aws-sdk-s3control 1.72.0 → 1.73.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-s3control/client.rb +1330 -87
- data/lib/aws-sdk-s3control/client_api.rb +559 -0
- data/lib/aws-sdk-s3control/endpoints.rb +400 -0
- data/lib/aws-sdk-s3control/plugins/endpoints.rb +40 -0
- data/lib/aws-sdk-s3control/types.rb +1413 -26
- data/lib/aws-sdk-s3control.rb +2 -2
- metadata +2 -2
@@ -400,6 +400,363 @@ module Aws::S3Control
|
|
400
400
|
|
401
401
|
# @!group API Operations
|
402
402
|
|
403
|
+
# Associate your S3 Access Grants instance with an Amazon Web Services
|
404
|
+
# IAM Identity Center instance. Use this action if you want to create
|
405
|
+
# access grants for users or groups from your corporate identity
|
406
|
+
# directory. First, you must add your corporate identity directory to
|
407
|
+
# Amazon Web Services IAM Identity Center. Then, you can associate this
|
408
|
+
# IAM Identity Center instance with your S3 Access Grants instance.
|
409
|
+
#
|
410
|
+
# Permissions
|
411
|
+
#
|
412
|
+
# : You must have the `s3:AssociateAccessGrantsIdentityCenter`
|
413
|
+
# permission to use this operation.
|
414
|
+
#
|
415
|
+
# Additional Permissions
|
416
|
+
#
|
417
|
+
# : You must also have the following permissions:
|
418
|
+
# `sso:CreateApplication`, `sso:PutApplicationGrant`, and
|
419
|
+
# `sso:PutApplicationAuthenticationMethod`.
|
420
|
+
#
|
421
|
+
# @option params [String] :account_id
|
422
|
+
# The ID of the Amazon Web Services account that is making this request.
|
423
|
+
#
|
424
|
+
# @option params [required, String] :identity_center_arn
|
425
|
+
# The Amazon Resource Name (ARN) of the Amazon Web Services IAM Identity
|
426
|
+
# Center instance that you are associating with your S3 Access Grants
|
427
|
+
# instance. An IAM Identity Center instance is your corporate identity
|
428
|
+
# directory that you added to the IAM Identity Center. You can use the
|
429
|
+
# [ListInstances][1] API operation to retrieve a list of your Identity
|
430
|
+
# Center instances and their ARNs.
|
431
|
+
#
|
432
|
+
#
|
433
|
+
#
|
434
|
+
# [1]: https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListInstances.html
|
435
|
+
#
|
436
|
+
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
437
|
+
#
|
438
|
+
# @example Request syntax with placeholder values
|
439
|
+
#
|
440
|
+
# resp = client.associate_access_grants_identity_center({
|
441
|
+
# account_id: "AccountId",
|
442
|
+
# identity_center_arn: "IdentityCenterArn", # required
|
443
|
+
# })
|
444
|
+
#
|
445
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/AssociateAccessGrantsIdentityCenter AWS API Documentation
|
446
|
+
#
|
447
|
+
# @overload associate_access_grants_identity_center(params = {})
|
448
|
+
# @param [Hash] params ({})
|
449
|
+
def associate_access_grants_identity_center(params = {}, options = {})
|
450
|
+
req = build_request(:associate_access_grants_identity_center, params)
|
451
|
+
req.send_request(options)
|
452
|
+
end
|
453
|
+
|
454
|
+
# Creates an access grant that gives a grantee access to your S3 data.
|
455
|
+
# The grantee can be an IAM user or role or a directory user, or group.
|
456
|
+
# Before you can create a grant, you must have an S3 Access Grants
|
457
|
+
# instance in the same Region as the S3 data. You can create an S3
|
458
|
+
# Access Grants instance using the [CreateAccessGrantsInstance][1]. You
|
459
|
+
# must also have registered at least one S3 data location in your S3
|
460
|
+
# Access Grants instance using [CreateAccessGrantsLocation][2].
|
461
|
+
#
|
462
|
+
# Permissions
|
463
|
+
#
|
464
|
+
# : You must have the `s3:CreateAccessGrant` permission to use this
|
465
|
+
# operation.
|
466
|
+
#
|
467
|
+
# Additional Permissions
|
468
|
+
#
|
469
|
+
# : For any directory identity - `sso:DescribeInstance` and
|
470
|
+
# `sso:DescribeApplication`
|
471
|
+
#
|
472
|
+
# For directory users - `identitystore:DescribeUser`
|
473
|
+
#
|
474
|
+
# For directory groups - `identitystore:DescribeGroup`
|
475
|
+
#
|
476
|
+
#
|
477
|
+
#
|
478
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_CreateAccessGrantsInstance.html
