountLevel": { "shape": "AccountLevel", "documentation": "A container for all the account-level configurations of your S3 Storage Lens configuration.
" }, "Include": { "shape": "Include", "documentation": "A container for what is included in this configuration. This container can only be valid if there is no Exclude container submitted, and it's not empty.
A container for what is excluded in this configuration. This container can only be valid if there is no Include container submitted, and it's not empty.
A container to specify the properties of your S3 Storage Lens metrics export including, the destination, schema and format.
" }, "IsEnabled": { "shape": "IsEnabled", "documentation": "A container for whether the S3 Storage Lens configuration is enabled.
" }, "AwsOrg": { "shape": "StorageLensAwsOrg", "documentation": "A container for the Amazon Web Services organization for this S3 Storage Lens configuration.
" }, "StorageLensArn": { "shape": "StorageLensArn", "documentation": "The Amazon Resource Name (ARN) of the S3 Storage Lens configuration. This property is read-only and follows the following format: arn:aws:s3:us-east-1:example-account-id:storage-lens/your-dashboard-name
A container for the Amazon S3 Storage Lens configuration.
" }, "StorageLensConfigurationList": { "type": "list", "member": { "shape": "ListStorageLensConfigurationEntry", "locationName": "StorageLensConfiguration" }, "flattened": true }, "StorageLensDataExport": { "type": "structure", "members": { "S3BucketDestination": { "shape": "S3BucketDestination", "documentation": "A container for the bucket where the S3 Storage Lens metrics export will be located.
This bucket must be located in the same Region as the storage lens configuration.
A container for enabling Amazon CloudWatch publishing for S3 Storage Lens metrics.
" } }, "documentation": "A container to specify the properties of your S3 Storage Lens metrics export, including the destination, schema, and format.
" }, "StorageLensDataExportEncryption": { "type": "structure", "members": { "SSES3": { "shape": "SSES3", "documentation": "", "locationName": "SSE-S3" }, "SSEKMS": { "shape": "SSEKMS", "documentation": "", "locationName": "SSE-KMS" } }, "documentation": "A container for the encryption of the S3 Storage Lens metrics exports.
" }, "StorageLensGroup": { "type": "structure", "required": [ "Name", "Filter" ], "members": { "Name": { "shape": "StorageLensGroupName", "documentation": "Contains the name of the Storage Lens group.
" }, "Filter": { "shape": "StorageLensGroupFilter", "documentation": "Sets the criteria for the Storage Lens group data that is displayed. For multiple filter conditions, the AND or OR logical operator is used.
Contains the Amazon Resource Name (ARN) of the Storage Lens group. This property is read-only.
" } }, "documentation": "A custom grouping of objects that include filters for prefixes, suffixes, object tags, object size, or object age. You can create an S3 Storage Lens group that includes a single filter or multiple filter conditions. To specify multiple filter conditions, you use AND or OR logical operators.
Contains a list of prefixes. At least one prefix must be specified. Up to 10 prefixes are allowed.
" }, "MatchAnySuffix": { "shape": "MatchAnySuffix", "documentation": "Contains a list of suffixes. At least one suffix must be specified. Up to 10 suffixes are allowed.
" }, "MatchAnyTag": { "shape": "MatchAnyTag", "documentation": "Contains the list of object tags. At least one object tag must be specified. Up to 10 object tags are allowed.
" }, "MatchObjectAge": { "shape": "MatchObjectAge", "documentation": " Contains DaysGreaterThan and DaysLessThan to define the object age range (minimum and maximum number of days).
Contains BytesGreaterThan and BytesLessThan to define the object size range (minimum and maximum number of Bytes).
A logical operator that allows multiple filter conditions to be joined for more complex comparisons of Storage Lens group data.
" }, "StorageLensGroupArn": { "type": "string", "max": 1024, "min": 4, "pattern": "arn:[a-z\\-]+:s3:[a-z0-9\\-]+:\\d{12}:storage\\-lens\\-group\\/.*" }, "StorageLensGroupFilter": { "type": "structure", "members": { "MatchAnyPrefix": { "shape": "MatchAnyPrefix", "documentation": "Contains a list of prefixes. At least one prefix must be specified. Up to 10 prefixes are allowed.
" }, "MatchAnySuffix": { "shape": "MatchAnySuffix", "documentation": "Contains a list of suffixes. At least one suffix must be specified. Up to 10 suffixes are allowed.
" }, "MatchAnyTag": { "shape": "MatchAnyTag", "documentation": "Contains the list of S3 object tags. At least one object tag must be specified. Up to 10 object tags are allowed.
