Table of Contents
S3Control.
Client
¶A low-level client representing AWS S3 Control
Amazon Web Services S3 Control provides access to Amazon S3 control plane actions.
import boto3
client = boto3.client('s3control')
These are the available methods:
can_paginate()
close()
create_access_point()
create_access_point_for_object_lambda()
create_bucket()
create_job()
create_multi_region_access_point()
delete_access_point()
delete_access_point_for_object_lambda()
delete_access_point_policy()
delete_access_point_policy_for_object_lambda()
delete_bucket()
delete_bucket_lifecycle_configuration()
delete_bucket_policy()
delete_bucket_tagging()
delete_job_tagging()
delete_multi_region_access_point()
delete_public_access_block()
delete_storage_lens_configuration()
delete_storage_lens_configuration_tagging()
describe_job()
describe_multi_region_access_point_operation()
get_access_point()
get_access_point_configuration_for_object_lambda()
get_access_point_for_object_lambda()
get_access_point_policy()
get_access_point_policy_for_object_lambda()
get_access_point_policy_status()
get_access_point_policy_status_for_object_lambda()
get_bucket()
get_bucket_lifecycle_configuration()
get_bucket_policy()
get_bucket_tagging()
get_bucket_versioning()
get_job_tagging()
get_multi_region_access_point()
get_multi_region_access_point_policy()
get_multi_region_access_point_policy_status()
get_paginator()
get_public_access_block()
get_storage_lens_configuration()
get_storage_lens_configuration_tagging()
get_waiter()
list_access_points()
list_access_points_for_object_lambda()
list_jobs()
list_multi_region_access_points()
list_regional_buckets()
list_storage_lens_configurations()
put_access_point_configuration_for_object_lambda()
put_access_point_policy()
put_access_point_policy_for_object_lambda()
put_bucket_lifecycle_configuration()
put_bucket_policy()
put_bucket_tagging()
put_bucket_versioning()
put_job_tagging()
put_multi_region_access_point_policy()
put_public_access_block()
put_storage_lens_configuration()
put_storage_lens_configuration_tagging()
update_job_priority()
update_job_status()
can_paginate
(operation_name)¶Check if an operation can be paginated.
create_foo
, and you'd normally invoke the
operation as client.create_foo(**kwargs)
, if the
create_foo
operation can be paginated, you can use the
call client.get_paginator("create_foo")
.True
if the operation can be paginated,
False
otherwise.close
()¶Closes underlying endpoint connections.
create_access_point
(**kwargs)¶Creates an access point and associates it with the specified bucket. For more information, see Managing Data Access with Amazon S3 Access Points in the Amazon S3 User Guide .
Note
S3 on Outposts only supports VPC-style access points.
For more information, see Accessing Amazon S3 on Outposts using virtual private cloud (VPC) only access points in the Amazon S3 User Guide .
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id
to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control
. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id
derived by using the access point ARN, see the Examples section.
The following actions are related to CreateAccessPoint
:
See also: AWS API Documentation
Request Syntax
response = client.create_access_point(
AccountId='string',
Name='string',
Bucket='string',
VpcConfiguration={
'VpcId': 'string'
},
PublicAccessBlockConfiguration={
'BlockPublicAcls': True|False,
'IgnorePublicAcls': True|False,
'BlockPublicPolicy': True|False,
'RestrictPublicBuckets': True|False
}
)
[REQUIRED]
The Amazon Web Services account ID for the owner of the bucket for which you want to create an access point.
[REQUIRED]
The name you want to assign to this access point.
[REQUIRED]
The name of the bucket that you want to associate this access point with.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>
. For example, to access the bucket reports
through outpost my-outpost
owned by account 123456789012
in Region us-west-2
, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports
. The value must be URL encoded.
If you include this field, Amazon S3 restricts access to this access point to requests from the specified virtual private cloud (VPC).
Note
This is required for creating an access point for Amazon S3 on Outposts buckets.
If this field is specified, this access point will only allow connections from the specified VPC ID.
The PublicAccessBlock
configuration that you want to apply to the access point.
Specifies whether Amazon S3 should block public access control lists (ACLs) for buckets in this account. Setting this element to TRUE
causes the following behavior:
Enabling this setting doesn't affect existing policies or ACLs.
This is not supported for Amazon S3 on Outposts.
Specifies whether Amazon S3 should ignore public ACLs for buckets in this account. Setting this element to TRUE
causes Amazon S3 to ignore all public ACLs on buckets in this account and any objects that they contain.
Enabling this setting doesn't affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set.
This is not supported for Amazon S3 on Outposts.
Specifies whether Amazon S3 should block public bucket policies for buckets in this account. Setting this element to TRUE
causes Amazon S3 to reject calls to PUT Bucket policy if the specified bucket policy allows public access.
Enabling this setting doesn't affect existing bucket policies.
This is not supported for Amazon S3 on Outposts.
Specifies whether Amazon S3 should restrict public bucket policies for buckets in this account. Setting this element to TRUE
restricts access to buckets with public policies to only Amazon Web Service principals and authorized users within this account.
Enabling this setting doesn't affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked.
This is not supported for Amazon S3 on Outposts.
dict
Response Syntax
{
'AccessPointArn': 'string',
'Alias': 'string'
}
Response Structure
(dict) --
AccessPointArn (string) --
The ARN of the access point.
Note
This is only supported by Amazon S3 on Outposts.
Alias (string) --
The name or alias of the access point.
create_access_point_for_object_lambda
(**kwargs)¶Creates an Object Lambda Access Point. For more information, see Transforming objects with Object Lambda Access Points in the Amazon S3 User Guide .
The following actions are related to CreateAccessPointForObjectLambda
:
See also: AWS API Documentation
Request Syntax
response = client.create_access_point_for_object_lambda(
AccountId='string',
Name='string',
Configuration={
'SupportingAccessPoint': 'string',
'CloudWatchMetricsEnabled': True|False,
'AllowedFeatures': [
'GetObject-Range'|'GetObject-PartNumber'|'HeadObject-Range'|'HeadObject-PartNumber',
],
'TransformationConfigurations': [
{
'Actions': [
'GetObject'|'HeadObject'|'ListObjects'|'ListObjectsV2',
],
'ContentTransformation': {
'AwsLambda': {
'FunctionArn': 'string',
'FunctionPayload': 'string'
}
}
},
]
}
)
[REQUIRED]
The Amazon Web Services account ID for owner of the specified Object Lambda Access Point.
[REQUIRED]
The name you want to assign to this Object Lambda Access Point.
[REQUIRED]
Object Lambda Access Point configuration as a JSON document.
Standard access point associated with the Object Lambda Access Point.
A container for whether the CloudWatch metrics configuration is enabled.
A container for allowed features. Valid inputs are GetObject-Range
, GetObject-PartNumber
, HeadObject-Range
, and HeadObject-PartNumber
.
A container for transformation configurations for an Object Lambda Access Point.
A configuration used when creating an Object Lambda Access Point transformation.
A container for the action of an Object Lambda Access Point configuration. Valid inputs are GetObject
, ListObjects
, HeadObject
, and ListObjectsV2
.
A container for the content transformation of an Object Lambda Access Point configuration.
Note
This is a Tagged Union structure. Only one of the following top level keys can be set: AwsLambda
.
A container for an Lambda function.
The Amazon Resource Name (ARN) of the Lambda function.
Additional JSON that provides supplemental data to the Lambda function used to transform objects.
dict
Response Syntax
{
'ObjectLambdaAccessPointArn': 'string'
}
Response Structure
(dict) --
ObjectLambdaAccessPointArn (string) --
Specifies the ARN for the Object Lambda Access Point.
create_bucket
(**kwargs)¶Note
This action creates an Amazon S3 on Outposts bucket. To create an S3 bucket, see Create Bucket in the Amazon S3 API Reference .
Creates a new Outposts bucket. By creating the bucket, you become the bucket owner. To create an Outposts bucket, you must have S3 on Outposts. For more information, see Using Amazon S3 on Outposts in Amazon S3 User Guide .
Not every string is an acceptable bucket name. For information on bucket naming restrictions, see Working with Amazon S3 Buckets .
S3 on Outposts buckets support:
For a complete list of restrictions and Amazon S3 feature limitations on S3 on Outposts, see Amazon S3 on Outposts Restrictions and Limitations .
For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and x-amz-outpost-id
in your API request, see the Examples section.
The following actions are related to CreateBucket
for Amazon S3 on Outposts:
See also: AWS API Documentation
Request Syntax
response = client.create_bucket(
ACL='private'|'public-read'|'public-read-write'|'authenticated-read',
Bucket='string',
CreateBucketConfiguration={
'LocationConstraint': 'EU'|'eu-west-1'|'us-west-1'|'us-west-2'|'ap-south-1'|'ap-southeast-1'|'ap-southeast-2'|'ap-northeast-1'|'sa-east-1'|'cn-north-1'|'eu-central-1'
},
GrantFullControl='string',
GrantRead='string',
GrantReadACP='string',
GrantWrite='string',
GrantWriteACP='string',
ObjectLockEnabledForBucket=True|False,
OutpostId='string'
)
The canned ACL to apply to the bucket.
Note
This is not supported by Amazon S3 on Outposts buckets.
[REQUIRED]
The name of the bucket.
The configuration information for the bucket.
Note
This is not supported by Amazon S3 on Outposts buckets.
Specifies the Region where the bucket will be created. If you are creating a bucket on the US East (N. Virginia) Region (us-east-1), you do not need to specify the location.
Note
This is not supported by Amazon S3 on Outposts buckets.
Allows grantee the read, write, read ACP, and write ACP permissions on the bucket.
Note
This is not supported by Amazon S3 on Outposts buckets.
Allows grantee to list the objects in the bucket.
Note
This is not supported by Amazon S3 on Outposts buckets.
Allows grantee to read the bucket ACL.
Note
This is not supported by Amazon S3 on Outposts buckets.
Allows grantee to create, overwrite, and delete any object in the bucket.
Note
This is not supported by Amazon S3 on Outposts buckets.
Allows grantee to write the ACL for the applicable bucket.
Note
This is not supported by Amazon S3 on Outposts buckets.
Specifies whether you want S3 Object Lock to be enabled for the new bucket.
Note
This is not supported by Amazon S3 on Outposts buckets.
The ID of the Outposts where the bucket is being created.
Note
This ID is required by Amazon S3 on Outposts buckets.
dict
Response Syntax
{
'Location': 'string',
'BucketArn': 'string'
}
Response Structure
(dict) --
Location (string) --
The location of the bucket.
BucketArn (string) --
The Amazon Resource Name (ARN) of the bucket.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>
. For example, to access the bucket reports
through outpost my-outpost
owned by account 123456789012
in Region us-west-2
, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports
. The value must be URL encoded.
Exceptions
S3Control.Client.exceptions.BucketAlreadyExists
S3Control.Client.exceptions.BucketAlreadyOwnedByYou
create_job
(**kwargs)¶You can use S3 Batch Operations to perform large-scale batch actions on Amazon S3 objects. Batch Operations can run a single action on lists of Amazon S3 objects that you specify. For more information, see S3 Batch Operations in the Amazon S3 User Guide .
This action creates a S3 Batch Operations job.
Related actions include:
See also: AWS API Documentation
Request Syntax
response = client.create_job(
AccountId='string',
ConfirmationRequired=True|False,
Operation={
'LambdaInvoke': {
'FunctionArn': 'string'
},
'S3PutObjectCopy': {
'TargetResource': 'string',
'CannedAccessControlList': 'private'|'public-read'|'public-read-write'|'aws-exec-read'|'authenticated-read'|'bucket-owner-read'|'bucket-owner-full-control',
'AccessControlGrants': [
{
'Grantee': {
'TypeIdentifier': 'id'|'emailAddress'|'uri',
'Identifier': 'string',
'DisplayName': 'string'
},
'Permission': 'FULL_CONTROL'|'READ'|'WRITE'|'READ_ACP'|'WRITE_ACP'
},
],
'MetadataDirective': 'COPY'|'REPLACE',
'ModifiedSinceConstraint': datetime(2015, 1, 1),
'NewObjectMetadata': {
'CacheControl': 'string',
'ContentDisposition': 'string',
'ContentEncoding': 'string',
'ContentLanguage': 'string',
'UserMetadata': {
'string': 'string'
},
'ContentLength': 123,
'ContentMD5': 'string',
'ContentType': 'string',
'HttpExpiresDate': datetime(2015, 1, 1),
'RequesterCharged': True|False,
'SSEAlgorithm': 'AES256'|'KMS'
},
'NewObjectTagging': [
{
'Key': 'string',
'Value': 'string'
},
],
'RedirectLocation': 'string',
'RequesterPays': True|False,
'StorageClass': 'STANDARD'|'STANDARD_IA'|'ONEZONE_IA'|'GLACIER'|'INTELLIGENT_TIERING'|'DEEP_ARCHIVE'|'GLACIER_IR',
'UnModifiedSinceConstraint': datetime(2015, 1, 1),
'SSEAwsKmsKeyId': 'string',
'TargetKeyPrefix': 'string',
'ObjectLockLegalHoldStatus': 'OFF'|'ON',
'ObjectLockMode': 'COMPLIANCE'|'GOVERNANCE',
'ObjectLockRetainUntilDate': datetime(2015, 1, 1),
'BucketKeyEnabled': True|False,
'ChecksumAlgorithm': 'CRC32'|'CRC32C'|'SHA1'|'SHA256'
},
'S3PutObjectAcl': {
'AccessControlPolicy': {
'AccessControlList': {
'Owner': {
'ID': 'string',
'DisplayName': 'string'
},
'Grants': [
{
'Grantee': {
'TypeIdentifier': 'id'|'emailAddress'|'uri',
'Identifier': 'string',
'DisplayName': 'string'
},
'Permission': 'FULL_CONTROL'|'READ'|'WRITE'|'READ_ACP'|'WRITE_ACP'
},
]
},
'CannedAccessControlList': 'private'|'public-read'|'public-read-write'|'aws-exec-read'|'authenticated-read'|'bucket-owner-read'|'bucket-owner-full-control'
}
},
'S3PutObjectTagging': {
'TagSet': [
{
'Key': 'string',
'Value': 'string'
},
]
},
'S3DeleteObjectTagging': {}
,
'S3InitiateRestoreObject': {
'ExpirationInDays': 123,
'GlacierJobTier': 'BULK'|'STANDARD'
},
'S3PutObjectLegalHold': {
'LegalHold': {
'Status': 'OFF'|'ON'
}
},
'S3PutObjectRetention': {
'BypassGovernanceRetention': True|False,
'Retention': {
'RetainUntilDate': datetime(2015, 1, 1),
'Mode': 'COMPLIANCE'|'GOVERNANCE'
}
},
'S3ReplicateObject': {}
},
Report={
'Bucket': 'string',
'Format': 'Report_CSV_20180820',
'Enabled': True|False,
'Prefix': 'string',
'ReportScope': 'AllTasks'|'FailedTasksOnly'
},
ClientRequestToken='string',
Manifest={
'Spec': {
'Format': 'S3BatchOperations_CSV_20180820'|'S3InventoryReport_CSV_20161130',
'Fields': [
'Ignore'|'Bucket'|'Key'|'VersionId',
]
},
'Location': {
'ObjectArn': 'string',
'ObjectVersionId': 'string',
'ETag': 'string'
}
},
Description='string',
Priority=123,
RoleArn='string',
Tags=[
{
'Key': 'string',
'Value': 'string'
},
],
ManifestGenerator={
'S3JobManifestGenerator': {
'ExpectedBucketOwner': 'string',
'SourceBucket': 'string',
'ManifestOutputLocation': {
'ExpectedManifestBucketOwner': 'string',
'Bucket': 'string',
'ManifestPrefix': 'string',
'ManifestEncryption': {
'SSES3': {}
,
'SSEKMS': {
'KeyId': 'string'
}
},
'ManifestFormat': 'S3InventoryReport_CSV_20211130'
},
'Filter': {
'EligibleForReplication': True|False,
'CreatedAfter': datetime(2015, 1, 1),
'CreatedBefore': datetime(2015, 1, 1),
'ObjectReplicationStatuses': [
'COMPLETED'|'FAILED'|'REPLICA'|'NONE',
]
},
'EnableManifestOutput': True|False
}
}
)
[REQUIRED]
The Amazon Web Services account ID that creates the job.
[REQUIRED]
The action that you want this job to perform on every object listed in the manifest. For more information about the available actions, see Operations in the Amazon S3 User Guide .
Directs the specified job to invoke an Lambda function on every object in the manifest.
The Amazon Resource Name (ARN) for the Lambda function that the specified job will invoke on every object in the manifest.
Directs the specified job to run a PUT Copy object call on every object in the manifest.
Specifies the destination bucket ARN for the batch copy operation. For example, to copy objects to a bucket named "destinationBucket", set the TargetResource to "arn:aws:s3:::destinationBucket".
If you don't provide this parameter, Amazon S3 copies all the metadata from the original objects. If you specify an empty set, the new objects will have no tags. Otherwise, Amazon S3 assigns the supplied tags to the new objects.
Specifies an optional metadata property for website redirects, x-amz-website-redirect-location
. Allows webpage redirects if the object is accessed through a website endpoint.
Specifies the folder prefix into which you would like the objects to be copied. For example, to copy objects into a folder named Folder1
in the destination bucket, set the TargetKeyPrefix to Folder1
.
The legal hold status to be applied to all objects in the Batch Operations job.
The retention mode to be applied to all objects in the Batch Operations job.
The date when the applied object retention configuration expires on all objects in the Batch Operations job.
Specifies whether Amazon S3 should use an S3 Bucket Key for object encryption with server-side encryption using Amazon Web Services KMS (SSE-KMS). Setting this header to true
causes Amazon S3 to use an S3 Bucket Key for object encryption with SSE-KMS.
Specifying this header with an object action doesn’t affect bucket-level settings for S3 Bucket Key.
Indicates the algorithm you want Amazon S3 to use to create the checksum. For more information see Checking object integrity in the Amazon S3 User Guide .