|
479
|
+
# [2]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_CreateAccessGrantsLocation.html
|
480
|
+
#
|
481
|
+
# @option params [String] :account_id
|
482
|
+
# The ID of the Amazon Web Services account that is making this request.
|
483
|
+
#
|
484
|
+
# @option params [required, String] :access_grants_location_id
|
485
|
+
# The ID of the registered location to which you are granting access. S3
|
486
|
+
# Access Grants assigns this ID when you register the location. S3
|
487
|
+
# Access Grants assigns the ID `default` to the default location `s3://`
|
488
|
+
# and assigns an auto-generated ID to other locations that you register.
|
489
|
+
#
|
490
|
+
# If you are passing the `default` location, you cannot create an access
|
491
|
+
# grant for the entire default location. You must also specify a bucket
|
492
|
+
# or a bucket and prefix in the `Subprefix` field.
|
493
|
+
#
|
494
|
+
# @option params [Types::AccessGrantsLocationConfiguration] :access_grants_location_configuration
|
495
|
+
# The configuration options of the grant location. The grant location is
|
496
|
+
# the S3 path to the data to which you are granting access. It contains
|
497
|
+
# the `S3SubPrefix` field. The grant scope is the result of appending
|
498
|
+
# the subprefix to the location scope of the registered location.
|
499
|
+
#
|
500
|
+
# @option params [required, Types::Grantee] :grantee
|
501
|
+
# The user, group, or role to which you are granting access. You can
|
502
|
+
# grant access to an IAM user or role. If you have added your corporate
|
503
|
+
# directory to Amazon Web Services IAM Identity Center and associated
|
504
|
+
# your Identity Center instance with your S3 Access Grants instance, the
|
505
|
+
# grantee can also be a corporate directory user or group.
|
506
|
+
#
|
507
|
+
# @option params [required, String] :permission
|
508
|
+
# The type of access that you are granting to your S3 data, which can be
|
509
|
+
# set to one of the following values:
|
510
|
+
#
|
511
|
+
# * `READ` – Grant read-only access to the S3 data.
|
512
|
+
#
|
513
|
+
# * `WRITE` – Grant write-only access to the S3 data.
|
514
|
+
#
|
515
|
+
# * `READWRITE` – Grant both read and write access to the S3 data.
|
516
|
+
#
|
517
|
+
# @option params [String] :application_arn
|
518
|
+
# The Amazon Resource Name (ARN) of an Amazon Web Services IAM Identity
|
519
|
+
# Center application associated with your Identity Center instance. If
|
520
|
+
# an application ARN is included in the request to create an access
|
521
|
+
# grant, the grantee can only access the S3 data through this
|
522
|
+
# application.
|
523
|
+
#
|
524
|
+
# @option params [String] :s3_prefix_type
|
525
|
+
# The type of `S3SubPrefix`. The only possible value is `Object`. Pass
|
526
|
+
# this value if the access grant scope is an object. Do not pass this
|
527
|
+
# value if the access grant scope is a bucket or a bucket and a prefix.
|
528
|
+
#
|
529
|
+
# @option params [Array<Types::Tag>] :tags
|
530
|
+
# The Amazon Web Services resource tags that you are adding to the
|
531
|
+
# access grant. Each tag is a label consisting of a user-defined key and
|
532
|
+
# value. Tags can help you manage, identify, organize, search for, and
|
533
|
+
# filter resources.
|
534
|
+
#
|
535
|
+
# @return [Types::CreateAccessGrantResult] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
536
|
+
#
|
537
|
+
# * {Types::CreateAccessGrantResult#created_at #created_at} => Time
|
538
|
+
# * {Types::CreateAccessGrantResult#access_grant_id #access_grant_id} => String
|
539
|
+
# * {Types::CreateAccessGrantResult#access_grant_arn #access_grant_arn} => String
|
540
|
+
# * {Types::CreateAccessGrantResult#grantee #grantee} => Types::Grantee
|
541
|
+
# * {Types::CreateAccessGrantResult#access_grants_location_id #access_grants_location_id} => String
|
542
|
+
# * {Types::CreateAccessGrantResult#access_grants_location_configuration #access_grants_location_configuration} => Types::AccessGrantsLocationConfiguration
|
543
|
+
# * {Types::CreateAccessGrantResult#permission #permission} => String
|
544
|
+
# * {Types::CreateAccessGrantResult#application_arn #application_arn} => String
|
545
|
+
# * {Types::CreateAccessGrantResult#grant_scope #grant_scope} => String
|
546
|
+
#
|
547
|
+
# @example Request syntax with placeholder values
|
548
|
+
#
|
549
|
+
# resp = client.create_access_grant({
|
550
|
+
# account_id: "AccountId",
|
551
|
+
# access_grants_location_id: "AccessGrantsLocationId", # required
|
552
|
+
# access_grants_location_configuration: {
|
553
|
+
# s3_sub_prefix: "S3Prefix",
|
554
|
+
# },
|
555
|
+
# grantee: { # required
|
556
|
+
# grantee_type: "DIRECTORY_USER", # accepts DIRECTORY_USER, DIRECTORY_GROUP, IAM
|
557
|
+
# grantee_identifier: "GranteeIdentifier",
|
558
|
+
# },
|
559
|
+
# permission: "READ", # required, accepts READ, WRITE, READWRITE
|
560
|
+
# application_arn: "IdentityCenterApplicationArn",
|
561
|
+
# s3_prefix_type: "Object", # accepts Object
|
562
|
+
# tags: [
|
563
|
+
# {
|
564
|
+
# key: "TagKeyString", # required
|
565
|
+
# value: "TagValueString", # required
|
566
|
+
# },
|
567
|
+
# ],
|
568
|
+
# })
|
569
|
+
#
|
570
|
+
# @example Response structure
|
571
|
+
#
|
572
|
+
# resp.created_at #=> Time
|
573
|
+
# resp.access_grant_id #=> String
|
574
|
+
# resp.access_grant_arn #=> String
|
575
|
+
# resp.grantee.grantee_type #=> String, one of "DIRECTORY_USER", "DIRECTORY_GROUP", "IAM"
|
576
|
+
# resp.grantee.grantee_identifier #=> String
|
577
|
+
# resp.access_grants_location_id #=> String
|
578
|
+
# resp.access_grants_location_configuration.s3_sub_prefix #=> String
|
579
|
+
# resp.permission #=> String, one of "READ", "WRITE", "READWRITE"
|
580
|
+
# resp.application_arn #=> String
|
581
|
+
# resp.grant_scope #=> String
|
582
|
+
#
|
583
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/CreateAccessGrant AWS API Documentation
|
584
|
+
#
|
585
|
+
# @overload create_access_grant(params = {})
|
586
|
+
# @param [Hash] params ({})
|
587
|
+
def create_access_grant(params = {}, options = {})
|
588
|
+
req = build_request(:create_access_grant, params)
|
589
|
+
req.send_request(options)
|
590
|
+
end
|
591
|
+
|
592
|
+
# Creates an S3 Access Grants instance, which serves as a logical
|
593
|
+
# grouping for access grants. You can create one S3 Access Grants
|
594
|
+
# instance per Region per account.
|
595
|
+
#
|
596
|
+
# Permissions
|
597
|
+
#
|
598
|
+
# : You must have the `s3:CreateAccessGrantsInstance` permission to use
|
599
|
+
# this operation.
|
600
|
+
#
|
601
|
+
# Additional Permissions
|
602
|
+
#
|
603
|
+
# : To associate an IAM Identity Center instance with your S3 Access
|
604
|
+
# Grants instance, you must also have the `sso:DescribeInstance`,
|
605
|
+
# `sso:CreateApplication`, `sso:PutApplicationGrant`, and
|
606
|
+
# `sso:PutApplicationAuthenticationMethod` permissions.
|
607
|
+
#
|
608
|
+
# @option params [String] :account_id
|
609
|
+
# The ID of the Amazon Web Services account that is making this request.
|
610
|
+
#
|
611
|
+
# @option params [String] :identity_center_arn
|
612
|
+
# If you would like to associate your S3 Access Grants instance with an
|
613
|
+
# Amazon Web Services IAM Identity Center instance, use this field to
|
614
|
+
# pass the Amazon Resource Name (ARN) of the Amazon Web Services IAM
|
615
|
+
# Identity Center instance that you are associating with your S3 Access
|
616
|
+
# Grants instance. An IAM Identity Center instance is your corporate
|
617
|
+
# identity directory that you added to the IAM Identity Center. You can
|
618
|
+
# use the [ListInstances][1] API operation to retrieve a list of your
|
619
|
+
# Identity Center instances and their ARNs.
|
620
|
+
#
|
621
|
+
#
|
622
|
+
#
|
623
|
+
# [1]: https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListInstances.html
|
624
|
+
#
|
625
|
+
# @option params [Array<Types::Tag>] :tags
|
626
|
+
# The Amazon Web Services resource tags that you are adding to the S3
|
627
|
+
# Access Grants instance. Each tag is a label consisting of a
|
628
|
+
# user-defined key and value. Tags can help you manage, identify,
|
629
|
+
# organize, search for, and filter resources.
|
630
|
+
#
|
631
|
+
# @return [Types::CreateAccessGrantsInstanceResult] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
632
|
+
#
|
633
|
+
# * {Types::CreateAccessGrantsInstanceResult#created_at #created_at} => Time
|
634
|
+
# * {Types::CreateAccessGrantsInstanceResult#access_grants_instance_id #access_grants_instance_id} => String
|
635
|
+
# * {Types::CreateAccessGrantsInstanceResult#access_grants_instance_arn #access_grants_instance_arn} => String
|
636
|
+
# * {Types::CreateAccessGrantsInstanceResult#identity_center_arn #identity_center_arn} => String
|
637
|
+
#
|
638
|
+
# @example Request syntax with placeholder values
|
639
|
+
#
|
640
|
+
# resp = client.create_access_grants_instance({
|
641
|
+
# account_id: "AccountId",
|
642
|
+
# identity_center_arn: "IdentityCenterArn",
|
643
|
+
# tags: [
|
644
|
+
# {
|
645
|
+
# key: "TagKeyString", # required
|
646
|
+
# value: "TagValueString", # required
|
647
|
+
# },
|
648
|
+
# ],
|
649
|
+
# })
|
650
|
+
#
|
651
|
+
# @example Response structure
|
652
|
+
#
|
653
|
+
# resp.created_at #=> Time
|
654
|
+
# resp.access_grants_instance_id #=> String
|
655
|
+
# resp.access_grants_instance_arn #=> String
|
656
|
+
# resp.identity_center_arn #=> String
|
657
|
+
#
|
658
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/CreateAccessGrantsInstance AWS API Documentation
|
659
|
+
#
|
660
|
+
# @overload create_access_grants_instance(params = {})
|
661
|
+
# @param [Hash] params ({})
|
662
|
+
def create_access_grants_instance(params = {}, options = {})
|
663
|
+
req = build_request(:create_access_grants_instance, params)
|
664
|
+
req.send_request(options)
