Table of Contents
A low-level client representing AWS S3 Control
AWS S3 Control provides access to Amazon S3 control plane actions.
import boto3
client = boto3.client('s3control')
These are the available methods:
Check if an operation can be paginated.
Creates an access point and associates it with the specified bucket. For more information, see Managing Data Access with Amazon S3 Access Points in the Amazon Simple Storage Service User Guide .
Note
S3 on Outposts only supports VPC-style Access Points.
For more information, see Accessing Amazon S3 on Outposts using virtual private cloud (VPC) only Access Points in the Amazon Simple Storage Service User Guide .
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request and an S3 on Outposts endpoint hostname prefix instead of s3-control . For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived using the access point ARN, see the Examples section.
The following actions are related to CreateAccessPoint :
See also: AWS API Documentation
Request Syntax
response = client.create_access_point(
AccountId='string',
Name='string',
Bucket='string',
VpcConfiguration={
'VpcId': 'string'
},
PublicAccessBlockConfiguration={
'BlockPublicAcls': True|False,
'IgnorePublicAcls': True|False,
'BlockPublicPolicy': True|False,
'RestrictPublicBuckets': True|False
}
)
[REQUIRED]
The AWS account ID for the owner of the bucket for which you want to create an access point.
[REQUIRED]
The name you want to assign to this access point.
[REQUIRED]
The name of the bucket that you want to associate this access point with.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the AWS SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name> . For example, to access the bucket reports through outpost my-outpost owned by account 123456789012 in Region us-west-2 , use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports . The value must be URL encoded.
If you include this field, Amazon S3 restricts access to this access point to requests from the specified virtual private cloud (VPC).
Note
This is required for creating an access point for Amazon S3 on Outposts buckets.
If this field is specified, this access point will only allow connections from the specified VPC ID.
The PublicAccessBlock configuration that you want to apply to the access point.
Specifies whether Amazon S3 should block public access control lists (ACLs) for buckets in this account. Setting this element to TRUE causes the following behavior:
Enabling this setting doesn't affect existing policies or ACLs.
This is not supported for Amazon S3 on Outposts.
Specifies whether Amazon S3 should ignore public ACLs for buckets in this account. Setting this element to TRUE causes Amazon S3 to ignore all public ACLs on buckets in this account and any objects that they contain.
Enabling this setting doesn't affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set.
This is not supported for Amazon S3 on Outposts.
Specifies whether Amazon S3 should block public bucket policies for buckets in this account. Setting this element to TRUE causes Amazon S3 to reject calls to PUT Bucket policy if the specified bucket policy allows public access.
Enabling this setting doesn't affect existing bucket policies.
This is not supported for Amazon S3 on Outposts.
Specifies whether Amazon S3 should restrict public bucket policies for buckets in this account. Setting this element to TRUE restricts access to buckets with public policies to only AWS service principals and authorized users within this account.
Enabling this setting doesn't affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked.
This is not supported for Amazon S3 on Outposts.
dict
Response Syntax
{
'AccessPointArn': 'string'
}
Response Structure
(dict) --
AccessPointArn (string) --
The ARN of the access point.
Note
This is only supported by Amazon S3 on Outposts.
Creates an Object Lambda Access Point. For more information, see Transforming objects with Object Lambda Access Points in the Amazon Simple Storage Service User Guide .
The following actions are related to CreateAccessPointForObjectLambda :
See also: AWS API Documentation
Request Syntax
response = client.create_access_point_for_object_lambda(
AccountId='string',
Name='string',
Configuration={
'SupportingAccessPoint': 'string',
'CloudWatchMetricsEnabled': True|False,
'AllowedFeatures': [
'GetObject-Range'|'GetObject-PartNumber',
],
'TransformationConfigurations': [
{
'Actions': [
'GetObject',
],
'ContentTransformation': {
'AwsLambda': {
'FunctionArn': 'string',
'FunctionPayload': 'string'
}
}
},
]
}
)
[REQUIRED]
The AWS account ID for owner of the specified Object Lambda Access Point.
[REQUIRED]
The name you want to assign to this Object Lambda Access Point.
[REQUIRED]
Object Lambda Access Point configuration as a JSON document.
Standard access point associated with the Object Lambda Access Point.
A container for whether the CloudWatch metrics configuration is enabled.
A container for allowed features. Valid inputs are GetObject-Range and GetObject-PartNumber .
A container for transformation configurations for an Object Lambda Access Point.
A configuration used when creating an Object Lambda Access Point transformation.
A container for the action of an Object Lambda Access Point configuration. Valid input is GetObject .
A container for the content transformation of an Object Lambda Access Point configuration.
A container for an AWS Lambda function.
The Amazon Resource Name (ARN) of the AWS Lambda function.
Additional JSON that provides supplemental data to the Lambda function used to transform objects.
dict
Response Syntax
{
'ObjectLambdaAccessPointArn': 'string'
}
Response Structure
(dict) --
ObjectLambdaAccessPointArn (string) --
Specifies the ARN for the Object Lambda Access Point.
Note
This action creates an Amazon S3 on Outposts bucket. To create an S3 bucket, see Create Bucket in the Amazon Simple Storage Service API .
Creates a new Outposts bucket. By creating the bucket, you become the bucket owner. To create an Outposts bucket, you must have S3 on Outposts. For more information, see Using Amazon S3 on Outposts in Amazon Simple Storage Service User Guide .
Not every string is an acceptable bucket name. For information on bucket naming restrictions, see Working with Amazon S3 Buckets .
S3 on Outposts buckets support:
For a complete list of restrictions and Amazon S3 feature limitations on S3 on Outposts, see Amazon S3 on Outposts Restrictions and Limitations .
For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and x-amz-outpost-id in your API request, see the Examples section.
The following actions are related to CreateBucket for Amazon S3 on Outposts:
See also: AWS API Documentation
Request Syntax
response = client.create_bucket(
ACL='private'|'public-read'|'public-read-write'|'authenticated-read',
Bucket='string',
CreateBucketConfiguration={
'LocationConstraint': 'EU'|'eu-west-1'|'us-west-1'|'us-west-2'|'ap-south-1'|'ap-southeast-1'|'ap-southeast-2'|'ap-northeast-1'|'sa-east-1'|'cn-north-1'|'eu-central-1'
},
GrantFullControl='string',
GrantRead='string',
GrantReadACP='string',
GrantWrite='string',
GrantWriteACP='string',
ObjectLockEnabledForBucket=True|False,
OutpostId='string'
)
The canned ACL to apply to the bucket.
Note
This is not supported by Amazon S3 on Outposts buckets.
[REQUIRED]
The name of the bucket.
The configuration information for the bucket.
Note
This is not supported by Amazon S3 on Outposts buckets.
Specifies the Region where the bucket will be created. If you are creating a bucket on the US East (N. Virginia) Region (us-east-1), you do not need to specify the location.
Note
This is not supported by Amazon S3 on Outposts buckets.
Allows grantee the read, write, read ACP, and write ACP permissions on the bucket.
Note
This is not supported by Amazon S3 on Outposts buckets.
Allows grantee to list the objects in the bucket.
Note
This is not supported by Amazon S3 on Outposts buckets.
Allows grantee to read the bucket ACL.
Note
This is not supported by Amazon S3 on Outposts buckets.
Allows grantee to create, overwrite, and delete any object in the bucket.
Note
This is not supported by Amazon S3 on Outposts buckets.
Allows grantee to write the ACL for the applicable bucket.
Note
This is not supported by Amazon S3 on Outposts buckets.
Specifies whether you want S3 Object Lock to be enabled for the new bucket.
Note
This is not supported by Amazon S3 on Outposts buckets.
The ID of the Outposts where the bucket is being created.
Note
This is required by Amazon S3 on Outposts buckets.
dict
Response Syntax
{
'Location': 'string',
'BucketArn': 'string'
}
Response Structure
(dict) --
Location (string) --
The location of the bucket.
BucketArn (string) --
The Amazon Resource Name (ARN) of the bucket.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the AWS SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name> . For example, to access the bucket reports through outpost my-outpost owned by account 123456789012 in Region us-west-2 , use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports . The value must be URL encoded.
Exceptions
You can use S3 Batch Operations to perform large-scale batch actions on Amazon S3 objects. Batch Operations can run a single action on lists of Amazon S3 objects that you specify. For more information, see S3 Batch Operations in the Amazon Simple Storage Service User Guide .
This action creates a S3 Batch Operations job.
Related actions include:
See also: AWS API Documentation
Request Syntax
response = client.create_job(
AccountId='string',
ConfirmationRequired=True|False,
Operation={
'LambdaInvoke': {
'FunctionArn': 'string'
},
'S3PutObjectCopy': {
'TargetResource': 'string',
'CannedAccessControlList': 'private'|'public-read'|'public-read-write'|'aws-exec-read'|'authenticated-read'|'bucket-owner-read'|'bucket-owner-full-control',
'AccessControlGrants': [
{
'Grantee': {
'TypeIdentifier': 'id'|'emailAddress'|'uri',
'Identifier': 'string',
'DisplayName': 'string'
},
'Permission': 'FULL_CONTROL'|'READ'|'WRITE'|'READ_ACP'|'WRITE_ACP'
},
],
'MetadataDirective': 'COPY'|'REPLACE',
'ModifiedSinceConstraint': datetime(2015, 1, 1),
'NewObjectMetadata': {
'CacheControl': 'string',
'ContentDisposition': 'string',
'ContentEncoding': 'string',
'ContentLanguage': 'string',
'UserMetadata': {
'string': 'string'
},
'ContentLength': 123,
'ContentMD5': 'string',
'ContentType': 'string',
'HttpExpiresDate': datetime(2015, 1, 1),
'RequesterCharged': True|False,
'SSEAlgorithm': 'AES256'|'KMS'
},
'NewObjectTagging': [
{
'Key': 'string',
'Value': 'string'
},
],
'RedirectLocation': 'string',
'RequesterPays': True|False,
'StorageClass': 'STANDARD'|'STANDARD_IA'|'ONEZONE_IA'|'GLACIER'|'INTELLIGENT_TIERING'|'DEEP_ARCHIVE',
'UnModifiedSinceConstraint': datetime(2015, 1, 1),
'SSEAwsKmsKeyId': 'string',
'TargetKeyPrefix': 'string',
'ObjectLockLegalHoldStatus': 'OFF'|'ON',
'ObjectLockMode': 'COMPLIANCE'|'GOVERNANCE',
'ObjectLockRetainUntilDate': datetime(2015, 1, 1)
},
'S3PutObjectAcl': {
'AccessControlPolicy': {
'AccessControlList': {
'Owner': {
'ID': 'string',
'DisplayName': 'string'
},
'Grants': [
{
'Grantee': {
'TypeIdentifier': 'id'|'emailAddress'|'uri',
'Identifier': 'string',
'DisplayName': 'string'
},
'Permission': 'FULL_CONTROL'|'READ'|'WRITE'|'READ_ACP'|'WRITE_ACP'
},
]
},
'CannedAccessControlList': 'private'|'public-read'|'public-read-write'|'aws-exec-read'|'authenticated-read'|'bucket-owner-read'|'bucket-owner-full-control'
}
},
'S3PutObjectTagging': {
'TagSet': [
{
'Key': 'string',
'Value': 'string'
},
]
},
'S3DeleteObjectTagging': {}
,
'S3InitiateRestoreObject': {
'ExpirationInDays': 123,
'GlacierJobTier': 'BULK'|'STANDARD'
},
'S3PutObjectLegalHold': {
'LegalHold': {
'Status': 'OFF'|'ON'
}
},
'S3PutObjectRetention': {
'BypassGovernanceRetention': True|False,
'Retention': {
'RetainUntilDate': datetime(2015, 1, 1),
'Mode': 'COMPLIANCE'|'GOVERNANCE'
}
}
},
Report={
'Bucket': 'string',
'Format': 'Report_CSV_20180820',
'Enabled': True|False,
'Prefix': 'string',
'ReportScope': 'AllTasks'|'FailedTasksOnly'
},
ClientRequestToken='string',
Manifest={
'Spec': {
'Format': 'S3BatchOperations_CSV_20180820'|'S3InventoryReport_CSV_20161130',
'Fields': [
'Ignore'|'Bucket'|'Key'|'VersionId',
]
},
'Location': {
'ObjectArn': 'string',
'ObjectVersionId': 'string',
'ETag': 'string'
}
},
Description='string',
Priority=123,
RoleArn='string',
Tags=[
{
'Key': 'string',
'Value': 'string'
},
]
)
[REQUIRED]
The AWS account ID that creates the job.