Directs the specified job to run a PUT Object acl call on every object in the manifest.
Directs the specified job to run a PUT Object tagging call on every object in the manifest.
Directs the specified job to execute a DELETE Object tagging call on every object in the manifest.
Directs the specified job to initiate restore requests for every archived object in the manifest.
This argument specifies how long the S3 Glacier or S3 Glacier Deep Archive object remains available in Amazon S3. S3 Initiate Restore Object jobs that target S3 Glacier and S3 Glacier Deep Archive objects require ExpirationInDays
set to 1 or greater.
Conversely, do not set ExpirationInDays
when creating S3 Initiate Restore Object jobs that target S3 Intelligent-Tiering Archive Access and Deep Archive Access tier objects. Objects in S3 Intelligent-Tiering archive access tiers are not subject to restore expiry, so specifying ExpirationInDays
results in restore request failure.
S3 Batch Operations jobs can operate either on S3 Glacier and S3 Glacier Deep Archive storage class objects or on S3 Intelligent-Tiering Archive Access and Deep Archive Access storage tier objects, but not both types in the same job. If you need to restore objects of both types you must create separate Batch Operations jobs.
S3 Batch Operations supports STANDARD
and BULK
retrieval tiers, but not the EXPEDITED
retrieval tier.
Contains the configuration for an S3 Object Lock legal hold operation that an S3 Batch Operations job passes every object to the underlying PutObjectLegalHold
API. For more information, see Using S3 Object Lock legal hold with S3 Batch Operations in the Amazon S3 User Guide .
Contains the Object Lock legal hold status to be applied to all objects in the Batch Operations job.
The Object Lock legal hold status to be applied to all objects in the Batch Operations job.
Contains the configuration parameters for the Object Lock retention action for an S3 Batch Operations job. Batch Operations passes every object to the underlying PutObjectRetention
API. For more information, see Using S3 Object Lock retention with S3 Batch Operations in the Amazon S3 User Guide .
Indicates if the action should be applied to objects in the Batch Operations job even if they have Object Lock GOVERNANCE
type in place.
Contains the Object Lock retention mode to be applied to all objects in the Batch Operations job. For more information, see Using S3 Object Lock retention with S3 Batch Operations in the Amazon S3 User Guide .
The date when the applied Object Lock retention will expire on all objects set by the Batch Operations job.
The Object Lock retention mode to be applied to all objects in the Batch Operations job.
Directs the specified job to invoke ReplicateObject
on every object in the job's manifest.
[REQUIRED]
Configuration parameters for the optional job-completion report.
The Amazon Resource Name (ARN) for the bucket where specified job-completion report will be stored.
The format of the specified job-completion report.
Indicates whether the specified job will generate a job-completion report.
An optional prefix to describe where in the specified bucket the job-completion report will be stored. Amazon S3 stores the job-completion report at <prefix>/job-<job-id>/report.json
.
Indicates whether the job-completion report will include details of all tasks or only failed tasks.
[REQUIRED]
An idempotency token to ensure that you don't accidentally submit the same request twice. You can use any string up to the maximum length.
This field is autopopulated if not provided.
Configuration parameters for the manifest.
Describes the format of the specified job's manifest. If the manifest is in CSV format, also describes the columns contained within the manifest.
Indicates which of the available formats the specified manifest uses.
If the specified manifest object is in the S3BatchOperations_CSV_20180820
format, this element describes which columns contain the required data.
Contains the information required to locate the specified job's manifest.
The Amazon Resource Name (ARN) for a manifest object.
Warning
Replacement must be made for object keys containing special characters (such as carriage returns) when using XML requests. For more information, see XML related object key constraints .
The optional version ID to identify a specific version of the manifest object.
The ETag for the specified manifest object.
[REQUIRED]
The numerical priority for this job. Higher numbers indicate higher priority.
[REQUIRED]
The Amazon Resource Name (ARN) for the Identity and Access Management (IAM) role that Batch Operations will use to run this job's action on every object in the manifest.
A set of tags to associate with the S3 Batch Operations job. This is an optional parameter.
The attribute container for the ManifestGenerator details. Jobs must be created with either a manifest file or a ManifestGenerator, but not both.
Note
This is a Tagged Union structure. Only one of the following top level keys can be set: S3JobManifestGenerator
.
The S3 job ManifestGenerator's configuration details.
The Amazon Web Services account ID that owns the bucket the generated manifest is written to. If provided the generated manifest bucket's owner Amazon Web Services account ID must match this value, else the job fails.
The source bucket used by the ManifestGenerator.
Specifies the location the generated manifest will be written to.
The Account ID that owns the bucket the generated manifest is written to.
The bucket ARN the generated manifest should be written to.
Prefix identifying one or more objects to which the manifest applies.
Specifies what encryption should be used when the generated manifest objects are written.
Specifies the use of SSE-S3 to encrypt generated manifest objects.
Configuration details on how SSE-KMS is used to encrypt generated manifest objects.
Specifies the ID of the Amazon Web Services Key Management Service (Amazon Web Services KMS) symmetric encryption customer managed key to use for encrypting generated manifest objects.
The format of the generated manifest.
Specifies rules the S3JobManifestGenerator should use to use to decide whether an object in the source bucket should or should not be included in the generated job manifest.
Include objects in the generated manifest only if they are eligible for replication according to the Replication configuration on the source bucket.
If provided, the generated manifest should include only source bucket objects that were created after this time.
If provided, the generated manifest should include only source bucket objects that were created before this time.
If provided, the generated manifest should include only source bucket objects that have one of the specified Replication statuses.
Determines whether or not to write the job's generated manifest to a bucket.
dict
Response Syntax
{
'JobId': 'string'
}
Response Structure
(dict) --
JobId (string) --
The ID for this job. Amazon S3 generates this ID automatically and returns it after a successful Create Job
request.
Exceptions
S3Control.Client.exceptions.TooManyRequestsException
S3Control.Client.exceptions.BadRequestException
S3Control.Client.exceptions.IdempotencyException
S3Control.Client.exceptions.InternalServiceException
create_multi_region_access_point
(**kwargs)¶Creates a Multi-Region Access Point and associates it with the specified buckets. For more information about creating Multi-Region Access Points, see Creating Multi-Region Access Points in the Amazon S3 User Guide .
This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around managing Multi-Region Access Points, see Managing Multi-Region Access Points in the Amazon S3 User Guide .
This request is asynchronous, meaning that you might receive a response before the command has completed. When this request provides a response, it provides a token that you can use to monitor the status of the request with DescribeMultiRegionAccessPointOperation
.
The following actions are related to CreateMultiRegionAccessPoint
:
See also: AWS API Documentation
Request Syntax
response = client.create_multi_region_access_point(
AccountId='string',
ClientToken='string',
Details={
'Name': 'string',
'PublicAccessBlock': {
'BlockPublicAcls': True|False,
'IgnorePublicAcls': True|False,
'BlockPublicPolicy': True|False,
'RestrictPublicBuckets': True|False
},
'Regions': [
{
'Bucket': 'string'
},
]
}
)
[REQUIRED]
The Amazon Web Services account ID for the owner of the Multi-Region Access Point. The owner of the Multi-Region Access Point also must own the underlying buckets.
[REQUIRED]
An idempotency token used to identify the request and guarantee that requests are unique.
This field is autopopulated if not provided.
[REQUIRED]
A container element containing details about the Multi-Region Access Point.
The name of the Multi-Region Access Point associated with this request.
The PublicAccessBlock
configuration that you want to apply to this Amazon S3 account. You can enable the configuration options in any combination. For more information about when Amazon S3 considers a bucket or object public, see The Meaning of "Public" in the Amazon S3 User Guide .
This is not supported for Amazon S3 on Outposts.
Specifies whether Amazon S3 should block public access control lists (ACLs) for buckets in this account. Setting this element to TRUE
causes the following behavior:
Enabling this setting doesn't affect existing policies or ACLs.
This is not supported for Amazon S3 on Outposts.
Specifies whether Amazon S3 should ignore public ACLs for buckets in this account. Setting this element to TRUE
causes Amazon S3 to ignore all public ACLs on buckets in this account and any objects that they contain.
Enabling this setting doesn't affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set.
This is not supported for Amazon S3 on Outposts.
Specifies whether Amazon S3 should block public bucket policies for buckets in this account. Setting this element to TRUE
causes Amazon S3 to reject calls to PUT Bucket policy if the specified bucket policy allows public access.
Enabling this setting doesn't affect existing bucket policies.
This is not supported for Amazon S3 on Outposts.
Specifies whether Amazon S3 should restrict public bucket policies for buckets in this account. Setting this element to TRUE
restricts access to buckets with public policies to only Amazon Web Service principals and authorized users within this account.
Enabling this setting doesn't affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked.
This is not supported for Amazon S3 on Outposts.
The buckets in different Regions that are associated with the Multi-Region Access Point.
A Region that supports a Multi-Region Access Point as well as the associated bucket for the Region.
The name of the associated bucket for the Region.
dict
Response Syntax
{
'RequestTokenARN': 'string'
}
Response Structure
(dict) --
RequestTokenARN (string) --
The request token associated with the request. You can use this token with DescribeMultiRegionAccessPointOperation to determine the status of asynchronous requests.
delete_access_point
(**kwargs)¶Deletes the specified access point.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id
to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control
. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id
derived by using the access point ARN, see the Examples section.
The following actions are related to DeleteAccessPoint
:
See also: AWS API Documentation
Request Syntax
response = client.delete_access_point(
AccountId='string',
Name='string'
)
[REQUIRED]
The account ID for the account that owns the specified access point.
[REQUIRED]
The name of the access point you want to delete.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the access point accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/accesspoint/<my-accesspoint-name>
. For example, to access the access point reports-ap
through outpost my-outpost
owned by account 123456789012
in Region us-west-2
, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/accesspoint/reports-ap
. The value must be URL encoded.
None
delete_access_point_for_object_lambda
(**kwargs)¶Deletes the specified Object Lambda Access Point.
The following actions are related to DeleteAccessPointForObjectLambda
:
See also: AWS API Documentation
Request Syntax
response = client.delete_access_point_for_object_lambda(
AccountId='string',
Name='string'
)
[REQUIRED]
The account ID for the account that owns the specified Object Lambda Access Point.
[REQUIRED]
The name of the access point you want to delete.
None
delete_access_point_policy
(**kwargs)¶Deletes the access point policy for the specified access point.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id
to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control
. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id
derived by using the access point ARN, see the Examples section.
The following actions are related to DeleteAccessPointPolicy
:
See also: AWS API Documentation
Request Syntax
response = client.delete_access_point_policy(
AccountId='string',
Name='string'
)
[REQUIRED]
The account ID for the account that owns the specified access point.
[REQUIRED]
The name of the access point whose policy you want to delete.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the access point accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/accesspoint/<my-accesspoint-name>
. For example, to access the access point reports-ap
through outpost my-outpost
owned by account 123456789012
in Region us-west-2
, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/accesspoint/reports-ap
. The value must be URL encoded.
None
delete_access_point_policy_for_object_lambda
(**kwargs)¶Removes the resource policy for an Object Lambda Access Point.
The following actions are related to DeleteAccessPointPolicyForObjectLambda
:
See also: AWS API Documentation
Request Syntax
response = client.delete_access_point_policy_for_object_lambda(
AccountId='string',
Name='string'
)
[REQUIRED]
The account ID for the account that owns the specified Object Lambda Access Point.
[REQUIRED]
The name of the Object Lambda Access Point you want to delete the policy for.
None
delete_bucket
(**kwargs)¶Note
This action deletes an Amazon S3 on Outposts bucket. To delete an S3 bucket, see DeleteBucket in the Amazon S3 API Reference .
Deletes the Amazon S3 on Outposts bucket. All objects (including all object versions and delete markers) in the bucket must be deleted before the bucket itself can be deleted. For more information, see Using Amazon S3 on Outposts in Amazon S3 User Guide .
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id
to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control
. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id
derived by using the access point ARN, see the Examples section.
Related Resources
See also: AWS API Documentation
Request Syntax
response = client.delete_bucket(
AccountId='string',
Bucket='string'
)
[REQUIRED]
The account ID that owns the Outposts bucket.
[REQUIRED]
Specifies the bucket being deleted.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>
. For example, to access the bucket reports
through outpost my-outpost
owned by account 123456789012
in Region us-west-2
, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports
. The value must be URL encoded.
None
delete_bucket_lifecycle_configuration
(**kwargs)¶Note
This action deletes an Amazon S3 on Outposts bucket's lifecycle configuration. To delete an S3 bucket's lifecycle configuration, see DeleteBucketLifecycle in the Amazon S3 API Reference .
Deletes the lifecycle configuration from the specified Outposts bucket. Amazon S3 on Outposts removes all the lifecycle configuration rules in the lifecycle subresource associated with the bucket. Your objects never expire, and Amazon S3 on Outposts no longer automatically deletes any objects on the basis of rules contained in the deleted lifecycle configuration. For more information, see Using Amazon S3 on Outposts in Amazon S3 User Guide .
To use this action, you must have permission to perform the s3-outposts:DeleteLifecycleConfiguration
action. By default, the bucket owner has this permission and the Outposts bucket owner can grant this permission to others.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id
to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control
. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id
derived by using the access point ARN, see the Examples section.
For more information about object expiration, see Elements to Describe Lifecycle Actions .
Related actions include:
See also: AWS API Documentation
Request Syntax
response = client.delete_bucket_lifecycle_configuration(
AccountId='string',
Bucket='string'
)
[REQUIRED]
The account ID of the lifecycle configuration to delete.
[REQUIRED]
Specifies the bucket.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>
. For example, to access the bucket reports
through outpost my-outpost
owned by account 123456789012
in Region us-west-2
, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports
. The value must be URL encoded.
None
delete_bucket_policy
(**kwargs)¶Note
This action deletes an Amazon S3 on Outposts bucket policy. To delete an S3 bucket policy, see DeleteBucketPolicy in the Amazon S3 API Reference .
This implementation of the DELETE action uses the policy subresource to delete the policy of a specified Amazon S3 on Outposts bucket. If you are using an identity other than the root user of the Amazon Web Services account that owns the bucket, the calling identity must have the s3-outposts:DeleteBucketPolicy
permissions on the specified Outposts bucket and belong to the bucket owner's account to use this action. For more information, see Using Amazon S3 on Outposts in Amazon S3 User Guide .
If you don't have DeleteBucketPolicy
permissions, Amazon S3 returns a 403 Access Denied
error. If you have the correct permissions, but you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 405 Method Not Allowed
error.
Warning
As a security precaution, the root user of the Amazon Web Services account that owns a bucket can always use this action, even if the policy explicitly denies the root user the ability to perform this action.
For more information about bucket policies, see Using Bucket Policies and User Policies .
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id
to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control
. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id
derived by using the access point ARN, see the Examples section.
The following actions are related to DeleteBucketPolicy
:
See also: AWS API Documentation
Request Syntax
response = client.delete_bucket_policy(
AccountId='string',
Bucket='string'
)
[REQUIRED]
The account ID of the Outposts bucket.
[REQUIRED]
Specifies the bucket.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>
. For example, to access the bucket reports
through outpost my-outpost
owned by account 123456789012
in Region us-west-2
, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports
. The value must be URL encoded.
None
delete_bucket_tagging
(**kwargs)¶Note
This action deletes an Amazon S3 on Outposts bucket's tags. To delete an S3 bucket tags, see DeleteBucketTagging in the Amazon S3 API Reference .
Deletes the tags from the Outposts bucket. For more information, see Using Amazon S3 on Outposts in Amazon S3 User Guide .
To use this action, you must have permission to perform the PutBucketTagging
action. By default, the bucket owner has this permission and can grant this permission to others.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id
to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control
. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id
derived by using the access point ARN, see the Examples section.
The following actions are related to DeleteBucketTagging
:
See also: AWS API Documentation
Request Syntax
response = client.delete_bucket_tagging(
AccountId='string',
Bucket='string'
)
[REQUIRED]
The Amazon Web Services account ID of the Outposts bucket tag set to be removed.
[REQUIRED]
The bucket ARN that has the tag set to be removed.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>
. For example, to access the bucket reports
through outpost my-outpost
owned by account 123456789012
in Region us-west-2
, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports
. The value must be URL encoded.
None
delete_job_tagging
(**kwargs)¶Removes the entire tag set from the specified S3 Batch Operations job. To use this operation, you must have permission to perform the s3:DeleteJobTagging
action. For more information, see Controlling access and labeling jobs using tags in the Amazon S3 User Guide .
Related actions include:
See also: AWS API Documentation
Request Syntax
response = client.delete_job_tagging(
AccountId='string',
JobId='string'
)
[REQUIRED]
The Amazon Web Services account ID associated with the S3 Batch Operations job.
[REQUIRED]
The ID for the S3 Batch Operations job whose tags you want to delete.
dict
Response Syntax
{}
Response Structure
Exceptions
S3Control.Client.exceptions.InternalServiceException
S3Control.Client.exceptions.TooManyRequestsException
S3Control.Client.exceptions.NotFoundException
delete_multi_region_access_point
(**kwargs)¶Deletes a Multi-Region Access Point. This action does not delete the buckets associated with the Multi-Region Access Point, only the Multi-Region Access Point itself.
This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around managing Multi-Region Access Points, see Managing Multi-Region Access Points in the Amazon S3 User Guide .
This request is asynchronous, meaning that you might receive a response before the command has completed. When this request provides a response, it provides a token that you can use to monitor the status of the request with DescribeMultiRegionAccessPointOperation
.
The following actions are related to DeleteMultiRegionAccessPoint
:
See also: AWS API Documentation
Request Syntax
response = client.delete_multi_region_access_point(
AccountId='string',
ClientToken='string',
Details={
'Name': 'string'
}
)
[REQUIRED]
The Amazon Web Services account ID for the owner of the Multi-Region Access Point.
[REQUIRED]
An idempotency token used to identify the request and guarantee that requests are unique.
This field is autopopulated if not provided.
[REQUIRED]
A container element containing details about the Multi-Region Access Point.
