Table of Contents
A low-level client representing AWS S3 Control
Amazon Web Services S3 Control provides access to Amazon S3 control plane actions.
import boto3
client = boto3.client('s3control')
These are the available methods:
Check if an operation can be paginated.
Creates an access point and associates it with the specified bucket. For more information, see Managing Data Access with Amazon S3 Access Points in the Amazon S3 User Guide .
Note
S3 on Outposts only supports VPC-style access points.
For more information, see Accessing Amazon S3 on Outposts using virtual private cloud (VPC) only access points in the Amazon S3 User Guide .
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request and an S3 on Outposts endpoint hostname prefix instead of s3-control . For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived using the access point ARN, see the Examples section.
The following actions are related to CreateAccessPoint :
See also: AWS API Documentation
Request Syntax
response = client.create_access_point(
AccountId='string',
Name='string',
Bucket='string',
VpcConfiguration={
'VpcId': 'string'
},
PublicAccessBlockConfiguration={
'BlockPublicAcls': True|False,
'IgnorePublicAcls': True|False,
'BlockPublicPolicy': True|False,
'RestrictPublicBuckets': True|False
}
)
[REQUIRED]
The Amazon Web Services account ID for the owner of the bucket for which you want to create an access point.
[REQUIRED]
The name you want to assign to this access point.
[REQUIRED]
The name of the bucket that you want to associate this access point with.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name> . For example, to access the bucket reports through outpost my-outpost owned by account 123456789012 in Region us-west-2 , use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports . The value must be URL encoded.
If you include this field, Amazon S3 restricts access to this access point to requests from the specified virtual private cloud (VPC).
Note
This is required for creating an access point for Amazon S3 on Outposts buckets.
If this field is specified, this access point will only allow connections from the specified VPC ID.
The PublicAccessBlock configuration that you want to apply to the access point.
Specifies whether Amazon S3 should block public access control lists (ACLs) for buckets in this account. Setting this element to TRUE causes the following behavior:
Enabling this setting doesn't affect existing policies or ACLs.
This is not supported for Amazon S3 on Outposts.
Specifies whether Amazon S3 should ignore public ACLs for buckets in this account. Setting this element to TRUE causes Amazon S3 to ignore all public ACLs on buckets in this account and any objects that they contain.
Enabling this setting doesn't affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set.
This is not supported for Amazon S3 on Outposts.
Specifies whether Amazon S3 should block public bucket policies for buckets in this account. Setting this element to TRUE causes Amazon S3 to reject calls to PUT Bucket policy if the specified bucket policy allows public access.
Enabling this setting doesn't affect existing bucket policies.
This is not supported for Amazon S3 on Outposts.
Specifies whether Amazon S3 should restrict public bucket policies for buckets in this account. Setting this element to TRUE restricts access to buckets with public policies to only Amazon Web Service principals and authorized users within this account.
Enabling this setting doesn't affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked.
This is not supported for Amazon S3 on Outposts.
dict
Response Syntax
{
'AccessPointArn': 'string',
'Alias': 'string'
}
Response Structure
(dict) --
AccessPointArn (string) --
The ARN of the access point.
Note
This is only supported by Amazon S3 on Outposts.
Alias (string) --
The name or alias of the access point.
Creates an Object Lambda Access Point. For more information, see Transforming objects with Object Lambda Access Points in the Amazon S3 User Guide .
The following actions are related to CreateAccessPointForObjectLambda :
See also: AWS API Documentation
Request Syntax
response = client.create_access_point_for_object_lambda(
AccountId='string',
Name='string',
Configuration={
'SupportingAccessPoint': 'string',
'CloudWatchMetricsEnabled': True|False,
'AllowedFeatures': [
'GetObject-Range'|'GetObject-PartNumber',
],
'TransformationConfigurations': [
{
'Actions': [
'GetObject',
],
'ContentTransformation': {
'AwsLambda': {
'FunctionArn': 'string',
'FunctionPayload': 'string'
}
}
},
]
}
)
[REQUIRED]
The Amazon Web Services account ID for owner of the specified Object Lambda Access Point.
[REQUIRED]
The name you want to assign to this Object Lambda Access Point.
[REQUIRED]
Object Lambda Access Point configuration as a JSON document.
Standard access point associated with the Object Lambda Access Point.
A container for whether the CloudWatch metrics configuration is enabled.
A container for allowed features. Valid inputs are GetObject-Range and GetObject-PartNumber .
A container for transformation configurations for an Object Lambda Access Point.
A configuration used when creating an Object Lambda Access Point transformation.
A container for the action of an Object Lambda Access Point configuration. Valid input is GetObject .
A container for the content transformation of an Object Lambda Access Point configuration.
Note
This is a Tagged Union structure. Only one of the following top level keys can be set: AwsLambda.
A container for an Lambda function.
The Amazon Resource Name (ARN) of the Lambda function.
Additional JSON that provides supplemental data to the Lambda function used to transform objects.
dict
Response Syntax
{
'ObjectLambdaAccessPointArn': 'string'
}
Response Structure
(dict) --
ObjectLambdaAccessPointArn (string) --
Specifies the ARN for the Object Lambda Access Point.
Note
This action creates an Amazon S3 on Outposts bucket. To create an S3 bucket, see Create Bucket in the Amazon S3 API Reference .
Creates a new Outposts bucket. By creating the bucket, you become the bucket owner. To create an Outposts bucket, you must have S3 on Outposts. For more information, see Using Amazon S3 on Outposts in Amazon S3 User Guide .
Not every string is an acceptable bucket name. For information on bucket naming restrictions, see Working with Amazon S3 Buckets .
S3 on Outposts buckets support:
For a complete list of restrictions and Amazon S3 feature limitations on S3 on Outposts, see Amazon S3 on Outposts Restrictions and Limitations .
For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and x-amz-outpost-id in your API request, see the Examples section.
The following actions are related to CreateBucket for Amazon S3 on Outposts:
See also: AWS API Documentation
Request Syntax
response = client.create_bucket(
ACL='private'|'public-read'|'public-read-write'|'authenticated-read',
Bucket='string',
CreateBucketConfiguration={
'LocationConstraint': 'EU'|'eu-west-1'|'us-west-1'|'us-west-2'|'ap-south-1'|'ap-southeast-1'|'ap-southeast-2'|'ap-northeast-1'|'sa-east-1'|'cn-north-1'|'eu-central-1'
},
GrantFullControl='string',
GrantRead='string',
GrantReadACP='string',
GrantWrite='string',
GrantWriteACP='string',
ObjectLockEnabledForBucket=True|False,
OutpostId='string'
)
The canned ACL to apply to the bucket.
Note
This is not supported by Amazon S3 on Outposts buckets.
[REQUIRED]
The name of the bucket.
The configuration information for the bucket.
Note
This is not supported by Amazon S3 on Outposts buckets.
Specifies the Region where the bucket will be created. If you are creating a bucket on the US East (N. Virginia) Region (us-east-1), you do not need to specify the location.
Note
This is not supported by Amazon S3 on Outposts buckets.
Allows grantee the read, write, read ACP, and write ACP permissions on the bucket.
Note
This is not supported by Amazon S3 on Outposts buckets.
Allows grantee to list the objects in the bucket.
Note
This is not supported by Amazon S3 on Outposts buckets.
Allows grantee to read the bucket ACL.
Note
This is not supported by Amazon S3 on Outposts buckets.
Allows grantee to create, overwrite, and delete any object in the bucket.
Note
This is not supported by Amazon S3 on Outposts buckets.
Allows grantee to write the ACL for the applicable bucket.
Note
This is not supported by Amazon S3 on Outposts buckets.
Specifies whether you want S3 Object Lock to be enabled for the new bucket.
Note
This is not supported by Amazon S3 on Outposts buckets.
The ID of the Outposts where the bucket is being created.
Note
This is required by Amazon S3 on Outposts buckets.
dict
Response Syntax
{
'Location': 'string',
'BucketArn': 'string'
}
Response Structure
(dict) --
Location (string) --
The location of the bucket.
BucketArn (string) --
The Amazon Resource Name (ARN) of the bucket.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name> . For example, to access the bucket reports through outpost my-outpost owned by account 123456789012 in Region us-west-2 , use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports . The value must be URL encoded.
Exceptions
You can use S3 Batch Operations to perform large-scale batch actions on Amazon S3 objects. Batch Operations can run a single action on lists of Amazon S3 objects that you specify. For more information, see S3 Batch Operations in the Amazon S3 User Guide .
This action creates a S3 Batch Operations job.
Related actions include:
See also: AWS API Documentation
Request Syntax
response = client.create_job(
AccountId='string',
ConfirmationRequired=True|False,
Operation={
'LambdaInvoke': {
'FunctionArn': 'string'
},
'S3PutObjectCopy': {
'TargetResource': 'string',
'CannedAccessControlList': 'private'|'public-read'|'public-read-write'|'aws-exec-read'|'authenticated-read'|'bucket-owner-read'|'bucket-owner-full-control',
'AccessControlGrants': [
{
'Grantee': {
'TypeIdentifier': 'id'|'emailAddress'|'uri',
'Identifier': 'string',
'DisplayName': 'string'
},
'Permission': 'FULL_CONTROL'|'READ'|'WRITE'|'READ_ACP'|'WRITE_ACP'
},
],
'MetadataDirective': 'COPY'|'REPLACE',
'ModifiedSinceConstraint': datetime(2015, 1, 1),
'NewObjectMetadata': {
'CacheControl': 'string',
'ContentDisposition': 'string',
'ContentEncoding': 'string',
'ContentLanguage': 'string',
'UserMetadata': {
'string': 'string'
},
'ContentLength': 123,
'ContentMD5': 'string',
'ContentType': 'string',
'HttpExpiresDate': datetime(2015, 1, 1),
'RequesterCharged': True|False,
'SSEAlgorithm': 'AES256'|'KMS'
},
'NewObjectTagging': [
{
'Key': 'string',
'Value': 'string'
},
],
'RedirectLocation': 'string',
'RequesterPays': True|False,
'StorageClass': 'STANDARD'|'STANDARD_IA'|'ONEZONE_IA'|'GLACIER'|'INTELLIGENT_TIERING'|'DEEP_ARCHIVE'|'GLACIER_IR',
'UnModifiedSinceConstraint': datetime(2015, 1, 1),
'SSEAwsKmsKeyId': 'string',
'TargetKeyPrefix': 'string',
'ObjectLockLegalHoldStatus': 'OFF'|'ON',
'ObjectLockMode': 'COMPLIANCE'|'GOVERNANCE',
'ObjectLockRetainUntilDate': datetime(2015, 1, 1),
'BucketKeyEnabled': True|False,
'ChecksumAlgorithm': 'CRC32'|'CRC32C'|'SHA1'|'SHA256'
},
'S3PutObjectAcl': {
'AccessControlPolicy': {
'AccessControlList': {
'Owner': {
'ID': 'string',
'DisplayName': 'string'
},
'Grants': [
{
'Grantee': {
'TypeIdentifier': 'id'|'emailAddress'|'uri',
'Identifier': 'string',
'DisplayName': 'string'
},
'Permission': 'FULL_CONTROL'|'READ'|'WRITE'|'READ_ACP'|'WRITE_ACP'
},
]
},
'CannedAccessControlList': 'private'|'public-read'|'public-read-write'|'aws-exec-read'|'authenticated-read'|'bucket-owner-read'|'bucket-owner-full-control'
}
},
'S3PutObjectTagging': {
'TagSet': [
{
'Key': 'string',
'Value': 'string'
},
]
},
'S3DeleteObjectTagging': {}
,
'S3InitiateRestoreObject': {
'ExpirationInDays': 123,
'GlacierJobTier': 'BULK'|'STANDARD'
},
'S3PutObjectLegalHold': {
'LegalHold': {
'Status': 'OFF'|'ON'
}
},
'S3PutObjectRetention': {
'BypassGovernanceRetention': True|False,
'Retention': {
'RetainUntilDate': datetime(2015, 1, 1),
'Mode': 'COMPLIANCE'|'GOVERNANCE'
}
},
'S3ReplicateObject': {}
},
Report={
'Bucket': 'string',
'Format': 'Report_CSV_20180820',
'Enabled': True|False,
'Prefix': 'string',
'ReportScope': 'AllTasks'|'FailedTasksOnly'
},
ClientRequestToken='string',
Manifest={
'Spec': {
'Format': 'S3BatchOperations_CSV_20180820'|'S3InventoryReport_CSV_20161130',
'Fields': [
'Ignore'|'Bucket'|'Key'|'VersionId',
]
},
'Location': {
'ObjectArn': 'string',
'ObjectVersionId': 'string',
'ETag': 'string'
}
},
Description='string',
Priority=123,
RoleArn='string',
Tags=[
{
'Key': 'string',
'Value': 'string'
},
],
ManifestGenerator={
'S3JobManifestGenerator': {
'ExpectedBucketOwner': 'string',
'SourceBucket': 'string',
'ManifestOutputLocation': {
'ExpectedManifestBucketOwner': 'string',
'Bucket': 'string',
'ManifestPrefix': 'string',
'ManifestEncryption': {
'SSES3': {}
,
'SSEKMS': {
'KeyId': 'string'
}
},
'ManifestFormat': 'S3InventoryReport_CSV_20211130'
},
'Filter': {
'EligibleForReplication': True|False,
'CreatedAfter': datetime(2015, 1, 1),
'CreatedBefore': datetime(2015, 1, 1),
'ObjectReplicationStatuses': [
'COMPLETED'|'FAILED'|'REPLICA'|'NONE',
]
},
'EnableManifestOutput': True|False
}
}
)
[REQUIRED]
The Amazon Web Services account ID that creates the job.
[REQUIRED]
The action that you want this job to perform on every object listed in the manifest. For more information about the available actions, see Operations in the Amazon S3 User Guide .
Directs the specified job to invoke an Lambda function on every object in the manifest.
The Amazon Resource Name (ARN) for the Lambda function that the specified job will invoke on every object in the manifest.
Directs the specified job to run a PUT Copy object call on every object in the manifest.
Specifies the destination bucket ARN for the batch copy operation. For example, to copy objects to a bucket named "destinationBucket", set the TargetResource to "arn:aws:s3:::destinationBucket".
If you don't provide this parameter, Amazon S3 copies all the metadata from the original objects. If you specify an empty set, the new objects will have no tags. Otherwise, Amazon S3 assigns the supplied tags to the new objects.
Specifies an optional metadata property for website redirects, x-amz-website-redirect-location . Allows webpage redirects if the object is accessed through a website endpoint.
Specifies the folder prefix into which you would like the objects to be copied. For example, to copy objects into a folder named Folder1 in the destination bucket, set the TargetKeyPrefix to Folder1 .
The legal hold status to be applied to all objects in the Batch Operations job.
The retention mode to be applied to all objects in the Batch Operations job.
The date when the applied object retention configuration expires on all objects in the Batch Operations job.
Specifies whether Amazon S3 should use an S3 Bucket Key for object encryption with server-side encryption using Amazon Web Services KMS (SSE-KMS). Setting this header to true causes Amazon S3 to use an S3 Bucket Key for object encryption with SSE-KMS.
Specifying this header with an object action doesn’t affect bucket-level settings for S3 Bucket Key.
Indicates the algorithm you want Amazon S3 to use to create the checksum. For more information see Checking object integrity in the Amazon S3 User Guide .
Directs the specified job to run a PUT Object acl call on every object in the manifest.
Directs the specified job to run a PUT Object tagging call on every object in the manifest.
Directs the specified job to execute a DELETE Object tagging call on every object in the manifest.
Directs the specified job to initiate restore requests for every archived object in the manifest.
This argument specifies how long the S3 Glacier or S3 Glacier Deep Archive object remains available in Amazon S3. S3 Initiate Restore Object jobs that target S3 Glacier and S3 Glacier Deep Archive objects require ExpirationInDays set to 1 or greater.
Conversely, do not set ExpirationInDays when creating S3 Initiate Restore Object jobs that target S3 Intelligent-Tiering Archive Access and Deep Archive Access tier objects. Objects in S3 Intelligent-Tiering archive access tiers are not subject to restore expiry, so specifying ExpirationInDays results in restore request failure.
S3 Batch Operations jobs can operate either on S3 Glacier and S3 Glacier Deep Archive storage class objects or on S3 Intelligent-Tiering Archive Access and Deep Archive Access storage tier objects, but not both types in the same job. If you need to restore objects of both types you must create separate Batch Operations jobs.