[REQUIRED]
The action that you want this job to perform on every object listed in the manifest. For more information about the available actions, see Operations in the Amazon Simple Storage Service User Guide .
Directs the specified job to invoke an AWS Lambda function on every object in the manifest.
The Amazon Resource Name (ARN) for the AWS Lambda function that the specified job will invoke on every object in the manifest.
Directs the specified job to run a PUT Copy object call on every object in the manifest.
Specifies the destination bucket ARN for the batch copy operation. For example, to copy objects to a bucket named "destinationBucket", set the TargetResource to "arn:aws:s3:::destinationBucket".
Specifies an optional metadata property for website redirects, x-amz-website-redirect-location . Allows webpage redirects if the object is accessed through a website endpoint.
Specifies the folder prefix into which you would like the objects to be copied. For example, to copy objects into a folder named "Folder1" in the destination bucket, set the TargetKeyPrefix to "Folder1/".
The legal hold status to be applied to all objects in the Batch Operations job.
The retention mode to be applied to all objects in the Batch Operations job.
The date when the applied object retention configuration expires on all objects in the Batch Operations job.
Directs the specified job to run a PUT Object acl call on every object in the manifest.
Directs the specified job to run a PUT Object tagging call on every object in the manifest.
Directs the specified job to execute a DELETE Object tagging call on every object in the manifest.
Directs the specified job to initiate restore requests for every archived object in the manifest.
This argument specifies how long the S3 Glacier or S3 Glacier Deep Archive object remains available in Amazon S3. S3 Initiate Restore Object jobs that target S3 Glacier and S3 Glacier Deep Archive objects require ExpirationInDays set to 1 or greater.
Conversely, do not set ExpirationInDays when creating S3 Initiate Restore Object jobs that target S3 Intelligent-Tiering Archive Access and Deep Archive Access tier objects. Objects in S3 Intelligent-Tiering archive access tiers are not subject to restore expiry, so specifying ExpirationInDays results in restore request failure.
S3 Batch Operations jobs can operate either on S3 Glacier and S3 Glacier Deep Archive storage class objects or on S3 Intelligent-Tiering Archive Access and Deep Archive Access storage tier objects, but not both types in the same job. If you need to restore objects of both types you must create separate Batch Operations jobs.
S3 Batch Operations supports STANDARD and BULK retrieval tiers, but not the EXPEDITED retrieval tier.
Contains the configuration for an S3 Object Lock legal hold operation that an S3 Batch Operations job passes every object to the underlying PutObjectLegalHold API. For more information, see Using S3 Object Lock legal hold with S3 Batch Operations in the Amazon Simple Storage Service User Guide .
Contains the Object Lock legal hold status to be applied to all objects in the Batch Operations job.
The Object Lock legal hold status to be applied to all objects in the Batch Operations job.
Contains the configuration parameters for the Object Lock retention action for an S3 Batch Operations job. Batch Operations passes every object to the underlying PutObjectRetention API. For more information, see Using S3 Object Lock retention with S3 Batch Operations in the Amazon Simple Storage Service User Guide .
Indicates if the action should be applied to objects in the Batch Operations job even if they have Object Lock GOVERNANCE type in place.
Contains the Object Lock retention mode to be applied to all objects in the Batch Operations job. For more information, see Using S3 Object Lock retention with S3 Batch Operations in the Amazon Simple Storage Service User Guide .
The date when the applied Object Lock retention will expire on all objects set by the Batch Operations job.
The Object Lock retention mode to be applied to all objects in the Batch Operations job.
[REQUIRED]
Configuration parameters for the optional job-completion report.
The Amazon Resource Name (ARN) for the bucket where specified job-completion report will be stored.
The format of the specified job-completion report.
Indicates whether the specified job will generate a job-completion report.
An optional prefix to describe where in the specified bucket the job-completion report will be stored. Amazon S3 stores the job-completion report at <prefix>/job-<job-id>/report.json .
Indicates whether the job-completion report will include details of all tasks or only failed tasks.
[REQUIRED]
An idempotency token to ensure that you don't accidentally submit the same request twice. You can use any string up to the maximum length.
This field is autopopulated if not provided.
[REQUIRED]
Configuration parameters for the manifest.
Describes the format of the specified job's manifest. If the manifest is in CSV format, also describes the columns contained within the manifest.
Indicates which of the available formats the specified manifest uses.
If the specified manifest object is in the S3BatchOperations_CSV_20180820 format, this element describes which columns contain the required data.
Contains the information required to locate the specified job's manifest.
The Amazon Resource Name (ARN) for a manifest object.
Warning
Replacement must be made for object keys containing special characters (such as carriage returns) when using XML requests. For more information, see XML related object key constraints .
The optional version ID to identify a specific version of the manifest object.
The ETag for the specified manifest object.
[REQUIRED]
The numerical priority for this job. Higher numbers indicate higher priority.
[REQUIRED]
The Amazon Resource Name (ARN) for the AWS Identity and Access Management (IAM) role that Batch Operations will use to run this job's action on every object in the manifest.
A set of tags to associate with the S3 Batch Operations job. This is an optional parameter.
dict
Response Syntax
{
'JobId': 'string'
}
Response Structure
(dict) --
JobId (string) --
The ID for this job. Amazon S3 generates this ID automatically and returns it after a successful Create Job request.
Exceptions
Deletes the specified access point.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request and an S3 on Outposts endpoint hostname prefix instead of s3-control . For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived using the access point ARN, see the Examples section.
The following actions are related to DeleteAccessPoint :
See also: AWS API Documentation
Request Syntax
response = client.delete_access_point(
AccountId='string',
Name='string'
)
[REQUIRED]
The account ID for the account that owns the specified access point.
[REQUIRED]
The name of the access point you want to delete.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the AWS SDK and CLI, you must specify the ARN of the access point accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/accesspoint/<my-accesspoint-name> . For example, to access the access point reports-ap through outpost my-outpost owned by account 123456789012 in Region us-west-2 , use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/accesspoint/reports-ap . The value must be URL encoded.
None
Deletes the specified Object Lambda Access Point.
The following actions are related to DeleteAccessPointForObjectLambda :
See also: AWS API Documentation
Request Syntax
response = client.delete_access_point_for_object_lambda(
AccountId='string',
Name='string'
)
[REQUIRED]
The account ID for the account that owns the specified Object Lambda Access Point.
[REQUIRED]
The name of the access point you want to delete.
None
Deletes the access point policy for the specified access point.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request and an S3 on Outposts endpoint hostname prefix instead of s3-control . For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived using the access point ARN, see the Examples section.
The following actions are related to DeleteAccessPointPolicy :
See also: AWS API Documentation
Request Syntax
response = client.delete_access_point_policy(
AccountId='string',
Name='string'
)
[REQUIRED]
The account ID for the account that owns the specified access point.
[REQUIRED]
The name of the access point whose policy you want to delete.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the AWS SDK and CLI, you must specify the ARN of the access point accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/accesspoint/<my-accesspoint-name> . For example, to access the access point reports-ap through outpost my-outpost owned by account 123456789012 in Region us-west-2 , use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/accesspoint/reports-ap . The value must be URL encoded.
None
Removes the resource policy for an Object Lambda Access Point.
The following actions are related to DeleteAccessPointPolicyForObjectLambda :
See also: AWS API Documentation
Request Syntax
response = client.delete_access_point_policy_for_object_lambda(
AccountId='string',
Name='string'
)
[REQUIRED]
The account ID for the account that owns the specified Object Lambda Access Point.
[REQUIRED]
The name of the Object Lambda Access Point you want to delete the policy for.
None
Note
This action deletes an Amazon S3 on Outposts bucket. To delete an S3 bucket, see DeleteBucket in the Amazon Simple Storage Service API .
Deletes the Amazon S3 on Outposts bucket. All objects (including all object versions and delete markers) in the bucket must be deleted before the bucket itself can be deleted. For more information, see Using Amazon S3 on Outposts in Amazon Simple Storage Service User Guide .
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request and an S3 on Outposts endpoint hostname prefix instead of s3-control . For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived using the access point ARN, see the Examples section.
Related Resources
See also: AWS API Documentation
Request Syntax
response = client.delete_bucket(
AccountId='string',
Bucket='string'
)
[REQUIRED]
The account ID that owns the Outposts bucket.
[REQUIRED]
Specifies the bucket being deleted.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the AWS SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name> . For example, to access the bucket reports through outpost my-outpost owned by account 123456789012 in Region us-west-2 , use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports . The value must be URL encoded.
None
Note
This action deletes an Amazon S3 on Outposts bucket's lifecycle configuration. To delete an S3 bucket's lifecycle configuration, see DeleteBucketLifecycle in the Amazon Simple Storage Service API .
Deletes the lifecycle configuration from the specified Outposts bucket. Amazon S3 on Outposts removes all the lifecycle configuration rules in the lifecycle subresource associated with the bucket. Your objects never expire, and Amazon S3 on Outposts no longer automatically deletes any objects on the basis of rules contained in the deleted lifecycle configuration. For more information, see Using Amazon S3 on Outposts in Amazon Simple Storage Service User Guide .
To use this action, you must have permission to perform the s3-outposts:DeleteLifecycleConfiguration action. By default, the bucket owner has this permission and the Outposts bucket owner can grant this permission to others.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request and an S3 on Outposts endpoint hostname prefix instead of s3-control . For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived using the access point ARN, see the Examples section.
For more information about object expiration, see Elements to Describe Lifecycle Actions .
Related actions include:
See also: AWS API Documentation
Request Syntax
response = client.delete_bucket_lifecycle_configuration(
AccountId='string',
Bucket='string'
)
[REQUIRED]
The account ID of the lifecycle configuration to delete.
[REQUIRED]
Specifies the bucket.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the AWS SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name> . For example, to access the bucket reports through outpost my-outpost owned by account 123456789012 in Region us-west-2 , use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports . The value must be URL encoded.
None
Note
This action deletes an Amazon S3 on Outposts bucket policy. To delete an S3 bucket policy, see DeleteBucketPolicy in the Amazon Simple Storage Service API .
This implementation of the DELETE action uses the policy subresource to delete the policy of a specified Amazon S3 on Outposts bucket. If you are using an identity other than the root user of the AWS account that owns the bucket, the calling identity must have the s3-outposts:DeleteBucketPolicy permissions on the specified Outposts bucket and belong to the bucket owner's account to use this action. For more information, see Using Amazon S3 on Outposts in Amazon Simple Storage Service User Guide .
If you don't have DeleteBucketPolicy permissions, Amazon S3 returns a 403 Access Denied error. If you have the correct permissions, but you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 405 Method Not Allowed error.
Warning
As a security precaution, the root user of the AWS account that owns a bucket can always use this action, even if the policy explicitly denies the root user the ability to perform this action.
For more information about bucket policies, see Using Bucket Policies and User Policies .
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request and an S3 on Outposts endpoint hostname prefix instead of s3-control . For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived using the access point ARN, see the Examples section.
The following actions are related to DeleteBucketPolicy :
See also: AWS API Documentation
Request Syntax
response = client.delete_bucket_policy(
AccountId='string',
Bucket='string'
)
[REQUIRED]
The account ID of the Outposts bucket.
[REQUIRED]
Specifies the bucket.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the AWS SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name> . For example, to access the bucket reports through outpost my-outpost owned by account 123456789012 in Region us-west-2 , use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports . The value must be URL encoded.
None
Note
This action deletes an Amazon S3 on Outposts bucket's tags. To delete an S3 bucket tags, see DeleteBucketTagging in the Amazon Simple Storage Service API .
Deletes the tags from the Outposts bucket. For more information, see Using Amazon S3 on Outposts in Amazon Simple Storage Service User Guide .
To use this action, you must have permission to perform the PutBucketTagging action. By default, the bucket owner has this permission and can grant this permission to others.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request and an S3 on Outposts endpoint hostname prefix instead of s3-control . For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived using the access point ARN, see the Examples section.
The following actions are related to DeleteBucketTagging :
See also: AWS API Documentation
Request Syntax
response = client.delete_bucket_tagging(
AccountId='string',
Bucket='string'
)
[REQUIRED]
The AWS account ID of the Outposts bucket tag set to be removed.
[REQUIRED]
The bucket ARN that has the tag set to be removed.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the AWS SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name> . For example, to access the bucket reports through outpost my-outpost owned by account 123456789012 in Region us-west-2 , use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports . The value must be URL encoded.
None
Removes the entire tag set from the specified S3 Batch Operations job. To use this operation, you must have permission to perform the s3:DeleteJobTagging action. For more information, see Controlling access and labeling jobs using tags in the Amazon Simple Storage Service User Guide .