|
665
|
+
end
|
666
|
+
|
667
|
+
# The S3 data location that you would like to register in your S3 Access
|
668
|
+
# Grants instance. Your S3 data must be in the same Region as your S3
|
669
|
+
# Access Grants instance. The location can be one of the following:
|
670
|
+
#
|
671
|
+
# * The default S3 location `s3://`
|
672
|
+
#
|
673
|
+
# * A bucket - `S3://<bucket-name>`
|
674
|
+
#
|
675
|
+
# * A bucket and prefix - `S3://<bucket-name>/<prefix>`
|
676
|
+
#
|
677
|
+
# When you register a location, you must include the IAM role that has
|
678
|
+
# permission to manage the S3 location that you are registering. Give S3
|
679
|
+
# Access Grants permission to assume this role [using a policy][1]. S3
|
680
|
+
# Access Grants assumes this role to manage access to the location and
|
681
|
+
# to vend temporary credentials to grantees or client applications.
|
682
|
+
#
|
683
|
+
# Permissions
|
684
|
+
#
|
685
|
+
# : You must have the `s3:CreateAccessGrantsLocation` permission to use
|
686
|
+
# this operation.
|
687
|
+
#
|
688
|
+
# Additional Permissions
|
689
|
+
#
|
690
|
+
# : You must also have the following permission for the specified IAM
|
691
|
+
# role: `iam:PassRole`
|
692
|
+
#
|
693
|
+
#
|
694
|
+
#
|
695
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-grants-location.html
|
696
|
+
#
|
697
|
+
# @option params [String] :account_id
|
698
|
+
# The ID of the Amazon Web Services account that is making this request.
|
699
|
+
#
|
700
|
+
# @option params [required, String] :location_scope
|
701
|
+
# The S3 path to the location that you are registering. The location
|
702
|
+
# scope can be the default S3 location `s3://`, the S3 path to a bucket
|
703
|
+
# `s3://<bucket>`, or the S3 path to a bucket and prefix
|
704
|
+
# `s3://<bucket>/<prefix>`. A prefix in S3 is a string of characters at
|
705
|
+
# the beginning of an object key name used to organize the objects that
|
706
|
+
# you store in your S3 buckets. For example, object key names that start
|
707
|
+
# with the `engineering/` prefix or object key names that start with the
|
708
|
+
# `marketing/campaigns/` prefix.
|
709
|
+
#
|
710
|
+
# @option params [required, String] :iam_role_arn
|
711
|
+
# The Amazon Resource Name (ARN) of the IAM role for the registered
|
712
|
+
# location. S3 Access Grants assumes this role to manage access to the
|
713
|
+
# registered location.
|
714
|
+
#
|
715
|
+
# @option params [Array<Types::Tag>] :tags
|
716
|
+
# The Amazon Web Services resource tags that you are adding to the S3
|
717
|
+
# Access Grants location. Each tag is a label consisting of a
|
718
|
+
# user-defined key and value. Tags can help you manage, identify,
|
719
|
+
# organize, search for, and filter resources.
|
720
|
+
#
|
721
|
+
# @return [Types::CreateAccessGrantsLocationResult] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
722
|
+
#
|
723
|
+
# * {Types::CreateAccessGrantsLocationResult#created_at #created_at} => Time
|
724
|
+
# * {Types::CreateAccessGrantsLocationResult#access_grants_location_id #access_grants_location_id} => String
|
725
|
+
# * {Types::CreateAccessGrantsLocationResult#access_grants_location_arn #access_grants_location_arn} => String
|
726
|
+
# * {Types::CreateAccessGrantsLocationResult#location_scope #location_scope} => String
|
727
|
+
# * {Types::CreateAccessGrantsLocationResult#iam_role_arn #iam_role_arn} => String
|
728
|
+
#
|
729
|
+
# @example Request syntax with placeholder values
|
730
|
+
#
|
731
|
+
# resp = client.create_access_grants_location({
|
732
|
+
# account_id: "AccountId",
|
733
|
+
# location_scope: "S3Prefix", # required
|
734
|
+
# iam_role_arn: "IAMRoleArn", # required
|
735
|
+
# tags: [
|
736
|
+
# {
|
737
|
+
# key: "TagKeyString", # required
|
738
|
+
# value: "TagValueString", # required
|
739
|
+
# },
|
740
|
+
# ],
|
741
|
+
# })
|
742
|
+
#
|
743
|
+
# @example Response structure
|
744
|
+
#
|
745
|
+
# resp.created_at #=> Time
|
746
|
+
# resp.access_grants_location_id #=> String
|
747
|
+
# resp.access_grants_location_arn #=> String
|
748
|
+
# resp.location_scope #=> String
|
749
|
+
# resp.iam_role_arn #=> String
|
750
|
+
#
|
751
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/CreateAccessGrantsLocation AWS API Documentation
|
752
|
+
#
|
753
|
+
# @overload create_access_grants_location(params = {})
|
754
|
+
# @param [Hash] params ({})
|
755
|
+
def create_access_grants_location(params = {}, options = {})
|
756
|
+
req = build_request(:create_access_grants_location, params)
|
757
|
+
req.send_request(options)
|
758
|
+
end
|
759
|
+
|
403
760
|
# Creates an access point and associates it with the specified bucket.
|
404
761
|
# For more information, see [Managing Data Access with Amazon S3 Access
|
405
762
|
# Points][1] in the *Amazon S3 User Guide*.
|
@@ -1226,6 +1583,156 @@ module Aws::S3Control
|
|
1226
1583
|
req.send_request(options)
|
1227
1584
|
end
|
1228
1585
|
|
1586
|
+
# Deletes the access grant from the S3 Access Grants instance. You
|
1587
|
+
# cannot undo an access grant deletion and the grantee will no longer
|
1588
|
+
# have access to the S3 data.
|
1589
|
+
#
|
1590
|
+
# Permissions
|
1591
|
+
#
|
1592
|
+
# : You must have the `s3:DeleteAccessGrant` permission to use this
|
1593
|
+
# operation.
|
1594
|
+
#
|
1595
|
+
# @option params [String] :account_id
|
1596
|
+
# The ID of the Amazon Web Services account that is making this request.
|
1597
|
+
#
|
1598
|
+
# @option params [required, String] :access_grant_id
|
1599
|
+
# The ID of the access grant. S3 Access Grants auto-generates this ID
|
1600
|
+
# when you create the access grant.
|
1601
|
+
#
|
1602
|
+
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
1603
|
+
#
|
1604
|
+
# @example Request syntax with placeholder values
|
1605
|
+
#
|
1606
|
+
# resp = client.delete_access_grant({
|
1607
|
+
# account_id: "AccountId",
|
1608
|
+
# access_grant_id: "AccessGrantId", # required
|
1609
|
+
# })
|
1610
|
+
#
|
1611
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/DeleteAccessGrant AWS API Documentation
|
1612
|
+
#
|
1613
|
+
# @overload delete_access_grant(params = {})
|
1614
|
+
# @param [Hash] params ({})
|
1615
|
+
def delete_access_grant(params = {}, options = {})
|
1616
|
+
req = build_request(:delete_access_grant, params)
|
1617
|
+
req.send_request(options)
|
1618
|
+
end
|
1619
|
+
|
1620
|
+
# Deletes your S3 Access Grants instance. You must first delete the
|
1621
|
+
# access grants and locations before S3 Access Grants can delete the
|
1622
|
+
# instance. See [DeleteAccessGrant][1] and
|
1623
|
+
# [DeleteAccessGrantsLocation][2]. If you have associated an IAM
|
1624
|
+
# Identity Center instance with your S3 Access Grants instance, you must
|
1625
|
+
# first dissassociate the Identity Center instance from the S3 Access
|
1626
|
+
# Grants instance before you can delete the S3 Access Grants instance.
|
1627
|
+
# See [AssociateAccessGrantsIdentityCenter][3] and
|
1628
|
+
# [DissociateAccessGrantsIdentityCenter][4].
|
1629
|
+
#
|
1630
|
+
# Permissions
|
1631
|
+
#
|
1632
|
+
# : You must have the `s3:DeleteAccessGrantsInstance` permission to use
|
1633
|
+
# this operation.
|
1634
|
+
#
|
1635
|
+
#
|
1636
|
+
#
|
1637
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeleteAccessGrant.html
|
1638
|
+
# [2]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeleteAccessGrantsLocation.html
|
1639
|
+
# [3]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_AssociateAccessGrantsIdentityCenter.html
|
1640
|
+
# [4]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DissociateAccessGrantsIdentityCenter.html
|
1641
|
+
#
|
1642
|
+
# @option params [String] :account_id
|
1643
|
+
# The ID of the Amazon Web Services account that is making this request.
|
1644
|
+
#
|
1645
|
+
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
1646
|
+
#
|
1647
|
+
# @example Request syntax with placeholder values
|
1648
|
+
#
|
1649
|
+
# resp = client.delete_access_grants_instance({
|
1650
|
+
# account_id: "AccountId",
|
1651
|
+
# })
|
1652
|
+
#
|
1653
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/DeleteAccessGrantsInstance AWS API Documentation
|
1654
|
+
#
|
1655
|
+
# @overload delete_access_grants_instance(params = {})
|
1656
|
+
# @param [Hash] params ({})
|
1657
|
+
def delete_access_grants_instance(params = {}, options = {})
|
1658
|
+
req = build_request(:delete_access_grants_instance, params)
|
1659
|
+
req.send_request(options)
|
1660
|
+
end
|
1661
|
+
|
1662
|
+
# Deletes the resource policy of the S3 Access Grants instance. The
|
1663
|
+
# resource policy is used to manage cross-account access to your S3
|
1664
|
+
# Access Grants instance. By deleting the resource policy, you delete
|
1665
|
+
# any cross-account permissions to your S3 Access Grants instance.
|
1666
|
+
#
|
1667
|
+
# Permissions
|
1668
|
+
#
|
1669
|
+
# : You must have the `s3:DeleteAccessGrantsInstanceResourcePolicy`
|
1670
|
+
# permission to use this operation.
|
1671
|
+
#
|
1672
|
+
# @option params [String] :account_id
|
1673
|
+
# The ID of the Amazon Web Services account that is making this request.
|
1674
|
+
#
|
1675
|
+
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
1676
|
+
#
|
1677
|
+
# @example Request syntax with placeholder values
|
1678
|
+
#
|
1679
|
+
# resp = client.delete_access_grants_instance_resource_policy({
|
1680
|
+
# account_id: "AccountId",
|
1681
|
+
# })
|
1682
|
+
#
|
1683
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/DeleteAccessGrantsInstanceResourcePolicy AWS API Documentation
|
1684
|
+
#
|
1685
|
+
# @overload delete_access_grants_instance_resource_policy(params = {})
|
1686
|
+
# @param [Hash] params ({})
|
1687
|
+
def delete_access_grants_instance_resource_policy(params = {}, options = {})
|
1688
|
+
req = build_request(:delete_access_grants_instance_resource_policy, params)
|
1689
|
+
req.send_request(options)