S3 Batch Operations supports STANDARD and BULK retrieval tiers, but not the EXPEDITED retrieval tier.
Contains the configuration for an S3 Object Lock legal hold operation that an S3 Batch Operations job passes every object to the underlying PutObjectLegalHold API. For more information, see Using S3 Object Lock legal hold with S3 Batch Operations in the Amazon S3 User Guide .
Contains the Object Lock legal hold status to be applied to all objects in the Batch Operations job.
The Object Lock legal hold status to be applied to all objects in the Batch Operations job.
Contains the configuration parameters for the Object Lock retention action for an S3 Batch Operations job. Batch Operations passes every object to the underlying PutObjectRetention API. For more information, see Using S3 Object Lock retention with S3 Batch Operations in the Amazon S3 User Guide .
Indicates if the action should be applied to objects in the Batch Operations job even if they have Object Lock GOVERNANCE type in place.
Contains the Object Lock retention mode to be applied to all objects in the Batch Operations job. For more information, see Using S3 Object Lock retention with S3 Batch Operations in the Amazon S3 User Guide .
The date when the applied Object Lock retention will expire on all objects set by the Batch Operations job.
The Object Lock retention mode to be applied to all objects in the Batch Operations job.
Directs the specified job to invoke ReplicateObject on every object in the job's manifest.
[REQUIRED]
Configuration parameters for the optional job-completion report.
The Amazon Resource Name (ARN) for the bucket where specified job-completion report will be stored.
The format of the specified job-completion report.
Indicates whether the specified job will generate a job-completion report.
An optional prefix to describe where in the specified bucket the job-completion report will be stored. Amazon S3 stores the job-completion report at <prefix>/job-<job-id>/report.json .
Indicates whether the job-completion report will include details of all tasks or only failed tasks.
[REQUIRED]
An idempotency token to ensure that you don't accidentally submit the same request twice. You can use any string up to the maximum length.
This field is autopopulated if not provided.
Configuration parameters for the manifest.
Describes the format of the specified job's manifest. If the manifest is in CSV format, also describes the columns contained within the manifest.
Indicates which of the available formats the specified manifest uses.
If the specified manifest object is in the S3BatchOperations_CSV_20180820 format, this element describes which columns contain the required data.
Contains the information required to locate the specified job's manifest.
The Amazon Resource Name (ARN) for a manifest object.
Warning
Replacement must be made for object keys containing special characters (such as carriage returns) when using XML requests. For more information, see XML related object key constraints .
The optional version ID to identify a specific version of the manifest object.
The ETag for the specified manifest object.
[REQUIRED]
The numerical priority for this job. Higher numbers indicate higher priority.
[REQUIRED]
The Amazon Resource Name (ARN) for the Identity and Access Management (IAM) role that Batch Operations will use to run this job's action on every object in the manifest.
A set of tags to associate with the S3 Batch Operations job. This is an optional parameter.
The attribute container for the ManifestGenerator details. Jobs must be created with either a manifest file or a ManifestGenerator, but not both.
Note
This is a Tagged Union structure. Only one of the following top level keys can be set: S3JobManifestGenerator.
The S3 job ManifestGenerator's configuration details.
The Amazon Web Services account ID that owns the bucket the generated manifest is written to. If provided the generated manifest bucket's owner Amazon Web Services account ID must match this value, else the job fails.
The source bucket used by the ManifestGenerator.
Specifies the location the generated manifest will be written to.
The Account ID that owns the bucket the generated manifest is written to.
The bucket ARN the generated manifest should be written to.
Prefix identifying one or more objects to which the manifest applies.
Specifies what encryption should be used when the generated manifest objects are written.
Specifies the use of SSE-S3 to encrypt generated manifest objects.
Configuration details on how SSE-KMS is used to encrypt generated manifest objects.
Specifies the ID of the Amazon Web Services Key Management Service (Amazon Web Services KMS) symmetric customer managed key to use for encrypting generated manifest objects.
The format of the generated manifest.
Specifies rules the S3JobManifestGenerator should use to use to decide whether an object in the source bucket should or should not be included in the generated job manifest.
Include objects in the generated manifest only if they are eligible for replication according to the Replication configuration on the source bucket.
If provided, the generated manifest should include only source bucket objects that were created after this time.
If provided, the generated manifest should include only source bucket objects that were created before this time.
If provided, the generated manifest should include only source bucket objects that have one of the specified Replication statuses.
Determines whether or not to write the job's generated manifest to a bucket.
dict
Response Syntax
{
'JobId': 'string'
}
Response Structure
(dict) --
JobId (string) --
The ID for this job. Amazon S3 generates this ID automatically and returns it after a successful Create Job request.
Exceptions
Creates a Multi-Region Access Point and associates it with the specified buckets. For more information about creating Multi-Region Access Points, see Creating Multi-Region Access Points in the Amazon S3 User Guide .
This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around managing Multi-Region Access Points, see Managing Multi-Region Access Points in the Amazon S3 User Guide .
This request is asynchronous, meaning that you might receive a response before the command has completed. When this request provides a response, it provides a token that you can use to monitor the status of the request with DescribeMultiRegionAccessPointOperation .
The following actions are related to CreateMultiRegionAccessPoint :
See also: AWS API Documentation
Request Syntax
response = client.create_multi_region_access_point(
AccountId='string',
ClientToken='string',
Details={
'Name': 'string',
'PublicAccessBlock': {
'BlockPublicAcls': True|False,
'IgnorePublicAcls': True|False,
'BlockPublicPolicy': True|False,
'RestrictPublicBuckets': True|False
},
'Regions': [
{
'Bucket': 'string'
},
]
}
)
[REQUIRED]
The Amazon Web Services account ID for the owner of the Multi-Region Access Point. The owner of the Multi-Region Access Point also must own the underlying buckets.
[REQUIRED]
An idempotency token used to identify the request and guarantee that requests are unique.
This field is autopopulated if not provided.
[REQUIRED]
A container element containing details about the Multi-Region Access Point.
The name of the Multi-Region Access Point associated with this request.
The PublicAccessBlock configuration that you want to apply to this Amazon S3 account. You can enable the configuration options in any combination. For more information about when Amazon S3 considers a bucket or object public, see The Meaning of "Public" in the Amazon S3 User Guide .
This is not supported for Amazon S3 on Outposts.
Specifies whether Amazon S3 should block public access control lists (ACLs) for buckets in this account. Setting this element to TRUE causes the following behavior:
Enabling this setting doesn't affect existing policies or ACLs.
This is not supported for Amazon S3 on Outposts.
Specifies whether Amazon S3 should ignore public ACLs for buckets in this account. Setting this element to TRUE causes Amazon S3 to ignore all public ACLs on buckets in this account and any objects that they contain.
Enabling this setting doesn't affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set.
This is not supported for Amazon S3 on Outposts.
Specifies whether Amazon S3 should block public bucket policies for buckets in this account. Setting this element to TRUE causes Amazon S3 to reject calls to PUT Bucket policy if the specified bucket policy allows public access.
Enabling this setting doesn't affect existing bucket policies.
This is not supported for Amazon S3 on Outposts.
Specifies whether Amazon S3 should restrict public bucket policies for buckets in this account. Setting this element to TRUE restricts access to buckets with public policies to only Amazon Web Service principals and authorized users within this account.
Enabling this setting doesn't affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked.
This is not supported for Amazon S3 on Outposts.
The buckets in different Regions that are associated with the Multi-Region Access Point.
A Region that supports a Multi-Region Access Point as well as the associated bucket for the Region.
The name of the associated bucket for the Region.
dict
Response Syntax
{
'RequestTokenARN': 'string'
}
Response Structure
(dict) --
RequestTokenARN (string) --
The request token associated with the request. You can use this token with DescribeMultiRegionAccessPointOperation to determine the status of asynchronous requests.
Deletes the specified access point.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request and an S3 on Outposts endpoint hostname prefix instead of s3-control . For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived using the access point ARN, see the Examples section.
The following actions are related to DeleteAccessPoint :
See also: AWS API Documentation
Request Syntax
response = client.delete_access_point(
AccountId='string',
Name='string'
)
[REQUIRED]
The account ID for the account that owns the specified access point.
[REQUIRED]
The name of the access point you want to delete.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the access point accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/accesspoint/<my-accesspoint-name> . For example, to access the access point reports-ap through outpost my-outpost owned by account 123456789012 in Region us-west-2 , use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/accesspoint/reports-ap . The value must be URL encoded.
None
Deletes the specified Object Lambda Access Point.
The following actions are related to DeleteAccessPointForObjectLambda :
See also: AWS API Documentation
Request Syntax
response = client.delete_access_point_for_object_lambda(
AccountId='string',
Name='string'
)
[REQUIRED]
The account ID for the account that owns the specified Object Lambda Access Point.
[REQUIRED]
The name of the access point you want to delete.
None
Deletes the access point policy for the specified access point.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request and an S3 on Outposts endpoint hostname prefix instead of s3-control . For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived using the access point ARN, see the Examples section.
The following actions are related to DeleteAccessPointPolicy :
See also: AWS API Documentation
Request Syntax
response = client.delete_access_point_policy(
AccountId='string',
Name='string'
)
[REQUIRED]
The account ID for the account that owns the specified access point.
[REQUIRED]
The name of the access point whose policy you want to delete.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the access point accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/accesspoint/<my-accesspoint-name> . For example, to access the access point reports-ap through outpost my-outpost owned by account 123456789012 in Region us-west-2 , use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/accesspoint/reports-ap . The value must be URL encoded.
None
Removes the resource policy for an Object Lambda Access Point.
The following actions are related to DeleteAccessPointPolicyForObjectLambda :
See also: AWS API Documentation
Request Syntax
response = client.delete_access_point_policy_for_object_lambda(
AccountId='string',
Name='string'
)
[REQUIRED]
The account ID for the account that owns the specified Object Lambda Access Point.
[REQUIRED]
The name of the Object Lambda Access Point you want to delete the policy for.
None
Note
This action deletes an Amazon S3 on Outposts bucket. To delete an S3 bucket, see DeleteBucket in the Amazon S3 API Reference .
Deletes the Amazon S3 on Outposts bucket. All objects (including all object versions and delete markers) in the bucket must be deleted before the bucket itself can be deleted. For more information, see Using Amazon S3 on Outposts in Amazon S3 User Guide .
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request and an S3 on Outposts endpoint hostname prefix instead of s3-control . For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived using the access point ARN, see the Examples section.
Related Resources
See also: AWS API Documentation
Request Syntax
response = client.delete_bucket(
AccountId='string',
Bucket='string'
)
[REQUIRED]
The account ID that owns the Outposts bucket.
[REQUIRED]
Specifies the bucket being deleted.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name> . For example, to access the bucket reports through outpost my-outpost owned by account 123456789012 in Region us-west-2 , use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports . The value must be URL encoded.
None
Note
This action deletes an Amazon S3 on Outposts bucket's lifecycle configuration. To delete an S3 bucket's lifecycle configuration, see DeleteBucketLifecycle in the Amazon S3 API Reference .
Deletes the lifecycle configuration from the specified Outposts bucket. Amazon S3 on Outposts removes all the lifecycle configuration rules in the lifecycle subresource associated with the bucket. Your objects never expire, and Amazon S3 on Outposts no longer automatically deletes any objects on the basis of rules contained in the deleted lifecycle configuration. For more information, see Using Amazon S3 on Outposts in Amazon S3 User Guide .
To use this action, you must have permission to perform the s3-outposts:DeleteLifecycleConfiguration action. By default, the bucket owner has this permission and the Outposts bucket owner can grant this permission to others.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request and an S3 on Outposts endpoint hostname prefix instead of s3-control . For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived using the access point ARN, see the Examples section.
For more information about object expiration, see Elements to Describe Lifecycle Actions .
Related actions include:
See also: AWS API Documentation
Request Syntax
response = client.delete_bucket_lifecycle_configuration(
AccountId='string',
Bucket='string'
)
[REQUIRED]
The account ID of the lifecycle configuration to delete.
[REQUIRED]
Specifies the bucket.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name> . For example, to access the bucket reports through outpost my-outpost owned by account 123456789012 in Region us-west-2 , use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports . The value must be URL encoded.
None
Note
This action deletes an Amazon S3 on Outposts bucket policy. To delete an S3 bucket policy, see DeleteBucketPolicy in the Amazon S3 API Reference .
This implementation of the DELETE action uses the policy subresource to delete the policy of a specified Amazon S3 on Outposts bucket. If you are using an identity other than the root user of the Amazon Web Services account that owns the bucket, the calling identity must have the s3-outposts:DeleteBucketPolicy permissions on the specified Outposts bucket and belong to the bucket owner's account to use this action. For more information, see Using Amazon S3 on Outposts in Amazon S3 User Guide .
If you don't have DeleteBucketPolicy permissions, Amazon S3 returns a 403 Access Denied error. If you have the correct permissions, but you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 405 Method Not Allowed error.
Warning
As a security precaution, the root user of the Amazon Web Services account that owns a bucket can always use this action, even if the policy explicitly denies the root user the ability to perform this action.
For more information about bucket policies, see Using Bucket Policies and User Policies .
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request and an S3 on Outposts endpoint hostname prefix instead of s3-control . For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived using the access point ARN, see the Examples section.
The following actions are related to DeleteBucketPolicy :
See also: AWS API Documentation
Request Syntax
response = client.delete_bucket_policy(
AccountId='string',
Bucket='string'
)
[REQUIRED]
The account ID of the Outposts bucket.
[REQUIRED]
Specifies the bucket.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name> . For example, to access the bucket reports through outpost my-outpost owned by account 123456789012 in Region us-west-2 , use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports . The value must be URL encoded.
None
Note
This action deletes an Amazon S3 on Outposts bucket's tags. To delete an S3 bucket tags, see DeleteBucketTagging in the Amazon S3 API Reference .
Deletes the tags from the Outposts bucket. For more information, see Using Amazon S3 on Outposts in Amazon S3 User Guide .
To use this action, you must have permission to perform the PutBucketTagging action. By default, the bucket owner has this permission and can grant this permission to others.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request and an S3 on Outposts endpoint hostname prefix instead of s3-control . For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived using the access point ARN, see the Examples section.
The following actions are related to DeleteBucketTagging :
See also: AWS API Documentation
Request Syntax
response = client.delete_bucket_tagging(
AccountId='string',
Bucket='string'
)
[REQUIRED]
The Amazon Web Services account ID of the Outposts bucket tag set to be removed.
[REQUIRED]
The bucket ARN that has the tag set to be removed.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name> . For example, to access the bucket reports through outpost my-outpost owned by account 123456789012 in Region us-west-2 , use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports . The value must be URL encoded.
None
Removes the entire tag set from the specified S3 Batch Operations job. To use this operation, you must have permission to perform the s3:DeleteJobTagging action. For more information, see Controlling access and labeling jobs using tags in the Amazon S3 User Guide .
Related actions include:
See also: AWS API Documentation
Request Syntax
response = client.delete_job_tagging(
AccountId='string',
JobId='string'
)
[REQUIRED]
The Amazon Web Services account ID associated with the S3 Batch Operations job.
[REQUIRED]
The ID for the S3 Batch Operations job whose tags you want to delete.
dict
Response Syntax
{}
Response Structure
Exceptions
Deletes a Multi-Region Access Point. This action does not delete the buckets associated with the Multi-Region Access Point, only the Multi-Region Access Point itself.
This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around managing Multi-Region Access Points, see Managing Multi-Region Access Points in the Amazon S3 User Guide .
This request is asynchronous, meaning that you might receive a response before the command has completed. When this request provides a response, it provides a token that you can use to monitor the status of the request with DescribeMultiRegionAccessPointOperation .
The following actions are related to DeleteMultiRegionAccessPoint :
See also: AWS API Documentation
Request Syntax
response = client.delete_multi_region_access_point(
AccountId='string',
ClientToken='string',
Details={
'Name': 'string'
}
)
[REQUIRED]
The Amazon Web Services account ID for the owner of the Multi-Region Access Point.
[REQUIRED]
An idempotency token used to identify the request and guarantee that requests are unique.
This field is autopopulated if not provided.
[REQUIRED]
A container element containing details about the Multi-Region Access Point.
The name of the Multi-Region Access Point associated with this request.
dict
Response Syntax
{
'RequestTokenARN': 'string'
}
Response Structure
(dict) --
RequestTokenARN (string) --
The request token associated with the request. You can use this token with DescribeMultiRegionAccessPointOperation to determine the status of asynchronous requests.