The name of the Multi-Region Access Point associated with this request.
dict
Response Syntax
{
'RequestTokenARN': 'string'
}
Response Structure
(dict) --
RequestTokenARN (string) --
The request token associated with the request. You can use this token with DescribeMultiRegionAccessPointOperation to determine the status of asynchronous requests.
delete_public_access_block
(**kwargs)¶Removes the PublicAccessBlock
configuration for an Amazon Web Services account. For more information, see Using Amazon S3 block public access .
Related actions include:
See also: AWS API Documentation
Request Syntax
response = client.delete_public_access_block(
AccountId='string'
)
[REQUIRED]
The account ID for the Amazon Web Services account whose PublicAccessBlock
configuration you want to remove.
delete_storage_lens_configuration
(**kwargs)¶Deletes the Amazon S3 Storage Lens configuration. For more information about S3 Storage Lens, see Assessing your storage activity and usage with Amazon S3 Storage Lens in the Amazon S3 User Guide .
Note
To use this action, you must have permission to perform the s3:DeleteStorageLensConfiguration
action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon S3 User Guide .
See also: AWS API Documentation
Request Syntax
response = client.delete_storage_lens_configuration(
ConfigId='string',
AccountId='string'
)
[REQUIRED]
The ID of the S3 Storage Lens configuration.
[REQUIRED]
The account ID of the requester.
None
delete_storage_lens_configuration_tagging
(**kwargs)¶Deletes the Amazon S3 Storage Lens configuration tags. For more information about S3 Storage Lens, see Assessing your storage activity and usage with Amazon S3 Storage Lens in the Amazon S3 User Guide .
Note
To use this action, you must have permission to perform the s3:DeleteStorageLensConfigurationTagging
action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon S3 User Guide .
See also: AWS API Documentation
Request Syntax
response = client.delete_storage_lens_configuration_tagging(
ConfigId='string',
AccountId='string'
)
[REQUIRED]
The ID of the S3 Storage Lens configuration.
[REQUIRED]
The account ID of the requester.
dict
Response Syntax
{}
Response Structure
describe_job
(**kwargs)¶Retrieves the configuration parameters and status for a Batch Operations job. For more information, see S3 Batch Operations in the Amazon S3 User Guide .
Related actions include:
See also: AWS API Documentation
Request Syntax
response = client.describe_job(
AccountId='string',
JobId='string'
)
[REQUIRED]
The Amazon Web Services account ID associated with the S3 Batch Operations job.
[REQUIRED]
The ID for the job whose information you want to retrieve.
dict
Response Syntax
{
'Job': {
'JobId': 'string',
'ConfirmationRequired': True|False,
'Description': 'string',
'JobArn': 'string',
'Status': 'Active'|'Cancelled'|'Cancelling'|'Complete'|'Completing'|'Failed'|'Failing'|'New'|'Paused'|'Pausing'|'Preparing'|'Ready'|'Suspended',
'Manifest': {
'Spec': {
'Format': 'S3BatchOperations_CSV_20180820'|'S3InventoryReport_CSV_20161130',
'Fields': [
'Ignore'|'Bucket'|'Key'|'VersionId',
]
},
'Location': {
'ObjectArn': 'string',
'ObjectVersionId': 'string',
'ETag': 'string'
}
},
'Operation': {
'LambdaInvoke': {
'FunctionArn': 'string'
},
'S3PutObjectCopy': {
'TargetResource': 'string',
'CannedAccessControlList': 'private'|'public-read'|'public-read-write'|'aws-exec-read'|'authenticated-read'|'bucket-owner-read'|'bucket-owner-full-control',
'AccessControlGrants': [
{
'Grantee': {
'TypeIdentifier': 'id'|'emailAddress'|'uri',
'Identifier': 'string',
'DisplayName': 'string'
},
'Permission': 'FULL_CONTROL'|'READ'|'WRITE'|'READ_ACP'|'WRITE_ACP'
},
],
'MetadataDirective': 'COPY'|'REPLACE',
'ModifiedSinceConstraint': datetime(2015, 1, 1),
'NewObjectMetadata': {
'CacheControl': 'string',
'ContentDisposition': 'string',
'ContentEncoding': 'string',
'ContentLanguage': 'string',
'UserMetadata': {
'string': 'string'
},
'ContentLength': 123,
'ContentMD5': 'string',
'ContentType': 'string',
'HttpExpiresDate': datetime(2015, 1, 1),
'RequesterCharged': True|False,
'SSEAlgorithm': 'AES256'|'KMS'
},
'NewObjectTagging': [
{
'Key': 'string',
'Value': 'string'
},
],
'RedirectLocation': 'string',
'RequesterPays': True|False,
'StorageClass': 'STANDARD'|'STANDARD_IA'|'ONEZONE_IA'|'GLACIER'|'INTELLIGENT_TIERING'|'DEEP_ARCHIVE'|'GLACIER_IR',
'UnModifiedSinceConstraint': datetime(2015, 1, 1),
'SSEAwsKmsKeyId': 'string',
'TargetKeyPrefix': 'string',
'ObjectLockLegalHoldStatus': 'OFF'|'ON',
'ObjectLockMode': 'COMPLIANCE'|'GOVERNANCE',
'ObjectLockRetainUntilDate': datetime(2015, 1, 1),
'BucketKeyEnabled': True|False,
'ChecksumAlgorithm': 'CRC32'|'CRC32C'|'SHA1'|'SHA256'
},
'S3PutObjectAcl': {
'AccessControlPolicy': {
'AccessControlList': {
'Owner': {
'ID': 'string',
'DisplayName': 'string'
},
'Grants': [
{
'Grantee': {
'TypeIdentifier': 'id'|'emailAddress'|'uri',
'Identifier': 'string',
'DisplayName': 'string'
},
'Permission': 'FULL_CONTROL'|'READ'|'WRITE'|'READ_ACP'|'WRITE_ACP'
},
]
},
'CannedAccessControlList': 'private'|'public-read'|'public-read-write'|'aws-exec-read'|'authenticated-read'|'bucket-owner-read'|'bucket-owner-full-control'
}
},
'S3PutObjectTagging': {
'TagSet': [
{
'Key': 'string',
'Value': 'string'
},
]
},
'S3DeleteObjectTagging': {},
'S3InitiateRestoreObject': {
'ExpirationInDays': 123,
'GlacierJobTier': 'BULK'|'STANDARD'
},
'S3PutObjectLegalHold': {
'LegalHold': {
'Status': 'OFF'|'ON'
}
},
'S3PutObjectRetention': {
'BypassGovernanceRetention': True|False,
'Retention': {
'RetainUntilDate': datetime(2015, 1, 1),
'Mode': 'COMPLIANCE'|'GOVERNANCE'
}
},
'S3ReplicateObject': {}
},
'Priority': 123,
'ProgressSummary': {
'TotalNumberOfTasks': 123,
'NumberOfTasksSucceeded': 123,
'NumberOfTasksFailed': 123,
'Timers': {
'ElapsedTimeInActiveSeconds': 123
}
},
'StatusUpdateReason': 'string',
'FailureReasons': [
{
'FailureCode': 'string',
'FailureReason': 'string'
},
],
'Report': {
'Bucket': 'string',
'Format': 'Report_CSV_20180820',
'Enabled': True|False,
'Prefix': 'string',
'ReportScope': 'AllTasks'|'FailedTasksOnly'
},
'CreationTime': datetime(2015, 1, 1),
'TerminationDate': datetime(2015, 1, 1),
'RoleArn': 'string',
'SuspendedDate': datetime(2015, 1, 1),
'SuspendedCause': 'string',
'ManifestGenerator': {
'S3JobManifestGenerator': {
'ExpectedBucketOwner': 'string',
'SourceBucket': 'string',
'ManifestOutputLocation': {
'ExpectedManifestBucketOwner': 'string',
'Bucket': 'string',
'ManifestPrefix': 'string',
'ManifestEncryption': {
'SSES3': {},
'SSEKMS': {
'KeyId': 'string'
}
},
'ManifestFormat': 'S3InventoryReport_CSV_20211130'
},
'Filter': {
'EligibleForReplication': True|False,
'CreatedAfter': datetime(2015, 1, 1),
'CreatedBefore': datetime(2015, 1, 1),
'ObjectReplicationStatuses': [
'COMPLETED'|'FAILED'|'REPLICA'|'NONE',
]
},
'EnableManifestOutput': True|False
}
},
'GeneratedManifestDescriptor': {
'Format': 'S3InventoryReport_CSV_20211130',
'Location': {
'ObjectArn': 'string',
'ObjectVersionId': 'string',
'ETag': 'string'
}
}
}
}
Response Structure
(dict) --
Job (dict) --
Contains the configuration parameters and status for the job specified in the Describe Job
request.
JobId (string) --
The ID for the specified job.
ConfirmationRequired (boolean) --
Indicates whether confirmation is required before Amazon S3 begins running the specified job. Confirmation is required only for jobs created through the Amazon S3 console.
Description (string) --
The description for this job, if one was provided in this job's Create Job
request.
JobArn (string) --
The Amazon Resource Name (ARN) for this job.
Status (string) --
The current status of the specified job.
Manifest (dict) --
The configuration information for the specified job's manifest object.
Spec (dict) --
Describes the format of the specified job's manifest. If the manifest is in CSV format, also describes the columns contained within the manifest.
Format (string) --
Indicates which of the available formats the specified manifest uses.
Fields (list) --
If the specified manifest object is in the S3BatchOperations_CSV_20180820
format, this element describes which columns contain the required data.
Location (dict) --
Contains the information required to locate the specified job's manifest.
ObjectArn (string) --
The Amazon Resource Name (ARN) for a manifest object.
Warning
Replacement must be made for object keys containing special characters (such as carriage returns) when using XML requests. For more information, see XML related object key constraints .
ObjectVersionId (string) --
The optional version ID to identify a specific version of the manifest object.
ETag (string) --
The ETag for the specified manifest object.
Operation (dict) --
The operation that the specified job is configured to run on the objects listed in the manifest.
LambdaInvoke (dict) --
Directs the specified job to invoke an Lambda function on every object in the manifest.
FunctionArn (string) --
The Amazon Resource Name (ARN) for the Lambda function that the specified job will invoke on every object in the manifest.
S3PutObjectCopy (dict) --
Directs the specified job to run a PUT Copy object call on every object in the manifest.
TargetResource (string) --
Specifies the destination bucket ARN for the batch copy operation. For example, to copy objects to a bucket named "destinationBucket", set the TargetResource to "arn:aws:s3:::destinationBucket".
CannedAccessControlList (string) --
AccessControlGrants (list) --
MetadataDirective (string) --
ModifiedSinceConstraint (datetime) --
NewObjectMetadata (dict) --
If you don't provide this parameter, Amazon S3 copies all the metadata from the original objects. If you specify an empty set, the new objects will have no tags. Otherwise, Amazon S3 assigns the supplied tags to the new objects.
NewObjectTagging (list) --
RedirectLocation (string) --
Specifies an optional metadata property for website redirects, x-amz-website-redirect-location
. Allows webpage redirects if the object is accessed through a website endpoint.
RequesterPays (boolean) --
StorageClass (string) --
UnModifiedSinceConstraint (datetime) --
SSEAwsKmsKeyId (string) --
TargetKeyPrefix (string) --
Specifies the folder prefix into which you would like the objects to be copied. For example, to copy objects into a folder named Folder1
in the destination bucket, set the TargetKeyPrefix to Folder1
.
ObjectLockLegalHoldStatus (string) --
The legal hold status to be applied to all objects in the Batch Operations job.
ObjectLockMode (string) --
The retention mode to be applied to all objects in the Batch Operations job.
ObjectLockRetainUntilDate (datetime) --
The date when the applied object retention configuration expires on all objects in the Batch Operations job.
BucketKeyEnabled (boolean) --
Specifies whether Amazon S3 should use an S3 Bucket Key for object encryption with server-side encryption using Amazon Web Services KMS (SSE-KMS). Setting this header to true
causes Amazon S3 to use an S3 Bucket Key for object encryption with SSE-KMS.
Specifying this header with an object action doesn’t affect bucket-level settings for S3 Bucket Key.
ChecksumAlgorithm (string) --
Indicates the algorithm you want Amazon S3 to use to create the checksum. For more information see Checking object integrity in the Amazon S3 User Guide .
S3PutObjectAcl (dict) --
Directs the specified job to run a PUT Object acl call on every object in the manifest.
S3PutObjectTagging (dict) --
Directs the specified job to run a PUT Object tagging call on every object in the manifest.
S3DeleteObjectTagging (dict) --
Directs the specified job to execute a DELETE Object tagging call on every object in the manifest.
S3InitiateRestoreObject (dict) --
Directs the specified job to initiate restore requests for every archived object in the manifest.
ExpirationInDays (integer) --
This argument specifies how long the S3 Glacier or S3 Glacier Deep Archive object remains available in Amazon S3. S3 Initiate Restore Object jobs that target S3 Glacier and S3 Glacier Deep Archive objects require ExpirationInDays
set to 1 or greater.
Conversely, do not set ExpirationInDays
when creating S3 Initiate Restore Object jobs that target S3 Intelligent-Tiering Archive Access and Deep Archive Access tier objects. Objects in S3 Intelligent-Tiering archive access tiers are not subject to restore expiry, so specifying ExpirationInDays
results in restore request failure.
S3 Batch Operations jobs can operate either on S3 Glacier and S3 Glacier Deep Archive storage class objects or on S3 Intelligent-Tiering Archive Access and Deep Archive Access storage tier objects, but not both types in the same job. If you need to restore objects of both types you must create separate Batch Operations jobs.
GlacierJobTier (string) --
S3 Batch Operations supports STANDARD
and BULK
retrieval tiers, but not the EXPEDITED
retrieval tier.
S3PutObjectLegalHold (dict) --
Contains the configuration for an S3 Object Lock legal hold operation that an S3 Batch Operations job passes every object to the underlying PutObjectLegalHold
API. For more information, see Using S3 Object Lock legal hold with S3 Batch Operations in the Amazon S3 User Guide .
LegalHold (dict) --
Contains the Object Lock legal hold status to be applied to all objects in the Batch Operations job.
Status (string) --
The Object Lock legal hold status to be applied to all objects in the Batch Operations job.
S3PutObjectRetention (dict) --
Contains the configuration parameters for the Object Lock retention action for an S3 Batch Operations job. Batch Operations passes every object to the underlying PutObjectRetention
API. For more information, see Using S3 Object Lock retention with S3 Batch Operations in the Amazon S3 User Guide .
BypassGovernanceRetention (boolean) --
Indicates if the action should be applied to objects in the Batch Operations job even if they have Object Lock GOVERNANCE
type in place.
Retention (dict) --
Contains the Object Lock retention mode to be applied to all objects in the Batch Operations job. For more information, see Using S3 Object Lock retention with S3 Batch Operations in the Amazon S3 User Guide .
RetainUntilDate (datetime) --
The date when the applied Object Lock retention will expire on all objects set by the Batch Operations job.
Mode (string) --
The Object Lock retention mode to be applied to all objects in the Batch Operations job.
S3ReplicateObject (dict) --
Directs the specified job to invoke ReplicateObject
on every object in the job's manifest.
Priority (integer) --
The priority of the specified job.
ProgressSummary (dict) --
Describes the total number of tasks that the specified job has run, the number of tasks that succeeded, and the number of tasks that failed.
TotalNumberOfTasks (integer) --
NumberOfTasksSucceeded (integer) --
NumberOfTasksFailed (integer) --
Timers (dict) --
The JobTimers attribute of a job's progress summary.
ElapsedTimeInActiveSeconds (integer) --
Indicates the elapsed time in seconds the job has been in the Active job state.
StatusUpdateReason (string) --
The reason for updating the job.
FailureReasons (list) --
If the specified job failed, this field contains information describing the failure.
(dict) --
If this job failed, this element indicates why the job failed.
FailureCode (string) --
The failure code, if any, for the specified job.
FailureReason (string) --
The failure reason, if any, for the specified job.
Report (dict) --
Contains the configuration information for the job-completion report if you requested one in the Create Job
request.
Bucket (string) --
The Amazon Resource Name (ARN) for the bucket where specified job-completion report will be stored.
Format (string) --
The format of the specified job-completion report.
Enabled (boolean) --
Indicates whether the specified job will generate a job-completion report.
Prefix (string) --
An optional prefix to describe where in the specified bucket the job-completion report will be stored. Amazon S3 stores the job-completion report at <prefix>/job-<job-id>/report.json
.
ReportScope (string) --
Indicates whether the job-completion report will include details of all tasks or only failed tasks.
CreationTime (datetime) --
A timestamp indicating when this job was created.
TerminationDate (datetime) --
A timestamp indicating when this job terminated. A job's termination date is the date and time when it succeeded, failed, or was canceled.
RoleArn (string) --
The Amazon Resource Name (ARN) for the Identity and Access Management (IAM) role assigned to run the tasks for this job.
SuspendedDate (datetime) --
The timestamp when this job was suspended, if it has been suspended.
SuspendedCause (string) --
The reason why the specified job was suspended. A job is only suspended if you create it through the Amazon S3 console. When you create the job, it enters the Suspended
state to await confirmation before running. After you confirm the job, it automatically exits the Suspended
state.
ManifestGenerator (dict) --
The manifest generator that was used to generate a job manifest for this job.
Note
This is a Tagged Union structure. Only one of the following top level keys will be set: S3JobManifestGenerator
. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER
as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER
is as follows:
'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
S3JobManifestGenerator (dict) --
The S3 job ManifestGenerator's configuration details.
ExpectedBucketOwner (string) --
The Amazon Web Services account ID that owns the bucket the generated manifest is written to. If provided the generated manifest bucket's owner Amazon Web Services account ID must match this value, else the job fails.
SourceBucket (string) --
The source bucket used by the ManifestGenerator.
ManifestOutputLocation (dict) --
Specifies the location the generated manifest will be written to.
ExpectedManifestBucketOwner (string) --
The Account ID that owns the bucket the generated manifest is written to.
Bucket (string) --
The bucket ARN the generated manifest should be written to.