|
1690
|
+
end
|
1691
|
+
|
1692
|
+
# Deregisters a location from your S3 Access Grants instance. You can
|
1693
|
+
# only delete a location registration from an S3 Access Grants instance
|
1694
|
+
# if there are no grants associated with this location. See [Delete a
|
1695
|
+
# grant][1] for information on how to delete grants. You need to have at
|
1696
|
+
# least one registered location in your S3 Access Grants instance in
|
1697
|
+
# order to create access grants.
|
1698
|
+
#
|
1699
|
+
# Permissions
|
1700
|
+
#
|
1701
|
+
# : You must have the `s3:DeleteAccessGrantsLocation` permission to use
|
1702
|
+
# this operation.
|
1703
|
+
#
|
1704
|
+
#
|
1705
|
+
#
|
1706
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeleteAccessGrant.html
|
1707
|
+
#
|
1708
|
+
# @option params [String] :account_id
|
1709
|
+
# The ID of the Amazon Web Services account that is making this request.
|
1710
|
+
#
|
1711
|
+
# @option params [required, String] :access_grants_location_id
|
1712
|
+
# The ID of the registered location that you are deregistering from your
|
1713
|
+
# S3 Access Grants instance. S3 Access Grants assigned this ID when you
|
1714
|
+
# registered the location. S3 Access Grants assigns the ID `default` to
|
1715
|
+
# the default location `s3://` and assigns an auto-generated ID to other
|
1716
|
+
# locations that you register.
|
1717
|
+
#
|
1718
|
+
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
1719
|
+
#
|
1720
|
+
# @example Request syntax with placeholder values
|
1721
|
+
#
|
1722
|
+
# resp = client.delete_access_grants_location({
|
1723
|
+
# account_id: "AccountId",
|
1724
|
+
# access_grants_location_id: "AccessGrantsLocationId", # required
|
1725
|
+
# })
|
1726
|
+
#
|
1727
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/DeleteAccessGrantsLocation AWS API Documentation
|
1728
|
+
#
|
1729
|
+
# @overload delete_access_grants_location(params = {})
|
1730
|
+
# @param [Hash] params ({})
|
1731
|
+
def delete_access_grants_location(params = {}, options = {})
|
1732
|
+
req = build_request(:delete_access_grants_location, params)
|
1733
|
+
req.send_request(options)
|
1734
|
+
end
|
1735
|
+
|
1229
1736
|
# Deletes the specified access point.
|
1230
1737
|
#
|
1231
1738
|
# All Amazon S3 on Outposts REST API requests for this action require an
|
@@ -2296,70 +2803,330 @@ module Aws::S3Control
|
|
2296
2803
|
#
|
2297
2804
|
# * [DeleteMultiRegionAccessPoint][3]
|
2298
2805
|
#
|
2299
|
-
# * [GetMultiRegionAccessPoint][4]
|
2806
|
+
# * [GetMultiRegionAccessPoint][4]
|
2807
|
+
#
|
2808
|
+
# * [ListMultiRegionAccessPoints][5]
|
2809
|
+
#
|
2810
|
+
#
|
2811
|
+
#
|
2812
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/ManagingMultiRegionAccessPoints.html
|
2813
|
+
# [2]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_CreateMultiRegionAccessPoint.html
|
2814
|
+
# [3]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeleteMultiRegionAccessPoint.html
|
2815
|
+
# [4]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetMultiRegionAccessPoint.html
|
2816
|
+
# [5]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_ListMultiRegionAccessPoints.html
|
2817
|
+
#
|
2818
|
+
# @option params [String] :account_id
|
2819
|
+
# The Amazon Web Services account ID for the owner of the Multi-Region
|
2820
|
+
# Access Point.
|
2821
|
+
#
|
2822
|
+
# @option params [required, String] :request_token_arn
|
2823
|
+
# The request token associated with the request you want to know about.
|
2824
|
+
# This request token is returned as part of the response when you make
|
2825
|
+
# an asynchronous request. You provide this token to query about the
|
2826
|
+
# status of the asynchronous action.
|
2827
|
+
#
|
2828
|
+
# @return [Types::DescribeMultiRegionAccessPointOperationResult] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
2829
|
+
#
|
2830
|
+
# * {Types::DescribeMultiRegionAccessPointOperationResult#async_operation #async_operation} => Types::AsyncOperation
|
2831
|
+
#
|
2832
|
+
# @example Request syntax with placeholder values
|
2833
|
+
#
|
2834
|
+
# resp = client.describe_multi_region_access_point_operation({
|
2835
|
+
# account_id: "AccountId",
|
2836
|
+
# request_token_arn: "AsyncRequestTokenARN", # required
|
2837
|
+
# })
|
2838
|
+
#
|
2839
|
+
# @example Response structure
|
2840
|
+
#
|
2841
|
+
# resp.async_operation.creation_time #=> Time
|
2842
|
+
# resp.async_operation.operation #=> String, one of "CreateMultiRegionAccessPoint", "DeleteMultiRegionAccessPoint", "PutMultiRegionAccessPointPolicy"
|
2843
|
+
# resp.async_operation.request_token_arn #=> String
|
2844
|
+
# resp.async_operation.request_parameters.create_multi_region_access_point_request.name #=> String
|
2845
|
+
# resp.async_operation.request_parameters.create_multi_region_access_point_request.public_access_block.block_public_acls #=> Boolean
|
2846
|
+
# resp.async_operation.request_parameters.create_multi_region_access_point_request.public_access_block.ignore_public_acls #=> Boolean
|
2847
|
+
# resp.async_operation.request_parameters.create_multi_region_access_point_request.public_access_block.block_public_policy #=> Boolean
|
2848
|
+
# resp.async_operation.request_parameters.create_multi_region_access_point_request.public_access_block.restrict_public_buckets #=> Boolean
|
2849
|
+
# resp.async_operation.request_parameters.create_multi_region_access_point_request.regions #=> Array
|
2850
|
+
# resp.async_operation.request_parameters.create_multi_region_access_point_request.regions[0].bucket #=> String
|
2851
|
+
# resp.async_operation.request_parameters.create_multi_region_access_point_request.regions[0].bucket_account_id #=> String
|
2852
|
+
# resp.async_operation.request_parameters.delete_multi_region_access_point_request.name #=> String
|
2853
|
+
# resp.async_operation.request_parameters.put_multi_region_access_point_policy_request.name #=> String
|
2854
|
+
# resp.async_operation.request_parameters.put_multi_region_access_point_policy_request.policy #=> String
|
2855
|
+
# resp.async_operation.request_status #=> String
|
2856
|
+
# resp.async_operation.response_details.multi_region_access_point_details.regions #=> Array
|
2857
|
+
# resp.async_operation.response_details.multi_region_access_point_details.regions[0].name #=> String
|
2858
|
+
# resp.async_operation.response_details.multi_region_access_point_details.regions[0].request_status #=> String
|
2859
|
+
# resp.async_operation.response_details.error_details.code #=> String
|
2860
|
+
# resp.async_operation.response_details.error_details.message #=> String
|
2861
|
+
# resp.async_operation.response_details.error_details.resource #=> String
|
2862
|
+
# resp.async_operation.response_details.error_details.request_id #=> String
|
2863
|
+
#
|
2864
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/DescribeMultiRegionAccessPointOperation AWS API Documentation
|
2865
|
+
#
|
2866
|
+
# @overload describe_multi_region_access_point_operation(params = {})
|
2867
|
+
# @param [Hash] params ({})
|
2868
|
+
def describe_multi_region_access_point_operation(params = {}, options = {})
|
2869
|
+
req = build_request(:describe_multi_region_access_point_operation, params)
|
2870
|
+
req.send_request(options)
|
2871
|
+
end
|
2872
|
+
|
2873
|
+
# Dissociates the Amazon Web Services IAM Identity Center instance from
|
2874
|
+
# the S3 Access Grants instance.
|
2875
|
+
#
|
2876
|
+
# Permissions
|
2877
|
+
#
|
2878
|
+
# : You must have the `s3:DissociateAccessGrantsIdentityCenter`
|
2879
|
+
# permission to use this operation.
|
2880
|
+
#
|
2881
|
+
# Additional Permissions
|
2882
|
+
#
|
2883
|
+
# : You must have the `sso:DeleteApplication` permission to use this
|
2884
|
+
# operation.
|
2885
|
+
#
|
2886
|
+
# @option params [String] :account_id
|
2887
|
+
# The ID of the Amazon Web Services account that is making this request.
|
2888
|
+
#
|
2889
|
+
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
2890
|
+
#
|
2891
|
+
# @example Request syntax with placeholder values
|
2892
|
+
#
|
2893
|
+
# resp = client.dissociate_access_grants_identity_center({
|
2894
|
+
# account_id: "AccountId",
|
2895
|
+
# })
|
2896
|
+
#
|
2897
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/DissociateAccessGrantsIdentityCenter AWS API Documentation
|
2898
|
+
#
|
2899
|
+
# @overload dissociate_access_grants_identity_center(params = {})
|
2900
|
+
# @param [Hash] params ({})
|
2901
|
+
def dissociate_access_grants_identity_center(params = {}, options = {})
|
2902
|
+
req = build_request(:dissociate_access_grants_identity_center, params)
|
2903
|
+
req.send_request(options)