Removes the PublicAccessBlock configuration for an Amazon Web Services account. For more information, see Using Amazon S3 block public access .
Related actions include:
See also: AWS API Documentation
Request Syntax
response = client.delete_public_access_block(
AccountId='string'
)
[REQUIRED]
The account ID for the Amazon Web Services account whose PublicAccessBlock configuration you want to remove.
Deletes the Amazon S3 Storage Lens configuration. For more information about S3 Storage Lens, see Assessing your storage activity and usage with Amazon S3 Storage Lens in the Amazon S3 User Guide .
Note
To use this action, you must have permission to perform the s3:DeleteStorageLensConfiguration action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon S3 User Guide .
See also: AWS API Documentation
Request Syntax
response = client.delete_storage_lens_configuration(
ConfigId='string',
AccountId='string'
)
[REQUIRED]
The ID of the S3 Storage Lens configuration.
[REQUIRED]
The account ID of the requester.
None
Deletes the Amazon S3 Storage Lens configuration tags. For more information about S3 Storage Lens, see Assessing your storage activity and usage with Amazon S3 Storage Lens in the Amazon S3 User Guide .
Note
To use this action, you must have permission to perform the s3:DeleteStorageLensConfigurationTagging action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon S3 User Guide .
See also: AWS API Documentation
Request Syntax
response = client.delete_storage_lens_configuration_tagging(
ConfigId='string',
AccountId='string'
)
[REQUIRED]
The ID of the S3 Storage Lens configuration.
[REQUIRED]
The account ID of the requester.
dict
Response Syntax
{}
Response Structure
Retrieves the configuration parameters and status for a Batch Operations job. For more information, see S3 Batch Operations in the Amazon S3 User Guide .
Related actions include:
See also: AWS API Documentation
Request Syntax
response = client.describe_job(
AccountId='string',
JobId='string'
)
[REQUIRED]
The Amazon Web Services account ID associated with the S3 Batch Operations job.
[REQUIRED]
The ID for the job whose information you want to retrieve.
dict
Response Syntax
{
'Job': {
'JobId': 'string',
'ConfirmationRequired': True|False,
'Description': 'string',
'JobArn': 'string',
'Status': 'Active'|'Cancelled'|'Cancelling'|'Complete'|'Completing'|'Failed'|'Failing'|'New'|'Paused'|'Pausing'|'Preparing'|'Ready'|'Suspended',
'Manifest': {
'Spec': {
'Format': 'S3BatchOperations_CSV_20180820'|'S3InventoryReport_CSV_20161130',
'Fields': [
'Ignore'|'Bucket'|'Key'|'VersionId',
]
},
'Location': {
'ObjectArn': 'string',
'ObjectVersionId': 'string',
'ETag': 'string'
}
},
'Operation': {
'LambdaInvoke': {
'FunctionArn': 'string'
},
'S3PutObjectCopy': {
'TargetResource': 'string',
'CannedAccessControlList': 'private'|'public-read'|'public-read-write'|'aws-exec-read'|'authenticated-read'|'bucket-owner-read'|'bucket-owner-full-control',
'AccessControlGrants': [
{
'Grantee': {
'TypeIdentifier': 'id'|'emailAddress'|'uri',
'Identifier': 'string',
'DisplayName': 'string'
},
'Permission': 'FULL_CONTROL'|'READ'|'WRITE'|'READ_ACP'|'WRITE_ACP'
},
],
'MetadataDirective': 'COPY'|'REPLACE',
'ModifiedSinceConstraint': datetime(2015, 1, 1),
'NewObjectMetadata': {
'CacheControl': 'string',
'ContentDisposition': 'string',
'ContentEncoding': 'string',
'ContentLanguage': 'string',
'UserMetadata': {
'string': 'string'
},
'ContentLength': 123,
'ContentMD5': 'string',
'ContentType': 'string',
'HttpExpiresDate': datetime(2015, 1, 1),
'RequesterCharged': True|False,
'SSEAlgorithm': 'AES256'|'KMS'
},
'NewObjectTagging': [
{
'Key': 'string',
'Value': 'string'
},
],
'RedirectLocation': 'string',
'RequesterPays': True|False,
'StorageClass': 'STANDARD'|'STANDARD_IA'|'ONEZONE_IA'|'GLACIER'|'INTELLIGENT_TIERING'|'DEEP_ARCHIVE'|'GLACIER_IR',
'UnModifiedSinceConstraint': datetime(2015, 1, 1),
'SSEAwsKmsKeyId': 'string',
'TargetKeyPrefix': 'string',
'ObjectLockLegalHoldStatus': 'OFF'|'ON',
'ObjectLockMode': 'COMPLIANCE'|'GOVERNANCE',
'ObjectLockRetainUntilDate': datetime(2015, 1, 1),
'BucketKeyEnabled': True|False,
'ChecksumAlgorithm': 'CRC32'|'CRC32C'|'SHA1'|'SHA256'
},
'S3PutObjectAcl': {
'AccessControlPolicy': {
'AccessControlList': {
'Owner': {
'ID': 'string',
'DisplayName': 'string'
},
'Grants': [
{
'Grantee': {
'TypeIdentifier': 'id'|'emailAddress'|'uri',
'Identifier': 'string',
'DisplayName': 'string'
},
'Permission': 'FULL_CONTROL'|'READ'|'WRITE'|'READ_ACP'|'WRITE_ACP'
},
]
},
'CannedAccessControlList': 'private'|'public-read'|'public-read-write'|'aws-exec-read'|'authenticated-read'|'bucket-owner-read'|'bucket-owner-full-control'
}
},
'S3PutObjectTagging': {
'TagSet': [
{
'Key': 'string',
'Value': 'string'
},
]
},
'S3DeleteObjectTagging': {},
'S3InitiateRestoreObject': {
'ExpirationInDays': 123,
'GlacierJobTier': 'BULK'|'STANDARD'
},
'S3PutObjectLegalHold': {
'LegalHold': {
'Status': 'OFF'|'ON'
}
},
'S3PutObjectRetention': {
'BypassGovernanceRetention': True|False,
'Retention': {
'RetainUntilDate': datetime(2015, 1, 1),
'Mode': 'COMPLIANCE'|'GOVERNANCE'
}
},
'S3ReplicateObject': {}
},
'Priority': 123,
'ProgressSummary': {
'TotalNumberOfTasks': 123,
'NumberOfTasksSucceeded': 123,
'NumberOfTasksFailed': 123,
'Timers': {
'ElapsedTimeInActiveSeconds': 123
}
},
'StatusUpdateReason': 'string',
'FailureReasons': [
{
'FailureCode': 'string',
'FailureReason': 'string'
},
],
'Report': {
'Bucket': 'string',
'Format': 'Report_CSV_20180820',
'Enabled': True|False,
'Prefix': 'string',
'ReportScope': 'AllTasks'|'FailedTasksOnly'
},
'CreationTime': datetime(2015, 1, 1),
'TerminationDate': datetime(2015, 1, 1),
'RoleArn': 'string',
'SuspendedDate': datetime(2015, 1, 1),
'SuspendedCause': 'string',
'ManifestGenerator': {
'S3JobManifestGenerator': {
'ExpectedBucketOwner': 'string',
'SourceBucket': 'string',
'ManifestOutputLocation': {
'ExpectedManifestBucketOwner': 'string',
'Bucket': 'string',
'ManifestPrefix': 'string',
'ManifestEncryption': {
'SSES3': {},
'SSEKMS': {
'KeyId': 'string'
}
},
'ManifestFormat': 'S3InventoryReport_CSV_20211130'
},
'Filter': {
'EligibleForReplication': True|False,
'CreatedAfter': datetime(2015, 1, 1),
'CreatedBefore': datetime(2015, 1, 1),
'ObjectReplicationStatuses': [
'COMPLETED'|'FAILED'|'REPLICA'|'NONE',
]
},
'EnableManifestOutput': True|False
}
},
'GeneratedManifestDescriptor': {
'Format': 'S3InventoryReport_CSV_20211130',
'Location': {
'ObjectArn': 'string',
'ObjectVersionId': 'string',
'ETag': 'string'
}
}
}
}
Response Structure
(dict) --
Job (dict) --
Contains the configuration parameters and status for the job specified in the Describe Job request.
JobId (string) --
The ID for the specified job.
ConfirmationRequired (boolean) --
Indicates whether confirmation is required before Amazon S3 begins running the specified job. Confirmation is required only for jobs created through the Amazon S3 console.
Description (string) --
The description for this job, if one was provided in this job's Create Job request.
JobArn (string) --
The Amazon Resource Name (ARN) for this job.
Status (string) --
The current status of the specified job.
Manifest (dict) --
The configuration information for the specified job's manifest object.
Spec (dict) --
Describes the format of the specified job's manifest. If the manifest is in CSV format, also describes the columns contained within the manifest.
Format (string) --
Indicates which of the available formats the specified manifest uses.
Fields (list) --
If the specified manifest object is in the S3BatchOperations_CSV_20180820 format, this element describes which columns contain the required data.
Location (dict) --
Contains the information required to locate the specified job's manifest.
ObjectArn (string) --
The Amazon Resource Name (ARN) for a manifest object.
Warning
Replacement must be made for object keys containing special characters (such as carriage returns) when using XML requests. For more information, see XML related object key constraints .
ObjectVersionId (string) --
The optional version ID to identify a specific version of the manifest object.
ETag (string) --
The ETag for the specified manifest object.
Operation (dict) --
The operation that the specified job is configured to run on the objects listed in the manifest.
LambdaInvoke (dict) --
Directs the specified job to invoke an Lambda function on every object in the manifest.
FunctionArn (string) --
The Amazon Resource Name (ARN) for the Lambda function that the specified job will invoke on every object in the manifest.
S3PutObjectCopy (dict) --
Directs the specified job to run a PUT Copy object call on every object in the manifest.
TargetResource (string) --
Specifies the destination bucket ARN for the batch copy operation. For example, to copy objects to a bucket named "destinationBucket", set the TargetResource to "arn:aws:s3:::destinationBucket".
CannedAccessControlList (string) --
AccessControlGrants (list) --
MetadataDirective (string) --
ModifiedSinceConstraint (datetime) --
NewObjectMetadata (dict) --
If you don't provide this parameter, Amazon S3 copies all the metadata from the original objects. If you specify an empty set, the new objects will have no tags. Otherwise, Amazon S3 assigns the supplied tags to the new objects.
NewObjectTagging (list) --
RedirectLocation (string) --
Specifies an optional metadata property for website redirects, x-amz-website-redirect-location . Allows webpage redirects if the object is accessed through a website endpoint.
RequesterPays (boolean) --
StorageClass (string) --
UnModifiedSinceConstraint (datetime) --
SSEAwsKmsKeyId (string) --
TargetKeyPrefix (string) --
Specifies the folder prefix into which you would like the objects to be copied. For example, to copy objects into a folder named Folder1 in the destination bucket, set the TargetKeyPrefix to Folder1 .
ObjectLockLegalHoldStatus (string) --
The legal hold status to be applied to all objects in the Batch Operations job.
ObjectLockMode (string) --
The retention mode to be applied to all objects in the Batch Operations job.
ObjectLockRetainUntilDate (datetime) --
The date when the applied object retention configuration expires on all objects in the Batch Operations job.
BucketKeyEnabled (boolean) --
Specifies whether Amazon S3 should use an S3 Bucket Key for object encryption with server-side encryption using Amazon Web Services KMS (SSE-KMS). Setting this header to true causes Amazon S3 to use an S3 Bucket Key for object encryption with SSE-KMS.
Specifying this header with an object action doesn’t affect bucket-level settings for S3 Bucket Key.
ChecksumAlgorithm (string) --
Indicates the algorithm you want Amazon S3 to use to create the checksum. For more information see Checking object integrity in the Amazon S3 User Guide .
S3PutObjectAcl (dict) --
Directs the specified job to run a PUT Object acl call on every object in the manifest.
S3PutObjectTagging (dict) --
Directs the specified job to run a PUT Object tagging call on every object in the manifest.
S3DeleteObjectTagging (dict) --
Directs the specified job to execute a DELETE Object tagging call on every object in the manifest.
S3InitiateRestoreObject (dict) --
Directs the specified job to initiate restore requests for every archived object in the manifest.
ExpirationInDays (integer) --
This argument specifies how long the S3 Glacier or S3 Glacier Deep Archive object remains available in Amazon S3. S3 Initiate Restore Object jobs that target S3 Glacier and S3 Glacier Deep Archive objects require ExpirationInDays set to 1 or greater.
Conversely, do not set ExpirationInDays when creating S3 Initiate Restore Object jobs that target S3 Intelligent-Tiering Archive Access and Deep Archive Access tier objects. Objects in S3 Intelligent-Tiering archive access tiers are not subject to restore expiry, so specifying ExpirationInDays results in restore request failure.
S3 Batch Operations jobs can operate either on S3 Glacier and S3 Glacier Deep Archive storage class objects or on S3 Intelligent-Tiering Archive Access and Deep Archive Access storage tier objects, but not both types in the same job. If you need to restore objects of both types you must create separate Batch Operations jobs.
GlacierJobTier (string) --
S3 Batch Operations supports STANDARD and BULK retrieval tiers, but not the EXPEDITED retrieval tier.
S3PutObjectLegalHold (dict) --
Contains the configuration for an S3 Object Lock legal hold operation that an S3 Batch Operations job passes every object to the underlying PutObjectLegalHold API. For more information, see Using S3 Object Lock legal hold with S3 Batch Operations in the Amazon S3 User Guide .
LegalHold (dict) --
Contains the Object Lock legal hold status to be applied to all objects in the Batch Operations job.
Status (string) --
The Object Lock legal hold status to be applied to all objects in the Batch Operations job.
S3PutObjectRetention (dict) --
Contains the configuration parameters for the Object Lock retention action for an S3 Batch Operations job. Batch Operations passes every object to the underlying PutObjectRetention API. For more information, see Using S3 Object Lock retention with S3 Batch Operations in the Amazon S3 User Guide .
BypassGovernanceRetention (boolean) --
Indicates if the action should be applied to objects in the Batch Operations job even if they have Object Lock GOVERNANCE type in place.
Retention (dict) --
Contains the Object Lock retention mode to be applied to all objects in the Batch Operations job. For more information, see Using S3 Object Lock retention with S3 Batch Operations in the Amazon S3 User Guide .
RetainUntilDate (datetime) --
The date when the applied Object Lock retention will expire on all objects set by the Batch Operations job.
Mode (string) --
The Object Lock retention mode to be applied to all objects in the Batch Operations job.
S3ReplicateObject (dict) --
Directs the specified job to invoke ReplicateObject on every object in the job's manifest.
Priority (integer) --
The priority of the specified job.
ProgressSummary (dict) --
Describes the total number of tasks that the specified job has run, the number of tasks that succeeded, and the number of tasks that failed.
TotalNumberOfTasks (integer) --
NumberOfTasksSucceeded (integer) --
NumberOfTasksFailed (integer) --
Timers (dict) --
The JobTimers attribute of a job's progress summary.
ElapsedTimeInActiveSeconds (integer) --
Indicates the elapsed time in seconds the job has been in the Active job state.
StatusUpdateReason (string) --
The reason for updating the job.
FailureReasons (list) --
If the specified job failed, this field contains information describing the failure.
(dict) --
If this job failed, this element indicates why the job failed.
FailureCode (string) --
The failure code, if any, for the specified job.
FailureReason (string) --
The failure reason, if any, for the specified job.
Report (dict) --
Contains the configuration information for the job-completion report if you requested one in the Create Job request.
Bucket (string) --
The Amazon Resource Name (ARN) for the bucket where specified job-completion report will be stored.
Format (string) --
The format of the specified job-completion report.
Enabled (boolean) --
Indicates whether the specified job will generate a job-completion report.
Prefix (string) --
An optional prefix to describe where in the specified bucket the job-completion report will be stored. Amazon S3 stores the job-completion report at <prefix>/job-<job-id>/report.json .
ReportScope (string) --
Indicates whether the job-completion report will include details of all tasks or only failed tasks.
CreationTime (datetime) --
A timestamp indicating when this job was created.
TerminationDate (datetime) --
A timestamp indicating when this job terminated. A job's termination date is the date and time when it succeeded, failed, or was canceled.
RoleArn (string) --
The Amazon Resource Name (ARN) for the Identity and Access Management (IAM) role assigned to run the tasks for this job.