Related actions include:
See also: AWS API Documentation
Request Syntax
response = client.delete_job_tagging(
AccountId='string',
JobId='string'
)
[REQUIRED]
The AWS account ID associated with the S3 Batch Operations job.
[REQUIRED]
The ID for the S3 Batch Operations job whose tags you want to delete.
dict
Response Syntax
{}
Response Structure
Exceptions
Removes the PublicAccessBlock configuration for an AWS account. For more information, see Using Amazon S3 block public access .
Related actions include:
See also: AWS API Documentation
Request Syntax
response = client.delete_public_access_block(
AccountId='string'
)
[REQUIRED]
The account ID for the AWS account whose PublicAccessBlock configuration you want to remove.
Deletes the Amazon S3 Storage Lens configuration. For more information about S3 Storage Lens, see Assessing your storage activity and usage with Amazon S3 Storage Lens in the Amazon Simple Storage Service User Guide .
Note
To use this action, you must have permission to perform the s3:DeleteStorageLensConfiguration action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon Simple Storage Service User Guide .
See also: AWS API Documentation
Request Syntax
response = client.delete_storage_lens_configuration(
ConfigId='string',
AccountId='string'
)
[REQUIRED]
The ID of the S3 Storage Lens configuration.
[REQUIRED]
The account ID of the requester.
None
Deletes the Amazon S3 Storage Lens configuration tags. For more information about S3 Storage Lens, see Assessing your storage activity and usage with Amazon S3 Storage Lens in the Amazon Simple Storage Service User Guide .
Note
To use this action, you must have permission to perform the s3:DeleteStorageLensConfigurationTagging action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon Simple Storage Service User Guide .
See also: AWS API Documentation
Request Syntax
response = client.delete_storage_lens_configuration_tagging(
ConfigId='string',
AccountId='string'
)
[REQUIRED]
The ID of the S3 Storage Lens configuration.
[REQUIRED]
The account ID of the requester.
dict
Response Syntax
{}
Response Structure
Retrieves the configuration parameters and status for a Batch Operations job. For more information, see S3 Batch Operations in the Amazon Simple Storage Service User Guide .
Related actions include:
See also: AWS API Documentation
Request Syntax
response = client.describe_job(
AccountId='string',
JobId='string'
)
[REQUIRED]
The AWS account ID associated with the S3 Batch Operations job.
[REQUIRED]
The ID for the job whose information you want to retrieve.
dict
Response Syntax
{
'Job': {
'JobId': 'string',
'ConfirmationRequired': True|False,
'Description': 'string',
'JobArn': 'string',
'Status': 'Active'|'Cancelled'|'Cancelling'|'Complete'|'Completing'|'Failed'|'Failing'|'New'|'Paused'|'Pausing'|'Preparing'|'Ready'|'Suspended',
'Manifest': {
'Spec': {
'Format': 'S3BatchOperations_CSV_20180820'|'S3InventoryReport_CSV_20161130',
'Fields': [
'Ignore'|'Bucket'|'Key'|'VersionId',
]
},
'Location': {
'ObjectArn': 'string',
'ObjectVersionId': 'string',
'ETag': 'string'
}
},
'Operation': {
'LambdaInvoke': {
'FunctionArn': 'string'
},
'S3PutObjectCopy': {
'TargetResource': 'string',
'CannedAccessControlList': 'private'|'public-read'|'public-read-write'|'aws-exec-read'|'authenticated-read'|'bucket-owner-read'|'bucket-owner-full-control',
'AccessControlGrants': [
{
'Grantee': {
'TypeIdentifier': 'id'|'emailAddress'|'uri',
'Identifier': 'string',
'DisplayName': 'string'
},
'Permission': 'FULL_CONTROL'|'READ'|'WRITE'|'READ_ACP'|'WRITE_ACP'
},
],
'MetadataDirective': 'COPY'|'REPLACE',
'ModifiedSinceConstraint': datetime(2015, 1, 1),
'NewObjectMetadata': {
'CacheControl': 'string',
'ContentDisposition': 'string',
'ContentEncoding': 'string',
'ContentLanguage': 'string',
'UserMetadata': {
'string': 'string'
},
'ContentLength': 123,
'ContentMD5': 'string',
'ContentType': 'string',
'HttpExpiresDate': datetime(2015, 1, 1),
'RequesterCharged': True|False,
'SSEAlgorithm': 'AES256'|'KMS'
},
'NewObjectTagging': [
{
'Key': 'string',
'Value': 'string'
},
],
'RedirectLocation': 'string',
'RequesterPays': True|False,
'StorageClass': 'STANDARD'|'STANDARD_IA'|'ONEZONE_IA'|'GLACIER'|'INTELLIGENT_TIERING'|'DEEP_ARCHIVE',
'UnModifiedSinceConstraint': datetime(2015, 1, 1),
'SSEAwsKmsKeyId': 'string',
'TargetKeyPrefix': 'string',
'ObjectLockLegalHoldStatus': 'OFF'|'ON',
'ObjectLockMode': 'COMPLIANCE'|'GOVERNANCE',
'ObjectLockRetainUntilDate': datetime(2015, 1, 1)
},
'S3PutObjectAcl': {
'AccessControlPolicy': {
'AccessControlList': {
'Owner': {
'ID': 'string',
'DisplayName': 'string'
},
'Grants': [
{
'Grantee': {
'TypeIdentifier': 'id'|'emailAddress'|'uri',
'Identifier': 'string',
'DisplayName': 'string'
},
'Permission': 'FULL_CONTROL'|'READ'|'WRITE'|'READ_ACP'|'WRITE_ACP'
},
]
},
'CannedAccessControlList': 'private'|'public-read'|'public-read-write'|'aws-exec-read'|'authenticated-read'|'bucket-owner-read'|'bucket-owner-full-control'
}
},
'S3PutObjectTagging': {
'TagSet': [
{
'Key': 'string',
'Value': 'string'
},
]
},
'S3DeleteObjectTagging': {},
'S3InitiateRestoreObject': {
'ExpirationInDays': 123,
'GlacierJobTier': 'BULK'|'STANDARD'
},
'S3PutObjectLegalHold': {
'LegalHold': {
'Status': 'OFF'|'ON'
}
},
'S3PutObjectRetention': {
'BypassGovernanceRetention': True|False,
'Retention': {
'RetainUntilDate': datetime(2015, 1, 1),
'Mode': 'COMPLIANCE'|'GOVERNANCE'
}
}
},
'Priority': 123,
'ProgressSummary': {
'TotalNumberOfTasks': 123,
'NumberOfTasksSucceeded': 123,
'NumberOfTasksFailed': 123
},
'StatusUpdateReason': 'string',
'FailureReasons': [
{
'FailureCode': 'string',
'FailureReason': 'string'
},
],
'Report': {
'Bucket': 'string',
'Format': 'Report_CSV_20180820',
'Enabled': True|False,
'Prefix': 'string',
'ReportScope': 'AllTasks'|'FailedTasksOnly'
},
'CreationTime': datetime(2015, 1, 1),
'TerminationDate': datetime(2015, 1, 1),
'RoleArn': 'string',
'SuspendedDate': datetime(2015, 1, 1),
'SuspendedCause': 'string'
}
}
Response Structure
(dict) --
Job (dict) --
Contains the configuration parameters and status for the job specified in the Describe Job request.
JobId (string) --
The ID for the specified job.
ConfirmationRequired (boolean) --
Indicates whether confirmation is required before Amazon S3 begins running the specified job. Confirmation is required only for jobs created through the Amazon S3 console.
Description (string) --
The description for this job, if one was provided in this job's Create Job request.
JobArn (string) --
The Amazon Resource Name (ARN) for this job.
Status (string) --
The current status of the specified job.
Manifest (dict) --
The configuration information for the specified job's manifest object.
Spec (dict) --
Describes the format of the specified job's manifest. If the manifest is in CSV format, also describes the columns contained within the manifest.
Format (string) --
Indicates which of the available formats the specified manifest uses.
Fields (list) --
If the specified manifest object is in the S3BatchOperations_CSV_20180820 format, this element describes which columns contain the required data.
Location (dict) --
Contains the information required to locate the specified job's manifest.
ObjectArn (string) --
The Amazon Resource Name (ARN) for a manifest object.
Warning
Replacement must be made for object keys containing special characters (such as carriage returns) when using XML requests. For more information, see XML related object key constraints .
ObjectVersionId (string) --
The optional version ID to identify a specific version of the manifest object.
ETag (string) --
The ETag for the specified manifest object.
Operation (dict) --
The operation that the specified job is configured to run on the objects listed in the manifest.
LambdaInvoke (dict) --
Directs the specified job to invoke an AWS Lambda function on every object in the manifest.
FunctionArn (string) --
The Amazon Resource Name (ARN) for the AWS Lambda function that the specified job will invoke on every object in the manifest.
S3PutObjectCopy (dict) --
Directs the specified job to run a PUT Copy object call on every object in the manifest.
TargetResource (string) --
Specifies the destination bucket ARN for the batch copy operation. For example, to copy objects to a bucket named "destinationBucket", set the TargetResource to "arn:aws:s3:::destinationBucket".
CannedAccessControlList (string) --
AccessControlGrants (list) --
MetadataDirective (string) --
ModifiedSinceConstraint (datetime) --
NewObjectMetadata (dict) --
NewObjectTagging (list) --
RedirectLocation (string) --
Specifies an optional metadata property for website redirects, x-amz-website-redirect-location . Allows webpage redirects if the object is accessed through a website endpoint.
RequesterPays (boolean) --
StorageClass (string) --
UnModifiedSinceConstraint (datetime) --
SSEAwsKmsKeyId (string) --
TargetKeyPrefix (string) --
Specifies the folder prefix into which you would like the objects to be copied. For example, to copy objects into a folder named "Folder1" in the destination bucket, set the TargetKeyPrefix to "Folder1/".
ObjectLockLegalHoldStatus (string) --
The legal hold status to be applied to all objects in the Batch Operations job.
ObjectLockMode (string) --
The retention mode to be applied to all objects in the Batch Operations job.
ObjectLockRetainUntilDate (datetime) --
The date when the applied object retention configuration expires on all objects in the Batch Operations job.
S3PutObjectAcl (dict) --
Directs the specified job to run a PUT Object acl call on every object in the manifest.
S3PutObjectTagging (dict) --
Directs the specified job to run a PUT Object tagging call on every object in the manifest.
S3DeleteObjectTagging (dict) --
Directs the specified job to execute a DELETE Object tagging call on every object in the manifest.
S3InitiateRestoreObject (dict) --
Directs the specified job to initiate restore requests for every archived object in the manifest.
ExpirationInDays (integer) --
This argument specifies how long the S3 Glacier or S3 Glacier Deep Archive object remains available in Amazon S3. S3 Initiate Restore Object jobs that target S3 Glacier and S3 Glacier Deep Archive objects require ExpirationInDays set to 1 or greater.
Conversely, do not set ExpirationInDays when creating S3 Initiate Restore Object jobs that target S3 Intelligent-Tiering Archive Access and Deep Archive Access tier objects. Objects in S3 Intelligent-Tiering archive access tiers are not subject to restore expiry, so specifying ExpirationInDays results in restore request failure.
S3 Batch Operations jobs can operate either on S3 Glacier and S3 Glacier Deep Archive storage class objects or on S3 Intelligent-Tiering Archive Access and Deep Archive Access storage tier objects, but not both types in the same job. If you need to restore objects of both types you must create separate Batch Operations jobs.
GlacierJobTier (string) --
S3 Batch Operations supports STANDARD and BULK retrieval tiers, but not the EXPEDITED retrieval tier.
S3PutObjectLegalHold (dict) --
Contains the configuration for an S3 Object Lock legal hold operation that an S3 Batch Operations job passes every object to the underlying PutObjectLegalHold API. For more information, see Using S3 Object Lock legal hold with S3 Batch Operations in the Amazon Simple Storage Service User Guide .
LegalHold (dict) --
Contains the Object Lock legal hold status to be applied to all objects in the Batch Operations job.
Status (string) --
The Object Lock legal hold status to be applied to all objects in the Batch Operations job.
S3PutObjectRetention (dict) --
Contains the configuration parameters for the Object Lock retention action for an S3 Batch Operations job. Batch Operations passes every object to the underlying PutObjectRetention API. For more information, see Using S3 Object Lock retention with S3 Batch Operations in the Amazon Simple Storage Service User Guide .
BypassGovernanceRetention (boolean) --
Indicates if the action should be applied to objects in the Batch Operations job even if they have Object Lock GOVERNANCE type in place.