|
2904
|
+
end
|
2905
|
+
|
2906
|
+
# Get the details of an access grant from your S3 Access Grants
|
2907
|
+
# instance.
|
2908
|
+
#
|
2909
|
+
# Permissions
|
2910
|
+
#
|
2911
|
+
# : You must have the `s3:GetAccessGrant` permission to use this
|
2912
|
+
# operation.
|
2913
|
+
#
|
2914
|
+
# @option params [String] :account_id
|
2915
|
+
# The ID of the Amazon Web Services account that is making this request.
|
2916
|
+
#
|
2917
|
+
# @option params [required, String] :access_grant_id
|
2918
|
+
# The ID of the access grant. S3 Access Grants auto-generates this ID
|
2919
|
+
# when you create the access grant.
|
2920
|
+
#
|
2921
|
+
# @return [Types::GetAccessGrantResult] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
2922
|
+
#
|
2923
|
+
# * {Types::GetAccessGrantResult#created_at #created_at} => Time
|
2924
|
+
# * {Types::GetAccessGrantResult#access_grant_id #access_grant_id} => String
|
2925
|
+
# * {Types::GetAccessGrantResult#access_grant_arn #access_grant_arn} => String
|
2926
|
+
# * {Types::GetAccessGrantResult#grantee #grantee} => Types::Grantee
|
2927
|
+
# * {Types::GetAccessGrantResult#permission #permission} => String
|
2928
|
+
# * {Types::GetAccessGrantResult#access_grants_location_id #access_grants_location_id} => String
|
2929
|
+
# * {Types::GetAccessGrantResult#access_grants_location_configuration #access_grants_location_configuration} => Types::AccessGrantsLocationConfiguration
|
2930
|
+
# * {Types::GetAccessGrantResult#grant_scope #grant_scope} => String
|
2931
|
+
# * {Types::GetAccessGrantResult#application_arn #application_arn} => String
|
2932
|
+
#
|
2933
|
+
# @example Request syntax with placeholder values
|
2934
|
+
#
|
2935
|
+
# resp = client.get_access_grant({
|
2936
|
+
# account_id: "AccountId",
|
2937
|
+
# access_grant_id: "AccessGrantId", # required
|
2938
|
+
# })
|
2939
|
+
#
|
2940
|
+
# @example Response structure
|
2941
|
+
#
|
2942
|
+
# resp.created_at #=> Time
|
2943
|
+
# resp.access_grant_id #=> String
|
2944
|
+
# resp.access_grant_arn #=> String
|
2945
|
+
# resp.grantee.grantee_type #=> String, one of "DIRECTORY_USER", "DIRECTORY_GROUP", "IAM"
|
2946
|
+
# resp.grantee.grantee_identifier #=> String
|
2947
|
+
# resp.permission #=> String, one of "READ", "WRITE", "READWRITE"
|
2948
|
+
# resp.access_grants_location_id #=> String
|
2949
|
+
# resp.access_grants_location_configuration.s3_sub_prefix #=> String
|
2950
|
+
# resp.grant_scope #=> String
|
2951
|
+
# resp.application_arn #=> String
|
2952
|
+
#
|
2953
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetAccessGrant AWS API Documentation
|
2954
|
+
#
|
2955
|
+
# @overload get_access_grant(params = {})
|
2956
|
+
# @param [Hash] params ({})
|
2957
|
+
def get_access_grant(params = {}, options = {})
|
2958
|
+
req = build_request(:get_access_grant, params)
|
2959
|
+
req.send_request(options)
|
2960
|
+
end
|
2961
|
+
|
2962
|
+
# Retrieves the S3 Access Grants instance for a Region in your account.
|
2963
|
+
#
|
2964
|
+
# Permissions
|
2965
|
+
#
|
2966
|
+
# : You must have the `s3:GetAccessGrantsInstance` permission to use
|
2967
|
+
# this operation.
|
2968
|
+
#
|
2969
|
+
# @option params [String] :account_id
|
2970
|
+
# The ID of the Amazon Web Services account that is making this request.
|
2971
|
+
#
|
2972
|
+
# @return [Types::GetAccessGrantsInstanceResult] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
2973
|
+
#
|
2974
|
+
# * {Types::GetAccessGrantsInstanceResult#access_grants_instance_arn #access_grants_instance_arn} => String
|
2975
|
+
# * {Types::GetAccessGrantsInstanceResult#access_grants_instance_id #access_grants_instance_id} => String
|
2976
|
+
# * {Types::GetAccessGrantsInstanceResult#identity_center_arn #identity_center_arn} => String
|
2977
|
+
# * {Types::GetAccessGrantsInstanceResult#created_at #created_at} => Time
|
2978
|
+
#
|
2979
|
+
# @example Request syntax with placeholder values
|
2980
|
+
#
|
2981
|
+
# resp = client.get_access_grants_instance({
|
2982
|
+
# account_id: "AccountId",
|
2983
|
+
# })
|
2984
|
+
#
|
2985
|
+
# @example Response structure
|
2986
|
+
#
|
2987
|
+
# resp.access_grants_instance_arn #=> String
|
2988
|
+
# resp.access_grants_instance_id #=> String
|
2989
|
+
# resp.identity_center_arn #=> String
|
2990
|
+
# resp.created_at #=> Time
|
2991
|
+
#
|
2992
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetAccessGrantsInstance AWS API Documentation
|
2993
|
+
#
|
2994
|
+
# @overload get_access_grants_instance(params = {})
|
2995
|
+
# @param [Hash] params ({})
|
2996
|
+
def get_access_grants_instance(params = {}, options = {})
|
2997
|
+
req = build_request(:get_access_grants_instance, params)
|
2998
|
+
req.send_request(options)
|
2999
|
+
end
|
3000
|
+
|
3001
|
+
# Retrieve the S3 Access Grants instance that contains a particular
|
3002
|
+
# prefix.
|
3003
|
+
#
|
3004
|
+
# Permissions
|
3005
|
+
#
|
3006
|
+
# : You must have the `s3:GetAccessGrantsInstanceForPrefix` permission
|
3007
|
+
# for the caller account to use this operation.
|
3008
|
+
#
|
3009
|
+
# Additional Permissions
|
3010
|
+
#
|
3011
|
+
# : The prefix owner account must grant you the following permissions to
|
3012
|
+
# their S3 Access Grants instance:
|
3013
|
+
# `s3:GetAccessGrantsInstanceForPrefix`.
|
3014
|
+
#
|
3015
|
+
# @option params [String] :account_id
|
3016
|
+
# The ID of the Amazon Web Services account that is making this request.
|
3017
|
+
#
|
3018
|
+
# @option params [required, String] :s3_prefix
|
3019
|
+
# The S3 prefix of the access grants that you would like to retrieve.
|
3020
|
+
#
|
3021
|
+
# @return [Types::GetAccessGrantsInstanceForPrefixResult] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
3022
|
+
#
|
3023
|
+
# * {Types::GetAccessGrantsInstanceForPrefixResult#access_grants_instance_arn #access_grants_instance_arn} => String
|
3024
|
+
# * {Types::GetAccessGrantsInstanceForPrefixResult#access_grants_instance_id #access_grants_instance_id} => String
|
3025
|
+
#
|
3026
|
+
# @example Request syntax with placeholder values
|
3027
|
+
#
|
3028
|
+
# resp = client.get_access_grants_instance_for_prefix({
|
3029
|
+
# account_id: "AccountId",
|
3030
|
+
# s3_prefix: "S3Prefix", # required
|
3031
|
+
# })
|
3032
|
+
#
|
3033
|
+
# @example Response structure
|
3034
|
+
#
|
3035
|
+
# resp.access_grants_instance_arn #=> String
|
3036
|
+
# resp.access_grants_instance_id #=> String
|
3037
|
+
#
|
3038
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetAccessGrantsInstanceForPrefix AWS API Documentation
|
3039
|
+
#
|
3040
|
+
# @overload get_access_grants_instance_for_prefix(params = {})
|
3041
|
+
# @param [Hash] params ({})
|
3042
|
+
def get_access_grants_instance_for_prefix(params = {}, options = {})
|
3043
|
+
req = build_request(:get_access_grants_instance_for_prefix, params)
|
3044
|
+
req.send_request(options)
|
3045
|
+
end
|
3046
|
+
|
3047
|
+
# Returns the resource policy of the S3 Access Grants instance.
|
3048
|
+
#
|
3049
|
+
# Permissions
|
3050
|
+
#
|
3051
|
+
# : You must have the `s3:GetAccessGrantsInstanceResourcePolicy`
|
3052
|
+
# permission to use this operation.
|
3053
|
+
#
|
3054
|
+
# @option params [String] :account_id
|
3055
|
+
# The ID of the Amazon Web Services account that is making this request.
|
3056
|
+
#
|
3057
|
+
# @return [Types::GetAccessGrantsInstanceResourcePolicyResult] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
3058
|
+
#
|
3059
|
+
# * {Types::GetAccessGrantsInstanceResourcePolicyResult#policy #policy} => String
|
3060
|
+
# * {Types::GetAccessGrantsInstanceResourcePolicyResult#organization #organization} => String
|
3061
|
+
# * {Types::GetAccessGrantsInstanceResourcePolicyResult#created_at #created_at} => Time
|
3062
|
+
#
|
3063
|
+
# @example Request syntax with placeholder values
|
3064
|
+
#
|
3065
|
+
# resp = client.get_access_grants_instance_resource_policy({
|
3066
|
+
# account_id: "AccountId",
|
3067
|
+
# })
|
3068
|
+
#
|
3069
|
+
# @example Response structure
|
3070
|
+
#
|
3071
|
+
# resp.policy #=> String
|
3072
|
+
# resp.organization #=> String
|
3073
|
+
# resp.created_at #=> Time
|
2300
3074
|
#
|
2301
|
-
#
|
3075
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetAccessGrantsInstanceResourcePolicy AWS API Documentation
|
2302
3076
|
#
|
3077
|
+
# @overload get_access_grants_instance_resource_policy(params = {})
|
3078
|
+
# @param [Hash] params ({})
|
3079
|
+
def get_access_grants_instance_resource_policy(params = {}, options = {})
|
3080
|
+
req = build_request(:get_access_grants_instance_resource_policy, params)
|
3081
|
+
req.send_request(options)