ManifestPrefix (string) --
Prefix identifying one or more objects to which the manifest applies.
ManifestEncryption (dict) --
Specifies what encryption should be used when the generated manifest objects are written.
SSES3 (dict) --
Specifies the use of SSE-S3 to encrypt generated manifest objects.
SSEKMS (dict) --
Configuration details on how SSE-KMS is used to encrypt generated manifest objects.
KeyId (string) --
Specifies the ID of the Amazon Web Services Key Management Service (Amazon Web Services KMS) symmetric encryption customer managed key to use for encrypting generated manifest objects.
ManifestFormat (string) --
The format of the generated manifest.
Filter (dict) --
Specifies rules the S3JobManifestGenerator should use to use to decide whether an object in the source bucket should or should not be included in the generated job manifest.
EligibleForReplication (boolean) --
Include objects in the generated manifest only if they are eligible for replication according to the Replication configuration on the source bucket.
CreatedAfter (datetime) --
If provided, the generated manifest should include only source bucket objects that were created after this time.
CreatedBefore (datetime) --
If provided, the generated manifest should include only source bucket objects that were created before this time.
ObjectReplicationStatuses (list) --
If provided, the generated manifest should include only source bucket objects that have one of the specified Replication statuses.
EnableManifestOutput (boolean) --
Determines whether or not to write the job's generated manifest to a bucket.
GeneratedManifestDescriptor (dict) --
The attribute of the JobDescriptor containing details about the job's generated manifest.
Format (string) --
The format of the generated manifest.
Location (dict) --
Contains the information required to locate a manifest object.
ObjectArn (string) --
The Amazon Resource Name (ARN) for a manifest object.
Warning
Replacement must be made for object keys containing special characters (such as carriage returns) when using XML requests. For more information, see XML related object key constraints .
ObjectVersionId (string) --
The optional version ID to identify a specific version of the manifest object.
ETag (string) --
The ETag for the specified manifest object.
Exceptions
S3Control.Client.exceptions.BadRequestException
S3Control.Client.exceptions.TooManyRequestsException
S3Control.Client.exceptions.NotFoundException
S3Control.Client.exceptions.InternalServiceException
describe_multi_region_access_point_operation
(**kwargs)¶Retrieves the status of an asynchronous request to manage a Multi-Region Access Point. For more information about managing Multi-Region Access Points and how asynchronous requests work, see Managing Multi-Region Access Points in the Amazon S3 User Guide .
The following actions are related to GetMultiRegionAccessPoint
:
See also: AWS API Documentation
Request Syntax
response = client.describe_multi_region_access_point_operation(
AccountId='string',
RequestTokenARN='string'
)
[REQUIRED]
The Amazon Web Services account ID for the owner of the Multi-Region Access Point.
[REQUIRED]
The request token associated with the request you want to know about. This request token is returned as part of the response when you make an asynchronous request. You provide this token to query about the status of the asynchronous action.
dict
Response Syntax
{
'AsyncOperation': {
'CreationTime': datetime(2015, 1, 1),
'Operation': 'CreateMultiRegionAccessPoint'|'DeleteMultiRegionAccessPoint'|'PutMultiRegionAccessPointPolicy',
'RequestTokenARN': 'string',
'RequestParameters': {
'CreateMultiRegionAccessPointRequest': {
'Name': 'string',
'PublicAccessBlock': {
'BlockPublicAcls': True|False,
'IgnorePublicAcls': True|False,
'BlockPublicPolicy': True|False,
'RestrictPublicBuckets': True|False
},
'Regions': [
{
'Bucket': 'string'
},
]
},
'DeleteMultiRegionAccessPointRequest': {
'Name': 'string'
},
'PutMultiRegionAccessPointPolicyRequest': {
'Name': 'string',
'Policy': 'string'
}
},
'RequestStatus': 'string',
'ResponseDetails': {
'MultiRegionAccessPointDetails': {
'Regions': [
{
'Name': 'string',
'RequestStatus': 'string'
},
]
},
'ErrorDetails': {
'Code': 'string',
'Message': 'string',
'Resource': 'string',
'RequestId': 'string'
}
}
}
}
Response Structure
(dict) --
AsyncOperation (dict) --
A container element containing the details of the asynchronous operation.
CreationTime (datetime) --
The time that the request was sent to the service.
Operation (string) --
The specific operation for the asynchronous request.
RequestTokenARN (string) --
The request token associated with the request.
RequestParameters (dict) --
The parameters associated with the request.
CreateMultiRegionAccessPointRequest (dict) --
A container of the parameters for a CreateMultiRegionAccessPoint request.
Name (string) --
The name of the Multi-Region Access Point associated with this request.
PublicAccessBlock (dict) --
The PublicAccessBlock
configuration that you want to apply to this Amazon S3 account. You can enable the configuration options in any combination. For more information about when Amazon S3 considers a bucket or object public, see The Meaning of "Public" in the Amazon S3 User Guide .
This is not supported for Amazon S3 on Outposts.
BlockPublicAcls (boolean) --
Specifies whether Amazon S3 should block public access control lists (ACLs) for buckets in this account. Setting this element to TRUE
causes the following behavior:
Enabling this setting doesn't affect existing policies or ACLs.
This is not supported for Amazon S3 on Outposts.
IgnorePublicAcls (boolean) --
Specifies whether Amazon S3 should ignore public ACLs for buckets in this account. Setting this element to TRUE
causes Amazon S3 to ignore all public ACLs on buckets in this account and any objects that they contain.
Enabling this setting doesn't affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set.
This is not supported for Amazon S3 on Outposts.
BlockPublicPolicy (boolean) --
Specifies whether Amazon S3 should block public bucket policies for buckets in this account. Setting this element to TRUE
causes Amazon S3 to reject calls to PUT Bucket policy if the specified bucket policy allows public access.
Enabling this setting doesn't affect existing bucket policies.
This is not supported for Amazon S3 on Outposts.
RestrictPublicBuckets (boolean) --
Specifies whether Amazon S3 should restrict public bucket policies for buckets in this account. Setting this element to TRUE
restricts access to buckets with public policies to only Amazon Web Service principals and authorized users within this account.
Enabling this setting doesn't affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked.
This is not supported for Amazon S3 on Outposts.
Regions (list) --
The buckets in different Regions that are associated with the Multi-Region Access Point.
(dict) --
A Region that supports a Multi-Region Access Point as well as the associated bucket for the Region.
Bucket (string) --
The name of the associated bucket for the Region.
DeleteMultiRegionAccessPointRequest (dict) --
A container of the parameters for a DeleteMultiRegionAccessPoint request.
Name (string) --
The name of the Multi-Region Access Point associated with this request.
PutMultiRegionAccessPointPolicyRequest (dict) --
A container of the parameters for a PutMultiRegionAccessPoint request.
Name (string) --
The name of the Multi-Region Access Point associated with the request.
Policy (string) --
The policy details for the PutMultiRegionAccessPoint
request.
RequestStatus (string) --
The current status of the request.
ResponseDetails (dict) --
The details of the response.
MultiRegionAccessPointDetails (dict) --
The details for the Multi-Region Access Point.
Regions (list) --
A collection of status information for the different Regions that a Multi-Region Access Point supports.
(dict) --
Status information for a single Multi-Region Access Point Region.
Name (string) --
The name of the Region in the Multi-Region Access Point.
RequestStatus (string) --
The current status of the Multi-Region Access Point in this Region.
ErrorDetails (dict) --
Error details for an asynchronous request.
Code (string) --
A string that uniquely identifies the error condition.
Message (string) --
A generic description of the error condition in English.
Resource (string) --
The identifier of the resource associated with the error.
RequestId (string) --
The ID of the request associated with the error.
get_access_point
(**kwargs)¶Returns configuration information about the specified access point.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id
to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control
. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id
derived by using the access point ARN, see the Examples section.
The following actions are related to GetAccessPoint
:
See also: AWS API Documentation
Request Syntax
response = client.get_access_point(
AccountId='string',
Name='string'
)
[REQUIRED]
The account ID for the account that owns the specified access point.
[REQUIRED]
The name of the access point whose configuration information you want to retrieve.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the access point accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/accesspoint/<my-accesspoint-name>
. For example, to access the access point reports-ap
through outpost my-outpost
owned by account 123456789012
in Region us-west-2
, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/accesspoint/reports-ap
. The value must be URL encoded.
dict
Response Syntax
{
'Name': 'string',
'Bucket': 'string',
'NetworkOrigin': 'Internet'|'VPC',
'VpcConfiguration': {
'VpcId': 'string'
},
'PublicAccessBlockConfiguration': {
'BlockPublicAcls': True|False,
'IgnorePublicAcls': True|False,
'BlockPublicPolicy': True|False,
'RestrictPublicBuckets': True|False
},
'CreationDate': datetime(2015, 1, 1),
'Alias': 'string',
'AccessPointArn': 'string',
'Endpoints': {
'string': 'string'
}
}
Response Structure
(dict) --
Name (string) --
The name of the specified access point.
Bucket (string) --
The name of the bucket associated with the specified access point.
NetworkOrigin (string) --
Indicates whether this access point allows access from the public internet. If VpcConfiguration
is specified for this access point, then NetworkOrigin
is VPC
, and the access point doesn't allow access from the public internet. Otherwise, NetworkOrigin
is Internet
, and the access point allows access from the public internet, subject to the access point and bucket access policies.
This will always be true for an Amazon S3 on Outposts access point
VpcConfiguration (dict) --
Contains the virtual private cloud (VPC) configuration for the specified access point.
Note
This element is empty if this access point is an Amazon S3 on Outposts access point that is used by other Amazon Web Services.
VpcId (string) --
If this field is specified, this access point will only allow connections from the specified VPC ID.
PublicAccessBlockConfiguration (dict) --
The PublicAccessBlock
configuration that you want to apply to this Amazon S3 account. You can enable the configuration options in any combination. For more information about when Amazon S3 considers a bucket or object public, see The Meaning of "Public" in the Amazon S3 User Guide .
This is not supported for Amazon S3 on Outposts.
BlockPublicAcls (boolean) --
Specifies whether Amazon S3 should block public access control lists (ACLs) for buckets in this account. Setting this element to TRUE
causes the following behavior:
Enabling this setting doesn't affect existing policies or ACLs.
This is not supported for Amazon S3 on Outposts.
IgnorePublicAcls (boolean) --
Specifies whether Amazon S3 should ignore public ACLs for buckets in this account. Setting this element to TRUE
causes Amazon S3 to ignore all public ACLs on buckets in this account and any objects that they contain.
Enabling this setting doesn't affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set.
This is not supported for Amazon S3 on Outposts.
BlockPublicPolicy (boolean) --
Specifies whether Amazon S3 should block public bucket policies for buckets in this account. Setting this element to TRUE
causes Amazon S3 to reject calls to PUT Bucket policy if the specified bucket policy allows public access.
Enabling this setting doesn't affect existing bucket policies.
This is not supported for Amazon S3 on Outposts.
RestrictPublicBuckets (boolean) --
Specifies whether Amazon S3 should restrict public bucket policies for buckets in this account. Setting this element to TRUE
restricts access to buckets with public policies to only Amazon Web Service principals and authorized users within this account.
Enabling this setting doesn't affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked.
This is not supported for Amazon S3 on Outposts.
CreationDate (datetime) --
The date and time when the specified access point was created.
Alias (string) --
The name or alias of the access point.
AccessPointArn (string) --
The ARN of the access point.
Endpoints (dict) --
The VPC endpoint for the access point.
get_access_point_configuration_for_object_lambda
(**kwargs)¶Returns configuration for an Object Lambda Access Point.
The following actions are related to GetAccessPointConfigurationForObjectLambda
:
See also: AWS API Documentation
Request Syntax
response = client.get_access_point_configuration_for_object_lambda(
AccountId='string',
Name='string'
)
[REQUIRED]
The account ID for the account that owns the specified Object Lambda Access Point.
[REQUIRED]
The name of the Object Lambda Access Point you want to return the configuration for.
dict
Response Syntax
{
'Configuration': {
'SupportingAccessPoint': 'string',
'CloudWatchMetricsEnabled': True|False,
'AllowedFeatures': [
'GetObject-Range'|'GetObject-PartNumber'|'HeadObject-Range'|'HeadObject-PartNumber',
],
'TransformationConfigurations': [
{
'Actions': [
'GetObject'|'HeadObject'|'ListObjects'|'ListObjectsV2',
],
'ContentTransformation': {
'AwsLambda': {
'FunctionArn': 'string',
'FunctionPayload': 'string'
}
}
},
]
}
}
Response Structure
(dict) --
Configuration (dict) --
Object Lambda Access Point configuration document.
SupportingAccessPoint (string) --
Standard access point associated with the Object Lambda Access Point.
CloudWatchMetricsEnabled (boolean) --
A container for whether the CloudWatch metrics configuration is enabled.
AllowedFeatures (list) --
A container for allowed features. Valid inputs are GetObject-Range
, GetObject-PartNumber
, HeadObject-Range
, and HeadObject-PartNumber
.
TransformationConfigurations (list) --
A container for transformation configurations for an Object Lambda Access Point.
(dict) --
A configuration used when creating an Object Lambda Access Point transformation.
Actions (list) --
A container for the action of an Object Lambda Access Point configuration. Valid inputs are GetObject
, ListObjects
, HeadObject
, and ListObjectsV2
.
ContentTransformation (dict) --
A container for the content transformation of an Object Lambda Access Point configuration.
Note
This is a Tagged Union structure. Only one of the following top level keys will be set: AwsLambda
. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER
as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER
is as follows:
'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
AwsLambda (dict) --
A container for an Lambda function.
FunctionArn (string) --
The Amazon Resource Name (ARN) of the Lambda function.
FunctionPayload (string) --
Additional JSON that provides supplemental data to the Lambda function used to transform objects.
get_access_point_for_object_lambda
(**kwargs)¶Returns configuration information about the specified Object Lambda Access Point
The following actions are related to GetAccessPointForObjectLambda
:
See also: AWS API Documentation
Request Syntax
response = client.get_access_point_for_object_lambda(
AccountId='string',
Name='string'
)
[REQUIRED]
The account ID for the account that owns the specified Object Lambda Access Point.
[REQUIRED]
The name of the Object Lambda Access Point.
dict
Response Syntax
{
'Name': 'string',
'PublicAccessBlockConfiguration': {
'BlockPublicAcls': True|False,
'IgnorePublicAcls': True|False,
'BlockPublicPolicy': True|False,
'RestrictPublicBuckets': True|False
},
'CreationDate': datetime(2015, 1, 1)
}
Response Structure
(dict) --
Name (string) --
The name of the Object Lambda Access Point.
PublicAccessBlockConfiguration (dict) --
Configuration to block all public access. This setting is turned on and can not be edited.
BlockPublicAcls (boolean) --
Specifies whether Amazon S3 should block public access control lists (ACLs) for buckets in this account. Setting this element to TRUE
causes the following behavior:
Enabling this setting doesn't affect existing policies or ACLs.
This is not supported for Amazon S3 on Outposts.
IgnorePublicAcls (boolean) --
Specifies whether Amazon S3 should ignore public ACLs for buckets in this account. Setting this element to TRUE
causes Amazon S3 to ignore all public ACLs on buckets in this account and any objects that they contain.
Enabling this setting doesn't affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set.
This is not supported for Amazon S3 on Outposts.
BlockPublicPolicy (boolean) --
Specifies whether Amazon S3 should block public bucket policies for buckets in this account. Setting this element to TRUE
causes Amazon S3 to reject calls to PUT Bucket policy if the specified bucket policy allows public access.
Enabling this setting doesn't affect existing bucket policies.
This is not supported for Amazon S3 on Outposts.
RestrictPublicBuckets (boolean) --
Specifies whether Amazon S3 should restrict public bucket policies for buckets in this account. Setting this element to TRUE
restricts access to buckets with public policies to only Amazon Web Service principals and authorized users within this account.
Enabling this setting doesn't affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked.
This is not supported for Amazon S3 on Outposts.
CreationDate (datetime) --
The date and time when the specified Object Lambda Access Point was created.
get_access_point_policy
(**kwargs)¶Returns the access point policy associated with the specified access point.
The following actions are related to GetAccessPointPolicy
:
See also: AWS API Documentation
Request Syntax
response = client.get_access_point_policy(
AccountId='string',
Name='string'
)
[REQUIRED]
The account ID for the account that owns the specified access point.
[REQUIRED]
The name of the access point whose policy you want to retrieve.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the access point accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/accesspoint/<my-accesspoint-name>
. For example, to access the access point reports-ap
through outpost my-outpost
owned by account 123456789012
in Region us-west-2
, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/accesspoint/reports-ap
. The value must be URL encoded.
dict
Response Syntax
{
'Policy': 'string'
}
Response Structure
(dict) --
Policy (string) --
The access point policy associated with the specified access point.
get_access_point_policy_for_object_lambda
(**kwargs)¶Returns the resource policy for an Object Lambda Access Point.
The following actions are related to GetAccessPointPolicyForObjectLambda
:
See also: AWS API Documentation
Request Syntax
response = client.get_access_point_policy_for_object_lambda(
AccountId='string',
Name='string'
)
[REQUIRED]
The account ID for the account that owns the specified Object Lambda Access Point.
[REQUIRED]
The name of the Object Lambda Access Point.
dict
Response Syntax
{
'Policy': 'string'
}
Response Structure
(dict) --
Policy (string) --
Object Lambda Access Point resource policy document.
get_access_point_policy_status
(**kwargs)¶Indicates whether the specified access point currently has a policy that allows public access. For more information about public access through access points, see Managing Data Access with Amazon S3 access points in the Amazon S3 User Guide .
See also: AWS API Documentation
Request Syntax
response = client.get_access_point_policy_status(
AccountId='string',
Name='string'
)
[REQUIRED]
The account ID for the account that owns the specified access point.