Retention (dict) --
Contains the Object Lock retention mode to be applied to all objects in the Batch Operations job. For more information, see Using S3 Object Lock retention with S3 Batch Operations in the Amazon Simple Storage Service User Guide .
RetainUntilDate (datetime) --
The date when the applied Object Lock retention will expire on all objects set by the Batch Operations job.
Mode (string) --
The Object Lock retention mode to be applied to all objects in the Batch Operations job.
Priority (integer) --
The priority of the specified job.
ProgressSummary (dict) --
Describes the total number of tasks that the specified job has run, the number of tasks that succeeded, and the number of tasks that failed.
StatusUpdateReason (string) --
The reason for updating the job.
FailureReasons (list) --
If the specified job failed, this field contains information describing the failure.
(dict) --
If this job failed, this element indicates why the job failed.
FailureCode (string) --
The failure code, if any, for the specified job.
FailureReason (string) --
The failure reason, if any, for the specified job.
Report (dict) --
Contains the configuration information for the job-completion report if you requested one in the Create Job request.
Bucket (string) --
The Amazon Resource Name (ARN) for the bucket where specified job-completion report will be stored.
Format (string) --
The format of the specified job-completion report.
Enabled (boolean) --
Indicates whether the specified job will generate a job-completion report.
Prefix (string) --
An optional prefix to describe where in the specified bucket the job-completion report will be stored. Amazon S3 stores the job-completion report at <prefix>/job-<job-id>/report.json .
ReportScope (string) --
Indicates whether the job-completion report will include details of all tasks or only failed tasks.
CreationTime (datetime) --
A timestamp indicating when this job was created.
TerminationDate (datetime) --
A timestamp indicating when this job terminated. A job's termination date is the date and time when it succeeded, failed, or was canceled.
RoleArn (string) --
The Amazon Resource Name (ARN) for the AWS Identity and Access Management (IAM) role assigned to run the tasks for this job.
SuspendedDate (datetime) --
The timestamp when this job was suspended, if it has been suspended.
SuspendedCause (string) --
The reason why the specified job was suspended. A job is only suspended if you create it through the Amazon S3 console. When you create the job, it enters the Suspended state to await confirmation before running. After you confirm the job, it automatically exits the Suspended state.
Exceptions
Generate a presigned url given a client, its method, and arguments
The presigned url
Returns configuration information about the specified access point.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request and an S3 on Outposts endpoint hostname prefix instead of s3-control . For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived using the access point ARN, see the Examples section.
The following actions are related to GetAccessPoint :
See also: AWS API Documentation
Request Syntax
response = client.get_access_point(
AccountId='string',
Name='string'
)
[REQUIRED]
The account ID for the account that owns the specified access point.
[REQUIRED]
The name of the access point whose configuration information you want to retrieve.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the AWS SDK and CLI, you must specify the ARN of the access point accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/accesspoint/<my-accesspoint-name> . For example, to access the access point reports-ap through outpost my-outpost owned by account 123456789012 in Region us-west-2 , use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/accesspoint/reports-ap . The value must be URL encoded.
dict
Response Syntax
{
'Name': 'string',
'Bucket': 'string',
'NetworkOrigin': 'Internet'|'VPC',
'VpcConfiguration': {
'VpcId': 'string'
},
'PublicAccessBlockConfiguration': {
'BlockPublicAcls': True|False,
'IgnorePublicAcls': True|False,
'BlockPublicPolicy': True|False,
'RestrictPublicBuckets': True|False
},
'CreationDate': datetime(2015, 1, 1)
}
Response Structure
(dict) --
Name (string) --
The name of the specified access point.
Bucket (string) --
The name of the bucket associated with the specified access point.
NetworkOrigin (string) --
Indicates whether this access point allows access from the public internet. If VpcConfiguration is specified for this access point, then NetworkOrigin is VPC , and the access point doesn't allow access from the public internet. Otherwise, NetworkOrigin is Internet , and the access point allows access from the public internet, subject to the access point and bucket access policies.
This will always be true for an Amazon S3 on Outposts access point
VpcConfiguration (dict) --
Contains the virtual private cloud (VPC) configuration for the specified access point.
VpcId (string) --
If this field is specified, this access point will only allow connections from the specified VPC ID.
PublicAccessBlockConfiguration (dict) --
The PublicAccessBlock configuration that you want to apply to this Amazon S3 account. You can enable the configuration options in any combination. For more information about when Amazon S3 considers a bucket or object public, see The Meaning of "Public" in the Amazon Simple Storage Service Developer Guide .
This is not supported for Amazon S3 on Outposts.
BlockPublicAcls (boolean) --
Specifies whether Amazon S3 should block public access control lists (ACLs) for buckets in this account. Setting this element to TRUE causes the following behavior:
Enabling this setting doesn't affect existing policies or ACLs.
This is not supported for Amazon S3 on Outposts.
IgnorePublicAcls (boolean) --
Specifies whether Amazon S3 should ignore public ACLs for buckets in this account. Setting this element to TRUE causes Amazon S3 to ignore all public ACLs on buckets in this account and any objects that they contain.
Enabling this setting doesn't affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set.
This is not supported for Amazon S3 on Outposts.
BlockPublicPolicy (boolean) --
Specifies whether Amazon S3 should block public bucket policies for buckets in this account. Setting this element to TRUE causes Amazon S3 to reject calls to PUT Bucket policy if the specified bucket policy allows public access.
Enabling this setting doesn't affect existing bucket policies.
This is not supported for Amazon S3 on Outposts.
RestrictPublicBuckets (boolean) --
Specifies whether Amazon S3 should restrict public bucket policies for buckets in this account. Setting this element to TRUE restricts access to buckets with public policies to only AWS service principals and authorized users within this account.
Enabling this setting doesn't affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked.
This is not supported for Amazon S3 on Outposts.
CreationDate (datetime) --
The date and time when the specified access point was created.
Returns configuration for an Object Lambda Access Point.
The following actions are related to GetAccessPointConfigurationForObjectLambda :
See also: AWS API Documentation
Request Syntax
response = client.get_access_point_configuration_for_object_lambda(
AccountId='string',
Name='string'
)
[REQUIRED]
The account ID for the account that owns the specified Object Lambda Access Point.
[REQUIRED]
The name of the Object Lambda Access Point you want to return the configuration for.
dict
Response Syntax
{
'Configuration': {
'SupportingAccessPoint': 'string',
'CloudWatchMetricsEnabled': True|False,
'AllowedFeatures': [
'GetObject-Range'|'GetObject-PartNumber',
],
'TransformationConfigurations': [
{
'Actions': [
'GetObject',
],
'ContentTransformation': {
'AwsLambda': {
'FunctionArn': 'string',
'FunctionPayload': 'string'
}
}
},
]
}
}
Response Structure
(dict) --
Configuration (dict) --
Object Lambda Access Point configuration document.
SupportingAccessPoint (string) --
Standard access point associated with the Object Lambda Access Point.
CloudWatchMetricsEnabled (boolean) --
A container for whether the CloudWatch metrics configuration is enabled.
AllowedFeatures (list) --
A container for allowed features. Valid inputs are GetObject-Range and GetObject-PartNumber .
TransformationConfigurations (list) --
A container for transformation configurations for an Object Lambda Access Point.
(dict) --
A configuration used when creating an Object Lambda Access Point transformation.
Actions (list) --
A container for the action of an Object Lambda Access Point configuration. Valid input is GetObject .
ContentTransformation (dict) --
A container for the content transformation of an Object Lambda Access Point configuration.
AwsLambda (dict) --
A container for an AWS Lambda function.
FunctionArn (string) --
The Amazon Resource Name (ARN) of the AWS Lambda function.
FunctionPayload (string) --
Additional JSON that provides supplemental data to the Lambda function used to transform objects.
Returns configuration information about the specified Object Lambda Access Point
The following actions are related to GetAccessPointForObjectLambda :
See also: AWS API Documentation
Request Syntax
response = client.get_access_point_for_object_lambda(
AccountId='string',
Name='string'
)
[REQUIRED]
The account ID for the account that owns the specified Object Lambda Access Point.
[REQUIRED]
The name of the Object Lambda Access Point.
dict
Response Syntax
{
'Name': 'string',
'PublicAccessBlockConfiguration': {
'BlockPublicAcls': True|False,
'IgnorePublicAcls': True|False,
'BlockPublicPolicy': True|False,
'RestrictPublicBuckets': True|False
},
'CreationDate': datetime(2015, 1, 1)
}
Response Structure
(dict) --
Name (string) --
The name of the Object Lambda Access Point.
PublicAccessBlockConfiguration (dict) --
Configuration to block all public access. This setting is turned on and can not be edited.
BlockPublicAcls (boolean) --
Specifies whether Amazon S3 should block public access control lists (ACLs) for buckets in this account. Setting this element to TRUE causes the following behavior:
Enabling this setting doesn't affect existing policies or ACLs.
This is not supported for Amazon S3 on Outposts.
IgnorePublicAcls (boolean) --
Specifies whether Amazon S3 should ignore public ACLs for buckets in this account. Setting this element to TRUE causes Amazon S3 to ignore all public ACLs on buckets in this account and any objects that they contain.
Enabling this setting doesn't affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set.
This is not supported for Amazon S3 on Outposts.
BlockPublicPolicy (boolean) --
Specifies whether Amazon S3 should block public bucket policies for buckets in this account. Setting this element to TRUE causes Amazon S3 to reject calls to PUT Bucket policy if the specified bucket policy allows public access.
Enabling this setting doesn't affect existing bucket policies.
This is not supported for Amazon S3 on Outposts.
RestrictPublicBuckets (boolean) --
Specifies whether Amazon S3 should restrict public bucket policies for buckets in this account. Setting this element to TRUE restricts access to buckets with public policies to only AWS service principals and authorized users within this account.
Enabling this setting doesn't affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked.
This is not supported for Amazon S3 on Outposts.
CreationDate (datetime) --
The date and time when the specified Object Lambda Access Point was created.
Returns the access point policy associated with the specified access point.
The following actions are related to GetAccessPointPolicy :
See also: AWS API Documentation
Request Syntax
response = client.get_access_point_policy(
AccountId='string',
Name='string'
)
[REQUIRED]
The account ID for the account that owns the specified access point.
[REQUIRED]
The name of the access point whose policy you want to retrieve.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the AWS SDK and CLI, you must specify the ARN of the access point accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/accesspoint/<my-accesspoint-name> . For example, to access the access point reports-ap through outpost my-outpost owned by account 123456789012 in Region us-west-2 , use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/accesspoint/reports-ap . The value must be URL encoded.
dict
Response Syntax
{
'Policy': 'string'
}
Response Structure
(dict) --
Policy (string) --
The access point policy associated with the specified access point.
Returns the resource policy for an Object Lambda Access Point.
The following actions are related to GetAccessPointPolicyForObjectLambda :
See also: AWS API Documentation
Request Syntax
response = client.get_access_point_policy_for_object_lambda(
AccountId='string',
Name='string'
)
[REQUIRED]
The account ID for the account that owns the specified Object Lambda Access Point.
[REQUIRED]
The name of the Object Lambda Access Point.
dict
Response Syntax
{
'Policy': 'string'
}
Response Structure
(dict) --
Policy (string) --
Object Lambda Access Point resource policy document.
Indicates whether the specified access point currently has a policy that allows public access. For more information about public access through access points, see Managing Data Access with Amazon S3 Access Points in the Amazon Simple Storage Service Developer Guide .
See also: AWS API Documentation
Request Syntax
response = client.get_access_point_policy_status(
AccountId='string',
Name='string'
)
[REQUIRED]
The account ID for the account that owns the specified access point.
[REQUIRED]
The name of the access point whose policy status you want to retrieve.
dict
Response Syntax
{
'PolicyStatus': {
'IsPublic': True|False
}
}
Response Structure
(dict) --
PolicyStatus (dict) --
Indicates the current policy status of the specified access point.
Returns the status of the resource policy associated with an Object Lambda Access Point.
See also: AWS API Documentation
Request Syntax
response = client.get_access_point_policy_status_for_object_lambda(
AccountId='string',
Name='string'
)
[REQUIRED]
The account ID for the account that owns the specified Object Lambda Access Point.
[REQUIRED]
The name of the Object Lambda Access Point.
dict
Response Syntax
{
'PolicyStatus': {
'IsPublic': True|False
}
}
Response Structure
(dict) --
PolicyStatus (dict) --
Indicates whether this access point policy is public. For more information about how Amazon S3 evaluates policies to determine whether they are public, see The Meaning of "Public" in the Amazon Simple Storage Service User Guide .
Gets an Amazon S3 on Outposts bucket. For more information, see Using Amazon S3 on Outposts in the Amazon Simple Storage Service User Guide .