SuspendedDate (datetime) --
The timestamp when this job was suspended, if it has been suspended.
SuspendedCause (string) --
The reason why the specified job was suspended. A job is only suspended if you create it through the Amazon S3 console. When you create the job, it enters the Suspended state to await confirmation before running. After you confirm the job, it automatically exits the Suspended state.
ManifestGenerator (dict) --
The manifest generator that was used to generate a job manifest for this job.
Note
This is a Tagged Union structure. Only one of the following top level keys will be set: S3JobManifestGenerator. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:
'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
S3JobManifestGenerator (dict) --
The S3 job ManifestGenerator's configuration details.
ExpectedBucketOwner (string) --
The Amazon Web Services account ID that owns the bucket the generated manifest is written to. If provided the generated manifest bucket's owner Amazon Web Services account ID must match this value, else the job fails.
SourceBucket (string) --
The source bucket used by the ManifestGenerator.
ManifestOutputLocation (dict) --
Specifies the location the generated manifest will be written to.
ExpectedManifestBucketOwner (string) --
The Account ID that owns the bucket the generated manifest is written to.
Bucket (string) --
The bucket ARN the generated manifest should be written to.
ManifestPrefix (string) --
Prefix identifying one or more objects to which the manifest applies.
ManifestEncryption (dict) --
Specifies what encryption should be used when the generated manifest objects are written.
SSES3 (dict) --
Specifies the use of SSE-S3 to encrypt generated manifest objects.
SSEKMS (dict) --
Configuration details on how SSE-KMS is used to encrypt generated manifest objects.
KeyId (string) --
Specifies the ID of the Amazon Web Services Key Management Service (Amazon Web Services KMS) symmetric customer managed key to use for encrypting generated manifest objects.
ManifestFormat (string) --
The format of the generated manifest.
Filter (dict) --
Specifies rules the S3JobManifestGenerator should use to use to decide whether an object in the source bucket should or should not be included in the generated job manifest.
EligibleForReplication (boolean) --
Include objects in the generated manifest only if they are eligible for replication according to the Replication configuration on the source bucket.
CreatedAfter (datetime) --
If provided, the generated manifest should include only source bucket objects that were created after this time.
CreatedBefore (datetime) --
If provided, the generated manifest should include only source bucket objects that were created before this time.
ObjectReplicationStatuses (list) --
If provided, the generated manifest should include only source bucket objects that have one of the specified Replication statuses.
EnableManifestOutput (boolean) --
Determines whether or not to write the job's generated manifest to a bucket.
GeneratedManifestDescriptor (dict) --
The attribute of the JobDescriptor containing details about the job's generated manifest.
Format (string) --
The format of the generated manifest.
Location (dict) --
Contains the information required to locate a manifest object.
ObjectArn (string) --
The Amazon Resource Name (ARN) for a manifest object.
Warning
Replacement must be made for object keys containing special characters (such as carriage returns) when using XML requests. For more information, see XML related object key constraints .
ObjectVersionId (string) --
The optional version ID to identify a specific version of the manifest object.
ETag (string) --
The ETag for the specified manifest object.
Exceptions
Retrieves the status of an asynchronous request to manage a Multi-Region Access Point. For more information about managing Multi-Region Access Points and how asynchronous requests work, see Managing Multi-Region Access Points in the Amazon S3 User Guide .
The following actions are related to GetMultiRegionAccessPoint :
See also: AWS API Documentation
Request Syntax
response = client.describe_multi_region_access_point_operation(
AccountId='string',
RequestTokenARN='string'
)
[REQUIRED]
The Amazon Web Services account ID for the owner of the Multi-Region Access Point.
[REQUIRED]
The request token associated with the request you want to know about. This request token is returned as part of the response when you make an asynchronous request. You provide this token to query about the status of the asynchronous action.
dict
Response Syntax
{
'AsyncOperation': {
'CreationTime': datetime(2015, 1, 1),
'Operation': 'CreateMultiRegionAccessPoint'|'DeleteMultiRegionAccessPoint'|'PutMultiRegionAccessPointPolicy',
'RequestTokenARN': 'string',
'RequestParameters': {
'CreateMultiRegionAccessPointRequest': {
'Name': 'string',
'PublicAccessBlock': {
'BlockPublicAcls': True|False,
'IgnorePublicAcls': True|False,
'BlockPublicPolicy': True|False,
'RestrictPublicBuckets': True|False
},
'Regions': [
{
'Bucket': 'string'
},
]
},
'DeleteMultiRegionAccessPointRequest': {
'Name': 'string'
},
'PutMultiRegionAccessPointPolicyRequest': {
'Name': 'string',
'Policy': 'string'
}
},
'RequestStatus': 'string',
'ResponseDetails': {
'MultiRegionAccessPointDetails': {
'Regions': [
{
'Name': 'string',
'RequestStatus': 'string'
},
]
},
'ErrorDetails': {
'Code': 'string',
'Message': 'string',
'Resource': 'string',
'RequestId': 'string'
}
}
}
}
Response Structure
(dict) --
AsyncOperation (dict) --
A container element containing the details of the asynchronous operation.
CreationTime (datetime) --
The time that the request was sent to the service.
Operation (string) --
The specific operation for the asynchronous request.
RequestTokenARN (string) --
The request token associated with the request.
RequestParameters (dict) --
The parameters associated with the request.
CreateMultiRegionAccessPointRequest (dict) --
A container of the parameters for a CreateMultiRegionAccessPoint request.
Name (string) --
The name of the Multi-Region Access Point associated with this request.
PublicAccessBlock (dict) --
The PublicAccessBlock configuration that you want to apply to this Amazon S3 account. You can enable the configuration options in any combination. For more information about when Amazon S3 considers a bucket or object public, see The Meaning of "Public" in the Amazon S3 User Guide .
This is not supported for Amazon S3 on Outposts.
BlockPublicAcls (boolean) --
Specifies whether Amazon S3 should block public access control lists (ACLs) for buckets in this account. Setting this element to TRUE causes the following behavior:
Enabling this setting doesn't affect existing policies or ACLs.
This is not supported for Amazon S3 on Outposts.
IgnorePublicAcls (boolean) --
Specifies whether Amazon S3 should ignore public ACLs for buckets in this account. Setting this element to TRUE causes Amazon S3 to ignore all public ACLs on buckets in this account and any objects that they contain.
Enabling this setting doesn't affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set.
This is not supported for Amazon S3 on Outposts.
BlockPublicPolicy (boolean) --
Specifies whether Amazon S3 should block public bucket policies for buckets in this account. Setting this element to TRUE causes Amazon S3 to reject calls to PUT Bucket policy if the specified bucket policy allows public access.
Enabling this setting doesn't affect existing bucket policies.
This is not supported for Amazon S3 on Outposts.
RestrictPublicBuckets (boolean) --
Specifies whether Amazon S3 should restrict public bucket policies for buckets in this account. Setting this element to TRUE restricts access to buckets with public policies to only Amazon Web Service principals and authorized users within this account.
Enabling this setting doesn't affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked.
This is not supported for Amazon S3 on Outposts.
Regions (list) --
The buckets in different Regions that are associated with the Multi-Region Access Point.
(dict) --
A Region that supports a Multi-Region Access Point as well as the associated bucket for the Region.
Bucket (string) --
The name of the associated bucket for the Region.
DeleteMultiRegionAccessPointRequest (dict) --
A container of the parameters for a DeleteMultiRegionAccessPoint request.
Name (string) --
The name of the Multi-Region Access Point associated with this request.
PutMultiRegionAccessPointPolicyRequest (dict) --
A container of the parameters for a PutMultiRegionAccessPoint request.
Name (string) --
The name of the Multi-Region Access Point associated with the request.
Policy (string) --
The policy details for the PutMultiRegionAccessPoint request.
RequestStatus (string) --
The current status of the request.
ResponseDetails (dict) --
The details of the response.
MultiRegionAccessPointDetails (dict) --
The details for the Multi-Region Access Point.
Regions (list) --
A collection of status information for the different Regions that a Multi-Region Access Point supports.
(dict) --
Status information for a single Multi-Region Access Point Region.
Name (string) --
The name of the Region in the Multi-Region Access Point.
RequestStatus (string) --
The current status of the Multi-Region Access Point in this Region.
ErrorDetails (dict) --
Error details for an asynchronous request.
Code (string) --
A string that uniquely identifies the error condition.
Message (string) --
A generic descritpion of the error condition in English.
Resource (string) --
The identifier of the resource associated with the error.
RequestId (string) --
The ID of the request associated with the error.
Returns configuration information about the specified access point.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request and an S3 on Outposts endpoint hostname prefix instead of s3-control . For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived using the access point ARN, see the Examples section.
The following actions are related to GetAccessPoint :
See also: AWS API Documentation
Request Syntax
response = client.get_access_point(
AccountId='string',
Name='string'
)
[REQUIRED]
The account ID for the account that owns the specified access point.
[REQUIRED]
The name of the access point whose configuration information you want to retrieve.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the access point accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/accesspoint/<my-accesspoint-name> . For example, to access the access point reports-ap through outpost my-outpost owned by account 123456789012 in Region us-west-2 , use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/accesspoint/reports-ap . The value must be URL encoded.
dict
Response Syntax
{
'Name': 'string',
'Bucket': 'string',
'NetworkOrigin': 'Internet'|'VPC',
'VpcConfiguration': {
'VpcId': 'string'
},
'PublicAccessBlockConfiguration': {
'BlockPublicAcls': True|False,
'IgnorePublicAcls': True|False,
'BlockPublicPolicy': True|False,
'RestrictPublicBuckets': True|False
},
'CreationDate': datetime(2015, 1, 1),
'Alias': 'string',
'AccessPointArn': 'string',
'Endpoints': {
'string': 'string'
}
}
Response Structure
(dict) --
Name (string) --
The name of the specified access point.
Bucket (string) --
The name of the bucket associated with the specified access point.
NetworkOrigin (string) --
Indicates whether this access point allows access from the public internet. If VpcConfiguration is specified for this access point, then NetworkOrigin is VPC , and the access point doesn't allow access from the public internet. Otherwise, NetworkOrigin is Internet , and the access point allows access from the public internet, subject to the access point and bucket access policies.
This will always be true for an Amazon S3 on Outposts access point
VpcConfiguration (dict) --
Contains the virtual private cloud (VPC) configuration for the specified access point.
Note
This element is empty if this access point is an Amazon S3 on Outposts access point that is used by other Amazon Web Services.
VpcId (string) --
If this field is specified, this access point will only allow connections from the specified VPC ID.
PublicAccessBlockConfiguration (dict) --
The PublicAccessBlock configuration that you want to apply to this Amazon S3 account. You can enable the configuration options in any combination. For more information about when Amazon S3 considers a bucket or object public, see The Meaning of "Public" in the Amazon S3 User Guide .
This is not supported for Amazon S3 on Outposts.
BlockPublicAcls (boolean) --
Specifies whether Amazon S3 should block public access control lists (ACLs) for buckets in this account. Setting this element to TRUE causes the following behavior:
Enabling this setting doesn't affect existing policies or ACLs.
This is not supported for Amazon S3 on Outposts.
IgnorePublicAcls (boolean) --
Specifies whether Amazon S3 should ignore public ACLs for buckets in this account. Setting this element to TRUE causes Amazon S3 to ignore all public ACLs on buckets in this account and any objects that they contain.
Enabling this setting doesn't affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set.
This is not supported for Amazon S3 on Outposts.
BlockPublicPolicy (boolean) --
Specifies whether Amazon S3 should block public bucket policies for buckets in this account. Setting this element to TRUE causes Amazon S3 to reject calls to PUT Bucket policy if the specified bucket policy allows public access.
Enabling this setting doesn't affect existing bucket policies.
This is not supported for Amazon S3 on Outposts.
RestrictPublicBuckets (boolean) --
Specifies whether Amazon S3 should restrict public bucket policies for buckets in this account. Setting this element to TRUE restricts access to buckets with public policies to only Amazon Web Service principals and authorized users within this account.
Enabling this setting doesn't affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked.
This is not supported for Amazon S3 on Outposts.
CreationDate (datetime) --
The date and time when the specified access point was created.
Alias (string) --
The name or alias of the access point.
AccessPointArn (string) --
The ARN of the access point.
Endpoints (dict) --
The VPC endpoint for the access point.
Returns configuration for an Object Lambda Access Point.
The following actions are related to GetAccessPointConfigurationForObjectLambda :
See also: AWS API Documentation
Request Syntax
response = client.get_access_point_configuration_for_object_lambda(
AccountId='string',
Name='string'
)
[REQUIRED]
The account ID for the account that owns the specified Object Lambda Access Point.
[REQUIRED]
The name of the Object Lambda Access Point you want to return the configuration for.
dict
Response Syntax
{
'Configuration': {
'SupportingAccessPoint': 'string',
'CloudWatchMetricsEnabled': True|False,
'AllowedFeatures': [
'GetObject-Range'|'GetObject-PartNumber',
],
'TransformationConfigurations': [
{
'Actions': [
'GetObject',
],
'ContentTransformation': {
'AwsLambda': {
'FunctionArn': 'string',
'FunctionPayload': 'string'
}
}
},
]
}
}
Response Structure
(dict) --
Configuration (dict) --
Object Lambda Access Point configuration document.
SupportingAccessPoint (string) --
Standard access point associated with the Object Lambda Access Point.
CloudWatchMetricsEnabled (boolean) --
A container for whether the CloudWatch metrics configuration is enabled.
AllowedFeatures (list) --
A container for allowed features. Valid inputs are GetObject-Range and GetObject-PartNumber .
TransformationConfigurations (list) --
A container for transformation configurations for an Object Lambda Access Point.
(dict) --
A configuration used when creating an Object Lambda Access Point transformation.
Actions (list) --
A container for the action of an Object Lambda Access Point configuration. Valid input is GetObject .
ContentTransformation (dict) --
A container for the content transformation of an Object Lambda Access Point configuration.
Note
This is a Tagged Union structure. Only one of the following top level keys will be set: AwsLambda. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:
'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
AwsLambda (dict) --
A container for an Lambda function.
FunctionArn (string) --
The Amazon Resource Name (ARN) of the Lambda function.
FunctionPayload (string) --
Additional JSON that provides supplemental data to the Lambda function used to transform objects.
Returns configuration information about the specified Object Lambda Access Point
The following actions are related to GetAccessPointForObjectLambda :
See also: AWS API Documentation
Request Syntax
response = client.get_access_point_for_object_lambda(
AccountId='string',
Name='string'
)
[REQUIRED]
The account ID for the account that owns the specified Object Lambda Access Point.
[REQUIRED]
The name of the Object Lambda Access Point.
dict
Response Syntax
{
'Name': 'string',
'PublicAccessBlockConfiguration': {
'BlockPublicAcls': True|False,
'IgnorePublicAcls': True|False,
'BlockPublicPolicy': True|False,
'RestrictPublicBuckets': True|False
},
'CreationDate': datetime(2015, 1, 1)
}
Response Structure
(dict) --
Name (string) --
The name of the Object Lambda Access Point.
PublicAccessBlockConfiguration (dict) --
Configuration to block all public access. This setting is turned on and can not be edited.
BlockPublicAcls (boolean) --
Specifies whether Amazon S3 should block public access control lists (ACLs) for buckets in this account. Setting this element to TRUE causes the following behavior:
Enabling this setting doesn't affect existing policies or ACLs.
This is not supported for Amazon S3 on Outposts.
IgnorePublicAcls (boolean) --
Specifies whether Amazon S3 should ignore public ACLs for buckets in this account. Setting this element to TRUE causes Amazon S3 to ignore all public ACLs on buckets in this account and any objects that they contain.
Enabling this setting doesn't affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set.
This is not supported for Amazon S3 on Outposts.
BlockPublicPolicy (boolean) --
Specifies whether Amazon S3 should block public bucket policies for buckets in this account. Setting this element to TRUE causes Amazon S3 to reject calls to PUT Bucket policy if the specified bucket policy allows public access.
Enabling this setting doesn't affect existing bucket policies.
This is not supported for Amazon S3 on Outposts.
RestrictPublicBuckets (boolean) --
Specifies whether Amazon S3 should restrict public bucket policies for buckets in this account. Setting this element to TRUE restricts access to buckets with public policies to only Amazon Web Service principals and authorized users within this account.
Enabling this setting doesn't affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked.
This is not supported for Amazon S3 on Outposts.