[REQUIRED]
The name of the access point whose policy status you want to retrieve.
dict
Response Syntax
{
'PolicyStatus': {
'IsPublic': True|False
}
}
Response Structure
(dict) --
PolicyStatus (dict) --
Indicates the current policy status of the specified access point.
get_access_point_policy_status_for_object_lambda
(**kwargs)¶Returns the status of the resource policy associated with an Object Lambda Access Point.
See also: AWS API Documentation
Request Syntax
response = client.get_access_point_policy_status_for_object_lambda(
AccountId='string',
Name='string'
)
[REQUIRED]
The account ID for the account that owns the specified Object Lambda Access Point.
[REQUIRED]
The name of the Object Lambda Access Point.
dict
Response Syntax
{
'PolicyStatus': {
'IsPublic': True|False
}
}
Response Structure
(dict) --
PolicyStatus (dict) --
Indicates whether this access point policy is public. For more information about how Amazon S3 evaluates policies to determine whether they are public, see The Meaning of "Public" in the Amazon S3 User Guide .
get_bucket
(**kwargs)¶Gets an Amazon S3 on Outposts bucket. For more information, see Using Amazon S3 on Outposts in the Amazon S3 User Guide .
If you are using an identity other than the root user of the Amazon Web Services account that owns the Outposts bucket, the calling identity must have the s3-outposts:GetBucket
permissions on the specified Outposts bucket and belong to the Outposts bucket owner's account in order to use this action. Only users from Outposts bucket owner account with the right permissions can perform actions on an Outposts bucket.
If you don't have s3-outposts:GetBucket
permissions or you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 403 Access Denied
error.
The following actions are related to GetBucket
for Amazon S3 on Outposts:
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id
to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control
. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id
derived by using the access point ARN, see the Examples section.
See also: AWS API Documentation
Request Syntax
response = client.get_bucket(
AccountId='string',
Bucket='string'
)
[REQUIRED]
The Amazon Web Services account ID of the Outposts bucket.
[REQUIRED]
Specifies the bucket.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>
. For example, to access the bucket reports
through outpost my-outpost
owned by account 123456789012
in Region us-west-2
, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports
. The value must be URL encoded.
dict
Response Syntax
{
'Bucket': 'string',
'PublicAccessBlockEnabled': True|False,
'CreationDate': datetime(2015, 1, 1)
}
Response Structure
(dict) --
Bucket (string) --
The Outposts bucket requested.
PublicAccessBlockEnabled (boolean) --
CreationDate (datetime) --
The creation date of the Outposts bucket.
get_bucket_lifecycle_configuration
(**kwargs)¶Note
This action gets an Amazon S3 on Outposts bucket's lifecycle configuration. To get an S3 bucket's lifecycle configuration, see GetBucketLifecycleConfiguration in the Amazon S3 API Reference .
Returns the lifecycle configuration information set on the Outposts bucket. For more information, see Using Amazon S3 on Outposts and for information about lifecycle configuration, see Object Lifecycle Management in Amazon S3 User Guide .
To use this action, you must have permission to perform the s3-outposts:GetLifecycleConfiguration
action. The Outposts bucket owner has this permission, by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources .
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id
to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control
. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id
derived by using the access point ARN, see the Examples section.
GetBucketLifecycleConfiguration
has the following special error:
NoSuchLifecycleConfiguration
The following actions are related to GetBucketLifecycleConfiguration
:
See also: AWS API Documentation
Request Syntax
response = client.get_bucket_lifecycle_configuration(
AccountId='string',
Bucket='string'
)
[REQUIRED]
The Amazon Web Services account ID of the Outposts bucket.
[REQUIRED]
The Amazon Resource Name (ARN) of the bucket.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>
. For example, to access the bucket reports
through outpost my-outpost
owned by account 123456789012
in Region us-west-2
, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports
. The value must be URL encoded.
dict
Response Syntax
{
'Rules': [
{
'Expiration': {
'Date': datetime(2015, 1, 1),
'Days': 123,
'ExpiredObjectDeleteMarker': True|False
},
'ID': 'string',
'Filter': {
'Prefix': 'string',
'Tag': {
'Key': 'string',
'Value': 'string'
},
'And': {
'Prefix': 'string',
'Tags': [
{
'Key': 'string',
'Value': 'string'
},
],
'ObjectSizeGreaterThan': 123,
'ObjectSizeLessThan': 123
},
'ObjectSizeGreaterThan': 123,
'ObjectSizeLessThan': 123
},
'Status': 'Enabled'|'Disabled',
'Transitions': [
{
'Date': datetime(2015, 1, 1),
'Days': 123,
'StorageClass': 'GLACIER'|'STANDARD_IA'|'ONEZONE_IA'|'INTELLIGENT_TIERING'|'DEEP_ARCHIVE'
},
],
'NoncurrentVersionTransitions': [
{
'NoncurrentDays': 123,
'StorageClass': 'GLACIER'|'STANDARD_IA'|'ONEZONE_IA'|'INTELLIGENT_TIERING'|'DEEP_ARCHIVE'
},
],
'NoncurrentVersionExpiration': {
'NoncurrentDays': 123,
'NewerNoncurrentVersions': 123
},
'AbortIncompleteMultipartUpload': {
'DaysAfterInitiation': 123
}
},
]
}
Response Structure
(dict) --
Rules (list) --
Container for the lifecycle rule of the Outposts bucket.
(dict) --
The container for the Outposts bucket lifecycle rule.
Expiration (dict) --
Specifies the expiration for the lifecycle of the object in the form of date, days and, whether the object has a delete marker.
Date (datetime) --
Indicates at what date the object is to be deleted. Should be in GMT ISO 8601 format.
Days (integer) --
Indicates the lifetime, in days, of the objects that are subject to the rule. The value must be a non-zero positive integer.
ExpiredObjectDeleteMarker (boolean) --
Indicates whether Amazon S3 will remove a delete marker with no noncurrent versions. If set to true, the delete marker will be expired. If set to false, the policy takes no action. This cannot be specified with Days or Date in a Lifecycle Expiration Policy.
ID (string) --
Unique identifier for the rule. The value cannot be longer than 255 characters.
Filter (dict) --
The container for the filter of lifecycle rule.
Prefix (string) --
Prefix identifying one or more objects to which the rule applies.
Warning
Replacement must be made for object keys containing special characters (such as carriage returns) when using XML requests. For more information, see XML related object key constraints .
Tag (dict) --
And (dict) --
The container for the AND
condition for the lifecycle rule.
Prefix (string) --
Prefix identifying one or more objects to which the rule applies.
Tags (list) --
All of these tags must exist in the object's tag set in order for the rule to apply.
ObjectSizeGreaterThan (integer) --
Minimum object size to which the rule applies.
ObjectSizeLessThan (integer) --
Maximum object size to which the rule applies.
ObjectSizeGreaterThan (integer) --
Minimum object size to which the rule applies.
ObjectSizeLessThan (integer) --
Maximum object size to which the rule applies.
Status (string) --
If 'Enabled', the rule is currently being applied. If 'Disabled', the rule is not currently being applied.
Transitions (list) --
Specifies when an Amazon S3 object transitions to a specified storage class.
Note
This is not supported by Amazon S3 on Outposts buckets.
(dict) --
Specifies when an object transitions to a specified storage class. For more information about Amazon S3 Lifecycle configuration rules, see Transitioning objects using Amazon S3 Lifecycle in the Amazon S3 User Guide .
Date (datetime) --
Indicates when objects are transitioned to the specified storage class. The date value must be in ISO 8601 format. The time is always midnight UTC.
Days (integer) --
Indicates the number of days after creation when objects are transitioned to the specified storage class. The value must be a positive integer.
StorageClass (string) --
The storage class to which you want the object to transition.
NoncurrentVersionTransitions (list) --
Specifies the transition rule for the lifecycle rule that describes when noncurrent objects transition to a specific storage class. If your bucket is versioning-enabled (or versioning is suspended), you can set this action to request that Amazon S3 transition noncurrent object versions to a specific storage class at a set period in the object's lifetime.
Note
This is not supported by Amazon S3 on Outposts buckets.
(dict) --
The container for the noncurrent version transition.
NoncurrentDays (integer) --
Specifies the number of days an object is noncurrent before Amazon S3 can perform the associated action. For information about the noncurrent days calculations, see How Amazon S3 Calculates How Long an Object Has Been Noncurrent in the Amazon S3 User Guide .
StorageClass (string) --
The class of storage used to store the object.
NoncurrentVersionExpiration (dict) --
The noncurrent version expiration of the lifecycle rule.
NoncurrentDays (integer) --
Specifies the number of days an object is noncurrent before Amazon S3 can perform the associated action. For information about the noncurrent days calculations, see How Amazon S3 Calculates When an Object Became Noncurrent in the Amazon S3 User Guide .
NewerNoncurrentVersions (integer) --
Specifies how many noncurrent versions S3 on Outposts will retain. If there are this many more recent noncurrent versions, S3 on Outposts will take the associated action. For more information about noncurrent versions, see Lifecycle configuration elements in the Amazon S3 User Guide .
AbortIncompleteMultipartUpload (dict) --
Specifies the days since the initiation of an incomplete multipart upload that Amazon S3 waits before permanently removing all parts of the upload. For more information, see Aborting Incomplete Multipart Uploads Using a Bucket Lifecycle Policy in the Amazon S3 User Guide .
DaysAfterInitiation (integer) --
Specifies the number of days after which Amazon S3 aborts an incomplete multipart upload to the Outposts bucket.
get_bucket_policy
(**kwargs)¶Note
This action gets a bucket policy for an Amazon S3 on Outposts bucket. To get a policy for an S3 bucket, see GetBucketPolicy in the Amazon S3 API Reference .
Returns the policy of a specified Outposts bucket. For more information, see Using Amazon S3 on Outposts in the Amazon S3 User Guide .
If you are using an identity other than the root user of the Amazon Web Services account that owns the bucket, the calling identity must have the GetBucketPolicy
permissions on the specified bucket and belong to the bucket owner's account in order to use this action.
Only users from Outposts bucket owner account with the right permissions can perform actions on an Outposts bucket. If you don't have s3-outposts:GetBucketPolicy
permissions or you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 403 Access Denied
error.
Warning
As a security precaution, the root user of the Amazon Web Services account that owns a bucket can always use this action, even if the policy explicitly denies the root user the ability to perform this action.
For more information about bucket policies, see Using Bucket Policies and User Policies .
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id
to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control
. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id
derived by using the access point ARN, see the Examples section.
The following actions are related to GetBucketPolicy
:
See also: AWS API Documentation
Request Syntax
response = client.get_bucket_policy(
AccountId='string',
Bucket='string'
)
[REQUIRED]
The Amazon Web Services account ID of the Outposts bucket.
[REQUIRED]
Specifies the bucket.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>
. For example, to access the bucket reports
through outpost my-outpost
owned by account 123456789012
in Region us-west-2
, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports
. The value must be URL encoded.
dict
Response Syntax
{
'Policy': 'string'
}
Response Structure
(dict) --
Policy (string) --
The policy of the Outposts bucket.
get_bucket_tagging
(**kwargs)¶Note
This action gets an Amazon S3 on Outposts bucket's tags. To get an S3 bucket tags, see GetBucketTagging in the Amazon S3 API Reference .
Returns the tag set associated with the Outposts bucket. For more information, see Using Amazon S3 on Outposts in the Amazon S3 User Guide .
To use this action, you must have permission to perform the GetBucketTagging
action. By default, the bucket owner has this permission and can grant this permission to others.
GetBucketTagging
has the following special error:
NoSuchTagSetError
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id
to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control
. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id
derived by using the access point ARN, see the Examples section.
The following actions are related to GetBucketTagging
:
See also: AWS API Documentation
Request Syntax
response = client.get_bucket_tagging(
AccountId='string',
Bucket='string'
)
[REQUIRED]
The Amazon Web Services account ID of the Outposts bucket.
[REQUIRED]
Specifies the bucket.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>
. For example, to access the bucket reports
through outpost my-outpost
owned by account 123456789012
in Region us-west-2
, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports
. The value must be URL encoded.
dict
Response Syntax
{
'TagSet': [
{
'Key': 'string',
'Value': 'string'
},
]
}
Response Structure
(dict) --
TagSet (list) --
The tags set of the Outposts bucket.
get_bucket_versioning
(**kwargs)¶Note
This operation returns the versioning state only for S3 on Outposts buckets. To return the versioning state for an S3 bucket, see GetBucketVersioning in the Amazon S3 API Reference .
Returns the versioning state for an S3 on Outposts bucket. With versioning, you can save multiple distinct copies of your data and recover from unintended user actions and application failures.
If you've never set versioning on your bucket, it has no versioning state. In that case, the GetBucketVersioning
request does not return a versioning state value.
For more information about versioning, see Versioning in the Amazon S3 User Guide .
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id
to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control
. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id
derived by using the access point ARN, see the Examples section.
The following operations are related to GetBucketVersioning
for S3 on Outposts.
See also: AWS API Documentation
Request Syntax
response = client.get_bucket_versioning(
AccountId='string',
Bucket='string'
)
[REQUIRED]
The Amazon Web Services account ID of the S3 on Outposts bucket.
[REQUIRED]
The S3 on Outposts bucket to return the versioning state for.
dict
Response Syntax
{
'Status': 'Enabled'|'Suspended',
'MFADelete': 'Enabled'|'Disabled'
}
Response Structure
(dict) --
Status (string) --
The versioning state of the S3 on Outposts bucket.
MFADelete (string) --
Specifies whether MFA delete is enabled in the bucket versioning configuration. This element is returned only if the bucket has been configured with MFA delete. If MFA delete has never been configured for the bucket, this element is not returned.
get_job_tagging
(**kwargs)¶Returns the tags on an S3 Batch Operations job. To use this operation, you must have permission to perform the s3:GetJobTagging
action. For more information, see Controlling access and labeling jobs using tags in the Amazon S3 User Guide .
Related actions include:
See also: AWS API Documentation
Request Syntax
response = client.get_job_tagging(
AccountId='string',
JobId='string'
)
[REQUIRED]
The Amazon Web Services account ID associated with the S3 Batch Operations job.
[REQUIRED]
The ID for the S3 Batch Operations job whose tags you want to retrieve.
dict
Response Syntax
{
'Tags': [
{
'Key': 'string',
'Value': 'string'
},
]
}
Response Structure
(dict) --
Tags (list) --
The set of tags associated with the S3 Batch Operations job.
Exceptions
S3Control.Client.exceptions.InternalServiceException
S3Control.Client.exceptions.TooManyRequestsException
S3Control.Client.exceptions.NotFoundException
get_multi_region_access_point
(**kwargs)¶Returns configuration information about the specified Multi-Region Access Point.
This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around managing Multi-Region Access Points, see Managing Multi-Region Access Points in the Amazon S3 User Guide .
The following actions are related to GetMultiRegionAccessPoint
:
See also: AWS API Documentation
Request Syntax
response = client.get_multi_region_access_point(
AccountId='string',
Name='string'
)
[REQUIRED]
The Amazon Web Services account ID for the owner of the Multi-Region Access Point.
[REQUIRED]
The name of the Multi-Region Access Point whose configuration information you want to receive. The name of the Multi-Region Access Point is different from the alias. For more information about the distinction between the name and the alias of an Multi-Region Access Point, see Managing Multi-Region Access Points in the Amazon S3 User Guide .
dict
Response Syntax
{
'AccessPoint': {
'Name': 'string',
'Alias': 'string',
'CreatedAt': datetime(2015, 1, 1),
'PublicAccessBlock': {
'BlockPublicAcls': True|False,
'IgnorePublicAcls': True|False,
'BlockPublicPolicy': True|False,
'RestrictPublicBuckets': True|False
},
'Status': 'READY'|'INCONSISTENT_ACROSS_REGIONS'|'CREATING'|'PARTIALLY_CREATED'|'PARTIALLY_DELETED'|'DELETING',
'Regions': [
{
'Bucket': 'string',
'Region': 'string'
},
]
}
}
Response Structure
(dict) --
AccessPoint (dict) --
A container element containing the details of the requested Multi-Region Access Point.
Name (string) --
The name of the Multi-Region Access Point.
Alias (string) --
The alias for the Multi-Region Access Point. For more information about the distinction between the name and the alias of an Multi-Region Access Point, see Managing Multi-Region Access Points .
CreatedAt (datetime) --
When the Multi-Region Access Point create request was received.
PublicAccessBlock (dict) --
The PublicAccessBlock
configuration that you want to apply to this Amazon S3 account. You can enable the configuration options in any combination. For more information about when Amazon S3 considers a bucket or object public, see The Meaning of "Public" in the Amazon S3 User Guide .
This is not supported for Amazon S3 on Outposts.
BlockPublicAcls (boolean) --
Specifies whether Amazon S3 should block public access control lists (ACLs) for buckets in this account. Setting this element to TRUE
causes the following behavior:
Enabling this setting doesn't affect existing policies or ACLs.
This is not supported for Amazon S3 on Outposts.
IgnorePublicAcls (boolean) --
Specifies whether Amazon S3 should ignore public ACLs for buckets in this account. Setting this element to TRUE
causes Amazon S3 to ignore all public ACLs on buckets in this account and any objects that they contain.
Enabling this setting doesn't affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set.
This is not supported for Amazon S3 on Outposts.
BlockPublicPolicy (boolean) --
Specifies whether Amazon S3 should block public bucket policies for buckets in this account. Setting this element to TRUE
causes Amazon S3 to reject calls to PUT Bucket policy if the specified bucket policy allows public access.
Enabling this setting doesn't affect existing bucket policies.
This is not supported for Amazon S3 on Outposts.
RestrictPublicBuckets (boolean) --
Specifies whether Amazon S3 should restrict public bucket policies for buckets in this account. Setting this element to TRUE
restricts access to buckets with public policies to only Amazon Web Service principals and authorized users within this account.
Enabling this setting doesn't affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked.
This is not supported for Amazon S3 on Outposts.
Status (string) --
The current status of the Multi-Region Access Point.
CREATING
andDELETING
are temporary states that exist while the request is propagating and being completed. If a Multi-Region Access Point has a status ofPARTIALLY_CREATED
, you can retry creation or send a request to delete the Multi-Region Access Point. If a Multi-Region Access Point has a status ofPARTIALLY_DELETED
, you can retry a delete request to finish the deletion of the Multi-Region Access Point.