If you are using an identity other than the root user of the AWS account that owns the Outposts bucket, the calling identity must have the s3-outposts:GetBucket permissions on the specified Outposts bucket and belong to the Outposts bucket owner's account in order to use this action. Only users from Outposts bucket owner account with the right permissions can perform actions on an Outposts bucket.
If you don't have s3-outposts:GetBucket permissions or you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 403 Access Denied error.
The following actions are related to GetBucket for Amazon S3 on Outposts:
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request and an S3 on Outposts endpoint hostname prefix instead of s3-control . For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived using the access point ARN, see the Examples section.
See also: AWS API Documentation
Request Syntax
response = client.get_bucket(
AccountId='string',
Bucket='string'
)
[REQUIRED]
The AWS account ID of the Outposts bucket.
[REQUIRED]
Specifies the bucket.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the AWS SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name> . For example, to access the bucket reports through outpost my-outpost owned by account 123456789012 in Region us-west-2 , use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports . The value must be URL encoded.
dict
Response Syntax
{
'Bucket': 'string',
'PublicAccessBlockEnabled': True|False,
'CreationDate': datetime(2015, 1, 1)
}
Response Structure
(dict) --
Bucket (string) --
The Outposts bucket requested.
PublicAccessBlockEnabled (boolean) --
CreationDate (datetime) --
The creation date of the Outposts bucket.
Note
This action gets an Amazon S3 on Outposts bucket's lifecycle configuration. To get an S3 bucket's lifecycle configuration, see GetBucketLifecycleConfiguration in the Amazon Simple Storage Service API .
Returns the lifecycle configuration information set on the Outposts bucket. For more information, see Using Amazon S3 on Outposts and for information about lifecycle configuration, see Object Lifecycle Management in Amazon Simple Storage Service User Guide .
To use this action, you must have permission to perform the s3-outposts:GetLifecycleConfiguration action. The Outposts bucket owner has this permission, by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources .
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request and an S3 on Outposts endpoint hostname prefix instead of s3-control . For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived using the access point ARN, see the Examples section.
GetBucketLifecycleConfiguration has the following special error:
The following actions are related to GetBucketLifecycleConfiguration :
See also: AWS API Documentation
Request Syntax
response = client.get_bucket_lifecycle_configuration(
AccountId='string',
Bucket='string'
)
[REQUIRED]
The AWS account ID of the Outposts bucket.
[REQUIRED]
The Amazon Resource Name (ARN) of the bucket.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the AWS SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name> . For example, to access the bucket reports through outpost my-outpost owned by account 123456789012 in Region us-west-2 , use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports . The value must be URL encoded.
dict
Response Syntax
{
'Rules': [
{
'Expiration': {
'Date': datetime(2015, 1, 1),
'Days': 123,
'ExpiredObjectDeleteMarker': True|False
},
'ID': 'string',
'Filter': {
'Prefix': 'string',
'Tag': {
'Key': 'string',
'Value': 'string'
},
'And': {
'Prefix': 'string',
'Tags': [
{
'Key': 'string',
'Value': 'string'
},
]
}
},
'Status': 'Enabled'|'Disabled',
'Transitions': [
{
'Date': datetime(2015, 1, 1),
'Days': 123,
'StorageClass': 'GLACIER'|'STANDARD_IA'|'ONEZONE_IA'|'INTELLIGENT_TIERING'|'DEEP_ARCHIVE'
},
],
'NoncurrentVersionTransitions': [
{
'NoncurrentDays': 123,
'StorageClass': 'GLACIER'|'STANDARD_IA'|'ONEZONE_IA'|'INTELLIGENT_TIERING'|'DEEP_ARCHIVE'
},
],
'NoncurrentVersionExpiration': {
'NoncurrentDays': 123
},
'AbortIncompleteMultipartUpload': {
'DaysAfterInitiation': 123
}
},
]
}
Response Structure
(dict) --
Rules (list) --
Container for the lifecycle rule of the Outposts bucket.
(dict) --
The container for the Outposts bucket lifecycle rule.
Expiration (dict) --
Specifies the expiration for the lifecycle of the object in the form of date, days and, whether the object has a delete marker.
Date (datetime) --
Indicates at what date the object is to be deleted. Should be in GMT ISO 8601 format.
Days (integer) --
Indicates the lifetime, in days, of the objects that are subject to the rule. The value must be a non-zero positive integer.
ExpiredObjectDeleteMarker (boolean) --
Indicates whether Amazon S3 will remove a delete marker with no noncurrent versions. If set to true, the delete marker will be expired. If set to false, the policy takes no action. This cannot be specified with Days or Date in a Lifecycle Expiration Policy.
ID (string) --
Unique identifier for the rule. The value cannot be longer than 255 characters.
Filter (dict) --
The container for the filter of lifecycle rule.
Prefix (string) --
Prefix identifying one or more objects to which the rule applies.
Warning
Replacement must be made for object keys containing special characters (such as carriage returns) when using XML requests. For more information, see XML related object key constraints .
Tag (dict) --
And (dict) --
The container for the AND condition for the lifecycle rule.
Prefix (string) --
Prefix identifying one or more objects to which the rule applies.
Tags (list) --
All of these tags must exist in the object's tag set in order for the rule to apply.
Status (string) --
If 'Enabled', the rule is currently being applied. If 'Disabled', the rule is not currently being applied.
Transitions (list) --
Specifies when an Amazon S3 object transitions to a specified storage class.
Note
This is not supported by Amazon S3 on Outposts buckets.
(dict) --
Specifies when an object transitions to a specified storage class. For more information about Amazon S3 Lifecycle configuration rules, see Transitioning objects using Amazon S3 Lifecycle in the Amazon Simple Storage Service User Guide .
Date (datetime) --
Indicates when objects are transitioned to the specified storage class. The date value must be in ISO 8601 format. The time is always midnight UTC.
Days (integer) --
Indicates the number of days after creation when objects are transitioned to the specified storage class. The value must be a positive integer.
StorageClass (string) --
The storage class to which you want the object to transition.
NoncurrentVersionTransitions (list) --
Specifies the transition rule for the lifecycle rule that describes when noncurrent objects transition to a specific storage class. If your bucket is versioning-enabled (or versioning is suspended), you can set this action to request that Amazon S3 transition noncurrent object versions to a specific storage class at a set period in the object's lifetime.
Note
This is not supported by Amazon S3 on Outposts buckets.
(dict) --
The container for the noncurrent version transition.
NoncurrentDays (integer) --
Specifies the number of days an object is noncurrent before Amazon S3 can perform the associated action. For information about the noncurrent days calculations, see How Amazon S3 Calculates How Long an Object Has Been Noncurrent in the Amazon Simple Storage Service Developer Guide .
StorageClass (string) --
The class of storage used to store the object.
NoncurrentVersionExpiration (dict) --
The noncurrent version expiration of the lifecycle rule.
Note
This is not supported by Amazon S3 on Outposts buckets.
NoncurrentDays (integer) --
Specifies the number of days an object is noncurrent before Amazon S3 can perform the associated action. For information about the noncurrent days calculations, see How Amazon S3 Calculates When an Object Became Noncurrent in the Amazon Simple Storage Service Developer Guide .
AbortIncompleteMultipartUpload (dict) --
Specifies the days since the initiation of an incomplete multipart upload that Amazon S3 waits before permanently removing all parts of the upload. For more information, see Aborting Incomplete Multipart Uploads Using a Bucket Lifecycle Policy in the Amazon Simple Storage Service Developer Guide .
DaysAfterInitiation (integer) --
Specifies the number of days after which Amazon S3 aborts an incomplete multipart upload to the Outposts bucket.
Note
This action gets a bucket policy for an Amazon S3 on Outposts bucket. To get a policy for an S3 bucket, see GetBucketPolicy in the Amazon Simple Storage Service API .
Returns the policy of a specified Outposts bucket. For more information, see Using Amazon S3 on Outposts in the Amazon Simple Storage Service User Guide .
If you are using an identity other than the root user of the AWS account that owns the bucket, the calling identity must have the GetBucketPolicy permissions on the specified bucket and belong to the bucket owner's account in order to use this action.
Only users from Outposts bucket owner account with the right permissions can perform actions on an Outposts bucket. If you don't have s3-outposts:GetBucketPolicy permissions or you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 403 Access Denied error.
Warning
As a security precaution, the root user of the AWS account that owns a bucket can always use this action, even if the policy explicitly denies the root user the ability to perform this action.
For more information about bucket policies, see Using Bucket Policies and User Policies .
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request and an S3 on Outposts endpoint hostname prefix instead of s3-control . For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived using the access point ARN, see the Examples section.
The following actions are related to GetBucketPolicy :
See also: AWS API Documentation
Request Syntax
response = client.get_bucket_policy(
AccountId='string',
Bucket='string'
)
[REQUIRED]
The AWS account ID of the Outposts bucket.
[REQUIRED]
Specifies the bucket.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the AWS SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name> . For example, to access the bucket reports through outpost my-outpost owned by account 123456789012 in Region us-west-2 , use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports . The value must be URL encoded.
dict
Response Syntax
{
'Policy': 'string'
}
Response Structure
(dict) --
Policy (string) --
The policy of the Outposts bucket.
Note
This action gets an Amazon S3 on Outposts bucket's tags. To get an S3 bucket tags, see GetBucketTagging in the Amazon Simple Storage Service API .
Returns the tag set associated with the Outposts bucket. For more information, see Using Amazon S3 on Outposts in the Amazon Simple Storage Service User Guide .
To use this action, you must have permission to perform the GetBucketTagging action. By default, the bucket owner has this permission and can grant this permission to others.
GetBucketTagging has the following special error:
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request and an S3 on Outposts endpoint hostname prefix instead of s3-control . For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived using the access point ARN, see the Examples section.
The following actions are related to GetBucketTagging :
See also: AWS API Documentation
Request Syntax
response = client.get_bucket_tagging(
AccountId='string',
Bucket='string'
)
[REQUIRED]
The AWS account ID of the Outposts bucket.
[REQUIRED]
Specifies the bucket.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the AWS SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name> . For example, to access the bucket reports through outpost my-outpost owned by account 123456789012 in Region us-west-2 , use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports . The value must be URL encoded.
dict
Response Syntax
{
'TagSet': [
{
'Key': 'string',
'Value': 'string'
},
]
}
Response Structure
(dict) --
TagSet (list) --
The tags set of the Outposts bucket.
Returns the tags on an S3 Batch Operations job. To use this operation, you must have permission to perform the s3:GetJobTagging action. For more information, see Controlling access and labeling jobs using tags in the Amazon Simple Storage Service User Guide .
Related actions include:
See also: AWS API Documentation
Request Syntax
response = client.get_job_tagging(
AccountId='string',
JobId='string'
)
[REQUIRED]
The AWS account ID associated with the S3 Batch Operations job.
[REQUIRED]
The ID for the S3 Batch Operations job whose tags you want to retrieve.
dict
Response Syntax
{
'Tags': [
{
'Key': 'string',
'Value': 'string'
},
]
}
Response Structure
(dict) --
Tags (list) --
The set of tags associated with the S3 Batch Operations job.
Exceptions
Create a paginator for an operation.
Retrieves the PublicAccessBlock configuration for an AWS account. For more information, see Using Amazon S3 block public access .
Related actions include:
See also: AWS API Documentation
Request Syntax
response = client.get_public_access_block(
AccountId='string'
)
[REQUIRED]
The account ID for the AWS account whose PublicAccessBlock configuration you want to retrieve.
{
'PublicAccessBlockConfiguration': {
'BlockPublicAcls': True|False,
'IgnorePublicAcls': True|False,
'BlockPublicPolicy': True|False,
'RestrictPublicBuckets': True|False
}
}
Response Structure
The PublicAccessBlock configuration currently in effect for this AWS account.
Specifies whether Amazon S3 should block public access control lists (ACLs) for buckets in this account. Setting this element to TRUE causes the following behavior:
Enabling this setting doesn't affect existing policies or ACLs.
This is not supported for Amazon S3 on Outposts.
Specifies whether Amazon S3 should ignore public ACLs for buckets in this account. Setting this element to TRUE causes Amazon S3 to ignore all public ACLs on buckets in this account and any objects that they contain.
Enabling this setting doesn't affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set.
This is not supported for Amazon S3 on Outposts.
Specifies whether Amazon S3 should block public bucket policies for buckets in this account. Setting this element to TRUE causes Amazon S3 to reject calls to PUT Bucket policy if the specified bucket policy allows public access.
Enabling this setting doesn't affect existing bucket policies.