|
3082
|
+
end
|
3083
|
+
|
3084
|
+
# Retrieves the details of a particular location registered in your S3
|
3085
|
+
# Access Grants instance.
|
2303
3086
|
#
|
3087
|
+
# Permissions
|
2304
3088
|
#
|
2305
|
-
#
|
2306
|
-
#
|
2307
|
-
# [3]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeleteMultiRegionAccessPoint.html
|
2308
|
-
# [4]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetMultiRegionAccessPoint.html
|
2309
|
-
# [5]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_ListMultiRegionAccessPoints.html
|
3089
|
+
# : You must have the `s3:GetAccessGrantsLocation` permission to use
|
3090
|
+
# this operation.
|
2310
3091
|
#
|
2311
3092
|
# @option params [String] :account_id
|
2312
|
-
# The Amazon Web Services account
|
2313
|
-
# Access Point.
|
3093
|
+
# The ID of the Amazon Web Services account that is making this request.
|
2314
3094
|
#
|
2315
|
-
# @option params [required, String] :
|
2316
|
-
# The
|
2317
|
-
#
|
2318
|
-
#
|
2319
|
-
#
|
3095
|
+
# @option params [required, String] :access_grants_location_id
|
3096
|
+
# The ID of the registered location that you are retrieving. S3 Access
|
3097
|
+
# Grants assigns this ID when you register the location. S3 Access
|
3098
|
+
# Grants assigns the ID `default` to the default location `s3://` and
|
3099
|
+
# assigns an auto-generated ID to other locations that you register.
|
2320
3100
|
#
|
2321
|
-
# @return [Types::
|
3101
|
+
# @return [Types::GetAccessGrantsLocationResult] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
2322
3102
|
#
|
2323
|
-
# * {Types::
|
3103
|
+
# * {Types::GetAccessGrantsLocationResult#created_at #created_at} => Time
|
3104
|
+
# * {Types::GetAccessGrantsLocationResult#access_grants_location_id #access_grants_location_id} => String
|
3105
|
+
# * {Types::GetAccessGrantsLocationResult#access_grants_location_arn #access_grants_location_arn} => String
|
3106
|
+
# * {Types::GetAccessGrantsLocationResult#location_scope #location_scope} => String
|
3107
|
+
# * {Types::GetAccessGrantsLocationResult#iam_role_arn #iam_role_arn} => String
|
2324
3108
|
#
|
2325
3109
|
# @example Request syntax with placeholder values
|
2326
3110
|
#
|
2327
|
-
# resp = client.
|
3111
|
+
# resp = client.get_access_grants_location({
|
2328
3112
|
# account_id: "AccountId",
|
2329
|
-
#
|
3113
|
+
# access_grants_location_id: "AccessGrantsLocationId", # required
|
2330
3114
|
# })
|
2331
3115
|
#
|
2332
3116
|
# @example Response structure
|
2333
3117
|
#
|
2334
|
-
# resp.
|
2335
|
-
# resp.
|
2336
|
-
# resp.
|
2337
|
-
# resp.
|
2338
|
-
# resp.
|
2339
|
-
# resp.async_operation.request_parameters.create_multi_region_access_point_request.public_access_block.ignore_public_acls #=> Boolean
|
2340
|
-
# resp.async_operation.request_parameters.create_multi_region_access_point_request.public_access_block.block_public_policy #=> Boolean
|
2341
|
-
# resp.async_operation.request_parameters.create_multi_region_access_point_request.public_access_block.restrict_public_buckets #=> Boolean
|
2342
|
-
# resp.async_operation.request_parameters.create_multi_region_access_point_request.regions #=> Array
|
2343
|
-
# resp.async_operation.request_parameters.create_multi_region_access_point_request.regions[0].bucket #=> String
|
2344
|
-
# resp.async_operation.request_parameters.create_multi_region_access_point_request.regions[0].bucket_account_id #=> String
|
2345
|
-
# resp.async_operation.request_parameters.delete_multi_region_access_point_request.name #=> String
|
2346
|
-
# resp.async_operation.request_parameters.put_multi_region_access_point_policy_request.name #=> String
|
2347
|
-
# resp.async_operation.request_parameters.put_multi_region_access_point_policy_request.policy #=> String
|
2348
|
-
# resp.async_operation.request_status #=> String
|
2349
|
-
# resp.async_operation.response_details.multi_region_access_point_details.regions #=> Array
|
2350
|
-
# resp.async_operation.response_details.multi_region_access_point_details.regions[0].name #=> String
|
2351
|
-
# resp.async_operation.response_details.multi_region_access_point_details.regions[0].request_status #=> String
|
2352
|
-
# resp.async_operation.response_details.error_details.code #=> String
|
2353
|
-
# resp.async_operation.response_details.error_details.message #=> String
|
2354
|
-
# resp.async_operation.response_details.error_details.resource #=> String
|
2355
|
-
# resp.async_operation.response_details.error_details.request_id #=> String
|
3118
|
+
# resp.created_at #=> Time
|
3119
|
+
# resp.access_grants_location_id #=> String
|
3120
|
+
# resp.access_grants_location_arn #=> String
|
3121
|
+
# resp.location_scope #=> String
|
3122
|
+
# resp.iam_role_arn #=> String
|
2356
3123
|
#
|
2357
|
-
# @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/
|
3124
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetAccessGrantsLocation AWS API Documentation
|
2358
3125
|
#
|
2359
|
-
# @overload
|
3126
|
+
# @overload get_access_grants_location(params = {})
|
2360
3127
|
# @param [Hash] params ({})
|
2361
|
-
def
|
2362
|
-
req = build_request(:
|
3128
|
+
def get_access_grants_location(params = {}, options = {})
|
3129
|
+
req = build_request(:get_access_grants_location, params)
|
2363
3130
|
req.send_request(options)
|
2364
3131
|
end
|
2365
3132
|
|
@@ -3346,6 +4113,102 @@ module Aws::S3Control
|
|
3346
4113
|
req.send_request(options)