Regions (list) --
A collection of the Regions and buckets associated with the Multi-Region Access Point.
(dict) --
A combination of a bucket and Region that's part of a Multi-Region Access Point.
Bucket (string) --
The name of the bucket.
Region (string) --
The name of the Region.
get_multi_region_access_point_policy
(**kwargs)¶Returns the access control policy of the specified Multi-Region Access Point.
This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around managing Multi-Region Access Points, see Managing Multi-Region Access Points in the Amazon S3 User Guide .
The following actions are related to GetMultiRegionAccessPointPolicy
:
See also: AWS API Documentation
Request Syntax
response = client.get_multi_region_access_point_policy(
AccountId='string',
Name='string'
)
[REQUIRED]
The Amazon Web Services account ID for the owner of the Multi-Region Access Point.
[REQUIRED]
Specifies the Multi-Region Access Point. The name of the Multi-Region Access Point is different from the alias. For more information about the distinction between the name and the alias of an Multi-Region Access Point, see Managing Multi-Region Access Points in the Amazon S3 User Guide .
dict
Response Syntax
{
'Policy': {
'Established': {
'Policy': 'string'
},
'Proposed': {
'Policy': 'string'
}
}
}
Response Structure
(dict) --
Policy (dict) --
The policy associated with the specified Multi-Region Access Point.
Established (dict) --
The last established policy for the Multi-Region Access Point.
Policy (string) --
The details of the last established policy.
Proposed (dict) --
The proposed policy for the Multi-Region Access Point.
Policy (string) --
The details of the proposed policy.
get_multi_region_access_point_policy_status
(**kwargs)¶Indicates whether the specified Multi-Region Access Point has an access control policy that allows public access.
This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around managing Multi-Region Access Points, see Managing Multi-Region Access Points in the Amazon S3 User Guide .
The following actions are related to GetMultiRegionAccessPointPolicyStatus
:
See also: AWS API Documentation
Request Syntax
response = client.get_multi_region_access_point_policy_status(
AccountId='string',
Name='string'
)
[REQUIRED]
The Amazon Web Services account ID for the owner of the Multi-Region Access Point.
[REQUIRED]
Specifies the Multi-Region Access Point. The name of the Multi-Region Access Point is different from the alias. For more information about the distinction between the name and the alias of an Multi-Region Access Point, see Managing Multi-Region Access Points in the Amazon S3 User Guide .
dict
Response Syntax
{
'Established': {
'IsPublic': True|False
}
}
Response Structure
(dict) --
Established (dict) --
Indicates whether this access point policy is public. For more information about how Amazon S3 evaluates policies to determine whether they are public, see The Meaning of "Public" in the Amazon S3 User Guide .
get_paginator
(operation_name)¶Create a paginator for an operation.
create_foo
, and you'd normally invoke the
operation as client.create_foo(**kwargs)
, if the
create_foo
operation can be paginated, you can use the
call client.get_paginator("create_foo")
.client.can_paginate
method to
check if an operation is pageable.get_public_access_block
(**kwargs)¶Retrieves the PublicAccessBlock
configuration for an Amazon Web Services account. For more information, see Using Amazon S3 block public access .
Related actions include:
See also: AWS API Documentation
Request Syntax
response = client.get_public_access_block(
AccountId='string'
)
[REQUIRED]
The account ID for the Amazon Web Services account whose PublicAccessBlock
configuration you want to retrieve.
{
'PublicAccessBlockConfiguration': {
'BlockPublicAcls': True|False,
'IgnorePublicAcls': True|False,
'BlockPublicPolicy': True|False,
'RestrictPublicBuckets': True|False
}
}
Response Structure
The PublicAccessBlock
configuration currently in effect for this Amazon Web Services account.
Specifies whether Amazon S3 should block public access control lists (ACLs) for buckets in this account. Setting this element to TRUE
causes the following behavior:
Enabling this setting doesn't affect existing policies or ACLs.
This is not supported for Amazon S3 on Outposts.
Specifies whether Amazon S3 should ignore public ACLs for buckets in this account. Setting this element to TRUE
causes Amazon S3 to ignore all public ACLs on buckets in this account and any objects that they contain.
Enabling this setting doesn't affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set.
This is not supported for Amazon S3 on Outposts.
Specifies whether Amazon S3 should block public bucket policies for buckets in this account. Setting this element to TRUE
causes Amazon S3 to reject calls to PUT Bucket policy if the specified bucket policy allows public access.
Enabling this setting doesn't affect existing bucket policies.
This is not supported for Amazon S3 on Outposts.
Specifies whether Amazon S3 should restrict public bucket policies for buckets in this account. Setting this element to TRUE
restricts access to buckets with public policies to only Amazon Web Service principals and authorized users within this account.
Enabling this setting doesn't affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked.
This is not supported for Amazon S3 on Outposts.
Exceptions
S3Control.Client.exceptions.NoSuchPublicAccessBlockConfiguration
get_storage_lens_configuration
(**kwargs)¶Gets the Amazon S3 Storage Lens configuration. For more information, see Assessing your storage activity and usage with Amazon S3 Storage Lens in the Amazon S3 User Guide .
Note
To use this action, you must have permission to perform the s3:GetStorageLensConfiguration
action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon S3 User Guide .
See also: AWS API Documentation
Request Syntax
response = client.get_storage_lens_configuration(
ConfigId='string',
AccountId='string'
)
[REQUIRED]
The ID of the Amazon S3 Storage Lens configuration.
[REQUIRED]
The account ID of the requester.
dict
Response Syntax
{
'StorageLensConfiguration': {
'Id': 'string',
'AccountLevel': {
'ActivityMetrics': {
'IsEnabled': True|False
},
'BucketLevel': {
'ActivityMetrics': {
'IsEnabled': True|False
},
'PrefixLevel': {
'StorageMetrics': {
'IsEnabled': True|False,
'SelectionCriteria': {
'Delimiter': 'string',
'MaxDepth': 123,
'MinStorageBytesPercentage': 123.0
}
}
}
}
},
'Include': {
'Buckets': [
'string',
],
'Regions': [
'string',
]
},
'Exclude': {
'Buckets': [
'string',
],
'Regions': [
'string',
]
},
'DataExport': {
'S3BucketDestination': {
'Format': 'CSV'|'Parquet',
'OutputSchemaVersion': 'V_1',
'AccountId': 'string',
'Arn': 'string',
'Prefix': 'string',
'Encryption': {
'SSES3': {},
'SSEKMS': {
'KeyId': 'string'
}
}
},
'CloudWatchMetrics': {
'IsEnabled': True|False
}
},
'IsEnabled': True|False,
'AwsOrg': {
'Arn': 'string'
},
'StorageLensArn': 'string'
}
}
Response Structure
(dict) --
StorageLensConfiguration (dict) --
The S3 Storage Lens configuration requested.
Id (string) --
A container for the Amazon S3 Storage Lens configuration ID.
AccountLevel (dict) --
A container for all the account-level configurations of your S3 Storage Lens configuration.
ActivityMetrics (dict) --
A container for the S3 Storage Lens activity metrics.
IsEnabled (boolean) --
A container for whether the activity metrics are enabled.
BucketLevel (dict) --
A container for the S3 Storage Lens bucket-level configuration.
ActivityMetrics (dict) --
A container for the bucket-level activity metrics for Amazon S3 Storage Lens
IsEnabled (boolean) --
A container for whether the activity metrics are enabled.
PrefixLevel (dict) --
A container for the bucket-level prefix-level metrics for S3 Storage Lens
StorageMetrics (dict) --
A container for the prefix-level storage metrics for S3 Storage Lens.
IsEnabled (boolean) --
A container for whether prefix-level storage metrics are enabled.
SelectionCriteria (dict) --
Delimiter (string) --
A container for the delimiter of the selection criteria being used.
MaxDepth (integer) --
The max depth of the selection criteria
MinStorageBytesPercentage (float) --
The minimum number of storage bytes percentage whose metrics will be selected.
Note
You must choose a value greater than or equal to 1.0
.
Include (dict) --
A container for what is included in this configuration. This container can only be valid if there is no Exclude
container submitted, and it's not empty.
Buckets (list) --
A container for the S3 Storage Lens bucket includes.
Regions (list) --
A container for the S3 Storage Lens Region includes.
Exclude (dict) --
A container for what is excluded in this configuration. This container can only be valid if there is no Include
container submitted, and it's not empty.
Buckets (list) --
A container for the S3 Storage Lens bucket excludes.
Regions (list) --
A container for the S3 Storage Lens Region excludes.
DataExport (dict) --
A container to specify the properties of your S3 Storage Lens metrics export including, the destination, schema and format.
S3BucketDestination (dict) --
A container for the bucket where the S3 Storage Lens metrics export will be located.
Note
This bucket must be located in the same Region as the storage lens configuration.
Format (string) --
OutputSchemaVersion (string) --
The schema version of the export file.
AccountId (string) --
The account ID of the owner of the S3 Storage Lens metrics export bucket.
Arn (string) --
The Amazon Resource Name (ARN) of the bucket. This property is read-only and follows the following format: ``arn:aws:s3:us-east-1 :example-account-id :bucket/your-destination-bucket-name ``
Prefix (string) --
The prefix of the destination bucket where the metrics export will be delivered.
Encryption (dict) --
The container for the type encryption of the metrics exports in this bucket.
SSES3 (dict) --
SSEKMS (dict) --
KeyId (string) --
A container for the ARN of the SSE-KMS encryption. This property is read-only and follows the following format: ``arn:aws:kms:us-east-1 :example-account-id :key/example-9a73-4afc-8d29-8f5900cef44e ``
CloudWatchMetrics (dict) --
A container for enabling Amazon CloudWatch publishing for S3 Storage Lens metrics.
IsEnabled (boolean) --
A container that indicates whether CloudWatch publishing for S3 Storage Lens metrics is enabled. A value of true
indicates that CloudWatch publishing for S3 Storage Lens metrics is enabled.
IsEnabled (boolean) --
A container for whether the S3 Storage Lens configuration is enabled.
AwsOrg (dict) --
A container for the Amazon Web Services organization for this S3 Storage Lens configuration.
Arn (string) --
A container for the Amazon Resource Name (ARN) of the Amazon Web Services organization. This property is read-only and follows the following format: ``arn:aws:organizations:us-east-1 :example-account-id :organization/o-ex2l495dck ``
StorageLensArn (string) --
The Amazon Resource Name (ARN) of the S3 Storage Lens configuration. This property is read-only and follows the following format: ``arn:aws:s3:us-east-1 :example-account-id :storage-lens/your-dashboard-name ``
get_storage_lens_configuration_tagging
(**kwargs)¶Gets the tags of Amazon S3 Storage Lens configuration. For more information about S3 Storage Lens, see Assessing your storage activity and usage with Amazon S3 Storage Lens in the Amazon S3 User Guide .
Note
To use this action, you must have permission to perform the s3:GetStorageLensConfigurationTagging
action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon S3 User Guide .
See also: AWS API Documentation
Request Syntax
response = client.get_storage_lens_configuration_tagging(
ConfigId='string',
AccountId='string'
)
[REQUIRED]
The ID of the Amazon S3 Storage Lens configuration.
[REQUIRED]
The account ID of the requester.
dict
Response Syntax
{
'Tags': [
{
'Key': 'string',
'Value': 'string'
},
]
}
Response Structure
(dict) --
Tags (list) --
The tags of S3 Storage Lens configuration requested.
get_waiter
(waiter_name)¶Returns an object that can wait for some condition.
list_access_points
(**kwargs)¶Returns a list of the access points currently associated with the specified bucket. You can retrieve up to 1000 access points per call. If the specified bucket has more than 1,000 access points (or the number specified in maxResults
, whichever is less), the response will include a continuation token that you can use to list the additional access points.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id
to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control
. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id
derived by using the access point ARN, see the Examples section.
The following actions are related to ListAccessPoints
:
See also: AWS API Documentation
Request Syntax
response = client.list_access_points(
AccountId='string',
Bucket='string',
NextToken='string',
MaxResults=123
)
[REQUIRED]
The Amazon Web Services account ID for owner of the bucket whose access points you want to list.
The name of the bucket whose associated access points you want to list.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>
. For example, to access the bucket reports
through outpost my-outpost
owned by account 123456789012
in Region us-west-2
, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports
. The value must be URL encoded.
ListAccessPoints
returned a continuation token in the NextToken
field, then providing that value here causes Amazon S3 to retrieve the next page of results.NextToken
field that you can use to retrieve the next page of access points.dict
Response Syntax
{
'AccessPointList': [
{
'Name': 'string',
'NetworkOrigin': 'Internet'|'VPC',
'VpcConfiguration': {
'VpcId': 'string'
},
'Bucket': 'string',
'AccessPointArn': 'string',
'Alias': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
AccessPointList (list) --
Contains identification and configuration information for one or more access points associated with the specified bucket.
(dict) --
An access point used to access a bucket.
Name (string) --
The name of this access point.
NetworkOrigin (string) --
Indicates whether this access point allows access from the public internet. If VpcConfiguration
is specified for this access point, then NetworkOrigin
is VPC
, and the access point doesn't allow access from the public internet. Otherwise, NetworkOrigin
is Internet
, and the access point allows access from the public internet, subject to the access point and bucket access policies.
VpcConfiguration (dict) --
The virtual private cloud (VPC) configuration for this access point, if one exists.
Note
This element is empty if this access point is an Amazon S3 on Outposts access point that is used by other Amazon Web Services.
VpcId (string) --
If this field is specified, this access point will only allow connections from the specified VPC ID.
Bucket (string) --
The name of the bucket associated with this access point.
AccessPointArn (string) --
The ARN for the access point.
Alias (string) --
The name or alias of the access point.
NextToken (string) --
If the specified bucket has more access points than can be returned in one call to this API, this field contains a continuation token that you can provide in subsequent calls to this API to retrieve additional access points.
list_access_points_for_object_lambda
(**kwargs)¶Returns some or all (up to 1,000) access points associated with the Object Lambda Access Point per call. If there are more access points than what can be returned in one call, the response will include a continuation token that you can use to list the additional access points.
The following actions are related to ListAccessPointsForObjectLambda
:
See also: AWS API Documentation
Request Syntax
response = client.list_access_points_for_object_lambda(
AccountId='string',
NextToken='string',
MaxResults=123
)
[REQUIRED]
The account ID for the account that owns the specified Object Lambda Access Point.
NextToken
field that you can use to retrieve the next page of access points.dict
Response Syntax
{
'ObjectLambdaAccessPointList': [
{
'Name': 'string',
'ObjectLambdaAccessPointArn': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
ObjectLambdaAccessPointList (list) --
Returns list of Object Lambda Access Points.
(dict) --
An access point with an attached Lambda function used to access transformed data from an Amazon S3 bucket.
Name (string) --
The name of the Object Lambda Access Point.
ObjectLambdaAccessPointArn (string) --
Specifies the ARN for the Object Lambda Access Point.
NextToken (string) --
If the list has more access points than can be returned in one call to this API, this field contains a continuation token that you can provide in subsequent calls to this API to retrieve additional access points.
list_jobs
(**kwargs)¶Lists current S3 Batch Operations jobs and jobs that have ended within the last 30 days for the Amazon Web Services account making the request. For more information, see S3 Batch Operations in the Amazon S3 User Guide .
Related actions include:
See also: AWS API Documentation
Request Syntax
response = client.list_jobs(
AccountId='string',
JobStatuses=[
'Active'|'Cancelled'|'Cancelling'|'Complete'|'Completing'|'Failed'|'Failing'|'New'|'Paused'|'Pausing'|'Preparing'|'Ready'|'Suspended',
],
NextToken='string',
MaxResults=123
)
[REQUIRED]
The Amazon Web Services account ID associated with the S3 Batch Operations job.
The List Jobs
request returns jobs that match the statuses listed in this element.
NextToken
element of the ListJobsResult
from the previous List Jobs
request.List Jobs
response. If there are more jobs than this number, the response will include a pagination token in the NextToken
field to enable you to retrieve the next page of results.dict
Response Syntax
{
'NextToken': 'string',
'Jobs': [
{
'JobId': 'string',
'Description': 'string',
'Operation': 'LambdaInvoke'|'S3PutObjectCopy'|'S3PutObjectAcl'|'S3PutObjectTagging'|'S3DeleteObjectTagging'|'S3InitiateRestoreObject'|'S3PutObjectLegalHold'|'S3PutObjectRetention'|'S3ReplicateObject',
'Priority': 123,
'Status': 'Active'|'Cancelled'|'Cancelling'|'Complete'|'Completing'|'Failed'|'Failing'|'New'|'Paused'|'Pausing'|'Preparing'|'Ready'|'Suspended',
'CreationTime': datetime(2015, 1, 1),
'TerminationDate': datetime(2015, 1, 1),
'ProgressSummary': {
'TotalNumberOfTasks': 123,
'NumberOfTasksSucceeded': 123,
'NumberOfTasksFailed': 123,
'Timers': {
'ElapsedTimeInActiveSeconds': 123
}
}
},
]
}
Response Structure
(dict) --
NextToken (string) --
If the List Jobs
request produced more than the maximum number of results, you can pass this value into a subsequent List Jobs
request in order to retrieve the next page of results.
Jobs (list) --
The list of current jobs and jobs that have ended within the last 30 days.
(dict) --
Contains the configuration and status information for a single job retrieved as part of a job list.
JobId (string) --
The ID for the specified job.
Description (string) --
The user-specified description that was included in the specified job's Create Job
request.
Operation (string) --
The operation that the specified job is configured to run on every object listed in the manifest.
Priority (integer) --
The current priority for the specified job.
Status (string) --
The specified job's current status.
CreationTime (datetime) --
A timestamp indicating when the specified job was created.
TerminationDate (datetime) --
A timestamp indicating when the specified job terminated. A job's termination date is the date and time when it succeeded, failed, or was canceled.