This is not supported for Amazon S3 on Outposts.
Specifies whether Amazon S3 should restrict public bucket policies for buckets in this account. Setting this element to TRUE restricts access to buckets with public policies to only AWS service principals and authorized users within this account.
Enabling this setting doesn't affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked.
This is not supported for Amazon S3 on Outposts.
Exceptions
Gets the Amazon S3 Storage Lens configuration. For more information, see Assessing your storage activity and usage with Amazon S3 Storage Lens in the Amazon Simple Storage Service User Guide .
Note
To use this action, you must have permission to perform the s3:GetStorageLensConfiguration action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon Simple Storage Service User Guide .
See also: AWS API Documentation
Request Syntax
response = client.get_storage_lens_configuration(
ConfigId='string',
AccountId='string'
)
[REQUIRED]
The ID of the Amazon S3 Storage Lens configuration.
[REQUIRED]
The account ID of the requester.
dict
Response Syntax
{
'StorageLensConfiguration': {
'Id': 'string',
'AccountLevel': {
'ActivityMetrics': {
'IsEnabled': True|False
},
'BucketLevel': {
'ActivityMetrics': {
'IsEnabled': True|False
},
'PrefixLevel': {
'StorageMetrics': {
'IsEnabled': True|False,
'SelectionCriteria': {
'Delimiter': 'string',
'MaxDepth': 123,
'MinStorageBytesPercentage': 123.0
}
}
}
}
},
'Include': {
'Buckets': [
'string',
],
'Regions': [
'string',
]
},
'Exclude': {
'Buckets': [
'string',
],
'Regions': [
'string',
]
},
'DataExport': {
'S3BucketDestination': {
'Format': 'CSV'|'Parquet',
'OutputSchemaVersion': 'V_1',
'AccountId': 'string',
'Arn': 'string',
'Prefix': 'string',
'Encryption': {
'SSES3': {},
'SSEKMS': {
'KeyId': 'string'
}
}
}
},
'IsEnabled': True|False,
'AwsOrg': {
'Arn': 'string'
},
'StorageLensArn': 'string'
}
}
Response Structure
(dict) --
StorageLensConfiguration (dict) --
The S3 Storage Lens configuration requested.
Id (string) --
A container for the Amazon S3 Storage Lens configuration ID.
AccountLevel (dict) --
A container for all the account-level configurations of your S3 Storage Lens configuration.
ActivityMetrics (dict) --
A container for the S3 Storage Lens activity metrics.
IsEnabled (boolean) --
A container for whether the activity metrics are enabled.
BucketLevel (dict) --
A container for the S3 Storage Lens bucket-level configuration.
ActivityMetrics (dict) --
A container for the bucket-level activity metrics for Amazon S3 Storage Lens
IsEnabled (boolean) --
A container for whether the activity metrics are enabled.
PrefixLevel (dict) --
A container for the bucket-level prefix-level metrics for S3 Storage Lens
StorageMetrics (dict) --
A container for the prefix-level storage metrics for S3 Storage Lens.
IsEnabled (boolean) --
A container for whether prefix-level storage metrics are enabled.
SelectionCriteria (dict) --
Delimiter (string) --
A container for the delimiter of the selection criteria being used.
MaxDepth (integer) --
The max depth of the selection criteria
MinStorageBytesPercentage (float) --
The minimum number of storage bytes percentage whose metrics will be selected.
Note
You must choose a value greater than or equal to 1.0 .
Include (dict) --
A container for what is included in this configuration. This container can only be valid if there is no Exclude container submitted, and it's not empty.
Buckets (list) --
A container for the S3 Storage Lens bucket includes.
Regions (list) --
A container for the S3 Storage Lens Region includes.
Exclude (dict) --
A container for what is excluded in this configuration. This container can only be valid if there is no Include container submitted, and it's not empty.
Buckets (list) --
A container for the S3 Storage Lens bucket excludes.
Regions (list) --
A container for the S3 Storage Lens Region excludes.
DataExport (dict) --
A container to specify the properties of your S3 Storage Lens metrics export including, the destination, schema and format.
S3BucketDestination (dict) --
A container for the bucket where the S3 Storage Lens metrics export will be located.
Note
This bucket must be located in the same Region as the storage lens configuration.
Format (string) --
OutputSchemaVersion (string) --
The schema version of the export file.
AccountId (string) --
The account ID of the owner of the S3 Storage Lens metrics export bucket.
Arn (string) --
The Amazon Resource Name (ARN) of the bucket. This property is read-only and follows the following format: ``arn:aws:s3:us-east-1 :example-account-id :bucket/your-destination-bucket-name ``
Prefix (string) --
The prefix of the destination bucket where the metrics export will be delivered.
Encryption (dict) --
The container for the type encryption of the metrics exports in this bucket.
SSES3 (dict) --
SSEKMS (dict) --
KeyId (string) --
A container for the ARN of the SSE-KMS encryption. This property is read-only and follows the following format: ``arn:aws:kms:us-east-1 :example-account-id :key/example-9a73-4afc-8d29-8f5900cef44e ``
IsEnabled (boolean) --
A container for whether the S3 Storage Lens configuration is enabled.
AwsOrg (dict) --
A container for the AWS organization for this S3 Storage Lens configuration.
Arn (string) --
A container for the Amazon Resource Name (ARN) of the AWS organization. This property is read-only and follows the following format: ``arn:aws:organizations:us-east-1 :example-account-id :organization/o-ex2l495dck ``
StorageLensArn (string) --
The Amazon Resource Name (ARN) of the S3 Storage Lens configuration. This property is read-only and follows the following format: ``arn:aws:s3:us-east-1 :example-account-id :storage-lens/your-dashboard-name ``
Gets the tags of Amazon S3 Storage Lens configuration. For more information about S3 Storage Lens, see Assessing your storage activity and usage with Amazon S3 Storage Lens in the Amazon Simple Storage Service User Guide .
Note
To use this action, you must have permission to perform the s3:GetStorageLensConfigurationTagging action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon Simple Storage Service User Guide .
See also: AWS API Documentation
Request Syntax
response = client.get_storage_lens_configuration_tagging(
ConfigId='string',
AccountId='string'
)
[REQUIRED]
The ID of the Amazon S3 Storage Lens configuration.
[REQUIRED]
The account ID of the requester.
dict
Response Syntax
{
'Tags': [
{
'Key': 'string',
'Value': 'string'
},
]
}
Response Structure
(dict) --
Tags (list) --
The tags of S3 Storage Lens configuration requested.
Returns an object that can wait for some condition.
Returns a list of the access points currently associated with the specified bucket. You can retrieve up to 1000 access points per call. If the specified bucket has more than 1,000 access points (or the number specified in maxResults , whichever is less), the response will include a continuation token that you can use to list the additional access points.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request and an S3 on Outposts endpoint hostname prefix instead of s3-control . For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived using the access point ARN, see the Examples section.
The following actions are related to ListAccessPoints :
See also: AWS API Documentation
Request Syntax
response = client.list_access_points(
AccountId='string',
Bucket='string',
NextToken='string',
MaxResults=123
)
[REQUIRED]
The AWS account ID for owner of the bucket whose access points you want to list.
The name of the bucket whose associated access points you want to list.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the AWS SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name> . For example, to access the bucket reports through outpost my-outpost owned by account 123456789012 in Region us-west-2 , use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports . The value must be URL encoded.
dict
Response Syntax
{
'AccessPointList': [
{
'Name': 'string',
'NetworkOrigin': 'Internet'|'VPC',
'VpcConfiguration': {
'VpcId': 'string'
},
'Bucket': 'string',
'AccessPointArn': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
AccessPointList (list) --
Contains identification and configuration information for one or more access points associated with the specified bucket.
(dict) --
An access point used to access a bucket.
Name (string) --
The name of this access point.
NetworkOrigin (string) --
Indicates whether this access point allows access from the public internet. If VpcConfiguration is specified for this access point, then NetworkOrigin is VPC , and the access point doesn't allow access from the public internet. Otherwise, NetworkOrigin is Internet , and the access point allows access from the public internet, subject to the access point and bucket access policies.
VpcConfiguration (dict) --
The virtual private cloud (VPC) configuration for this access point, if one exists.
VpcId (string) --
If this field is specified, this access point will only allow connections from the specified VPC ID.
Bucket (string) --
The name of the bucket associated with this access point.
AccessPointArn (string) --
The ARN for the access point.
NextToken (string) --
If the specified bucket has more access points than can be returned in one call to this API, this field contains a continuation token that you can provide in subsequent calls to this API to retrieve additional access points.
Returns a list of the access points associated with the Object Lambda Access Point. You can retrieve up to 1000 access points per call. If there are more than 1,000 access points (or the number specified in maxResults , whichever is less), the response will include a continuation token that you can use to list the additional access points.
The following actions are related to ListAccessPointsForObjectLambda :
See also: AWS API Documentation
Request Syntax
response = client.list_access_points_for_object_lambda(
AccountId='string',
NextToken='string',
MaxResults=123
)
[REQUIRED]
The account ID for the account that owns the specified Object Lambda Access Point.
dict
Response Syntax
{
'ObjectLambdaAccessPointList': [
{
'Name': 'string',
'ObjectLambdaAccessPointArn': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
ObjectLambdaAccessPointList (list) --
Returns list of Object Lambda Access Points.
(dict) --
An access point with an attached AWS Lambda function used to access transformed data from an Amazon S3 bucket.
Name (string) --
The name of the Object Lambda Access Point.
ObjectLambdaAccessPointArn (string) --
Specifies the ARN for the Object Lambda Access Point.
NextToken (string) --
If the list has more access points than can be returned in one call to this API, this field contains a continuation token that you can provide in subsequent calls to this API to retrieve additional access points.
Lists current S3 Batch Operations jobs and jobs that have ended within the last 30 days for the AWS account making the request. For more information, see S3 Batch Operations in the Amazon Simple Storage Service User Guide .
Related actions include:
See also: AWS API Documentation
Request Syntax
response = client.list_jobs(
AccountId='string',
JobStatuses=[
'Active'|'Cancelled'|'Cancelling'|'Complete'|'Completing'|'Failed'|'Failing'|'New'|'Paused'|'Pausing'|'Preparing'|'Ready'|'Suspended',
],
NextToken='string',
MaxResults=123
)
[REQUIRED]
The AWS account ID associated with the S3 Batch Operations job.
The List Jobs request returns jobs that match the statuses listed in this element.
dict
Response Syntax
{
'NextToken': 'string',
'Jobs': [
{
'JobId': 'string',
'Description': 'string',
'Operation': 'LambdaInvoke'|'S3PutObjectCopy'|'S3PutObjectAcl'|'S3PutObjectTagging'|'S3DeleteObjectTagging'|'S3InitiateRestoreObject'|'S3PutObjectLegalHold'|'S3PutObjectRetention',
'Priority': 123,
'Status': 'Active'|'Cancelled'|'Cancelling'|'Complete'|'Completing'|'Failed'|'Failing'|'New'|'Paused'|'Pausing'|'Preparing'|'Ready'|'Suspended',
'CreationTime': datetime(2015, 1, 1),
'TerminationDate': datetime(2015, 1, 1),
'ProgressSummary': {
'TotalNumberOfTasks': 123,
'NumberOfTasksSucceeded': 123,
'NumberOfTasksFailed': 123
}
},
]
}
Response Structure
(dict) --
NextToken (string) --
If the List Jobs request produced more than the maximum number of results, you can pass this value into a subsequent List Jobs request in order to retrieve the next page of results.
Jobs (list) --
The list of current jobs and jobs that have ended within the last 30 days.
(dict) --
Contains the configuration and status information for a single job retrieved as part of a job list.
JobId (string) --
The ID for the specified job.
Description (string) --
The user-specified description that was included in the specified job's Create Job request.
Operation (string) --
The operation that the specified job is configured to run on every object listed in the manifest.
Priority (integer) --
The current priority for the specified job.
Status (string) --
The specified job's current status.
CreationTime (datetime) --
A timestamp indicating when the specified job was created.
TerminationDate (datetime) --
A timestamp indicating when the specified job terminated. A job's termination date is the date and time when it succeeded, failed, or was canceled.
ProgressSummary (dict) --
Describes the total number of tasks that the specified job has run, the number of tasks that succeeded, and the number of tasks that failed.
Exceptions
Returns a list of all Outposts buckets in an Outpost that are owned by the authenticated sender of the request. For more information, see Using Amazon S3 on Outposts in the Amazon Simple Storage Service User Guide .
For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and x-amz-outpost-id in your request, see the Examples section.