" }, "MatchObjectAge": { "shape": "MatchObjectAge", "documentation": " Contains DaysGreaterThan and DaysLessThan to define the object age range (minimum and maximum number of days).
Contains BytesGreaterThan and BytesLessThan to define the object size range (minimum and maximum number of Bytes).
A logical operator that allows multiple filter conditions to be joined for more complex comparisons of Storage Lens group data. Objects must match all of the listed filter conditions that are joined by the And logical operator. Only one of each filter condition is allowed.
A single logical operator that allows multiple filter conditions to be joined. Objects can match any of the listed filter conditions, which are joined by the Or logical operator. Only one of each filter condition is allowed.
The filter element sets the criteria for the Storage Lens group data that is displayed. For multiple filter conditions, the AND or OR logical operator is used.
Indicates which Storage Lens group ARNs to include or exclude in the Storage Lens group aggregation. If this value is left null, then all Storage Lens groups are selected.
" } }, "documentation": "Specifies the Storage Lens groups to include in the Storage Lens group aggregation.
" }, "StorageLensGroupLevelExclude": { "type": "list", "member": { "shape": "StorageLensGroupArn", "locationName": "Arn" } }, "StorageLensGroupLevelInclude": { "type": "list", "member": { "shape": "StorageLensGroupArn", "locationName": "Arn" } }, "StorageLensGroupLevelSelectionCriteria": { "type": "structure", "members": { "Include": { "shape": "StorageLensGroupLevelInclude", "documentation": "Indicates which Storage Lens group ARNs to include in the Storage Lens group aggregation.
" }, "Exclude": { "shape": "StorageLensGroupLevelExclude", "documentation": "Indicates which Storage Lens group ARNs to exclude from the Storage Lens group aggregation.
" } }, "documentation": "Indicates which Storage Lens group ARNs to include or exclude in the Storage Lens group aggregation. You can only attach Storage Lens groups to your Storage Lens dashboard if they're included in your Storage Lens group aggregation. If this value is left null, then all Storage Lens groups are selected.
" }, "StorageLensGroupList": { "type": "list", "member": { "shape": "ListStorageLensGroupEntry", "locationName": "StorageLensGroup" }, "flattened": true }, "StorageLensGroupName": { "type": "string", "max": 64, "min": 1, "pattern": "[a-zA-Z0-9\\-\\_]+" }, "StorageLensGroupOrOperator": { "type": "structure", "members": { "MatchAnyPrefix": { "shape": "MatchAnyPrefix", "documentation": "Filters objects that match any of the specified prefixes.
" }, "MatchAnySuffix": { "shape": "MatchAnySuffix", "documentation": "Filters objects that match any of the specified suffixes.
" }, "MatchAnyTag": { "shape": "MatchAnyTag", "documentation": "Filters objects that match any of the specified S3 object tags.
" }, "MatchObjectAge": { "shape": "MatchObjectAge", "documentation": "Filters objects that match the specified object age range.
" }, "MatchObjectSize": { "shape": "MatchObjectSize", "documentation": "Filters objects that match the specified object size range.
" } }, "documentation": "A container element for specifying Or rule conditions. The rule conditions determine the subset of objects to which the Or rule applies. Objects can match any of the listed filter conditions, which are joined by the Or logical operator. Only one of each filter condition is allowed.
The Amazon Web Services account ID for the owner of the Multi-Region Access Point.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" }, "Mrap": { "shape": "MultiRegionAccessPointId", "documentation": "The Multi-Region Access Point ARN.
", "location": "uri", "locationName": "mrap" }, "RouteUpdates": { "shape": "RouteList", "documentation": "The different routes that make up the new route configuration. Active routes return a value of 100, and passive routes return a value of 0.
The key of the key-value pair of a tag added to your Amazon Web Services resource. A tag key can be up to 128 Unicode characters in length and is case-sensitive. System created tags that begin with aws: aren’t supported.
The value of the key-value pair of a tag added to your Amazon Web Services resource. A tag value can be up to 256 Unicode characters in length and is case-sensitive.
" } }, "documentation": "An Amazon Web Services resource tag that's associated with your S3 resource. You can add tags to new objects when you upload them, or you can add object tags to existing objects.
This operation is only supported for S3 Storage Lens groups and for S3 Access Grants. The tagged resource can be an S3 Storage Lens group or S3 Access Grants instance, registered location, or grant.