CreationDate (datetime) --
The date and time when the specified Object Lambda Access Point was created.
Returns the access point policy associated with the specified access point.
The following actions are related to GetAccessPointPolicy :
See also: AWS API Documentation
Request Syntax
response = client.get_access_point_policy(
AccountId='string',
Name='string'
)
[REQUIRED]
The account ID for the account that owns the specified access point.
[REQUIRED]
The name of the access point whose policy you want to retrieve.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the access point accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/accesspoint/<my-accesspoint-name> . For example, to access the access point reports-ap through outpost my-outpost owned by account 123456789012 in Region us-west-2 , use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/accesspoint/reports-ap . The value must be URL encoded.
dict
Response Syntax
{
'Policy': 'string'
}
Response Structure
(dict) --
Policy (string) --
The access point policy associated with the specified access point.
Returns the resource policy for an Object Lambda Access Point.
The following actions are related to GetAccessPointPolicyForObjectLambda :
See also: AWS API Documentation
Request Syntax
response = client.get_access_point_policy_for_object_lambda(
AccountId='string',
Name='string'
)
[REQUIRED]
The account ID for the account that owns the specified Object Lambda Access Point.
[REQUIRED]
The name of the Object Lambda Access Point.
dict
Response Syntax
{
'Policy': 'string'
}
Response Structure
(dict) --
Policy (string) --
Object Lambda Access Point resource policy document.
Indicates whether the specified access point currently has a policy that allows public access. For more information about public access through access points, see Managing Data Access with Amazon S3 access points in the Amazon S3 User Guide .
See also: AWS API Documentation
Request Syntax
response = client.get_access_point_policy_status(
AccountId='string',
Name='string'
)
[REQUIRED]
The account ID for the account that owns the specified access point.
[REQUIRED]
The name of the access point whose policy status you want to retrieve.
dict
Response Syntax
{
'PolicyStatus': {
'IsPublic': True|False
}
}
Response Structure
(dict) --
PolicyStatus (dict) --
Indicates the current policy status of the specified access point.
Returns the status of the resource policy associated with an Object Lambda Access Point.
See also: AWS API Documentation
Request Syntax
response = client.get_access_point_policy_status_for_object_lambda(
AccountId='string',
Name='string'
)
[REQUIRED]
The account ID for the account that owns the specified Object Lambda Access Point.
[REQUIRED]
The name of the Object Lambda Access Point.
dict
Response Syntax
{
'PolicyStatus': {
'IsPublic': True|False
}
}
Response Structure
(dict) --
PolicyStatus (dict) --
Indicates whether this access point policy is public. For more information about how Amazon S3 evaluates policies to determine whether they are public, see The Meaning of "Public" in the Amazon S3 User Guide .
Gets an Amazon S3 on Outposts bucket. For more information, see Using Amazon S3 on Outposts in the Amazon S3 User Guide .
If you are using an identity other than the root user of the Amazon Web Services account that owns the Outposts bucket, the calling identity must have the s3-outposts:GetBucket permissions on the specified Outposts bucket and belong to the Outposts bucket owner's account in order to use this action. Only users from Outposts bucket owner account with the right permissions can perform actions on an Outposts bucket.
If you don't have s3-outposts:GetBucket permissions or you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 403 Access Denied error.
The following actions are related to GetBucket for Amazon S3 on Outposts:
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request and an S3 on Outposts endpoint hostname prefix instead of s3-control . For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived using the access point ARN, see the Examples section.
See also: AWS API Documentation
Request Syntax
response = client.get_bucket(
AccountId='string',
Bucket='string'
)
[REQUIRED]
The Amazon Web Services account ID of the Outposts bucket.
[REQUIRED]
Specifies the bucket.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name> . For example, to access the bucket reports through outpost my-outpost owned by account 123456789012 in Region us-west-2 , use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports . The value must be URL encoded.
dict
Response Syntax
{
'Bucket': 'string',
'PublicAccessBlockEnabled': True|False,
'CreationDate': datetime(2015, 1, 1)
}
Response Structure
(dict) --
Bucket (string) --
The Outposts bucket requested.
PublicAccessBlockEnabled (boolean) --
CreationDate (datetime) --
The creation date of the Outposts bucket.
Note
This action gets an Amazon S3 on Outposts bucket's lifecycle configuration. To get an S3 bucket's lifecycle configuration, see GetBucketLifecycleConfiguration in the Amazon S3 API Reference .
Returns the lifecycle configuration information set on the Outposts bucket. For more information, see Using Amazon S3 on Outposts and for information about lifecycle configuration, see Object Lifecycle Management in Amazon S3 User Guide .
To use this action, you must have permission to perform the s3-outposts:GetLifecycleConfiguration action. The Outposts bucket owner has this permission, by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources .
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request and an S3 on Outposts endpoint hostname prefix instead of s3-control . For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived using the access point ARN, see the Examples section.
GetBucketLifecycleConfiguration has the following special error:
The following actions are related to GetBucketLifecycleConfiguration :
See also: AWS API Documentation
Request Syntax
response = client.get_bucket_lifecycle_configuration(
AccountId='string',
Bucket='string'
)
[REQUIRED]
The Amazon Web Services account ID of the Outposts bucket.
[REQUIRED]
The Amazon Resource Name (ARN) of the bucket.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name> . For example, to access the bucket reports through outpost my-outpost owned by account 123456789012 in Region us-west-2 , use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports . The value must be URL encoded.
dict
Response Syntax
{
'Rules': [
{
'Expiration': {
'Date': datetime(2015, 1, 1),
'Days': 123,
'ExpiredObjectDeleteMarker': True|False
},
'ID': 'string',
'Filter': {
'Prefix': 'string',
'Tag': {
'Key': 'string',
'Value': 'string'
},
'And': {
'Prefix': 'string',
'Tags': [
{
'Key': 'string',
'Value': 'string'
},
]
}
},
'Status': 'Enabled'|'Disabled',
'Transitions': [
{
'Date': datetime(2015, 1, 1),
'Days': 123,
'StorageClass': 'GLACIER'|'STANDARD_IA'|'ONEZONE_IA'|'INTELLIGENT_TIERING'|'DEEP_ARCHIVE'
},
],
'NoncurrentVersionTransitions': [
{
'NoncurrentDays': 123,
'StorageClass': 'GLACIER'|'STANDARD_IA'|'ONEZONE_IA'|'INTELLIGENT_TIERING'|'DEEP_ARCHIVE'
},
],
'NoncurrentVersionExpiration': {
'NoncurrentDays': 123
},
'AbortIncompleteMultipartUpload': {
'DaysAfterInitiation': 123
}
},
]
}
Response Structure
(dict) --
Rules (list) --
Container for the lifecycle rule of the Outposts bucket.
(dict) --
The container for the Outposts bucket lifecycle rule.
Expiration (dict) --
Specifies the expiration for the lifecycle of the object in the form of date, days and, whether the object has a delete marker.
Date (datetime) --
Indicates at what date the object is to be deleted. Should be in GMT ISO 8601 format.
Days (integer) --
Indicates the lifetime, in days, of the objects that are subject to the rule. The value must be a non-zero positive integer.
ExpiredObjectDeleteMarker (boolean) --
Indicates whether Amazon S3 will remove a delete marker with no noncurrent versions. If set to true, the delete marker will be expired. If set to false, the policy takes no action. This cannot be specified with Days or Date in a Lifecycle Expiration Policy.
ID (string) --
Unique identifier for the rule. The value cannot be longer than 255 characters.
Filter (dict) --
The container for the filter of lifecycle rule.
Prefix (string) --
Prefix identifying one or more objects to which the rule applies.
Warning
Replacement must be made for object keys containing special characters (such as carriage returns) when using XML requests. For more information, see XML related object key constraints .
Tag (dict) --
And (dict) --
The container for the AND condition for the lifecycle rule.
Prefix (string) --
Prefix identifying one or more objects to which the rule applies.
Tags (list) --
All of these tags must exist in the object's tag set in order for the rule to apply.
Status (string) --
If 'Enabled', the rule is currently being applied. If 'Disabled', the rule is not currently being applied.
Transitions (list) --
Specifies when an Amazon S3 object transitions to a specified storage class.
Note
This is not supported by Amazon S3 on Outposts buckets.
(dict) --
Specifies when an object transitions to a specified storage class. For more information about Amazon S3 Lifecycle configuration rules, see Transitioning objects using Amazon S3 Lifecycle in the Amazon S3 User Guide .
Date (datetime) --
Indicates when objects are transitioned to the specified storage class. The date value must be in ISO 8601 format. The time is always midnight UTC.
Days (integer) --
Indicates the number of days after creation when objects are transitioned to the specified storage class. The value must be a positive integer.
StorageClass (string) --
The storage class to which you want the object to transition.
NoncurrentVersionTransitions (list) --
Specifies the transition rule for the lifecycle rule that describes when noncurrent objects transition to a specific storage class. If your bucket is versioning-enabled (or versioning is suspended), you can set this action to request that Amazon S3 transition noncurrent object versions to a specific storage class at a set period in the object's lifetime.
Note
This is not supported by Amazon S3 on Outposts buckets.
(dict) --
The container for the noncurrent version transition.
NoncurrentDays (integer) --
Specifies the number of days an object is noncurrent before Amazon S3 can perform the associated action. For information about the noncurrent days calculations, see How Amazon S3 Calculates How Long an Object Has Been Noncurrent in the Amazon S3 User Guide .
StorageClass (string) --
The class of storage used to store the object.
NoncurrentVersionExpiration (dict) --
The noncurrent version expiration of the lifecycle rule.
Note
This is not supported by Amazon S3 on Outposts buckets.
NoncurrentDays (integer) --
Specifies the number of days an object is noncurrent before Amazon S3 can perform the associated action. For information about the noncurrent days calculations, see How Amazon S3 Calculates When an Object Became Noncurrent in the Amazon S3 User Guide .
AbortIncompleteMultipartUpload (dict) --
Specifies the days since the initiation of an incomplete multipart upload that Amazon S3 waits before permanently removing all parts of the upload. For more information, see Aborting Incomplete Multipart Uploads Using a Bucket Lifecycle Policy in the Amazon S3 User Guide .
DaysAfterInitiation (integer) --
Specifies the number of days after which Amazon S3 aborts an incomplete multipart upload to the Outposts bucket.
Note
This action gets a bucket policy for an Amazon S3 on Outposts bucket. To get a policy for an S3 bucket, see GetBucketPolicy in the Amazon S3 API Reference .
Returns the policy of a specified Outposts bucket. For more information, see Using Amazon S3 on Outposts in the Amazon S3 User Guide .
If you are using an identity other than the root user of the Amazon Web Services account that owns the bucket, the calling identity must have the GetBucketPolicy permissions on the specified bucket and belong to the bucket owner's account in order to use this action.
Only users from Outposts bucket owner account with the right permissions can perform actions on an Outposts bucket. If you don't have s3-outposts:GetBucketPolicy permissions or you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 403 Access Denied error.
Warning
As a security precaution, the root user of the Amazon Web Services account that owns a bucket can always use this action, even if the policy explicitly denies the root user the ability to perform this action.
For more information about bucket policies, see Using Bucket Policies and User Policies .
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request and an S3 on Outposts endpoint hostname prefix instead of s3-control . For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived using the access point ARN, see the Examples section.
The following actions are related to GetBucketPolicy :
See also: AWS API Documentation
Request Syntax
response = client.get_bucket_policy(
AccountId='string',
Bucket='string'
)
[REQUIRED]
The Amazon Web Services account ID of the Outposts bucket.
[REQUIRED]
Specifies the bucket.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name> . For example, to access the bucket reports through outpost my-outpost owned by account 123456789012 in Region us-west-2 , use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports . The value must be URL encoded.
dict
Response Syntax
{
'Policy': 'string'
}
Response Structure
(dict) --
Policy (string) --
The policy of the Outposts bucket.
Note
This action gets an Amazon S3 on Outposts bucket's tags. To get an S3 bucket tags, see GetBucketTagging in the Amazon S3 API Reference .
Returns the tag set associated with the Outposts bucket. For more information, see Using Amazon S3 on Outposts in the Amazon S3 User Guide .
To use this action, you must have permission to perform the GetBucketTagging action. By default, the bucket owner has this permission and can grant this permission to others.
GetBucketTagging has the following special error:
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request and an S3 on Outposts endpoint hostname prefix instead of s3-control . For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived using the access point ARN, see the Examples section.
The following actions are related to GetBucketTagging :
See also: AWS API Documentation
Request Syntax
response = client.get_bucket_tagging(
AccountId='string',
Bucket='string'
)
[REQUIRED]
The Amazon Web Services account ID of the Outposts bucket.
[REQUIRED]
Specifies the bucket.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name> . For example, to access the bucket reports through outpost my-outpost owned by account 123456789012 in Region us-west-2 , use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports . The value must be URL encoded.
dict
Response Syntax
{
'TagSet': [
{
'Key': 'string',
'Value': 'string'
},
]
}
Response Structure
(dict) --
TagSet (list) --
The tags set of the Outposts bucket.
Returns the tags on an S3 Batch Operations job. To use this operation, you must have permission to perform the s3:GetJobTagging action. For more information, see Controlling access and labeling jobs using tags in the Amazon S3 User Guide .
Related actions include:
See also: AWS API Documentation
Request Syntax
response = client.get_job_tagging(
AccountId='string',
JobId='string'
)
[REQUIRED]
The Amazon Web Services account ID associated with the S3 Batch Operations job.
[REQUIRED]
The ID for the S3 Batch Operations job whose tags you want to retrieve.
dict
Response Syntax
{
'Tags': [
{
'Key': 'string',
'Value': 'string'
},
]
}
Response Structure
(dict) --
Tags (list) --
The set of tags associated with the S3 Batch Operations job.
Exceptions
Returns configuration information about the specified Multi-Region Access Point.
This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around managing Multi-Region Access Points, see Managing Multi-Region Access Points in the Amazon S3 User Guide .
The following actions are related to GetMultiRegionAccessPoint :
See also: AWS API Documentation
Request Syntax
response = client.get_multi_region_access_point(
AccountId='string',
Name='string'
)
[REQUIRED]
The Amazon Web Services account ID for the owner of the Multi-Region Access Point.
[REQUIRED]
The name of the Multi-Region Access Point whose configuration information you want to receive. The name of the Multi-Region Access Point is different from the alias. For more information about the distinction between the name and the alias of an Multi-Region Access Point, see Managing Multi-Region Access Points in the Amazon S3 User Guide .
dict
Response Syntax
{
'AccessPoint': {
'Name': 'string',
'Alias': 'string',
'CreatedAt': datetime(2015, 1, 1),
'PublicAccessBlock': {
'BlockPublicAcls': True|False,
'IgnorePublicAcls': True|False,
'BlockPublicPolicy': True|False,
'RestrictPublicBuckets': True|False
},
'Status': 'READY'|'INCONSISTENT_ACROSS_REGIONS'|'CREATING'|'PARTIALLY_CREATED'|'PARTIALLY_DELETED'|'DELETING',
'Regions': [
{
'Bucket': 'string',
'Region': 'string'
},
]
}
}
Response Structure
(dict) --
AccessPoint (dict) --
A container element containing the details of the requested Multi-Region Access Point.
Name (string) --
The name of the Multi-Region Access Point.
Alias (string) --
The alias for the Multi-Region Access Point. For more information about the distinction between the name and the alias of an Multi-Region Access Point, see Managing Multi-Region Access Points .
CreatedAt (datetime) --
When the Multi-Region Access Point create request was received.
PublicAccessBlock (dict) --
The PublicAccessBlock configuration that you want to apply to this Amazon S3 account. You can enable the configuration options in any combination. For more information about when Amazon S3 considers a bucket or object public, see The Meaning of "Public" in the Amazon S3 User Guide .
This is not supported for Amazon S3 on Outposts.
BlockPublicAcls (boolean) --
Specifies whether Amazon S3 should block public access control lists (ACLs) for buckets in this account. Setting this element to TRUE causes the following behavior:
Enabling this setting doesn't affect existing policies or ACLs.
This is not supported for Amazon S3 on Outposts.
IgnorePublicAcls (boolean) --
Specifies whether Amazon S3 should ignore public ACLs for buckets in this account. Setting this element to TRUE causes Amazon S3 to ignore all public ACLs on buckets in this account and any objects that they contain.
Enabling this setting doesn't affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set.
This is not supported for Amazon S3 on Outposts.
