S3Control / Client / list_caller_access_grants

list_caller_access_grants#

S3Control.Client.list_caller_access_grants(**kwargs)#

Returns a list of the access grants that were given to the caller using S3 Access Grants and that allow the caller to access the S3 data of the Amazon Web Services account specified in the request.

Permissions

You must have the s3:ListCallerAccessGrants permission to use this operation.

See also: AWS API Documentation

Request Syntax

response = client.list_caller_access_grants(
    AccountId='string',
    GrantScope='string',
    NextToken='string',
    MaxResults=123,
    AllowedByApplication=True|False
)
Parameters:

  • AccountId (string) –

    [REQUIRED]

    The Amazon Web Services account ID of the S3 Access Grants instance.

  • GrantScope (string) – The S3 path of the data that you would like to access. Must start with s3://. You can optionally pass only the beginning characters of a path, and S3 Access Grants will search for all applicable grants for the path fragment.

  • NextToken (string) – A pagination token to request the next page of results. Pass this value into a subsequent List Caller Access Grants request in order to retrieve the next page of results.

  • MaxResults (integer) – The maximum number of access grants that you would like returned in the List Caller Access Grants response. If the results include the pagination token NextToken, make another call using the NextToken to determine if there are more results.

  • AllowedByApplication (boolean) – If this optional parameter is passed in the request, a filter is applied to the results. The results will include only the access grants for the caller’s Identity Center application or for any other applications ( ALL).

Return type:

dict

Returns:

Response Syntax

{
    'NextToken': 'string',
    'CallerAccessGrantsList': [
        {
            'Permission': 'READ'|'WRITE'|'READWRITE',
            'GrantScope': 'string',
            'ApplicationArn': 'string'
        },
    ]
}

Response Structure

  • (dict) –

    • NextToken (string) –

      A pagination token that you can use to request the next page of results. Pass this value into a subsequent List Caller Access Grants request in order to retrieve the next page of results.

    • CallerAccessGrantsList (list) –

      A list of the caller’s access grants that were created using S3 Access Grants and that grant the caller access to the S3 data of the Amazon Web Services account ID that was specified in the request.

      • (dict) –

        Part of ListCallerAccessGrantsResult. Each entry includes the permission level (READ, WRITE, or READWRITE) and the grant scope of the access grant. If the grant also includes an application ARN, the grantee can only access the S3 data through this application.

        • Permission (string) –

          The type of permission granted, which can be one of the following values:

          • READ - Grants read-only access to the S3 data.

          • WRITE - Grants write-only access to the S3 data.

          • READWRITE - Grants both read and write access to the S3 data.

        • GrantScope (string) –

          The S3 path of the data to which you have been granted access.

        • ApplicationArn (string) –

          The Amazon Resource Name (ARN) of an Amazon Web Services IAM Identity Center application associated with your Identity Center instance. If the grant includes an application ARN, the grantee can only access the S3 data through this application.