See also: AWS API Documentation
Request Syntax
response = client.list_regional_buckets(
AccountId='string',
NextToken='string',
MaxResults=123,
OutpostId='string'
)
[REQUIRED]
The AWS account ID of the Outposts bucket.
The ID of the AWS Outposts.
Note
This is required by Amazon S3 on Outposts buckets.
dict
Response Syntax
{
'RegionalBucketList': [
{
'Bucket': 'string',
'BucketArn': 'string',
'PublicAccessBlockEnabled': True|False,
'CreationDate': datetime(2015, 1, 1),
'OutpostId': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
RegionalBucketList (list) --
(dict) --
The container for the regional bucket.
Bucket (string) --
BucketArn (string) --
The Amazon Resource Name (ARN) for the regional bucket.
PublicAccessBlockEnabled (boolean) --
CreationDate (datetime) --
The creation date of the regional bucket
OutpostId (string) --
The AWS Outposts ID of the regional bucket.
NextToken (string) --
NextToken is sent when isTruncated is true, which means there are more buckets that can be listed. The next list requests to Amazon S3 can be continued with this NextToken . NextToken is obfuscated and is not a real key.
Gets a list of Amazon S3 Storage Lens configurations. For more information about S3 Storage Lens, see Assessing your storage activity and usage with Amazon S3 Storage Lens in the Amazon Simple Storage Service User Guide .
Note
To use this action, you must have permission to perform the s3:ListStorageLensConfigurations action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon Simple Storage Service User Guide .
See also: AWS API Documentation
Request Syntax
response = client.list_storage_lens_configurations(
AccountId='string',
NextToken='string'
)
[REQUIRED]
The account ID of the requester.
dict
Response Syntax
{
'NextToken': 'string',
'StorageLensConfigurationList': [
{
'Id': 'string',
'StorageLensArn': 'string',
'HomeRegion': 'string',
'IsEnabled': True|False
},
]
}
Response Structure
(dict) --
NextToken (string) --
If the request produced more than the maximum number of S3 Storage Lens configuration results, you can pass this value into a subsequent request to retrieve the next page of results.
StorageLensConfigurationList (list) --
A list of S3 Storage Lens configurations.
(dict) --
Part of ListStorageLensConfigurationResult . Each entry includes the description of the S3 Storage Lens configuration, its home Region, whether it is enabled, its Amazon Resource Name (ARN), and config ID.
Id (string) --
A container for the S3 Storage Lens configuration ID.
StorageLensArn (string) --
The ARN of the S3 Storage Lens configuration. This property is read-only.
HomeRegion (string) --
A container for the S3 Storage Lens home Region. Your metrics data is stored and retained in your designated S3 Storage Lens home Region.
IsEnabled (boolean) --
A container for whether the S3 Storage Lens configuration is enabled. This property is required.
Replaces configuration for an Object Lambda Access Point.
The following actions are related to PutAccessPointConfigurationForObjectLambda :
See also: AWS API Documentation
Request Syntax
response = client.put_access_point_configuration_for_object_lambda(
AccountId='string',
Name='string',
Configuration={
'SupportingAccessPoint': 'string',
'CloudWatchMetricsEnabled': True|False,
'AllowedFeatures': [
'GetObject-Range'|'GetObject-PartNumber',
],
'TransformationConfigurations': [
{
'Actions': [
'GetObject',
],
'ContentTransformation': {
'AwsLambda': {
'FunctionArn': 'string',
'FunctionPayload': 'string'
}
}
},
]
}
)
[REQUIRED]
The account ID for the account that owns the specified Object Lambda Access Point.
[REQUIRED]
The name of the Object Lambda Access Point.
[REQUIRED]
Object Lambda Access Point configuration document.
Standard access point associated with the Object Lambda Access Point.
A container for whether the CloudWatch metrics configuration is enabled.
A container for allowed features. Valid inputs are GetObject-Range and GetObject-PartNumber .
A container for transformation configurations for an Object Lambda Access Point.
A configuration used when creating an Object Lambda Access Point transformation.
A container for the action of an Object Lambda Access Point configuration. Valid input is GetObject .
A container for the content transformation of an Object Lambda Access Point configuration.
A container for an AWS Lambda function.
The Amazon Resource Name (ARN) of the AWS Lambda function.
Additional JSON that provides supplemental data to the Lambda function used to transform objects.
None
Associates an access policy with the specified access point. Each access point can have only one policy, so a request made to this API replaces any existing policy associated with the specified access point.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request and an S3 on Outposts endpoint hostname prefix instead of s3-control . For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived using the access point ARN, see the Examples section.
The following actions are related to PutAccessPointPolicy :
See also: AWS API Documentation
Request Syntax
response = client.put_access_point_policy(
AccountId='string',
Name='string',
Policy='string'
)
[REQUIRED]
The AWS account ID for owner of the bucket associated with the specified access point.
[REQUIRED]
The name of the access point that you want to associate with the specified policy.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the AWS SDK and CLI, you must specify the ARN of the access point accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/accesspoint/<my-accesspoint-name> . For example, to access the access point reports-ap through outpost my-outpost owned by account 123456789012 in Region us-west-2 , use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/accesspoint/reports-ap . The value must be URL encoded.
[REQUIRED]
The policy that you want to apply to the specified access point. For more information about access point policies, see Managing data access with Amazon S3 Access Points in the Amazon Simple Storage Service User Guide .
None
Creates or replaces resource policy for an Object Lambda Access Point. For an example policy, see Creating Object Lambda Access Points in the Amazon Simple Storage Service User Guide .
The following actions are related to PutAccessPointPolicyForObjectLambda :
See also: AWS API Documentation
Request Syntax
response = client.put_access_point_policy_for_object_lambda(
AccountId='string',
Name='string',
Policy='string'
)
[REQUIRED]
The account ID for the account that owns the specified Object Lambda Access Point.
[REQUIRED]
The name of the Object Lambda Access Point.
[REQUIRED]
Object Lambda Access Point resource policy document.
None
Note
This action puts a lifecycle configuration to an Amazon S3 on Outposts bucket. To put a lifecycle configuration to an S3 bucket, see PutBucketLifecycleConfiguration in the Amazon Simple Storage Service API .
Creates a new lifecycle configuration for the S3 on Outposts bucket or replaces an existing lifecycle configuration. Outposts buckets only support lifecycle configurations that delete/expire objects after a certain period of time and abort incomplete multipart uploads.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request and an S3 on Outposts endpoint hostname prefix instead of s3-control . For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived using the access point ARN, see the Examples section.
The following actions are related to PutBucketLifecycleConfiguration :
See also: AWS API Documentation
Request Syntax
response = client.put_bucket_lifecycle_configuration(
AccountId='string',
Bucket='string',
LifecycleConfiguration={
'Rules': [
{
'Expiration': {
'Date': datetime(2015, 1, 1),
'Days': 123,
'ExpiredObjectDeleteMarker': True|False
},
'ID': 'string',
'Filter': {
'Prefix': 'string',
'Tag': {
'Key': 'string',
'Value': 'string'
},
'And': {
'Prefix': 'string',
'Tags': [
{
'Key': 'string',
'Value': 'string'
},
]
}
},
'Status': 'Enabled'|'Disabled',
'Transitions': [
{
'Date': datetime(2015, 1, 1),
'Days': 123,
'StorageClass': 'GLACIER'|'STANDARD_IA'|'ONEZONE_IA'|'INTELLIGENT_TIERING'|'DEEP_ARCHIVE'
},
],
'NoncurrentVersionTransitions': [
{
'NoncurrentDays': 123,
'StorageClass': 'GLACIER'|'STANDARD_IA'|'ONEZONE_IA'|'INTELLIGENT_TIERING'|'DEEP_ARCHIVE'
},
],
'NoncurrentVersionExpiration': {
'NoncurrentDays': 123
},
'AbortIncompleteMultipartUpload': {
'DaysAfterInitiation': 123
}
},
]
}
)
[REQUIRED]
The AWS account ID of the Outposts bucket.
[REQUIRED]
The name of the bucket for which to set the configuration.
Container for lifecycle rules. You can add as many as 1,000 rules.
A lifecycle rule for individual objects in an Outposts bucket.
The container for the Outposts bucket lifecycle rule.
Specifies the expiration for the lifecycle of the object in the form of date, days and, whether the object has a delete marker.
Indicates at what date the object is to be deleted. Should be in GMT ISO 8601 format.
Indicates the lifetime, in days, of the objects that are subject to the rule. The value must be a non-zero positive integer.
Indicates whether Amazon S3 will remove a delete marker with no noncurrent versions. If set to true, the delete marker will be expired. If set to false, the policy takes no action. This cannot be specified with Days or Date in a Lifecycle Expiration Policy.
Unique identifier for the rule. The value cannot be longer than 255 characters.
The container for the filter of lifecycle rule.
Prefix identifying one or more objects to which the rule applies.
Warning
Replacement must be made for object keys containing special characters (such as carriage returns) when using XML requests. For more information, see XML related object key constraints .
The container for the AND condition for the lifecycle rule.
Prefix identifying one or more objects to which the rule applies.
All of these tags must exist in the object's tag set in order for the rule to apply.
If 'Enabled', the rule is currently being applied. If 'Disabled', the rule is not currently being applied.
Specifies when an Amazon S3 object transitions to a specified storage class.
Note
This is not supported by Amazon S3 on Outposts buckets.
Specifies when an object transitions to a specified storage class. For more information about Amazon S3 Lifecycle configuration rules, see Transitioning objects using Amazon S3 Lifecycle in the Amazon Simple Storage Service User Guide .
Indicates when objects are transitioned to the specified storage class. The date value must be in ISO 8601 format. The time is always midnight UTC.
Indicates the number of days after creation when objects are transitioned to the specified storage class. The value must be a positive integer.
The storage class to which you want the object to transition.
Specifies the transition rule for the lifecycle rule that describes when noncurrent objects transition to a specific storage class. If your bucket is versioning-enabled (or versioning is suspended), you can set this action to request that Amazon S3 transition noncurrent object versions to a specific storage class at a set period in the object's lifetime.
Note
This is not supported by Amazon S3 on Outposts buckets.
The container for the noncurrent version transition.
Specifies the number of days an object is noncurrent before Amazon S3 can perform the associated action. For information about the noncurrent days calculations, see How Amazon S3 Calculates How Long an Object Has Been Noncurrent in the Amazon Simple Storage Service Developer Guide .
The class of storage used to store the object.
The noncurrent version expiration of the lifecycle rule.
Note
This is not supported by Amazon S3 on Outposts buckets.
Specifies the number of days an object is noncurrent before Amazon S3 can perform the associated action. For information about the noncurrent days calculations, see How Amazon S3 Calculates When an Object Became Noncurrent in the Amazon Simple Storage Service Developer Guide .
Specifies the days since the initiation of an incomplete multipart upload that Amazon S3 waits before permanently removing all parts of the upload. For more information, see Aborting Incomplete Multipart Uploads Using a Bucket Lifecycle Policy in the Amazon Simple Storage Service Developer Guide .
Specifies the number of days after which Amazon S3 aborts an incomplete multipart upload to the Outposts bucket.
None
Note
This action puts a bucket policy to an Amazon S3 on Outposts bucket. To put a policy on an S3 bucket, see PutBucketPolicy in the Amazon Simple Storage Service API .
Applies an Amazon S3 bucket policy to an Outposts bucket. For more information, see Using Amazon S3 on Outposts in the Amazon Simple Storage Service User Guide .
If you are using an identity other than the root user of the AWS account that owns the Outposts bucket, the calling identity must have the PutBucketPolicy permissions on the specified Outposts bucket and belong to the bucket owner's account in order to use this action.
If you don't have PutBucketPolicy permissions, Amazon S3 returns a 403 Access Denied error. If you have the correct permissions, but you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 405 Method Not Allowed error.
Warning
As a security precaution, the root user of the AWS account that owns a bucket can always use this action, even if the policy explicitly denies the root user the ability to perform this action.
For more information about bucket policies, see Using Bucket Policies and User Policies .
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request and an S3 on Outposts endpoint hostname prefix instead of s3-control . For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived using the access point ARN, see the Examples section.
The following actions are related to PutBucketPolicy :
See also: AWS API Documentation
Request Syntax
response = client.put_bucket_policy(
AccountId='string',
Bucket='string',
ConfirmRemoveSelfBucketAccess=True|False,
Policy='string'
)
[REQUIRED]
The AWS account ID of the Outposts bucket.
[REQUIRED]
Specifies the bucket.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the AWS SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name> . For example, to access the bucket reports through outpost my-outpost owned by account 123456789012 in Region us-west-2 , use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports . The value must be URL encoded.