BlockPublicPolicy (boolean) --
Specifies whether Amazon S3 should block public bucket policies for buckets in this account. Setting this element to TRUE causes Amazon S3 to reject calls to PUT Bucket policy if the specified bucket policy allows public access.
Enabling this setting doesn't affect existing bucket policies.
This is not supported for Amazon S3 on Outposts.
RestrictPublicBuckets (boolean) --
Specifies whether Amazon S3 should restrict public bucket policies for buckets in this account. Setting this element to TRUE restricts access to buckets with public policies to only Amazon Web Service principals and authorized users within this account.
Enabling this setting doesn't affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked.
This is not supported for Amazon S3 on Outposts.
Status (string) --
The current status of the Multi-Region Access Point.
CREATING and DELETING are temporary states that exist while the request is propogating and being completed. If a Multi-Region Access Point has a status of PARTIALLY_CREATED , you can retry creation or send a request to delete the Multi-Region Access Point. If a Multi-Region Access Point has a status of PARTIALLY_DELETED , you can retry a delete request to finish the deletion of the Multi-Region Access Point.
Regions (list) --
A collection of the Regions and buckets associated with the Multi-Region Access Point.
(dict) --
A combination of a bucket and Region that's part of a Multi-Region Access Point.
Bucket (string) --
The name of the bucket.
Region (string) --
The name of the Region.
Returns the access control policy of the specified Multi-Region Access Point.
This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around managing Multi-Region Access Points, see Managing Multi-Region Access Points in the Amazon S3 User Guide .
The following actions are related to GetMultiRegionAccessPointPolicy :
See also: AWS API Documentation
Request Syntax
response = client.get_multi_region_access_point_policy(
AccountId='string',
Name='string'
)
[REQUIRED]
The Amazon Web Services account ID for the owner of the Multi-Region Access Point.
[REQUIRED]
Specifies the Multi-Region Access Point. The name of the Multi-Region Access Point is different from the alias. For more information about the distinction between the name and the alias of an Multi-Region Access Point, see Managing Multi-Region Access Points in the Amazon S3 User Guide .
dict
Response Syntax
{
'Policy': {
'Established': {
'Policy': 'string'
},
'Proposed': {
'Policy': 'string'
}
}
}
Response Structure
(dict) --
Policy (dict) --
The policy associated with the specified Multi-Region Access Point.
Established (dict) --
The last established policy for the Multi-Region Access Point.
Policy (string) --
The details of the last established policy.
Proposed (dict) --
The proposed policy for the Multi-Region Access Point.
Policy (string) --
The details of the proposed policy.
Indicates whether the specified Multi-Region Access Point has an access control policy that allows public access.
This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around managing Multi-Region Access Points, see Managing Multi-Region Access Points in the Amazon S3 User Guide .
The following actions are related to GetMultiRegionAccessPointPolicyStatus :
See also: AWS API Documentation
Request Syntax
response = client.get_multi_region_access_point_policy_status(
AccountId='string',
Name='string'
)
[REQUIRED]
The Amazon Web Services account ID for the owner of the Multi-Region Access Point.
[REQUIRED]
Specifies the Multi-Region Access Point. The name of the Multi-Region Access Point is different from the alias. For more information about the distinction between the name and the alias of an Multi-Region Access Point, see Managing Multi-Region Access Points in the Amazon S3 User Guide .
dict
Response Syntax
{
'Established': {
'IsPublic': True|False
}
}
Response Structure
(dict) --
Established (dict) --
Indicates whether this access point policy is public. For more information about how Amazon S3 evaluates policies to determine whether they are public, see The Meaning of "Public" in the Amazon S3 User Guide .
Create a paginator for an operation.
Retrieves the PublicAccessBlock configuration for an Amazon Web Services account. For more information, see Using Amazon S3 block public access .
Related actions include:
See also: AWS API Documentation
Request Syntax
response = client.get_public_access_block(
AccountId='string'
)
[REQUIRED]
The account ID for the Amazon Web Services account whose PublicAccessBlock configuration you want to retrieve.
{
'PublicAccessBlockConfiguration': {
'BlockPublicAcls': True|False,
'IgnorePublicAcls': True|False,
'BlockPublicPolicy': True|False,
'RestrictPublicBuckets': True|False
}
}
Response Structure
The PublicAccessBlock configuration currently in effect for this Amazon Web Services account.
Specifies whether Amazon S3 should block public access control lists (ACLs) for buckets in this account. Setting this element to TRUE causes the following behavior:
Enabling this setting doesn't affect existing policies or ACLs.
This is not supported for Amazon S3 on Outposts.
Specifies whether Amazon S3 should ignore public ACLs for buckets in this account. Setting this element to TRUE causes Amazon S3 to ignore all public ACLs on buckets in this account and any objects that they contain.
Enabling this setting doesn't affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set.
This is not supported for Amazon S3 on Outposts.
Specifies whether Amazon S3 should block public bucket policies for buckets in this account. Setting this element to TRUE causes Amazon S3 to reject calls to PUT Bucket policy if the specified bucket policy allows public access.
Enabling this setting doesn't affect existing bucket policies.
This is not supported for Amazon S3 on Outposts.
Specifies whether Amazon S3 should restrict public bucket policies for buckets in this account. Setting this element to TRUE restricts access to buckets with public policies to only Amazon Web Service principals and authorized users within this account.
Enabling this setting doesn't affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked.
This is not supported for Amazon S3 on Outposts.
Exceptions
Gets the Amazon S3 Storage Lens configuration. For more information, see Assessing your storage activity and usage with Amazon S3 Storage Lens in the Amazon S3 User Guide .
Note
To use this action, you must have permission to perform the s3:GetStorageLensConfiguration action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon S3 User Guide .
See also: AWS API Documentation
Request Syntax
response = client.get_storage_lens_configuration(
ConfigId='string',
AccountId='string'
)
[REQUIRED]
The ID of the Amazon S3 Storage Lens configuration.
[REQUIRED]
The account ID of the requester.
dict
Response Syntax
{
'StorageLensConfiguration': {
'Id': 'string',
'AccountLevel': {
'ActivityMetrics': {
'IsEnabled': True|False
},
'BucketLevel': {
'ActivityMetrics': {
'IsEnabled': True|False
},
'PrefixLevel': {
'StorageMetrics': {
'IsEnabled': True|False,
'SelectionCriteria': {
'Delimiter': 'string',
'MaxDepth': 123,
'MinStorageBytesPercentage': 123.0
}
}
}
}
},
'Include': {
'Buckets': [
'string',
],
'Regions': [
'string',
]
},
'Exclude': {
'Buckets': [
'string',
],
'Regions': [
'string',
]
},
'DataExport': {
'S3BucketDestination': {
'Format': 'CSV'|'Parquet',
'OutputSchemaVersion': 'V_1',
'AccountId': 'string',
'Arn': 'string',
'Prefix': 'string',
'Encryption': {
'SSES3': {},
'SSEKMS': {
'KeyId': 'string'
}
}
},
'CloudWatchMetrics': {
'IsEnabled': True|False
}
},
'IsEnabled': True|False,
'AwsOrg': {
'Arn': 'string'
},
'StorageLensArn': 'string'
}
}
Response Structure
(dict) --
StorageLensConfiguration (dict) --
The S3 Storage Lens configuration requested.
Id (string) --
A container for the Amazon S3 Storage Lens configuration ID.
AccountLevel (dict) --
A container for all the account-level configurations of your S3 Storage Lens configuration.
ActivityMetrics (dict) --
A container for the S3 Storage Lens activity metrics.
IsEnabled (boolean) --
A container for whether the activity metrics are enabled.
BucketLevel (dict) --
A container for the S3 Storage Lens bucket-level configuration.
ActivityMetrics (dict) --
A container for the bucket-level activity metrics for Amazon S3 Storage Lens
IsEnabled (boolean) --
A container for whether the activity metrics are enabled.
PrefixLevel (dict) --
A container for the bucket-level prefix-level metrics for S3 Storage Lens
StorageMetrics (dict) --
A container for the prefix-level storage metrics for S3 Storage Lens.
IsEnabled (boolean) --
A container for whether prefix-level storage metrics are enabled.
SelectionCriteria (dict) --
Delimiter (string) --
A container for the delimiter of the selection criteria being used.
MaxDepth (integer) --
The max depth of the selection criteria
MinStorageBytesPercentage (float) --
The minimum number of storage bytes percentage whose metrics will be selected.
Note
You must choose a value greater than or equal to 1.0 .
Include (dict) --
A container for what is included in this configuration. This container can only be valid if there is no Exclude container submitted, and it's not empty.
Buckets (list) --
A container for the S3 Storage Lens bucket includes.
Regions (list) --
A container for the S3 Storage Lens Region includes.
Exclude (dict) --
A container for what is excluded in this configuration. This container can only be valid if there is no Include container submitted, and it's not empty.
Buckets (list) --
A container for the S3 Storage Lens bucket excludes.
Regions (list) --
A container for the S3 Storage Lens Region excludes.
DataExport (dict) --
A container to specify the properties of your S3 Storage Lens metrics export including, the destination, schema and format.
S3BucketDestination (dict) --
A container for the bucket where the S3 Storage Lens metrics export will be located.
Note
This bucket must be located in the same Region as the storage lens configuration.
Format (string) --
OutputSchemaVersion (string) --
The schema version of the export file.
AccountId (string) --
The account ID of the owner of the S3 Storage Lens metrics export bucket.
Arn (string) --
The Amazon Resource Name (ARN) of the bucket. This property is read-only and follows the following format: ``arn:aws:s3:us-east-1 :example-account-id :bucket/your-destination-bucket-name ``
Prefix (string) --
The prefix of the destination bucket where the metrics export will be delivered.
Encryption (dict) --
The container for the type encryption of the metrics exports in this bucket.
SSES3 (dict) --
SSEKMS (dict) --
KeyId (string) --
A container for the ARN of the SSE-KMS encryption. This property is read-only and follows the following format: ``arn:aws:kms:us-east-1 :example-account-id :key/example-9a73-4afc-8d29-8f5900cef44e ``
CloudWatchMetrics (dict) --
A container for enabling Amazon CloudWatch publishing for S3 Storage Lens metrics.
IsEnabled (boolean) --
A container that indicates whether CloudWatch publishing for S3 Storage Lens metrics is enabled. A value of true indicates that CloudWatch publishing for S3 Storage Lens metrics is enabled.
IsEnabled (boolean) --
A container for whether the S3 Storage Lens configuration is enabled.
AwsOrg (dict) --
A container for the Amazon Web Services organization for this S3 Storage Lens configuration.
Arn (string) --
A container for the Amazon Resource Name (ARN) of the Amazon Web Services organization. This property is read-only and follows the following format: ``arn:aws:organizations:us-east-1 :example-account-id :organization/o-ex2l495dck ``
StorageLensArn (string) --
The Amazon Resource Name (ARN) of the S3 Storage Lens configuration. This property is read-only and follows the following format: ``arn:aws:s3:us-east-1 :example-account-id :storage-lens/your-dashboard-name ``
Gets the tags of Amazon S3 Storage Lens configuration. For more information about S3 Storage Lens, see Assessing your storage activity and usage with Amazon S3 Storage Lens in the Amazon S3 User Guide .
Note
To use this action, you must have permission to perform the s3:GetStorageLensConfigurationTagging action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon S3 User Guide .
See also: AWS API Documentation
Request Syntax
response = client.get_storage_lens_configuration_tagging(
ConfigId='string',
AccountId='string'
)
[REQUIRED]
The ID of the Amazon S3 Storage Lens configuration.
[REQUIRED]
The account ID of the requester.
dict
Response Syntax
{
'Tags': [
{
'Key': 'string',
'Value': 'string'
},
]
}
Response Structure
(dict) --
Tags (list) --
The tags of S3 Storage Lens configuration requested.
Returns an object that can wait for some condition.
Returns a list of the access points currently associated with the specified bucket. You can retrieve up to 1000 access points per call. If the specified bucket has more than 1,000 access points (or the number specified in maxResults , whichever is less), the response will include a continuation token that you can use to list the additional access points.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request and an S3 on Outposts endpoint hostname prefix instead of s3-control . For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived using the access point ARN, see the Examples section.
The following actions are related to ListAccessPoints :
See also: AWS API Documentation
Request Syntax
response = client.list_access_points(
AccountId='string',
Bucket='string',
NextToken='string',
MaxResults=123
)
[REQUIRED]
The Amazon Web Services account ID for owner of the bucket whose access points you want to list.
The name of the bucket whose associated access points you want to list.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name> . For example, to access the bucket reports through outpost my-outpost owned by account 123456789012 in Region us-west-2 , use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports . The value must be URL encoded.
dict
Response Syntax
{
'AccessPointList': [
{
'Name': 'string',
'NetworkOrigin': 'Internet'|'VPC',
'VpcConfiguration': {
'VpcId': 'string'
},
'Bucket': 'string',
'AccessPointArn': 'string',
'Alias': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
AccessPointList (list) --
Contains identification and configuration information for one or more access points associated with the specified bucket.
(dict) --
An access point used to access a bucket.
Name (string) --
The name of this access point.
NetworkOrigin (string) --
Indicates whether this access point allows access from the public internet. If VpcConfiguration is specified for this access point, then NetworkOrigin is VPC , and the access point doesn't allow access from the public internet. Otherwise, NetworkOrigin is Internet , and the access point allows access from the public internet, subject to the access point and bucket access policies.
VpcConfiguration (dict) --
The virtual private cloud (VPC) configuration for this access point, if one exists.
Note
This element is empty if this access point is an Amazon S3 on Outposts access point that is used by other Amazon Web Services.
VpcId (string) --
If this field is specified, this access point will only allow connections from the specified VPC ID.
Bucket (string) --
The name of the bucket associated with this access point.
AccessPointArn (string) --
The ARN for the access point.
Alias (string) --
The name or alias of the access point.
NextToken (string) --
If the specified bucket has more access points than can be returned in one call to this API, this field contains a continuation token that you can provide in subsequent calls to this API to retrieve additional access points.
Returns some or all (up to 1,000) access points associated with the Object Lambda Access Point per call. If there are more access points than what can be returned in one call, the response will include a continuation token that you can use to list the additional access points.
The following actions are related to ListAccessPointsForObjectLambda :
See also: AWS API Documentation
Request Syntax
response = client.list_access_points_for_object_lambda(
AccountId='string',
NextToken='string',
MaxResults=123
)
[REQUIRED]
The account ID for the account that owns the specified Object Lambda Access Point.
dict
Response Syntax
{
'ObjectLambdaAccessPointList': [
{
'Name': 'string',
'ObjectLambdaAccessPointArn': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
ObjectLambdaAccessPointList (list) --
Returns list of Object Lambda Access Points.
(dict) --
An access point with an attached Lambda function used to access transformed data from an Amazon S3 bucket.
Name (string) --
The name of the Object Lambda Access Point.
ObjectLambdaAccessPointArn (string) --
Specifies the ARN for the Object Lambda Access Point.
NextToken (string) --
If the list has more access points than can be returned in one call to this API, this field contains a continuation token that you can provide in subsequent calls to this API to retrieve additional access points.
Lists current S3 Batch Operations jobs and jobs that have ended within the last 30 days for the Amazon Web Services account making the request. For more information, see S3 Batch Operations in the Amazon S3 User Guide .
Related actions include:
See also: AWS API Documentation
Request Syntax
response = client.list_jobs(
AccountId='string',
JobStatuses=[
'Active'|'Cancelled'|'Cancelling'|'Complete'|'Completing'|'Failed'|'Failing'|'New'|'Paused'|'Pausing'|'Preparing'|'Ready'|'Suspended',
],
NextToken='string',
MaxResults=123
)
[REQUIRED]
The Amazon Web Services account ID associated with the S3 Batch Operations job.
The List Jobs request returns jobs that match the statuses listed in this element.
dict
Response Syntax
{
'NextToken': 'string',
'Jobs': [
{
'JobId': 'string',
'Description': 'string',
'Operation': 'LambdaInvoke'|'S3PutObjectCopy'|'S3PutObjectAcl'|'S3PutObjectTagging'|'S3DeleteObjectTagging'|'S3InitiateRestoreObject'|'S3PutObjectLegalHold'|'S3PutObjectRetention'|'S3ReplicateObject',
'Priority': 123,
'Status': 'Active'|'Cancelled'|'Cancelling'|'Complete'|'Completing'|'Failed'|'Failing'|'New'|'Paused'|'Pausing'|'Preparing'|'Ready'|'Suspended',
'CreationTime': datetime(2015, 1, 1),
'TerminationDate': datetime(2015, 1, 1),
'ProgressSummary': {
'TotalNumberOfTasks': 123,
'NumberOfTasksSucceeded': 123,
'NumberOfTasksFailed': 123,
'Timers': {
'ElapsedTimeInActiveSeconds': 123
}
}
},
]
}
Response Structure
(dict) --
NextToken (string) --
If the List Jobs request produced more than the maximum number of results, you can pass this value into a subsequent List Jobs request in order to retrieve the next page of results.