|
3347
4114
|
end
|
3348
4115
|
|
4116
|
+
# Returns a temporary access credential from S3 Access Grants to the
|
4117
|
+
# grantee or client application. The [temporary credential][1] is an
|
4118
|
+
# Amazon Web Services STS token that grants them access to the S3 data.
|
4119
|
+
#
|
4120
|
+
# Permissions
|
4121
|
+
#
|
4122
|
+
# : You must have the `s3:GetDataAccess` permission to use this
|
4123
|
+
# operation.
|
4124
|
+
#
|
4125
|
+
# Additional Permissions
|
4126
|
+
#
|
4127
|
+
# : The IAM role that S3 Access Grants assumes must have the following
|
4128
|
+
# permissions specified in the trust policy when registering the
|
4129
|
+
# location: `sts:AssumeRole`, for directory users or groups
|
4130
|
+
# `sts:SetContext`, and for IAM users or roles `sts:SourceIdentity`.
|
4131
|
+
#
|
4132
|
+
#
|
4133
|
+
#
|
4134
|
+
# [1]: https://docs.aws.amazon.com/STS/latest/APIReference/API_Credentials.html
|
4135
|
+
#
|
4136
|
+
# @option params [String] :account_id
|
4137
|
+
# The ID of the Amazon Web Services account that is making this request.
|
4138
|
+
#
|
4139
|
+
# @option params [required, String] :target
|
4140
|
+
# The S3 URI path of the data to which you are requesting temporary
|
4141
|
+
# access credentials. If the requesting account has an access grant for
|
4142
|
+
# this data, S3 Access Grants vends temporary access credentials in the
|
4143
|
+
# response.
|
4144
|
+
#
|
4145
|
+
# @option params [required, String] :permission
|
4146
|
+
# The type of permission granted to your S3 data, which can be set to
|
4147
|
+
# one of the following values:
|
4148
|
+
#
|
4149
|
+
# * `READ` – Grant read-only access to the S3 data.
|
4150
|
+
#
|
4151
|
+
# * `WRITE` – Grant write-only access to the S3 data.
|
4152
|
+
#
|
4153
|
+
# * `READWRITE` – Grant both read and write access to the S3 data.
|
4154
|
+
#
|
4155
|
+
# @option params [Integer] :duration_seconds
|
4156
|
+
# The session duration, in seconds, of the temporary access credential
|
4157
|
+
# that S3 Access Grants vends to the grantee or client application. The
|
4158
|
+
# default value is 1 hour, but the grantee can specify a range from 900
|
4159
|
+
# seconds (15 minutes) up to 43200 seconds (12 hours). If the grantee
|
4160
|
+
# requests a value higher than this maximum, the operation fails.
|
4161
|
+
#
|
4162
|
+
# @option params [String] :privilege
|
4163
|
+
# The scope of the temporary access credential that S3 Access Grants
|
4164
|
+
# vends to the grantee or client application.
|
4165
|
+
#
|
4166
|
+
# * `Default` – The scope of the returned temporary access token is the
|
4167
|
+
# scope of the grant that is closest to the target scope.
|
4168
|
+
#
|
4169
|
+
# * `Minimal` – The scope of the returned temporary access token is the
|
4170
|
+
# same as the requested target scope as long as the requested scope is
|
4171
|
+
# the same as or a subset of the grant scope.
|
4172
|
+
#
|
4173
|
+
# @option params [String] :target_type
|
4174
|
+
# The type of `Target`. The only possible value is `Object`. Pass this
|
4175
|
+
# value if the target data that you would like to access is a path to an
|
4176
|
+
# object. Do not pass this value if the target data is a bucket or a
|
4177
|
+
# bucket and a prefix.
|
4178
|
+
#
|
4179
|
+
# @return [Types::GetDataAccessResult] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
4180
|
+
#
|
4181
|
+
# * {Types::GetDataAccessResult#credentials #credentials} => Types::Credentials
|
4182
|
+
# * {Types::GetDataAccessResult#matched_grant_target #matched_grant_target} => String
|
4183
|
+
#
|
4184
|
+
# @example Request syntax with placeholder values
|
4185
|
+
#
|
4186
|
+
# resp = client.get_data_access({
|
4187
|
+
# account_id: "AccountId",
|
4188
|
+
# target: "S3Prefix", # required
|
4189
|
+
# permission: "READ", # required, accepts READ, WRITE, READWRITE
|
4190
|
+
# duration_seconds: 1,
|
4191
|
+
# privilege: "Minimal", # accepts Minimal, Default
|
4192
|
+
# target_type: "Object", # accepts Object
|
4193
|
+
# })
|
4194
|
+
#
|
4195
|
+
# @example Response structure
|
4196
|
+
#
|
4197
|
+
# resp.credentials.access_key_id #=> String
|
4198
|
+
# resp.credentials.secret_access_key #=> String
|
4199
|
+
# resp.credentials.session_token #=> String
|
4200
|
+
# resp.credentials.expiration #=> Time
|
4201
|
+
# resp.matched_grant_target #=> String
|
4202
|
+
#
|
4203
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetDataAccess AWS API Documentation
|
4204
|
+
#
|
4205
|
+
# @overload get_data_access(params = {})
|
4206
|
+
# @param [Hash] params ({})
|
4207
|
+
def get_data_access(params = {}, options = {})
|
4208
|
+
req = build_request(:get_data_access, params)
|
4209
|
+
req.send_request(options)
|
4210
|
+
end
|
4211
|
+
|
3349
4212
|
# Returns the tags on an S3 Batch Operations job. To use the
|
3350
4213
|
# `GetJobTagging` operation, you must have permission to perform the
|
3351
4214
|
# `s3:GetJobTagging` action. For more information, see [Controlling
|
@@ -3916,6 +4779,239 @@ module Aws::S3Control
|
|
3916
4779
|
req.send_request(options)
|
3917
4780
|
end
|
3918
4781
|
|
4782
|
+
# Returns the list of access grants in your S3 Access Grants instance.
|
4783
|
+
#
|
4784
|
+
# Permissions
|
4785
|
+
#
|
4786
|
+
# : You must have the `s3:ListAccessGrants` permission to use this
|
4787
|
+
# operation.
|
4788
|
+
#
|
4789
|
+
# @option params [String] :account_id
|
4790
|
+
# The ID of the Amazon Web Services account that is making this request.
|
4791
|
+
#
|
4792
|
+
# @option params [String] :next_token
|
4793
|
+
# A pagination token to request the next page of results. Pass this
|
4794
|
+
# value into a subsequent `List Access Grants` request in order to
|
4795
|
+
# retrieve the next page of results.
|
4796
|
+
#
|
4797
|
+
# @option params [Integer] :max_results
|
4798
|
+
# The maximum number of access grants that you would like returned in
|
4799
|
+
# the `List Access Grants` response. If the results include the
|
4800
|
+
# pagination token `NextToken`, make another call using the `NextToken`
|
4801
|
+
# to determine if there are more results.
|
4802
|
+
#
|
4803
|
+
# @option params [String] :grantee_type
|
4804
|
+
# The type of the grantee to which access has been granted. It can be
|
4805
|
+
# one of the following values:
|
4806
|
+
#
|
4807
|
+
# * `IAM` - An IAM user or role.
|
4808
|
+
#
|
4809
|
+
# * `DIRECTORY_USER` - Your corporate directory user. You can use this
|
4810
|
+
# option if you have added your corporate identity directory to IAM
|
4811
|
+
# Identity Center and associated the IAM Identity Center instance with
|
4812
|
+
# your S3 Access Grants instance.
|
4813
|
+
#
|
4814
|
+
# * `DIRECTORY_GROUP` - Your corporate directory group. You can use this
|
4815
|
+
# option if you have added your corporate identity directory to IAM
|
4816
|
+
# Identity Center and associated the IAM Identity Center instance with
|
4817
|
+
# your S3 Access Grants instance.
|
4818
|
+
#
|
4819
|
+
# @option params [String] :grantee_identifier
|
4820
|
+
# The unique identifer of the `Grantee`. If the grantee type is `IAM`,
|
4821
|
+
# the identifier is the IAM Amazon Resource Name (ARN) of the user or
|
4822
|
+
# role. If the grantee type is a directory user or group, the identifier
|
4823
|
+
# is 128-bit universally unique identifier (UUID) in the format
|
4824
|
+
# `a1b2c3d4-5678-90ab-cdef-EXAMPLE11111`. You can obtain this UUID from
|
4825
|
+
# your Amazon Web Services IAM Identity Center instance.
|
4826
|
+
#
|
4827
|
+
# @option params [String] :permission
|
4828
|
+
# The type of permission granted to your S3 data, which can be set to
|
4829
|
+
# one of the following values:
|
4830
|
+
#
|
4831
|
+
# * `READ` – Grant read-only access to the S3 data.
|
4832
|
+
#
|
4833
|
+
# * `WRITE` – Grant write-only access to the S3 data.
|
4834
|
+
#
|
4835
|
+
# * `READWRITE` – Grant both read and write access to the S3 data.
|
4836
|
+
#
|
4837
|
+
# @option params [String] :grant_scope
|
4838
|
+
# The S3 path of the data to which you are granting access. It is the
|
4839
|
+
# result of appending the `Subprefix` to the location scope.
|
4840
|
+
#
|
4841
|
+
# @option params [String] :application_arn
|
4842
|
+
# The Amazon Resource Name (ARN) of an Amazon Web Services IAM Identity
|
4843
|
+
# Center application associated with your Identity Center instance. If
|
4844
|
+
# the grant includes an application ARN, the grantee can only access the
|
4845
|
+
# S3 data through this application.
|
4846
|
+
#
|
4847
|
+
# @return [Types::ListAccessGrantsResult] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
4848
|
+
#
|
4849
|
+
# * {Types::ListAccessGrantsResult#next_token #next_token} => String
|
4850
|
+
# * {Types::ListAccessGrantsResult#access_grants_list #access_grants_list} => Array<Types::ListAccessGrantEntry>
|
4851
|
+
#
|
4852
|
+
# The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
|
4853
|
+
#
|
4854
|
+
# @example Request syntax with placeholder values
|
4855
|
+
#
|
4856
|
+
# resp = client.list_access_grants({
|
4857
|
+
# account_id: "AccountId",
|
4858
|
+
# next_token: "ContinuationToken",
|
4859
|
+
# max_results: 1,
|
4860
|
+
# grantee_type: "DIRECTORY_USER", # accepts DIRECTORY_USER, DIRECTORY_GROUP, IAM
|
4861
|
+
# grantee_identifier: "GranteeIdentifier",
|
4862
|
+
# permission: "READ", # accepts READ, WRITE, READWRITE
|
4863
|
+
# grant_scope: "S3Prefix",
|
4864
|
+
# application_arn: "IdentityCenterApplicationArn",
|
4865
|
+
# })
|
4866
|
+
#
|
4867
|
+
# @example Response structure
|
4868
|
+
#
|
4869
|
+
# resp.next_token #=> String
|
4870
|
+
# resp.access_grants_list #=> Array
|
4871
|
+
# resp.access_grants_list[0].created_at #=> Time
|
4872
|
+
# resp.access_grants_list[0].access_grant_id #=> String
|
4873
|
+
# resp.access_grants_list[0].access_grant_arn #=> String
|
4874
|
+
# resp.access_grants_list[0].grantee.grantee_type #=> String, one of "DIRECTORY_USER", "DIRECTORY_GROUP", "IAM"
|
4875
|
+
# resp.access_grants_list[0].grantee.grantee_identifier #=> String
|
4876
|
+
# resp.access_grants_list[0].permission #=> String, one of "READ", "WRITE", "READWRITE"
|
4877
|
+
# resp.access_grants_list[0].access_grants_location_id #=> String
|
4878
|
+
# resp.access_grants_list[0].access_grants_location_configuration.s3_sub_prefix #=> String
|
4879
|
+
# resp.access_grants_list[0].grant_scope #=> String
|
4880
|
+
# resp.access_grants_list[0].application_arn #=> String
|
4881
|
+
#
|
4882
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/ListAccessGrants AWS API Documentation
|
4883
|
+
#
|
4884
|
+
# @overload list_access_grants(params = {})
|
4885
|
+
# @param [Hash] params ({})
|
4886
|
+
def list_access_grants(params = {}, options = {})
|
4887
|
+
req = build_request(:list_access_grants, params)
|
4888
|
+
req.send_request(options)