The Amazon Web Services account ID that created the S3 resource that you're trying to add tags to or the requester's account ID.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" }, "ResourceArn": { "shape": "S3ResourceArn", "documentation": "The Amazon Resource Name (ARN) of the S3 resource that you're trying to add tags to. The tagged resource can be an S3 Storage Lens group or S3 Access Grants instance, registered location, or grant.
", "location": "uri", "locationName": "resourceArn" }, "Tags": { "shape": "TagList", "documentation": "The Amazon Web Services resource tags that you want to add to the specified S3 resource.
" } } }, "TagResourceResult": { "type": "structure", "members": {} }, "TagValueString": { "type": "string", "max": 256, "min": 0, "pattern": "^([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)$" }, "Tagging": { "type": "structure", "required": [ "TagSet" ], "members": { "TagSet": { "shape": "S3TagSet", "documentation": "A collection for a set of tags.
" } }, "documentation": "" }, "TimeStamp": { "type": "timestamp" }, "TrafficDialPercentage": { "type": "integer", "max": 100, "min": 0 }, "Transition": { "type": "structure", "members": { "Date": { "shape": "Date", "documentation": "Indicates when objects are transitioned to the specified storage class. The date value must be in ISO 8601 format. The time is always midnight UTC.
" }, "Days": { "shape": "Days", "documentation": "Indicates the number of days after creation when objects are transitioned to the specified storage class. The value must be a positive integer.
" }, "StorageClass": { "shape": "TransitionStorageClass", "documentation": "The storage class to which you want the object to transition.
" } }, "documentation": "Specifies when an object transitions to a specified storage class. For more information about Amazon S3 Lifecycle configuration rules, see Transitioning objects using Amazon S3 Lifecycle in the Amazon S3 User Guide.
" }, "TransitionList": { "type": "list", "member": { "shape": "Transition", "locationName": "Transition" } }, "TransitionStorageClass": { "type": "string", "enum": [ "GLACIER", "STANDARD_IA", "ONEZONE_IA", "INTELLIGENT_TIERING", "DEEP_ARCHIVE" ] }, "UntagResourceRequest": { "type": "structure", "required": [ "AccountId", "ResourceArn", "TagKeys" ], "members": { "AccountId": { "shape": "AccountId", "documentation": "The Amazon Web Services account ID that owns the resource that you're trying to remove the tags from.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" }, "ResourceArn": { "shape": "S3ResourceArn", "documentation": "The Amazon Resource Name (ARN) of the S3 resource that you're trying to remove the tags from.
", "location": "uri", "locationName": "resourceArn" }, "TagKeys": { "shape": "TagKeyList", "documentation": "The array of tag key-value pairs that you're trying to remove from of the S3 resource.
", "location": "querystring", "locationName": "tagKeys" } } }, "UntagResourceResult": { "type": "structure", "members": {} }, "UpdateAccessGrantsLocationRequest": { "type": "structure", "required": [ "AccountId", "AccessGrantsLocationId", "IAMRoleArn" ], "members": { "AccountId": { "shape": "AccountId", "documentation": "The Amazon Web Services account ID of the S3 Access Grants instance.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" }, "AccessGrantsLocationId": { "shape": "AccessGrantsLocationId", "documentation": "The ID of the registered location that you are updating. S3 Access Grants assigns this ID when you register the location. S3 Access Grants assigns the ID default to the default location s3:// and assigns an auto-generated ID to other locations that you register.
The ID of the registered location to which you are granting access. S3 Access Grants assigned this ID when you registered the location. S3 Access Grants assigns the ID default to the default location s3:// and assigns an auto-generated ID to other locations that you register.
If you are passing the default location, you cannot create an access grant for the entire default location. You must also specify a bucket or a bucket and prefix in the Subprefix field.
The Amazon Resource Name (ARN) of the IAM role for the registered location. S3 Access Grants assumes this role to manage access to the registered location.
" } } }, "UpdateAccessGrantsLocationResult": { "type": "structure", "members": { "CreatedAt": { "shape": "CreationTimestamp", "documentation": "The date and time when you registered the location.
" }, "AccessGrantsLocationId": { "shape": "AccessGrantsLocationId", "documentation": "The ID of the registered location to which you are granting access. S3 Access Grants assigned this ID when you registered the location. S3 Access Grants assigns the ID default to the default location s3:// and assigns an auto-generated ID to other locations that you register.
The Amazon Resource Name (ARN) of the registered location that you are updating.