Jobs (list) --
The list of current jobs and jobs that have ended within the last 30 days.
(dict) --
Contains the configuration and status information for a single job retrieved as part of a job list.
JobId (string) --
The ID for the specified job.
Description (string) --
The user-specified description that was included in the specified job's Create Job request.
Operation (string) --
The operation that the specified job is configured to run on every object listed in the manifest.
Priority (integer) --
The current priority for the specified job.
Status (string) --
The specified job's current status.
CreationTime (datetime) --
A timestamp indicating when the specified job was created.
TerminationDate (datetime) --
A timestamp indicating when the specified job terminated. A job's termination date is the date and time when it succeeded, failed, or was canceled.
ProgressSummary (dict) --
Describes the total number of tasks that the specified job has run, the number of tasks that succeeded, and the number of tasks that failed.
TotalNumberOfTasks (integer) --
NumberOfTasksSucceeded (integer) --
NumberOfTasksFailed (integer) --
Timers (dict) --
The JobTimers attribute of a job's progress summary.
ElapsedTimeInActiveSeconds (integer) --
Indicates the elapsed time in seconds the job has been in the Active job state.
Exceptions
Returns a list of the Multi-Region Access Points currently associated with the specified Amazon Web Services account. Each call can return up to 100 Multi-Region Access Points, the maximum number of Multi-Region Access Points that can be associated with a single account.
This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around managing Multi-Region Access Points, see Managing Multi-Region Access Points in the Amazon S3 User Guide .
The following actions are related to ListMultiRegionAccessPoint :
See also: AWS API Documentation
Request Syntax
response = client.list_multi_region_access_points(
AccountId='string',
NextToken='string',
MaxResults=123
)
[REQUIRED]
The Amazon Web Services account ID for the owner of the Multi-Region Access Point.
dict
Response Syntax
{
'AccessPoints': [
{
'Name': 'string',
'Alias': 'string',
'CreatedAt': datetime(2015, 1, 1),
'PublicAccessBlock': {
'BlockPublicAcls': True|False,
'IgnorePublicAcls': True|False,
'BlockPublicPolicy': True|False,
'RestrictPublicBuckets': True|False
},
'Status': 'READY'|'INCONSISTENT_ACROSS_REGIONS'|'CREATING'|'PARTIALLY_CREATED'|'PARTIALLY_DELETED'|'DELETING',
'Regions': [
{
'Bucket': 'string',
'Region': 'string'
},
]
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
AccessPoints (list) --
The list of Multi-Region Access Points associated with the user.
(dict) --
A collection of statuses for a Multi-Region Access Point in the various Regions it supports.
Name (string) --
The name of the Multi-Region Access Point.
Alias (string) --
The alias for the Multi-Region Access Point. For more information about the distinction between the name and the alias of an Multi-Region Access Point, see Managing Multi-Region Access Points .
CreatedAt (datetime) --
When the Multi-Region Access Point create request was received.
PublicAccessBlock (dict) --
The PublicAccessBlock configuration that you want to apply to this Amazon S3 account. You can enable the configuration options in any combination. For more information about when Amazon S3 considers a bucket or object public, see The Meaning of "Public" in the Amazon S3 User Guide .
This is not supported for Amazon S3 on Outposts.
BlockPublicAcls (boolean) --
Specifies whether Amazon S3 should block public access control lists (ACLs) for buckets in this account. Setting this element to TRUE causes the following behavior:
Enabling this setting doesn't affect existing policies or ACLs.
This is not supported for Amazon S3 on Outposts.
IgnorePublicAcls (boolean) --
Specifies whether Amazon S3 should ignore public ACLs for buckets in this account. Setting this element to TRUE causes Amazon S3 to ignore all public ACLs on buckets in this account and any objects that they contain.
Enabling this setting doesn't affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set.
This is not supported for Amazon S3 on Outposts.
BlockPublicPolicy (boolean) --
Specifies whether Amazon S3 should block public bucket policies for buckets in this account. Setting this element to TRUE causes Amazon S3 to reject calls to PUT Bucket policy if the specified bucket policy allows public access.
Enabling this setting doesn't affect existing bucket policies.
This is not supported for Amazon S3 on Outposts.
RestrictPublicBuckets (boolean) --
Specifies whether Amazon S3 should restrict public bucket policies for buckets in this account. Setting this element to TRUE restricts access to buckets with public policies to only Amazon Web Service principals and authorized users within this account.
Enabling this setting doesn't affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked.
This is not supported for Amazon S3 on Outposts.
Status (string) --
The current status of the Multi-Region Access Point.
CREATING and DELETING are temporary states that exist while the request is propogating and being completed. If a Multi-Region Access Point has a status of PARTIALLY_CREATED , you can retry creation or send a request to delete the Multi-Region Access Point. If a Multi-Region Access Point has a status of PARTIALLY_DELETED , you can retry a delete request to finish the deletion of the Multi-Region Access Point.
Regions (list) --
A collection of the Regions and buckets associated with the Multi-Region Access Point.
(dict) --
A combination of a bucket and Region that's part of a Multi-Region Access Point.
Bucket (string) --
The name of the bucket.
Region (string) --
The name of the Region.
NextToken (string) --
If the specified bucket has more Multi-Region Access Points than can be returned in one call to this action, this field contains a continuation token. You can use this token tin subsequent calls to this action to retrieve additional Multi-Region Access Points.
Returns a list of all Outposts buckets in an Outpost that are owned by the authenticated sender of the request. For more information, see Using Amazon S3 on Outposts in the Amazon S3 User Guide .
For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and x-amz-outpost-id in your request, see the Examples section.
See also: AWS API Documentation
Request Syntax
response = client.list_regional_buckets(
AccountId='string',
NextToken='string',
MaxResults=123,
OutpostId='string'
)
[REQUIRED]
The Amazon Web Services account ID of the Outposts bucket.
The ID of the Outposts.
Note
This is required by Amazon S3 on Outposts buckets.
dict
Response Syntax
{
'RegionalBucketList': [
{
'Bucket': 'string',
'BucketArn': 'string',
'PublicAccessBlockEnabled': True|False,
'CreationDate': datetime(2015, 1, 1),
'OutpostId': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
RegionalBucketList (list) --
(dict) --
The container for the regional bucket.
Bucket (string) --
BucketArn (string) --
The Amazon Resource Name (ARN) for the regional bucket.
PublicAccessBlockEnabled (boolean) --
CreationDate (datetime) --
The creation date of the regional bucket
OutpostId (string) --
The Outposts ID of the regional bucket.
NextToken (string) --
NextToken is sent when isTruncated is true, which means there are more buckets that can be listed. The next list requests to Amazon S3 can be continued with this NextToken . NextToken is obfuscated and is not a real key.
Gets a list of Amazon S3 Storage Lens configurations. For more information about S3 Storage Lens, see Assessing your storage activity and usage with Amazon S3 Storage Lens in the Amazon S3 User Guide .
Note
To use this action, you must have permission to perform the s3:ListStorageLensConfigurations action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon S3 User Guide .
See also: AWS API Documentation
Request Syntax
response = client.list_storage_lens_configurations(
AccountId='string',
NextToken='string'
)
[REQUIRED]
The account ID of the requester.
dict
Response Syntax
{
'NextToken': 'string',
'StorageLensConfigurationList': [
{
'Id': 'string',
'StorageLensArn': 'string',
'HomeRegion': 'string',
'IsEnabled': True|False
},
]
}
Response Structure
(dict) --
NextToken (string) --
If the request produced more than the maximum number of S3 Storage Lens configuration results, you can pass this value into a subsequent request to retrieve the next page of results.
StorageLensConfigurationList (list) --
A list of S3 Storage Lens configurations.
(dict) --
Part of ListStorageLensConfigurationResult . Each entry includes the description of the S3 Storage Lens configuration, its home Region, whether it is enabled, its Amazon Resource Name (ARN), and config ID.
Id (string) --
A container for the S3 Storage Lens configuration ID.
StorageLensArn (string) --
The ARN of the S3 Storage Lens configuration. This property is read-only.
HomeRegion (string) --
A container for the S3 Storage Lens home Region. Your metrics data is stored and retained in your designated S3 Storage Lens home Region.
IsEnabled (boolean) --
A container for whether the S3 Storage Lens configuration is enabled. This property is required.
Replaces configuration for an Object Lambda Access Point.
The following actions are related to PutAccessPointConfigurationForObjectLambda :
See also: AWS API Documentation
Request Syntax
response = client.put_access_point_configuration_for_object_lambda(
AccountId='string',
Name='string',
Configuration={
'SupportingAccessPoint': 'string',
'CloudWatchMetricsEnabled': True|False,
'AllowedFeatures': [
'GetObject-Range'|'GetObject-PartNumber',
],
'TransformationConfigurations': [
{
'Actions': [
'GetObject',
],
'ContentTransformation': {
'AwsLambda': {
'FunctionArn': 'string',
'FunctionPayload': 'string'
}
}
},
]
}
)
[REQUIRED]
The account ID for the account that owns the specified Object Lambda Access Point.
[REQUIRED]
The name of the Object Lambda Access Point.
[REQUIRED]
Object Lambda Access Point configuration document.
Standard access point associated with the Object Lambda Access Point.
A container for whether the CloudWatch metrics configuration is enabled.
A container for allowed features. Valid inputs are GetObject-Range and GetObject-PartNumber .
A container for transformation configurations for an Object Lambda Access Point.
A configuration used when creating an Object Lambda Access Point transformation.
A container for the action of an Object Lambda Access Point configuration. Valid input is GetObject .
A container for the content transformation of an Object Lambda Access Point configuration.
Note
This is a Tagged Union structure. Only one of the following top level keys can be set: AwsLambda.
A container for an Lambda function.
The Amazon Resource Name (ARN) of the Lambda function.
Additional JSON that provides supplemental data to the Lambda function used to transform objects.
None
Associates an access policy with the specified access point. Each access point can have only one policy, so a request made to this API replaces any existing policy associated with the specified access point.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request and an S3 on Outposts endpoint hostname prefix instead of s3-control . For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived using the access point ARN, see the Examples section.
The following actions are related to PutAccessPointPolicy :
See also: AWS API Documentation
Request Syntax
response = client.put_access_point_policy(
AccountId='string',
Name='string',
Policy='string'
)
[REQUIRED]
The Amazon Web Services account ID for owner of the bucket associated with the specified access point.
[REQUIRED]
The name of the access point that you want to associate with the specified policy.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the access point accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/accesspoint/<my-accesspoint-name> . For example, to access the access point reports-ap through outpost my-outpost owned by account 123456789012 in Region us-west-2 , use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/accesspoint/reports-ap . The value must be URL encoded.
[REQUIRED]
The policy that you want to apply to the specified access point. For more information about access point policies, see Managing data access with Amazon S3 access points in the Amazon S3 User Guide .
None
Creates or replaces resource policy for an Object Lambda Access Point. For an example policy, see Creating Object Lambda Access Points in the Amazon S3 User Guide .
The following actions are related to PutAccessPointPolicyForObjectLambda :
See also: AWS API Documentation
Request Syntax
response = client.put_access_point_policy_for_object_lambda(
AccountId='string',
Name='string',
Policy='string'
)
[REQUIRED]
The account ID for the account that owns the specified Object Lambda Access Point.
[REQUIRED]
The name of the Object Lambda Access Point.
[REQUIRED]
Object Lambda Access Point resource policy document.
None
Note
This action puts a lifecycle configuration to an Amazon S3 on Outposts bucket. To put a lifecycle configuration to an S3 bucket, see PutBucketLifecycleConfiguration in the Amazon S3 API Reference .
Creates a new lifecycle configuration for the S3 on Outposts bucket or replaces an existing lifecycle configuration. Outposts buckets only support lifecycle configurations that delete/expire objects after a certain period of time and abort incomplete multipart uploads.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request and an S3 on Outposts endpoint hostname prefix instead of s3-control . For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived using the access point ARN, see the Examples section.
The following actions are related to PutBucketLifecycleConfiguration :
See also: AWS API Documentation
Request Syntax
response = client.put_bucket_lifecycle_configuration(
AccountId='string',
Bucket='string',
LifecycleConfiguration={
'Rules': [
{
'Expiration': {
'Date': datetime(2015, 1, 1),
'Days': 123,
'ExpiredObjectDeleteMarker': True|False
},
'ID': 'string',
'Filter': {
'Prefix': 'string',
'Tag': {
'Key': 'string',
'Value': 'string'
},
'And': {
'Prefix': 'string',
'Tags': [
{
'Key': 'string',
'Value': 'string'
},
]
}
},
'Status': 'Enabled'|'Disabled',
'Transitions': [
{
'Date': datetime(2015, 1, 1),
'Days': 123,
'StorageClass': 'GLACIER'|'STANDARD_IA'|'ONEZONE_IA'|'INTELLIGENT_TIERING'|'DEEP_ARCHIVE'
},
],
'NoncurrentVersionTransitions': [
{
'NoncurrentDays': 123,
'StorageClass': 'GLACIER'|'STANDARD_IA'|'ONEZONE_IA'|'INTELLIGENT_TIERING'|'DEEP_ARCHIVE'
},
],
'NoncurrentVersionExpiration': {
'NoncurrentDays': 123
},
'AbortIncompleteMultipartUpload': {
'DaysAfterInitiation': 123
}
},
]
}
)
[REQUIRED]
The Amazon Web Services account ID of the Outposts bucket.
[REQUIRED]
The name of the bucket for which to set the configuration.
Container for lifecycle rules. You can add as many as 1,000 rules.
A lifecycle rule for individual objects in an Outposts bucket.
The container for the Outposts bucket lifecycle rule.
Specifies the expiration for the lifecycle of the object in the form of date, days and, whether the object has a delete marker.
Indicates at what date the object is to be deleted. Should be in GMT ISO 8601 format.
Indicates the lifetime, in days, of the objects that are subject to the rule. The value must be a non-zero positive integer.
Indicates whether Amazon S3 will remove a delete marker with no noncurrent versions. If set to true, the delete marker will be expired. If set to false, the policy takes no action. This cannot be specified with Days or Date in a Lifecycle Expiration Policy.
Unique identifier for the rule. The value cannot be longer than 255 characters.
The container for the filter of lifecycle rule.
Prefix identifying one or more objects to which the rule applies.
Warning
Replacement must be made for object keys containing special characters (such as carriage returns) when using XML requests. For more information, see XML related object key constraints .
The container for the AND condition for the lifecycle rule.
Prefix identifying one or more objects to which the rule applies.
All of these tags must exist in the object's tag set in order for the rule to apply.
If 'Enabled', the rule is currently being applied. If 'Disabled', the rule is not currently being applied.
Specifies when an Amazon S3 object transitions to a specified storage class.
Note
This is not supported by Amazon S3 on Outposts buckets.
Specifies when an object transitions to a specified storage class. For more information about Amazon S3 Lifecycle configuration rules, see Transitioning objects using Amazon S3 Lifecycle in the Amazon S3 User Guide .
Indicates when objects are transitioned to the specified storage class. The date value must be in ISO 8601 format. The time is always midnight UTC.
Indicates the number of days after creation when objects are transitioned to the specified storage class. The value must be a positive integer.
The storage class to which you want the object to transition.
Specifies the transition rule for the lifecycle rule that describes when noncurrent objects transition to a specific storage class. If your bucket is versioning-enabled (or versioning is suspended), you can set this action to request that Amazon S3 transition noncurrent object versions to a specific storage class at a set period in the object's lifetime.
Note
This is not supported by Amazon S3 on Outposts buckets.
The container for the noncurrent version transition.
Specifies the number of days an object is noncurrent before Amazon S3 can perform the associated action. For information about the noncurrent days calculations, see How Amazon S3 Calculates How Long an Object Has Been Noncurrent in the Amazon S3 User Guide .
The class of storage used to store the object.