Set this parameter to true to confirm that you want to remove your permissions to change this bucket policy in the future.
Note
This is not supported by Amazon S3 on Outposts buckets.
[REQUIRED]
The bucket policy as a JSON document.
None
Note
This action puts tags on an Amazon S3 on Outposts bucket. To put tags on an S3 bucket, see PutBucketTagging in the Amazon Simple Storage Service API .
Sets the tags for an S3 on Outposts bucket. For more information, see Using Amazon S3 on Outposts in the Amazon Simple Storage Service User Guide .
Use tags to organize your AWS bill to reflect your own cost structure. To do this, sign up to get your AWS account bill with tag key values included. Then, to see the cost of combined resources, organize your billing information according to resources with the same tag key values. For example, you can tag several resources with a specific application name, and then organize your billing information to see the total cost of that application across several services. For more information, see Cost allocation and tagging .
Note
Within a bucket, if you add a tag that has the same key as an existing tag, the new value overwrites the old value. For more information, see Using cost allocation in Amazon S3 bucket tags .
To use this action, you must have permissions to perform the s3-outposts:PutBucketTagging action. The Outposts bucket owner has this permission by default and can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing access permissions to your Amazon S3 resources .
PutBucketTagging has the following special errors:
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request and an S3 on Outposts endpoint hostname prefix instead of s3-control . For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived using the access point ARN, see the Examples section.
The following actions are related to PutBucketTagging :
See also: AWS API Documentation
Request Syntax
response = client.put_bucket_tagging(
AccountId='string',
Bucket='string',
Tagging={
'TagSet': [
{
'Key': 'string',
'Value': 'string'
},
]
}
)
[REQUIRED]
The AWS account ID of the Outposts bucket.
[REQUIRED]
The Amazon Resource Name (ARN) of the bucket.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the AWS SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name> . For example, to access the bucket reports through outpost my-outpost owned by account 123456789012 in Region us-west-2 , use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports . The value must be URL encoded.
[REQUIRED]
A collection for a set of tags.
None
Sets the supplied tag-set on an S3 Batch Operations job.
A tag is a key-value pair. You can associate S3 Batch Operations tags with any job by sending a PUT request against the tagging subresource that is associated with the job. To modify the existing tag set, you can either replace the existing tag set entirely, or make changes within the existing tag set by retrieving the existing tag set using GetJobTagging , modify that tag set, and use this action to replace the tag set with the one you modified. For more information, see Controlling access and labeling jobs using tags in the Amazon Simple Storage Service User Guide .
Note
To use this action, you must have permission to perform the s3:PutJobTagging action.
Related actions include:
See also: AWS API Documentation
Request Syntax
response = client.put_job_tagging(
AccountId='string',
JobId='string',
Tags=[
{
'Key': 'string',
'Value': 'string'
},
]
)
[REQUIRED]
The AWS account ID associated with the S3 Batch Operations job.
[REQUIRED]
The ID for the S3 Batch Operations job whose tags you want to replace.
[REQUIRED]
The set of tags to associate with the S3 Batch Operations job.
dict
Response Syntax
{}
Response Structure
Exceptions
Creates or modifies the PublicAccessBlock configuration for an AWS account. For more information, see Using Amazon S3 block public access .
Related actions include:
See also: AWS API Documentation
Request Syntax
response = client.put_public_access_block(
PublicAccessBlockConfiguration={
'BlockPublicAcls': True|False,
'IgnorePublicAcls': True|False,
'BlockPublicPolicy': True|False,
'RestrictPublicBuckets': True|False
},
AccountId='string'
)
[REQUIRED]
The PublicAccessBlock configuration that you want to apply to the specified AWS account.
Specifies whether Amazon S3 should block public access control lists (ACLs) for buckets in this account. Setting this element to TRUE causes the following behavior:
Enabling this setting doesn't affect existing policies or ACLs.
This is not supported for Amazon S3 on Outposts.
Specifies whether Amazon S3 should ignore public ACLs for buckets in this account. Setting this element to TRUE causes Amazon S3 to ignore all public ACLs on buckets in this account and any objects that they contain.
Enabling this setting doesn't affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set.
This is not supported for Amazon S3 on Outposts.
Specifies whether Amazon S3 should block public bucket policies for buckets in this account. Setting this element to TRUE causes Amazon S3 to reject calls to PUT Bucket policy if the specified bucket policy allows public access.
Enabling this setting doesn't affect existing bucket policies.
This is not supported for Amazon S3 on Outposts.
Specifies whether Amazon S3 should restrict public bucket policies for buckets in this account. Setting this element to TRUE restricts access to buckets with public policies to only AWS service principals and authorized users within this account.
Enabling this setting doesn't affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked.
This is not supported for Amazon S3 on Outposts.
[REQUIRED]
The account ID for the AWS account whose PublicAccessBlock configuration you want to set.
None
Puts an Amazon S3 Storage Lens configuration. For more information about S3 Storage Lens, see Working with Amazon S3 Storage Lens in the Amazon Simple Storage Service User Guide .
Note
To use this action, you must have permission to perform the s3:PutStorageLensConfiguration action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon Simple Storage Service User Guide .
See also: AWS API Documentation
Request Syntax
response = client.put_storage_lens_configuration(
ConfigId='string',
AccountId='string',
StorageLensConfiguration={
'Id': 'string',
'AccountLevel': {
'ActivityMetrics': {
'IsEnabled': True|False
},
'BucketLevel': {
'ActivityMetrics': {
'IsEnabled': True|False
},
'PrefixLevel': {
'StorageMetrics': {
'IsEnabled': True|False,
'SelectionCriteria': {
'Delimiter': 'string',
'MaxDepth': 123,
'MinStorageBytesPercentage': 123.0
}
}
}
}
},
'Include': {
'Buckets': [
'string',
],
'Regions': [
'string',
]
},
'Exclude': {
'Buckets': [
'string',
],
'Regions': [
'string',
]
},
'DataExport': {
'S3BucketDestination': {
'Format': 'CSV'|'Parquet',
'OutputSchemaVersion': 'V_1',
'AccountId': 'string',
'Arn': 'string',
'Prefix': 'string',
'Encryption': {
'SSES3': {}
,
'SSEKMS': {
'KeyId': 'string'
}
}
}
},
'IsEnabled': True|False,
'AwsOrg': {
'Arn': 'string'
},
'StorageLensArn': 'string'
},
Tags=[
{
'Key': 'string',
'Value': 'string'
},
]
)
[REQUIRED]
The ID of the S3 Storage Lens configuration.
[REQUIRED]
The account ID of the requester.
[REQUIRED]
The S3 Storage Lens configuration.
A container for the Amazon S3 Storage Lens configuration ID.
A container for all the account-level configurations of your S3 Storage Lens configuration.
A container for the S3 Storage Lens activity metrics.
A container for whether the activity metrics are enabled.
A container for the S3 Storage Lens bucket-level configuration.
A container for the bucket-level activity metrics for Amazon S3 Storage Lens
A container for whether the activity metrics are enabled.
A container for the bucket-level prefix-level metrics for S3 Storage Lens
A container for the prefix-level storage metrics for S3 Storage Lens.
A container for whether prefix-level storage metrics are enabled.
A container for the delimiter of the selection criteria being used.
The max depth of the selection criteria
The minimum number of storage bytes percentage whose metrics will be selected.
Note
You must choose a value greater than or equal to 1.0 .
A container for what is included in this configuration. This container can only be valid if there is no Exclude container submitted, and it's not empty.
A container for the S3 Storage Lens bucket includes.
A container for the S3 Storage Lens Region includes.
A container for what is excluded in this configuration. This container can only be valid if there is no Include container submitted, and it's not empty.
A container for the S3 Storage Lens bucket excludes.
A container for the S3 Storage Lens Region excludes.
A container to specify the properties of your S3 Storage Lens metrics export including, the destination, schema and format.
A container for the bucket where the S3 Storage Lens metrics export will be located.
Note
This bucket must be located in the same Region as the storage lens configuration.
The schema version of the export file.
The account ID of the owner of the S3 Storage Lens metrics export bucket.
The Amazon Resource Name (ARN) of the bucket. This property is read-only and follows the following format: ``arn:aws:s3:us-east-1 :example-account-id :bucket/your-destination-bucket-name ``
The prefix of the destination bucket where the metrics export will be delivered.
The container for the type encryption of the metrics exports in this bucket.
A container for the ARN of the SSE-KMS encryption. This property is read-only and follows the following format: ``arn:aws:kms:us-east-1 :example-account-id :key/example-9a73-4afc-8d29-8f5900cef44e ``
A container for whether the S3 Storage Lens configuration is enabled.
A container for the AWS organization for this S3 Storage Lens configuration.
A container for the Amazon Resource Name (ARN) of the AWS organization. This property is read-only and follows the following format: ``arn:aws:organizations:us-east-1 :example-account-id :organization/o-ex2l495dck ``
The Amazon Resource Name (ARN) of the S3 Storage Lens configuration. This property is read-only and follows the following format: ``arn:aws:s3:us-east-1 :example-account-id :storage-lens/your-dashboard-name ``
The tag set of the S3 Storage Lens configuration.
Note
You can set up to a maximum of 50 tags.
None
Put or replace tags on an existing Amazon S3 Storage Lens configuration. For more information about S3 Storage Lens, see Assessing your storage activity and usage with Amazon S3 Storage Lens in the Amazon Simple Storage Service User Guide .
Note
To use this action, you must have permission to perform the s3:PutStorageLensConfigurationTagging action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon Simple Storage Service User Guide .
See also: AWS API Documentation
Request Syntax
response = client.put_storage_lens_configuration_tagging(
ConfigId='string',
AccountId='string',
Tags=[
{
'Key': 'string',
'Value': 'string'
},
]
)
[REQUIRED]
The ID of the S3 Storage Lens configuration.
[REQUIRED]
The account ID of the requester.
[REQUIRED]
The tag set of the S3 Storage Lens configuration.
Note
You can set up to a maximum of 50 tags.
dict
Response Syntax
{}
Response Structure
Updates an existing S3 Batch Operations job's priority. For more information, see S3 Batch Operations in the Amazon Simple Storage Service User Guide .
Related actions include:
See also: AWS API Documentation
Request Syntax
response = client.update_job_priority(
AccountId='string',
JobId='string',
Priority=123
)
[REQUIRED]
The AWS account ID associated with the S3 Batch Operations job.
[REQUIRED]
The ID for the job whose priority you want to update.
[REQUIRED]
The priority you want to assign to this job.
dict
Response Syntax
{
'JobId': 'string',
'Priority': 123
}
Response Structure
(dict) --
JobId (string) --
The ID for the job whose priority Amazon S3 updated.
Priority (integer) --
The new priority assigned to the specified job.
Exceptions
Updates the status for the specified job. Use this action to confirm that you want to run a job or to cancel an existing job. For more information, see S3 Batch Operations in the Amazon Simple Storage Service User Guide .
Related actions include:
See also: AWS API Documentation
Request Syntax
response = client.update_job_status(
AccountId='string',
JobId='string',
RequestedJobStatus='Cancelled'|'Ready',
StatusUpdateReason='string'
)
[REQUIRED]
The AWS account ID associated with the S3 Batch Operations job.
[REQUIRED]
The ID of the job whose status you want to update.
[REQUIRED]
The status that you want to move the specified job to.
dict
Response Syntax
{
'JobId': 'string',
'Status': 'Active'|'Cancelled'|'Cancelling'|'Complete'|'Completing'|'Failed'|'Failing'|'New'|'Paused'|'Pausing'|'Preparing'|'Ready'|'Suspended',
'StatusUpdateReason': 'string'
}
Response Structure
(dict) --
JobId (string) --
The ID for the job whose status was updated.
Status (string) --
The current status for the specified job.
StatusUpdateReason (string) --
The reason that the specified job's status was updated.
Exceptions
The available paginators are:
paginator = client.get_paginator('list_access_points_for_object_lambda')
Creates an iterator that will paginate through responses from S3Control.Client.list_access_points_for_object_lambda().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
AccountId='string',
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
[REQUIRED]
The account ID for the account that owns the specified Object Lambda Access Point.
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'ObjectLambdaAccessPointList': [
{
'Name': 'string',
'ObjectLambdaAccessPointArn': 'string'
},
],
}
Response Structure
(dict) --
ObjectLambdaAccessPointList (list) --
Returns list of Object Lambda Access Points.
(dict) --
An access point with an attached AWS Lambda function used to access transformed data from an Amazon S3 bucket.
Name (string) --
The name of the Object Lambda Access Point.
ObjectLambdaAccessPointArn (string) --
Specifies the ARN for the Object Lambda Access Point.