" }, "LocationScope": { "shape": "S3Prefix", "documentation": "The S3 URI path of the location that you are updating. You cannot update the scope of the registered location. The location scope can be the default S3 location s3://, the S3 path to a bucket s3://<bucket>, or the S3 path to a bucket and prefix s3://<bucket>/<prefix>.
The Amazon Resource Name (ARN) of the IAM role of the registered location. S3 Access Grants assumes this role to manage access to the registered location.
" } } }, "UpdateJobPriorityRequest": { "type": "structure", "required": [ "AccountId", "JobId", "Priority" ], "members": { "AccountId": { "shape": "AccountId", "documentation": "The Amazon Web Services account ID associated with the S3 Batch Operations job.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" }, "JobId": { "shape": "JobId", "documentation": "The ID for the job whose priority you want to update.
", "location": "uri", "locationName": "id" }, "Priority": { "shape": "JobPriority", "documentation": "The priority you want to assign to this job.
", "location": "querystring", "locationName": "priority" } } }, "UpdateJobPriorityResult": { "type": "structure", "required": [ "JobId", "Priority" ], "members": { "JobId": { "shape": "JobId", "documentation": "The ID for the job whose priority Amazon S3 updated.
" }, "Priority": { "shape": "JobPriority", "documentation": "The new priority assigned to the specified job.
" } } }, "UpdateJobStatusRequest": { "type": "structure", "required": [ "AccountId", "JobId", "RequestedJobStatus" ], "members": { "AccountId": { "shape": "AccountId", "documentation": "The Amazon Web Services account ID associated with the S3 Batch Operations job.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" }, "JobId": { "shape": "JobId", "documentation": "The ID of the job whose status you want to update.
", "location": "uri", "locationName": "id" }, "RequestedJobStatus": { "shape": "RequestedJobStatus", "documentation": "The status that you want to move the specified job to.
", "location": "querystring", "locationName": "requestedJobStatus" }, "StatusUpdateReason": { "shape": "JobStatusUpdateReason", "documentation": "A description of the reason why you want to change the specified job's status. This field can be any string up to the maximum length.
", "location": "querystring", "locationName": "statusUpdateReason" } } }, "UpdateJobStatusResult": { "type": "structure", "members": { "JobId": { "shape": "JobId", "documentation": "The ID for the job whose status was updated.
" }, "Status": { "shape": "JobStatus", "documentation": "The current status for the specified job.
" }, "StatusUpdateReason": { "shape": "JobStatusUpdateReason", "documentation": "The reason that the specified job's status was updated.
" } } }, "UpdateStorageLensGroupRequest": { "type": "structure", "required": [ "Name", "AccountId", "StorageLensGroup" ], "members": { "Name": { "shape": "StorageLensGroupName", "documentation": "The name of the Storage Lens group that you want to update.
", "location": "uri", "locationName": "name" }, "AccountId": { "shape": "AccountId", "documentation": "The Amazon Web Services account ID of the Storage Lens group owner.
", "contextParam": { "name": "AccountId" }, "hostLabel": true, "location": "header", "locationName": "x-amz-account-id" }, "StorageLensGroup": { "shape": "StorageLensGroup", "documentation": "The JSON file that contains the Storage Lens group configuration.
" } } }, "UserArguments": { "type": "map", "key": { "shape": "NonEmptyMaxLength64String" }, "value": { "shape": "MaxLength1024String" }, "max": 10, "min": 1 }, "VersioningConfiguration": { "type": "structure", "members": { "MFADelete": { "shape": "MFADelete", "documentation": "Specifies whether MFA delete is enabled or disabled in the bucket versioning configuration for the S3 on Outposts bucket.
", "locationName": "MfaDelete" }, "Status": { "shape": "BucketVersioningStatus", "documentation": "Sets the versioning state of the S3 on Outposts bucket.
" } }, "documentation": "Describes the versioning state of an Amazon S3 on Outposts bucket. For more information, see PutBucketVersioning.
" }, "VpcConfiguration": { "type": "structure", "required": [ "VpcId" ], "members": { "VpcId": { "shape": "VpcId", "documentation": "If this field is specified, this access point will only allow connections from the specified VPC ID.
" } }, "documentation": "The virtual private cloud (VPC) configuration for an access point.
" }, "VpcId": { "type": "string", "max": 1024, "min": 1 } }, "documentation": "Amazon Web Services S3 Control provides access to Amazon S3 control plane actions.
", "clientContextParams": { "UseArnRegion": { "documentation": "Enables this client to use an ARN's region when constructing an endpoint instead of the client's configured region.", "type": "boolean" } } }