ProgressSummary (dict) --
Describes the total number of tasks that the specified job has run, the number of tasks that succeeded, and the number of tasks that failed.
TotalNumberOfTasks (integer) --
NumberOfTasksSucceeded (integer) --
NumberOfTasksFailed (integer) --
Timers (dict) --
The JobTimers attribute of a job's progress summary.
ElapsedTimeInActiveSeconds (integer) --
Indicates the elapsed time in seconds the job has been in the Active job state.
Exceptions
S3Control.Client.exceptions.InvalidRequestException
S3Control.Client.exceptions.InternalServiceException
S3Control.Client.exceptions.InvalidNextTokenException
list_multi_region_access_points
(**kwargs)¶Returns a list of the Multi-Region Access Points currently associated with the specified Amazon Web Services account. Each call can return up to 100 Multi-Region Access Points, the maximum number of Multi-Region Access Points that can be associated with a single account.
This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around managing Multi-Region Access Points, see Managing Multi-Region Access Points in the Amazon S3 User Guide .
The following actions are related to ListMultiRegionAccessPoint
:
See also: AWS API Documentation
Request Syntax
response = client.list_multi_region_access_points(
AccountId='string',
NextToken='string',
MaxResults=123
)
[REQUIRED]
The Amazon Web Services account ID for the owner of the Multi-Region Access Point.
dict
Response Syntax
{
'AccessPoints': [
{
'Name': 'string',
'Alias': 'string',
'CreatedAt': datetime(2015, 1, 1),
'PublicAccessBlock': {
'BlockPublicAcls': True|False,
'IgnorePublicAcls': True|False,
'BlockPublicPolicy': True|False,
'RestrictPublicBuckets': True|False
},
'Status': 'READY'|'INCONSISTENT_ACROSS_REGIONS'|'CREATING'|'PARTIALLY_CREATED'|'PARTIALLY_DELETED'|'DELETING',
'Regions': [
{
'Bucket': 'string',
'Region': 'string'
},
]
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
AccessPoints (list) --
The list of Multi-Region Access Points associated with the user.
(dict) --
A collection of statuses for a Multi-Region Access Point in the various Regions it supports.
Name (string) --
The name of the Multi-Region Access Point.
Alias (string) --
The alias for the Multi-Region Access Point. For more information about the distinction between the name and the alias of an Multi-Region Access Point, see Managing Multi-Region Access Points .
CreatedAt (datetime) --
When the Multi-Region Access Point create request was received.
PublicAccessBlock (dict) --
The PublicAccessBlock
configuration that you want to apply to this Amazon S3 account. You can enable the configuration options in any combination. For more information about when Amazon S3 considers a bucket or object public, see The Meaning of "Public" in the Amazon S3 User Guide .
This is not supported for Amazon S3 on Outposts.
BlockPublicAcls (boolean) --
Specifies whether Amazon S3 should block public access control lists (ACLs) for buckets in this account. Setting this element to TRUE
causes the following behavior:
Enabling this setting doesn't affect existing policies or ACLs.
This is not supported for Amazon S3 on Outposts.
IgnorePublicAcls (boolean) --
Specifies whether Amazon S3 should ignore public ACLs for buckets in this account. Setting this element to TRUE
causes Amazon S3 to ignore all public ACLs on buckets in this account and any objects that they contain.
Enabling this setting doesn't affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set.
This is not supported for Amazon S3 on Outposts.
BlockPublicPolicy (boolean) --
Specifies whether Amazon S3 should block public bucket policies for buckets in this account. Setting this element to TRUE
causes Amazon S3 to reject calls to PUT Bucket policy if the specified bucket policy allows public access.
Enabling this setting doesn't affect existing bucket policies.
This is not supported for Amazon S3 on Outposts.
RestrictPublicBuckets (boolean) --
Specifies whether Amazon S3 should restrict public bucket policies for buckets in this account. Setting this element to TRUE
restricts access to buckets with public policies to only Amazon Web Service principals and authorized users within this account.
Enabling this setting doesn't affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked.
This is not supported for Amazon S3 on Outposts.
Status (string) --
The current status of the Multi-Region Access Point.
CREATING
andDELETING
are temporary states that exist while the request is propagating and being completed. If a Multi-Region Access Point has a status ofPARTIALLY_CREATED
, you can retry creation or send a request to delete the Multi-Region Access Point. If a Multi-Region Access Point has a status ofPARTIALLY_DELETED
, you can retry a delete request to finish the deletion of the Multi-Region Access Point.
Regions (list) --
A collection of the Regions and buckets associated with the Multi-Region Access Point.
(dict) --
A combination of a bucket and Region that's part of a Multi-Region Access Point.
Bucket (string) --
The name of the bucket.
Region (string) --
The name of the Region.
NextToken (string) --
If the specified bucket has more Multi-Region Access Points than can be returned in one call to this action, this field contains a continuation token. You can use this token tin subsequent calls to this action to retrieve additional Multi-Region Access Points.
list_regional_buckets
(**kwargs)¶Returns a list of all Outposts buckets in an Outpost that are owned by the authenticated sender of the request. For more information, see Using Amazon S3 on Outposts in the Amazon S3 User Guide .
For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and x-amz-outpost-id
in your request, see the Examples section.
See also: AWS API Documentation
Request Syntax
response = client.list_regional_buckets(
AccountId='string',
NextToken='string',
MaxResults=123,
OutpostId='string'
)
[REQUIRED]
The Amazon Web Services account ID of the Outposts bucket.
The ID of the Outposts resource.
Note
This ID is required by Amazon S3 on Outposts buckets.
dict
Response Syntax
{
'RegionalBucketList': [
{
'Bucket': 'string',
'BucketArn': 'string',
'PublicAccessBlockEnabled': True|False,
'CreationDate': datetime(2015, 1, 1),
'OutpostId': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
RegionalBucketList (list) --
(dict) --
The container for the regional bucket.
Bucket (string) --
BucketArn (string) --
The Amazon Resource Name (ARN) for the regional bucket.
PublicAccessBlockEnabled (boolean) --
CreationDate (datetime) --
The creation date of the regional bucket
OutpostId (string) --
The Outposts ID of the regional bucket.
NextToken (string) --
NextToken
is sent whenisTruncated
is true, which means there are more buckets that can be listed. The next list requests to Amazon S3 can be continued with thisNextToken
.NextToken
is obfuscated and is not a real key.
list_storage_lens_configurations
(**kwargs)¶Gets a list of Amazon S3 Storage Lens configurations. For more information about S3 Storage Lens, see Assessing your storage activity and usage with Amazon S3 Storage Lens in the Amazon S3 User Guide .
Note
To use this action, you must have permission to perform the s3:ListStorageLensConfigurations
action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon S3 User Guide .
See also: AWS API Documentation
Request Syntax
response = client.list_storage_lens_configurations(
AccountId='string',
NextToken='string'
)
[REQUIRED]
The account ID of the requester.
dict
Response Syntax
{
'NextToken': 'string',
'StorageLensConfigurationList': [
{
'Id': 'string',
'StorageLensArn': 'string',
'HomeRegion': 'string',
'IsEnabled': True|False
},
]
}
Response Structure
(dict) --
NextToken (string) --
If the request produced more than the maximum number of S3 Storage Lens configuration results, you can pass this value into a subsequent request to retrieve the next page of results.
StorageLensConfigurationList (list) --
A list of S3 Storage Lens configurations.
(dict) --
Part of ListStorageLensConfigurationResult
. Each entry includes the description of the S3 Storage Lens configuration, its home Region, whether it is enabled, its Amazon Resource Name (ARN), and config ID.
Id (string) --
A container for the S3 Storage Lens configuration ID.
StorageLensArn (string) --
The ARN of the S3 Storage Lens configuration. This property is read-only.
HomeRegion (string) --
A container for the S3 Storage Lens home Region. Your metrics data is stored and retained in your designated S3 Storage Lens home Region.
IsEnabled (boolean) --
A container for whether the S3 Storage Lens configuration is enabled. This property is required.
put_access_point_configuration_for_object_lambda
(**kwargs)¶Replaces configuration for an Object Lambda Access Point.
The following actions are related to PutAccessPointConfigurationForObjectLambda
:
See also: AWS API Documentation
Request Syntax
response = client.put_access_point_configuration_for_object_lambda(
AccountId='string',
Name='string',
Configuration={
'SupportingAccessPoint': 'string',
'CloudWatchMetricsEnabled': True|False,
'AllowedFeatures': [
'GetObject-Range'|'GetObject-PartNumber'|'HeadObject-Range'|'HeadObject-PartNumber',
],
'TransformationConfigurations': [
{
'Actions': [
'GetObject'|'HeadObject'|'ListObjects'|'ListObjectsV2',
],
'ContentTransformation': {
'AwsLambda': {
'FunctionArn': 'string',
'FunctionPayload': 'string'
}
}
},
]
}
)
[REQUIRED]
The account ID for the account that owns the specified Object Lambda Access Point.
[REQUIRED]
The name of the Object Lambda Access Point.
[REQUIRED]
Object Lambda Access Point configuration document.
Standard access point associated with the Object Lambda Access Point.
A container for whether the CloudWatch metrics configuration is enabled.
A container for allowed features. Valid inputs are GetObject-Range
, GetObject-PartNumber
, HeadObject-Range
, and HeadObject-PartNumber
.
A container for transformation configurations for an Object Lambda Access Point.
A configuration used when creating an Object Lambda Access Point transformation.
A container for the action of an Object Lambda Access Point configuration. Valid inputs are GetObject
, ListObjects
, HeadObject
, and ListObjectsV2
.
A container for the content transformation of an Object Lambda Access Point configuration.
Note
This is a Tagged Union structure. Only one of the following top level keys can be set: AwsLambda
.
A container for an Lambda function.
The Amazon Resource Name (ARN) of the Lambda function.
Additional JSON that provides supplemental data to the Lambda function used to transform objects.
None
put_access_point_policy
(**kwargs)¶Associates an access policy with the specified access point. Each access point can have only one policy, so a request made to this API replaces any existing policy associated with the specified access point.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id
to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control
. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id
derived by using the access point ARN, see the Examples section.
The following actions are related to PutAccessPointPolicy
:
See also: AWS API Documentation
Request Syntax
response = client.put_access_point_policy(
AccountId='string',
Name='string',
Policy='string'
)
[REQUIRED]
The Amazon Web Services account ID for owner of the bucket associated with the specified access point.
[REQUIRED]
The name of the access point that you want to associate with the specified policy.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the access point accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/accesspoint/<my-accesspoint-name>
. For example, to access the access point reports-ap
through outpost my-outpost
owned by account 123456789012
in Region us-west-2
, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/accesspoint/reports-ap
. The value must be URL encoded.
[REQUIRED]
The policy that you want to apply to the specified access point. For more information about access point policies, see Managing data access with Amazon S3 access points in the Amazon S3 User Guide .
None
put_access_point_policy_for_object_lambda
(**kwargs)¶Creates or replaces resource policy for an Object Lambda Access Point. For an example policy, see Creating Object Lambda Access Points in the Amazon S3 User Guide .
The following actions are related to PutAccessPointPolicyForObjectLambda
:
See also: AWS API Documentation
Request Syntax
response = client.put_access_point_policy_for_object_lambda(
AccountId='string',
Name='string',
Policy='string'
)
[REQUIRED]
The account ID for the account that owns the specified Object Lambda Access Point.
[REQUIRED]
The name of the Object Lambda Access Point.
[REQUIRED]
Object Lambda Access Point resource policy document.
None
put_bucket_lifecycle_configuration
(**kwargs)¶Note
This action puts a lifecycle configuration to an Amazon S3 on Outposts bucket. To put a lifecycle configuration to an S3 bucket, see PutBucketLifecycleConfiguration in the Amazon S3 API Reference .
Creates a new lifecycle configuration for the S3 on Outposts bucket or replaces an existing lifecycle configuration. Outposts buckets only support lifecycle configurations that delete/expire objects after a certain period of time and abort incomplete multipart uploads.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id
to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control
. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id
derived by using the access point ARN, see the Examples section.
The following actions are related to PutBucketLifecycleConfiguration
:
See also: AWS API Documentation
Request Syntax
response = client.put_bucket_lifecycle_configuration(
AccountId='string',
Bucket='string',
LifecycleConfiguration={
'Rules': [
{
'Expiration': {
'Date': datetime(2015, 1, 1),
'Days': 123,
'ExpiredObjectDeleteMarker': True|False
},
'ID': 'string',
'Filter': {
'Prefix': 'string',
'Tag': {
'Key': 'string',
'Value': 'string'
},
'And': {
'Prefix': 'string',
'Tags': [
{
'Key': 'string',
'Value': 'string'
},
],
'ObjectSizeGreaterThan': 123,
'ObjectSizeLessThan': 123
},
'ObjectSizeGreaterThan': 123,
'ObjectSizeLessThan': 123
},
'Status': 'Enabled'|'Disabled',
'Transitions': [
{
'Date': datetime(2015, 1, 1),
'Days': 123,
'StorageClass': 'GLACIER'|'STANDARD_IA'|'ONEZONE_IA'|'INTELLIGENT_TIERING'|'DEEP_ARCHIVE'
},
],
'NoncurrentVersionTransitions': [
{
'NoncurrentDays': 123,
'StorageClass': 'GLACIER'|'STANDARD_IA'|'ONEZONE_IA'|'INTELLIGENT_TIERING'|'DEEP_ARCHIVE'
},
],
'NoncurrentVersionExpiration': {
'NoncurrentDays': 123,
'NewerNoncurrentVersions': 123
},
'AbortIncompleteMultipartUpload': {
'DaysAfterInitiation': 123
}
},
]
}
)
[REQUIRED]
The Amazon Web Services account ID of the Outposts bucket.
[REQUIRED]
The name of the bucket for which to set the configuration.
Container for lifecycle rules. You can add as many as 1,000 rules.
A lifecycle rule for individual objects in an Outposts bucket.
The container for the Outposts bucket lifecycle rule.
Specifies the expiration for the lifecycle of the object in the form of date, days and, whether the object has a delete marker.
Indicates at what date the object is to be deleted. Should be in GMT ISO 8601 format.
Indicates the lifetime, in days, of the objects that are subject to the rule. The value must be a non-zero positive integer.
Indicates whether Amazon S3 will remove a delete marker with no noncurrent versions. If set to true, the delete marker will be expired. If set to false, the policy takes no action. This cannot be specified with Days or Date in a Lifecycle Expiration Policy.
Unique identifier for the rule. The value cannot be longer than 255 characters.
The container for the filter of lifecycle rule.
Prefix identifying one or more objects to which the rule applies.
Warning
Replacement must be made for object keys containing special characters (such as carriage returns) when using XML requests. For more information, see XML related object key constraints .
The container for the AND
condition for the lifecycle rule.
Prefix identifying one or more objects to which the rule applies.
All of these tags must exist in the object's tag set in order for the rule to apply.
Minimum object size to which the rule applies.
Maximum object size to which the rule applies.
Minimum object size to which the rule applies.
Maximum object size to which the rule applies.
If 'Enabled', the rule is currently being applied. If 'Disabled', the rule is not currently being applied.
Specifies when an Amazon S3 object transitions to a specified storage class.
Note
This is not supported by Amazon S3 on Outposts buckets.
Specifies when an object transitions to a specified storage class. For more information about Amazon S3 Lifecycle configuration rules, see Transitioning objects using Amazon S3 Lifecycle in the Amazon S3 User Guide .
Indicates when objects are transitioned to the specified storage class. The date value must be in ISO 8601 format. The time is always midnight UTC.
Indicates the number of days after creation when objects are transitioned to the specified storage class. The value must be a positive integer.
The storage class to which you want the object to transition.
Specifies the transition rule for the lifecycle rule that describes when noncurrent objects transition to a specific storage class. If your bucket is versioning-enabled (or versioning is suspended), you can set this action to request that Amazon S3 transition noncurrent object versions to a specific storage class at a set period in the object's lifetime.
Note
This is not supported by Amazon S3 on Outposts buckets.
The container for the noncurrent version transition.
Specifies the number of days an object is noncurrent before Amazon S3 can perform the associated action. For information about the noncurrent days calculations, see How Amazon S3 Calculates How Long an Object Has Been Noncurrent in the Amazon S3 User Guide .
The class of storage used to store the object.
The noncurrent version expiration of the lifecycle rule.
Specifies the number of days an object is noncurrent before Amazon S3 can perform the associated action. For information about the noncurrent days calculations, see How Amazon S3 Calculates When an Object Became Noncurrent in the Amazon S3 User Guide .
Specifies how many noncurrent versions S3 on Outposts will retain. If there are this many more recent noncurrent versions, S3 on Outposts will take the associated action. For more information about noncurrent versions, see Lifecycle configuration elements in the Amazon S3 User Guide .
Specifies the days since the initiation of an incomplete multipart upload that Amazon S3 waits before permanently removing all parts of the upload. For more information, see Aborting Incomplete Multipart Uploads Using a Bucket Lifecycle Policy in the Amazon S3 User Guide .
Specifies the number of days after which Amazon S3 aborts an incomplete multipart upload to the Outposts bucket.
None
put_bucket_policy
(**kwargs)¶Note
This action puts a bucket policy to an Amazon S3 on Outposts bucket. To put a policy on an S3 bucket, see PutBucketPolicy in the Amazon S3 API Reference .
Applies an Amazon S3 bucket policy to an Outposts bucket. For more information, see Using Amazon S3 on Outposts in the Amazon S3 User Guide .
If you are using an identity other than the root user of the Amazon Web Services account that owns the Outposts bucket, the calling identity must have the PutBucketPolicy
permissions on the specified Outposts bucket and belong to the bucket owner's account in order to use this action.
If you don't have PutBucketPolicy
permissions, Amazon S3 returns a 403 Access Denied
error. If you have the correct permissions, but you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 405 Method Not Allowed
error.
Warning
As a security precaution, the root user of the Amazon Web Services account that owns a bucket can always use this action, even if the policy explicitly denies the root user the ability to perform this action.
For more information about bucket policies, see Using Bucket Policies and User Policies .