The noncurrent version expiration of the lifecycle rule.
Note
This is not supported by Amazon S3 on Outposts buckets.
Specifies the number of days an object is noncurrent before Amazon S3 can perform the associated action. For information about the noncurrent days calculations, see How Amazon S3 Calculates When an Object Became Noncurrent in the Amazon S3 User Guide .
Specifies the days since the initiation of an incomplete multipart upload that Amazon S3 waits before permanently removing all parts of the upload. For more information, see Aborting Incomplete Multipart Uploads Using a Bucket Lifecycle Policy in the Amazon S3 User Guide .
Specifies the number of days after which Amazon S3 aborts an incomplete multipart upload to the Outposts bucket.
None
Note
This action puts a bucket policy to an Amazon S3 on Outposts bucket. To put a policy on an S3 bucket, see PutBucketPolicy in the Amazon S3 API Reference .
Applies an Amazon S3 bucket policy to an Outposts bucket. For more information, see Using Amazon S3 on Outposts in the Amazon S3 User Guide .
If you are using an identity other than the root user of the Amazon Web Services account that owns the Outposts bucket, the calling identity must have the PutBucketPolicy permissions on the specified Outposts bucket and belong to the bucket owner's account in order to use this action.
If you don't have PutBucketPolicy permissions, Amazon S3 returns a 403 Access Denied error. If you have the correct permissions, but you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 405 Method Not Allowed error.
Warning
As a security precaution, the root user of the Amazon Web Services account that owns a bucket can always use this action, even if the policy explicitly denies the root user the ability to perform this action.
For more information about bucket policies, see Using Bucket Policies and User Policies .
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request and an S3 on Outposts endpoint hostname prefix instead of s3-control . For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived using the access point ARN, see the Examples section.
The following actions are related to PutBucketPolicy :
See also: AWS API Documentation
Request Syntax
response = client.put_bucket_policy(
AccountId='string',
Bucket='string',
ConfirmRemoveSelfBucketAccess=True|False,
Policy='string'
)
[REQUIRED]
The Amazon Web Services account ID of the Outposts bucket.
[REQUIRED]
Specifies the bucket.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name> . For example, to access the bucket reports through outpost my-outpost owned by account 123456789012 in Region us-west-2 , use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports . The value must be URL encoded.
Set this parameter to true to confirm that you want to remove your permissions to change this bucket policy in the future.
Note
This is not supported by Amazon S3 on Outposts buckets.
[REQUIRED]
The bucket policy as a JSON document.
None
Note
This action puts tags on an Amazon S3 on Outposts bucket. To put tags on an S3 bucket, see PutBucketTagging in the Amazon S3 API Reference .
Sets the tags for an S3 on Outposts bucket. For more information, see Using Amazon S3 on Outposts in the Amazon S3 User Guide .
Use tags to organize your Amazon Web Services bill to reflect your own cost structure. To do this, sign up to get your Amazon Web Services account bill with tag key values included. Then, to see the cost of combined resources, organize your billing information according to resources with the same tag key values. For example, you can tag several resources with a specific application name, and then organize your billing information to see the total cost of that application across several services. For more information, see Cost allocation and tagging .
Note
Within a bucket, if you add a tag that has the same key as an existing tag, the new value overwrites the old value. For more information, see Using cost allocation in Amazon S3 bucket tags .
To use this action, you must have permissions to perform the s3-outposts:PutBucketTagging action. The Outposts bucket owner has this permission by default and can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing access permissions to your Amazon S3 resources .
PutBucketTagging has the following special errors:
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request and an S3 on Outposts endpoint hostname prefix instead of s3-control . For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived using the access point ARN, see the Examples section.
The following actions are related to PutBucketTagging :
See also: AWS API Documentation
Request Syntax
response = client.put_bucket_tagging(
AccountId='string',
Bucket='string',
Tagging={
'TagSet': [
{
'Key': 'string',
'Value': 'string'
},
]
}
)
[REQUIRED]
The Amazon Web Services account ID of the Outposts bucket.
[REQUIRED]
The Amazon Resource Name (ARN) of the bucket.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name> . For example, to access the bucket reports through outpost my-outpost owned by account 123456789012 in Region us-west-2 , use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports . The value must be URL encoded.
[REQUIRED]
A collection for a set of tags.
None
Sets the supplied tag-set on an S3 Batch Operations job.
A tag is a key-value pair. You can associate S3 Batch Operations tags with any job by sending a PUT request against the tagging subresource that is associated with the job. To modify the existing tag set, you can either replace the existing tag set entirely, or make changes within the existing tag set by retrieving the existing tag set using GetJobTagging , modify that tag set, and use this action to replace the tag set with the one you modified. For more information, see Controlling access and labeling jobs using tags in the Amazon S3 User Guide .
Note
To use this action, you must have permission to perform the s3:PutJobTagging action.
Related actions include:
See also: AWS API Documentation
Request Syntax
response = client.put_job_tagging(
AccountId='string',
JobId='string',
Tags=[
{
'Key': 'string',
'Value': 'string'
},
]
)
[REQUIRED]
The Amazon Web Services account ID associated with the S3 Batch Operations job.
[REQUIRED]
The ID for the S3 Batch Operations job whose tags you want to replace.
[REQUIRED]
The set of tags to associate with the S3 Batch Operations job.
dict
Response Syntax
{}
Response Structure
Exceptions
Associates an access control policy with the specified Multi-Region Access Point. Each Multi-Region Access Point can have only one policy, so a request made to this action replaces any existing policy that is associated with the specified Multi-Region Access Point.
This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around managing Multi-Region Access Points, see Managing Multi-Region Access Points in the Amazon S3 User Guide .
The following actions are related to PutMultiRegionAccessPointPolicy :
See also: AWS API Documentation
Request Syntax
response = client.put_multi_region_access_point_policy(
AccountId='string',
ClientToken='string',
Details={
'Name': 'string',
'Policy': 'string'
}
)
[REQUIRED]
The Amazon Web Services account ID for the owner of the Multi-Region Access Point.
[REQUIRED]
An idempotency token used to identify the request and guarantee that requests are unique.
This field is autopopulated if not provided.
[REQUIRED]
A container element containing the details of the policy for the Multi-Region Access Point.
The name of the Multi-Region Access Point associated with the request.
The policy details for the PutMultiRegionAccessPoint request.
dict
Response Syntax
{
'RequestTokenARN': 'string'
}
Response Structure
(dict) --
RequestTokenARN (string) --
The request token associated with the request. You can use this token with DescribeMultiRegionAccessPointOperation to determine the status of asynchronous requests.
Creates or modifies the PublicAccessBlock configuration for an Amazon Web Services account. For this operation, users must have the s3:PutBucketPublicAccessBlock permission. For more information, see Using Amazon S3 block public access .
Related actions include:
See also: AWS API Documentation
Request Syntax
response = client.put_public_access_block(
PublicAccessBlockConfiguration={
'BlockPublicAcls': True|False,
'IgnorePublicAcls': True|False,
'BlockPublicPolicy': True|False,
'RestrictPublicBuckets': True|False
},
AccountId='string'
)
[REQUIRED]
The PublicAccessBlock configuration that you want to apply to the specified Amazon Web Services account.
Specifies whether Amazon S3 should block public access control lists (ACLs) for buckets in this account. Setting this element to TRUE causes the following behavior:
Enabling this setting doesn't affect existing policies or ACLs.
This is not supported for Amazon S3 on Outposts.
Specifies whether Amazon S3 should ignore public ACLs for buckets in this account. Setting this element to TRUE causes Amazon S3 to ignore all public ACLs on buckets in this account and any objects that they contain.
Enabling this setting doesn't affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set.
This is not supported for Amazon S3 on Outposts.
Specifies whether Amazon S3 should block public bucket policies for buckets in this account. Setting this element to TRUE causes Amazon S3 to reject calls to PUT Bucket policy if the specified bucket policy allows public access.
Enabling this setting doesn't affect existing bucket policies.
This is not supported for Amazon S3 on Outposts.
Specifies whether Amazon S3 should restrict public bucket policies for buckets in this account. Setting this element to TRUE restricts access to buckets with public policies to only Amazon Web Service principals and authorized users within this account.
Enabling this setting doesn't affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked.
This is not supported for Amazon S3 on Outposts.
[REQUIRED]
The account ID for the Amazon Web Services account whose PublicAccessBlock configuration you want to set.
None
Puts an Amazon S3 Storage Lens configuration. For more information about S3 Storage Lens, see Working with Amazon S3 Storage Lens in the Amazon S3 User Guide .
Note
To use this action, you must have permission to perform the s3:PutStorageLensConfiguration action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon S3 User Guide .
See also: AWS API Documentation
Request Syntax
response = client.put_storage_lens_configuration(
ConfigId='string',
AccountId='string',
StorageLensConfiguration={
'Id': 'string',
'AccountLevel': {
'ActivityMetrics': {
'IsEnabled': True|False
},
'BucketLevel': {
'ActivityMetrics': {
'IsEnabled': True|False
},
'PrefixLevel': {
'StorageMetrics': {
'IsEnabled': True|False,
'SelectionCriteria': {
'Delimiter': 'string',
'MaxDepth': 123,
'MinStorageBytesPercentage': 123.0
}
}
}
}
},
'Include': {
'Buckets': [
'string',
],
'Regions': [
'string',
]
},
'Exclude': {
'Buckets': [
'string',
],
'Regions': [
'string',
]
},
'DataExport': {
'S3BucketDestination': {
'Format': 'CSV'|'Parquet',
'OutputSchemaVersion': 'V_1',
'AccountId': 'string',
'Arn': 'string',
'Prefix': 'string',
'Encryption': {
'SSES3': {}
,
'SSEKMS': {
'KeyId': 'string'
}
}
},
'CloudWatchMetrics': {
'IsEnabled': True|False
}
},
'IsEnabled': True|False,
'AwsOrg': {
'Arn': 'string'
},
'StorageLensArn': 'string'
},
Tags=[
{
'Key': 'string',
'Value': 'string'
},
]
)
[REQUIRED]
The ID of the S3 Storage Lens configuration.
[REQUIRED]
The account ID of the requester.
[REQUIRED]
The S3 Storage Lens configuration.
A container for the Amazon S3 Storage Lens configuration ID.
A container for all the account-level configurations of your S3 Storage Lens configuration.
A container for the S3 Storage Lens activity metrics.
A container for whether the activity metrics are enabled.
A container for the S3 Storage Lens bucket-level configuration.
A container for the bucket-level activity metrics for Amazon S3 Storage Lens
A container for whether the activity metrics are enabled.
A container for the bucket-level prefix-level metrics for S3 Storage Lens
A container for the prefix-level storage metrics for S3 Storage Lens.
A container for whether prefix-level storage metrics are enabled.
A container for the delimiter of the selection criteria being used.
The max depth of the selection criteria
The minimum number of storage bytes percentage whose metrics will be selected.
Note
You must choose a value greater than or equal to 1.0 .
A container for what is included in this configuration. This container can only be valid if there is no Exclude container submitted, and it's not empty.
A container for the S3 Storage Lens bucket includes.
A container for the S3 Storage Lens Region includes.
A container for what is excluded in this configuration. This container can only be valid if there is no Include container submitted, and it's not empty.
A container for the S3 Storage Lens bucket excludes.
A container for the S3 Storage Lens Region excludes.
A container to specify the properties of your S3 Storage Lens metrics export including, the destination, schema and format.
A container for the bucket where the S3 Storage Lens metrics export will be located.
Note
This bucket must be located in the same Region as the storage lens configuration.
The schema version of the export file.
The account ID of the owner of the S3 Storage Lens metrics export bucket.
The Amazon Resource Name (ARN) of the bucket. This property is read-only and follows the following format: ``arn:aws:s3:us-east-1 :example-account-id :bucket/your-destination-bucket-name ``
The prefix of the destination bucket where the metrics export will be delivered.
The container for the type encryption of the metrics exports in this bucket.
A container for the ARN of the SSE-KMS encryption. This property is read-only and follows the following format: ``arn:aws:kms:us-east-1 :example-account-id :key/example-9a73-4afc-8d29-8f5900cef44e ``
A container for enabling Amazon CloudWatch publishing for S3 Storage Lens metrics.
A container that indicates whether CloudWatch publishing for S3 Storage Lens metrics is enabled. A value of true indicates that CloudWatch publishing for S3 Storage Lens metrics is enabled.
A container for whether the S3 Storage Lens configuration is enabled.
A container for the Amazon Web Services organization for this S3 Storage Lens configuration.
A container for the Amazon Resource Name (ARN) of the Amazon Web Services organization. This property is read-only and follows the following format: ``arn:aws:organizations:us-east-1 :example-account-id :organization/o-ex2l495dck ``
The Amazon Resource Name (ARN) of the S3 Storage Lens configuration. This property is read-only and follows the following format: ``arn:aws:s3:us-east-1 :example-account-id :storage-lens/your-dashboard-name ``
The tag set of the S3 Storage Lens configuration.
Note
You can set up to a maximum of 50 tags.
None
Put or replace tags on an existing Amazon S3 Storage Lens configuration. For more information about S3 Storage Lens, see Assessing your storage activity and usage with Amazon S3 Storage Lens in the Amazon S3 User Guide .
Note
To use this action, you must have permission to perform the s3:PutStorageLensConfigurationTagging action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon S3 User Guide .
See also: AWS API Documentation
Request Syntax
response = client.put_storage_lens_configuration_tagging(
ConfigId='string',
AccountId='string',
Tags=[
{
'Key': 'string',
'Value': 'string'
},
]
)
[REQUIRED]
The ID of the S3 Storage Lens configuration.
[REQUIRED]
The account ID of the requester.
[REQUIRED]
The tag set of the S3 Storage Lens configuration.
Note
You can set up to a maximum of 50 tags.
dict
Response Syntax
{}
Response Structure
Updates an existing S3 Batch Operations job's priority. For more information, see S3 Batch Operations in the Amazon S3 User Guide .
Related actions include:
See also: AWS API Documentation
Request Syntax
response = client.update_job_priority(
AccountId='string',
JobId='string',
Priority=123
)
[REQUIRED]
The Amazon Web Services account ID associated with the S3 Batch Operations job.
[REQUIRED]
The ID for the job whose priority you want to update.
[REQUIRED]
The priority you want to assign to this job.
dict
Response Syntax
{
'JobId': 'string',
'Priority': 123
}
Response Structure
(dict) --
JobId (string) --
The ID for the job whose priority Amazon S3 updated.
Priority (integer) --
The new priority assigned to the specified job.
Exceptions
Updates the status for the specified job. Use this action to confirm that you want to run a job or to cancel an existing job. For more information, see S3 Batch Operations in the Amazon S3 User Guide .
Related actions include:
See also: AWS API Documentation
Request Syntax
response = client.update_job_status(
AccountId='string',
JobId='string',
RequestedJobStatus='Cancelled'|'Ready',
StatusUpdateReason='string'
)
[REQUIRED]
The Amazon Web Services account ID associated with the S3 Batch Operations job.
[REQUIRED]
The ID of the job whose status you want to update.
[REQUIRED]
The status that you want to move the specified job to.
dict
Response Syntax
{
'JobId': 'string',
'Status': 'Active'|'Cancelled'|'Cancelling'|'Complete'|'Completing'|'Failed'|'Failing'|'New'|'Paused'|'Pausing'|'Preparing'|'Ready'|'Suspended',
'StatusUpdateReason': 'string'
}
Response Structure
(dict) --
JobId (string) --
The ID for the job whose status was updated.
Status (string) --
The current status for the specified job.
StatusUpdateReason (string) --
The reason that the specified job's status was updated.
Exceptions
The available paginators are:
paginator = client.get_paginator('list_access_points_for_object_lambda')
Creates an iterator that will paginate through responses from S3Control.Client.list_access_points_for_object_lambda().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
AccountId='string',
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
[REQUIRED]
The account ID for the account that owns the specified Object Lambda Access Point.
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'ObjectLambdaAccessPointList': [
{
'Name': 'string',
'ObjectLambdaAccessPointArn': 'string'
},
],
}
Response Structure
(dict) --
ObjectLambdaAccessPointList (list) --
Returns list of Object Lambda Access Points.
(dict) --
An access point with an attached Lambda function used to access transformed data from an Amazon S3 bucket.
Name (string) --
The name of the Object Lambda Access Point.
ObjectLambdaAccessPointArn (string) --
Specifies the ARN for the Object Lambda Access Point.