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id
to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control
. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id
derived by using the access point ARN, see the Examples section.
The following actions are related to PutBucketPolicy
:
See also: AWS API Documentation
Request Syntax
response = client.put_bucket_policy(
AccountId='string',
Bucket='string',
ConfirmRemoveSelfBucketAccess=True|False,
Policy='string'
)
[REQUIRED]
The Amazon Web Services account ID of the Outposts bucket.
[REQUIRED]
Specifies the bucket.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>
. For example, to access the bucket reports
through outpost my-outpost
owned by account 123456789012
in Region us-west-2
, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports
. The value must be URL encoded.
Set this parameter to true to confirm that you want to remove your permissions to change this bucket policy in the future.
Note
This is not supported by Amazon S3 on Outposts buckets.
[REQUIRED]
The bucket policy as a JSON document.
None
put_bucket_tagging
(**kwargs)¶Note
This action puts tags on an Amazon S3 on Outposts bucket. To put tags on an S3 bucket, see PutBucketTagging in the Amazon S3 API Reference .
Sets the tags for an S3 on Outposts bucket. For more information, see Using Amazon S3 on Outposts in the Amazon S3 User Guide .
Use tags to organize your Amazon Web Services bill to reflect your own cost structure. To do this, sign up to get your Amazon Web Services account bill with tag key values included. Then, to see the cost of combined resources, organize your billing information according to resources with the same tag key values. For example, you can tag several resources with a specific application name, and then organize your billing information to see the total cost of that application across several services. For more information, see Cost allocation and tagging .
Note
Within a bucket, if you add a tag that has the same key as an existing tag, the new value overwrites the old value. For more information, see Using cost allocation in Amazon S3 bucket tags .
To use this action, you must have permissions to perform the s3-outposts:PutBucketTagging
action. The Outposts bucket owner has this permission by default and can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing access permissions to your Amazon S3 resources .
PutBucketTagging
has the following special errors:
InvalidTagError
MalformedXMLError
OperationAbortedError
InternalError
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id
to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control
. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id
derived by using the access point ARN, see the Examples section.
The following actions are related to PutBucketTagging
:
See also: AWS API Documentation
Request Syntax
response = client.put_bucket_tagging(
AccountId='string',
Bucket='string',
Tagging={
'TagSet': [
{
'Key': 'string',
'Value': 'string'
},
]
}
)
[REQUIRED]
The Amazon Web Services account ID of the Outposts bucket.
[REQUIRED]
The Amazon Resource Name (ARN) of the bucket.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>
. For example, to access the bucket reports
through outpost my-outpost
owned by account 123456789012
in Region us-west-2
, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports
. The value must be URL encoded.
[REQUIRED]
A collection for a set of tags.
None
put_bucket_versioning
(**kwargs)¶Note
This operation sets the versioning state only for S3 on Outposts buckets. To set the versioning state for an S3 bucket, see PutBucketVersioning in the Amazon S3 API Reference .
Sets the versioning state for an S3 on Outposts bucket. With versioning, you can save multiple distinct copies of your data and recover from unintended user actions and application failures.
You can set the versioning state to one of the following:
null
.If you've never set versioning on your bucket, it has no versioning state. In that case, a GetBucketVersioning request does not return a versioning state value.
When you enable S3 Versioning, for each object in your bucket, you have a current version and zero or more noncurrent versions. You can configure your bucket S3 Lifecycle rules to expire noncurrent versions after a specified time period. For more information, see Creating and managing a lifecycle configuration for your S3 on Outposts bucket in the Amazon S3 User Guide .
If you have an object expiration lifecycle policy in your non-versioned bucket and you want to maintain the same permanent delete behavior when you enable versioning, you must add a noncurrent expiration policy. The noncurrent expiration lifecycle policy will manage the deletes of the noncurrent object versions in the version-enabled bucket. For more information, see Versioning in the Amazon S3 User Guide .
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id
to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control
. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id
derived by using the access point ARN, see the Examples section.
The following operations are related to PutBucketVersioning
for S3 on Outposts.
See also: AWS API Documentation
Request Syntax
response = client.put_bucket_versioning(
AccountId='string',
Bucket='string',
MFA='string',
VersioningConfiguration={
'MFADelete': 'Enabled'|'Disabled',
'Status': 'Enabled'|'Suspended'
}
)
[REQUIRED]
The Amazon Web Services account ID of the S3 on Outposts bucket.
[REQUIRED]
The S3 on Outposts bucket to set the versioning state for.
[REQUIRED]
The root-level tag for the VersioningConfiguration
parameters.
Specifies whether MFA delete is enabled or disabled in the bucket versioning configuration for the S3 on Outposts bucket.
Sets the versioning state of the S3 on Outposts bucket.
None
put_job_tagging
(**kwargs)¶Sets the supplied tag-set on an S3 Batch Operations job.
A tag is a key-value pair. You can associate S3 Batch Operations tags with any job by sending a PUT request against the tagging subresource that is associated with the job. To modify the existing tag set, you can either replace the existing tag set entirely, or make changes within the existing tag set by retrieving the existing tag set using GetJobTagging , modify that tag set, and use this action to replace the tag set with the one you modified. For more information, see Controlling access and labeling jobs using tags in the Amazon S3 User Guide .
Note
To use this action, you must have permission to perform the s3:PutJobTagging
action.
Related actions include:
See also: AWS API Documentation
Request Syntax
response = client.put_job_tagging(
AccountId='string',
JobId='string',
Tags=[
{
'Key': 'string',
'Value': 'string'
},
]
)
[REQUIRED]
The Amazon Web Services account ID associated with the S3 Batch Operations job.
[REQUIRED]
The ID for the S3 Batch Operations job whose tags you want to replace.
[REQUIRED]
The set of tags to associate with the S3 Batch Operations job.
dict
Response Syntax
{}
Response Structure
Exceptions
S3Control.Client.exceptions.InternalServiceException
S3Control.Client.exceptions.TooManyRequestsException
S3Control.Client.exceptions.NotFoundException
S3Control.Client.exceptions.TooManyTagsException
put_multi_region_access_point_policy
(**kwargs)¶Associates an access control policy with the specified Multi-Region Access Point. Each Multi-Region Access Point can have only one policy, so a request made to this action replaces any existing policy that is associated with the specified Multi-Region Access Point.
This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around managing Multi-Region Access Points, see Managing Multi-Region Access Points in the Amazon S3 User Guide .
The following actions are related to PutMultiRegionAccessPointPolicy
:
See also: AWS API Documentation
Request Syntax
response = client.put_multi_region_access_point_policy(
AccountId='string',
ClientToken='string',
Details={
'Name': 'string',
'Policy': 'string'
}
)
[REQUIRED]
The Amazon Web Services account ID for the owner of the Multi-Region Access Point.
[REQUIRED]
An idempotency token used to identify the request and guarantee that requests are unique.
This field is autopopulated if not provided.
[REQUIRED]
A container element containing the details of the policy for the Multi-Region Access Point.
The name of the Multi-Region Access Point associated with the request.
The policy details for the PutMultiRegionAccessPoint
request.
dict
Response Syntax
{
'RequestTokenARN': 'string'
}
Response Structure
(dict) --
RequestTokenARN (string) --
The request token associated with the request. You can use this token with DescribeMultiRegionAccessPointOperation to determine the status of asynchronous requests.
put_public_access_block
(**kwargs)¶Creates or modifies the PublicAccessBlock
configuration for an Amazon Web Services account. For this operation, users must have the s3:PutAccountPublicAccessBlock
permission. For more information, see Using Amazon S3 block public access .
Related actions include:
See also: AWS API Documentation
Request Syntax
response = client.put_public_access_block(
PublicAccessBlockConfiguration={
'BlockPublicAcls': True|False,
'IgnorePublicAcls': True|False,
'BlockPublicPolicy': True|False,
'RestrictPublicBuckets': True|False
},
AccountId='string'
)
[REQUIRED]
The PublicAccessBlock
configuration that you want to apply to the specified Amazon Web Services account.
Specifies whether Amazon S3 should block public access control lists (ACLs) for buckets in this account. Setting this element to TRUE
causes the following behavior:
Enabling this setting doesn't affect existing policies or ACLs.
This is not supported for Amazon S3 on Outposts.
Specifies whether Amazon S3 should ignore public ACLs for buckets in this account. Setting this element to TRUE
causes Amazon S3 to ignore all public ACLs on buckets in this account and any objects that they contain.
Enabling this setting doesn't affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set.
This is not supported for Amazon S3 on Outposts.
Specifies whether Amazon S3 should block public bucket policies for buckets in this account. Setting this element to TRUE
causes Amazon S3 to reject calls to PUT Bucket policy if the specified bucket policy allows public access.
Enabling this setting doesn't affect existing bucket policies.
This is not supported for Amazon S3 on Outposts.
Specifies whether Amazon S3 should restrict public bucket policies for buckets in this account. Setting this element to TRUE
restricts access to buckets with public policies to only Amazon Web Service principals and authorized users within this account.
Enabling this setting doesn't affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked.
This is not supported for Amazon S3 on Outposts.
[REQUIRED]
The account ID for the Amazon Web Services account whose PublicAccessBlock
configuration you want to set.
None
put_storage_lens_configuration
(**kwargs)¶Puts an Amazon S3 Storage Lens configuration. For more information about S3 Storage Lens, see Working with Amazon S3 Storage Lens in the Amazon S3 User Guide .
Note
To use this action, you must have permission to perform the s3:PutStorageLensConfiguration
action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon S3 User Guide .
See also: AWS API Documentation
Request Syntax
response = client.put_storage_lens_configuration(
ConfigId='string',
AccountId='string',
StorageLensConfiguration={
'Id': 'string',
'AccountLevel': {
'ActivityMetrics': {
'IsEnabled': True|False
},
'BucketLevel': {
'ActivityMetrics': {
'IsEnabled': True|False
},
'PrefixLevel': {
'StorageMetrics': {
'IsEnabled': True|False,
'SelectionCriteria': {
'Delimiter': 'string',
'MaxDepth': 123,
'MinStorageBytesPercentage': 123.0
}
}
}
}
},
'Include': {
'Buckets': [
'string',
],
'Regions': [
'string',
]
},
'Exclude': {
'Buckets': [
'string',
],
'Regions': [
'string',
]
},
'DataExport': {
'S3BucketDestination': {
'Format': 'CSV'|'Parquet',
'OutputSchemaVersion': 'V_1',
'AccountId': 'string',
'Arn': 'string',
'Prefix': 'string',
'Encryption': {
'SSES3': {}
,
'SSEKMS': {
'KeyId': 'string'
}
}
},
'CloudWatchMetrics': {
'IsEnabled': True|False
}
},
'IsEnabled': True|False,
'AwsOrg': {
'Arn': 'string'
},
'StorageLensArn': 'string'
},
Tags=[
{
'Key': 'string',
'Value': 'string'
},
]
)
[REQUIRED]
The ID of the S3 Storage Lens configuration.
[REQUIRED]
The account ID of the requester.
[REQUIRED]
The S3 Storage Lens configuration.
A container for the Amazon S3 Storage Lens configuration ID.
A container for all the account-level configurations of your S3 Storage Lens configuration.
A container for the S3 Storage Lens activity metrics.
A container for whether the activity metrics are enabled.
A container for the S3 Storage Lens bucket-level configuration.
A container for the bucket-level activity metrics for Amazon S3 Storage Lens
A container for whether the activity metrics are enabled.
A container for the bucket-level prefix-level metrics for S3 Storage Lens
A container for the prefix-level storage metrics for S3 Storage Lens.
A container for whether prefix-level storage metrics are enabled.
A container for the delimiter of the selection criteria being used.
The max depth of the selection criteria
The minimum number of storage bytes percentage whose metrics will be selected.
Note
You must choose a value greater than or equal to 1.0
.
A container for what is included in this configuration. This container can only be valid if there is no Exclude
container submitted, and it's not empty.
A container for the S3 Storage Lens bucket includes.
A container for the S3 Storage Lens Region includes.
A container for what is excluded in this configuration. This container can only be valid if there is no Include
container submitted, and it's not empty.
A container for the S3 Storage Lens bucket excludes.
A container for the S3 Storage Lens Region excludes.
A container to specify the properties of your S3 Storage Lens metrics export including, the destination, schema and format.
A container for the bucket where the S3 Storage Lens metrics export will be located.
Note
This bucket must be located in the same Region as the storage lens configuration.
The schema version of the export file.
The account ID of the owner of the S3 Storage Lens metrics export bucket.
The Amazon Resource Name (ARN) of the bucket. This property is read-only and follows the following format: ``arn:aws:s3:us-east-1 :example-account-id :bucket/your-destination-bucket-name ``
The prefix of the destination bucket where the metrics export will be delivered.
The container for the type encryption of the metrics exports in this bucket.
A container for the ARN of the SSE-KMS encryption. This property is read-only and follows the following format: ``arn:aws:kms:us-east-1 :example-account-id :key/example-9a73-4afc-8d29-8f5900cef44e ``
A container for enabling Amazon CloudWatch publishing for S3 Storage Lens metrics.
A container that indicates whether CloudWatch publishing for S3 Storage Lens metrics is enabled. A value of true
indicates that CloudWatch publishing for S3 Storage Lens metrics is enabled.
A container for whether the S3 Storage Lens configuration is enabled.
A container for the Amazon Web Services organization for this S3 Storage Lens configuration.
A container for the Amazon Resource Name (ARN) of the Amazon Web Services organization. This property is read-only and follows the following format: ``arn:aws:organizations:us-east-1 :example-account-id :organization/o-ex2l495dck ``
The Amazon Resource Name (ARN) of the S3 Storage Lens configuration. This property is read-only and follows the following format: ``arn:aws:s3:us-east-1 :example-account-id :storage-lens/your-dashboard-name ``
The tag set of the S3 Storage Lens configuration.
Note
You can set up to a maximum of 50 tags.
None
put_storage_lens_configuration_tagging
(**kwargs)¶Put or replace tags on an existing Amazon S3 Storage Lens configuration. For more information about S3 Storage Lens, see Assessing your storage activity and usage with Amazon S3 Storage Lens in the Amazon S3 User Guide .
Note
To use this action, you must have permission to perform the s3:PutStorageLensConfigurationTagging
action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon S3 User Guide .
See also: AWS API Documentation
Request Syntax
response = client.put_storage_lens_configuration_tagging(
ConfigId='string',
AccountId='string',
Tags=[
{
'Key': 'string',
'Value': 'string'
},
]
)
[REQUIRED]
The ID of the S3 Storage Lens configuration.
[REQUIRED]
The account ID of the requester.
[REQUIRED]
The tag set of the S3 Storage Lens configuration.
Note
You can set up to a maximum of 50 tags.
dict
Response Syntax
{}
Response Structure
update_job_priority
(**kwargs)¶Updates an existing S3 Batch Operations job's priority. For more information, see S3 Batch Operations in the Amazon S3 User Guide .
Related actions include:
See also: AWS API Documentation
Request Syntax
response = client.update_job_priority(
AccountId='string',
JobId='string',
Priority=123
)
[REQUIRED]
The Amazon Web Services account ID associated with the S3 Batch Operations job.
[REQUIRED]
The ID for the job whose priority you want to update.
[REQUIRED]
The priority you want to assign to this job.
dict
Response Syntax
{
'JobId': 'string',
'Priority': 123
}
Response Structure
(dict) --
JobId (string) --
The ID for the job whose priority Amazon S3 updated.
Priority (integer) --
The new priority assigned to the specified job.
Exceptions
S3Control.Client.exceptions.BadRequestException
S3Control.Client.exceptions.TooManyRequestsException
S3Control.Client.exceptions.NotFoundException
S3Control.Client.exceptions.InternalServiceException
update_job_status
(**kwargs)¶Updates the status for the specified job. Use this action to confirm that you want to run a job or to cancel an existing job. For more information, see S3 Batch Operations in the Amazon S3 User Guide .
Related actions include:
See also: AWS API Documentation
Request Syntax
response = client.update_job_status(
AccountId='string',
JobId='string',
RequestedJobStatus='Cancelled'|'Ready',
StatusUpdateReason='string'
)
[REQUIRED]
The Amazon Web Services account ID associated with the S3 Batch Operations job.
[REQUIRED]
The ID of the job whose status you want to update.
[REQUIRED]
The status that you want to move the specified job to.
dict
Response Syntax
{
'JobId': 'string',
'Status': 'Active'|'Cancelled'|'Cancelling'|'Complete'|'Completing'|'Failed'|'Failing'|'New'|'Paused'|'Pausing'|'Preparing'|'Ready'|'Suspended',
'StatusUpdateReason': 'string'
}
Response Structure
(dict) --
JobId (string) --
The ID for the job whose status was updated.
Status (string) --
The current status for the specified job.
StatusUpdateReason (string) --
The reason that the specified job's status was updated.
Exceptions
S3Control.Client.exceptions.BadRequestException
S3Control.Client.exceptions.TooManyRequestsException
S3Control.Client.exceptions.NotFoundException
S3Control.Client.exceptions.JobStatusException
S3Control.Client.exceptions.InternalServiceException
The available paginators are:
S3Control.Paginator.
ListAccessPointsForObjectLambda
¶paginator = client.get_paginator('list_access_points_for_object_lambda')
paginate
(**kwargs)¶Creates an iterator that will paginate through responses from S3Control.Client.list_access_points_for_object_lambda()
.
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
AccountId='string',
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
[REQUIRED]
The account ID for the account that owns the specified Object Lambda Access Point.
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken
will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken
from a previous response.
dict
Response Syntax
{
'ObjectLambdaAccessPointList': [
{
'Name': 'string',
'ObjectLambdaAccessPointArn': 'string'
},
],
}
Response Structure
(dict) --
ObjectLambdaAccessPointList (list) --
Returns list of Object Lambda Access Points.
(dict) --
An access point with an attached Lambda function used to access transformed data from an Amazon S3 bucket.
Name (string) --
The name of the Object Lambda Access Point.
ObjectLambdaAccessPointArn (string) --
Specifies the ARN for the Object Lambda Access Point.