|
4889
|
+
end
|
4890
|
+
|
4891
|
+
# Returns a list of S3 Access Grants instances. An S3 Access Grants
|
4892
|
+
# instance serves as a logical grouping for your individual access
|
4893
|
+
# grants. You can only have one S3 Access Grants instance per Region per
|
4894
|
+
# account.
|
4895
|
+
#
|
4896
|
+
# Permissions
|
4897
|
+
#
|
4898
|
+
# : You must have the `s3:ListAccessGrantsInstances` permission to use
|
4899
|
+
# this operation.
|
4900
|
+
#
|
4901
|
+
# @option params [String] :account_id
|
4902
|
+
# The ID of the Amazon Web Services account that is making this request.
|
4903
|
+
#
|
4904
|
+
# @option params [String] :next_token
|
4905
|
+
# A pagination token to request the next page of results. Pass this
|
4906
|
+
# value into a subsequent `List Access Grants Instances` request in
|
4907
|
+
# order to retrieve the next page of results.
|
4908
|
+
#
|
4909
|
+
# @option params [Integer] :max_results
|
4910
|
+
# The maximum number of access grants that you would like returned in
|
4911
|
+
# the `List Access Grants` response. If the results include the
|
4912
|
+
# pagination token `NextToken`, make another call using the `NextToken`
|
4913
|
+
# to determine if there are more results.
|
4914
|
+
#
|
4915
|
+
# @return [Types::ListAccessGrantsInstancesResult] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
4916
|
+
#
|
4917
|
+
# * {Types::ListAccessGrantsInstancesResult#next_token #next_token} => String
|
4918
|
+
# * {Types::ListAccessGrantsInstancesResult#access_grants_instances_list #access_grants_instances_list} => Array<Types::ListAccessGrantsInstanceEntry>
|
4919
|
+
#
|
4920
|
+
# The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
|
4921
|
+
#
|
4922
|
+
# @example Request syntax with placeholder values
|
4923
|
+
#
|
4924
|
+
# resp = client.list_access_grants_instances({
|
4925
|
+
# account_id: "AccountId",
|
4926
|
+
# next_token: "ContinuationToken",
|
4927
|
+
# max_results: 1,
|
4928
|
+
# })
|
4929
|
+
#
|
4930
|
+
# @example Response structure
|
4931
|
+
#
|
4932
|
+
# resp.next_token #=> String
|
4933
|
+
# resp.access_grants_instances_list #=> Array
|
4934
|
+
# resp.access_grants_instances_list[0].access_grants_instance_id #=> String
|
4935
|
+
# resp.access_grants_instances_list[0].access_grants_instance_arn #=> String
|
4936
|
+
# resp.access_grants_instances_list[0].created_at #=> Time
|
4937
|
+
# resp.access_grants_instances_list[0].identity_center_arn #=> String
|
4938
|
+
#
|
4939
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/ListAccessGrantsInstances AWS API Documentation
|
4940
|
+
#
|
4941
|
+
# @overload list_access_grants_instances(params = {})
|
4942
|
+
# @param [Hash] params ({})
|
4943
|
+
def list_access_grants_instances(params = {}, options = {})
|
4944
|
+
req = build_request(:list_access_grants_instances, params)
|
4945
|
+
req.send_request(options)
|
4946
|
+
end
|
4947
|
+
|
4948
|
+
# Returns a list of the locations registered in your S3 Access Grants
|
4949
|
+
# instance.
|
4950
|
+
#
|
4951
|
+
# Permissions
|
4952
|
+
#
|
4953
|
+
# : You must have the `s3:ListAccessGrantsLocations` permission to use
|
4954
|
+
# this operation.
|
4955
|
+
#
|
4956
|
+
# @option params [String] :account_id
|
4957
|
+
# The ID of the Amazon Web Services account that is making this request.
|
4958
|
+
#
|
4959
|
+
# @option params [String] :next_token
|
4960
|
+
# A pagination token to request the next page of results. Pass this
|
4961
|
+
# value into a subsequent `List Access Grants Locations` request in
|
4962
|
+
# order to retrieve the next page of results.
|
4963
|
+
#
|
4964
|
+
# @option params [Integer] :max_results
|
4965
|
+
# The maximum number of access grants that you would like returned in
|
4966
|
+
# the `List Access Grants` response. If the results include the
|
4967
|
+
# pagination token `NextToken`, make another call using the `NextToken`
|
4968
|
+
# to determine if there are more results.
|
4969
|
+
#
|
4970
|
+
# @option params [String] :location_scope
|
4971
|
+
# The S3 path to the location that you are registering. The location
|
4972
|
+
# scope can be the default S3 location `s3://`, the S3 path to a bucket
|
4973
|
+
# `s3://<bucket>`, or the S3 path to a bucket and prefix
|
4974
|
+
# `s3://<bucket>/<prefix>`. A prefix in S3 is a string of characters at
|
4975
|
+
# the beginning of an object key name used to organize the objects that
|
4976
|
+
# you store in your S3 buckets. For example, object key names that start
|
4977
|
+
# with the `engineering/` prefix or object key names that start with the
|
4978
|
+
# `marketing/campaigns/` prefix.
|
4979
|
+
#
|
4980
|
+
# @return [Types::ListAccessGrantsLocationsResult] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
4981
|
+
#
|
4982
|
+
# * {Types::ListAccessGrantsLocationsResult#next_token #next_token} => String
|
4983
|
+
# * {Types::ListAccessGrantsLocationsResult#access_grants_locations_list #access_grants_locations_list} => Array<Types::ListAccessGrantsLocationsEntry>
|
4984
|
+
#
|
4985
|
+
# The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
|
4986
|
+
#
|
4987
|
+
# @example Request syntax with placeholder values
|
4988
|
+
#
|
4989
|
+
# resp = client.list_access_grants_locations({
|
4990
|
+
# account_id: "AccountId",
|
4991
|
+
# next_token: "ContinuationToken",
|
4992
|
+
# max_results: 1,
|
4993
|
+
# location_scope: "S3Prefix",
|
4994
|
+
# })
|
4995
|
+
#
|
4996
|
+
# @example Response structure
|
4997
|
+
#
|
4998
|
+
# resp.next_token #=> String
|
4999
|
+
# resp.access_grants_locations_list #=> Array
|
5000
|
+
# resp.access_grants_locations_list[0].created_at #=> Time
|
5001
|
+
# resp.access_grants_locations_list[0].access_grants_location_id #=> String
|
5002
|
+
# resp.access_grants_locations_list[0].access_grants_location_arn #=> String
|
5003
|
+
# resp.access_grants_locations_list[0].location_scope #=> String
|
5004
|
+
# resp.access_grants_locations_list[0].iam_role_arn #=> String
|
5005
|
+
#
|
5006
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/ListAccessGrantsLocations AWS API Documentation
|
5007
|
+
#
|
5008
|
+
# @overload list_access_grants_locations(params = {})
|
5009
|
+
# @param [Hash] params ({})
|
5010
|
+
def list_access_grants_locations(params = {}, options = {})
|
5011
|
+
req = build_request(:list_access_grants_locations, params)
|
5012
|
+
req.send_request(options)
|
5013
|
+
end
|
5014
|
+
|
3919
5015
|
# Returns a list of the access points that are owned by the current
|
3920
5016
|
# account that's associated with the specified bucket. You can retrieve
|
3921
5017
|
# up to 1000 access points per call. If the specified bucket has more
|
@@ -4425,32 +5521,43 @@ module Aws::S3Control
|
|
4425
5521
|
end
|
4426
5522
|
|
4427
5523
|
# This operation allows you to list all the Amazon Web Services resource
|
4428
|
-
# tags for
|
5524
|
+
# tags for a specified resource. Each tag is a label consisting of a
|
5525
|
+
# user-defined key and value. Tags can help you manage, identify,
|
5526
|
+
# organize, search for, and filter resources.
|
4429
5527
|
#
|
4430
|
-
#
|
4431
|
-
# `s3:ListTagsForResource` action. For more information about the
|
4432
|
-
# required Storage Lens Groups permissions, see [Setting account
|
4433
|
-
# permissions to use S3 Storage Lens groups][1].
|
5528
|
+
# Permissions
|
4434
5529
|
#
|
4435
|
-
#
|
4436
|
-
#
|
5530
|
+
# : You must have the `s3:ListTagsForResource` permission to use this
|
5531
|
+
# operation.
|
4437
5532
|
#
|
4438
|
-
# <note markdown="1"> This operation is only supported for [S3 Storage Lens groups][
|
5533
|
+
# <note markdown="1"> This operation is only supported for [S3 Storage Lens groups][1] and
|
5534
|
+
# for [S3 Access Grants][2]. The tagged resource can be an S3 Storage
|
5535
|
+
# Lens group or S3 Access Grants instance, registered location, or
|
5536
|
+
# grant.
|
4439
5537
|
#
|
4440
5538
|
# </note>
|
4441
5539
|
#
|
5540
|
+
# For more information about the required Storage Lens Groups
|
5541
|
+
# permissions, see [Setting account permissions to use S3 Storage Lens
|
5542
|
+
# groups][3].
|
4442
5543
|
#
|
5544
|
+
# For information about S3 Tagging errors, see [List of Amazon S3
|
5545
|
+
# Tagging error codes][4].
|
4443
5546
|
#
|
4444
|
-
#
|
4445
|
-
#
|
4446
|
-
# [
|
5547
|
+
#
|
5548
|
+
#
|
5549
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage-lens-groups.html
|
5550
|
+
# [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-grants-tagging.html
|
5551
|
+
# [3]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage_lens_iam_permissions.html#storage_lens_groups_permissions
|
5552
|
+
# [4]: https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#S3TaggingErrorCodeList
|
4447
5553
|
#
|
4448
5554
|
# @option params [String] :account_id
|
4449
5555
|
# The Amazon Web Services account ID of the resource owner.
|
4450
5556
|
#
|
4451
5557
|
# @option params [required, String] :resource_arn
|
4452
5558
|
# The Amazon Resource Name (ARN) of the S3 resource that you want to
|
4453
|
-
# list the tags for.
|
5559
|
+
# list the tags for. The tagged resource can be an S3 Storage Lens group
|
5560
|
+
# or S3 Access Grants instance, registered location, or grant.
|
4454
5561
|
#
|
4455
5562
|
# @return [Types::ListTagsForResourceResult] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
4456
5563
|
#
|
@@ -4478,6 +5585,53 @@ module Aws::S3Control
|
|
4478
5585
|
req.send_request(options)
|
4479
5586
|
end
|
4480
5587
|
|
5588
|
+
# Updates the resource policy of the S3 Access Grants instance.
|
5589
|
+
#
|
5590
|
+
# Permissions
|
5591
|
+
#
|
5592
|
+
# : You must have the `s3:PutAccessGrantsInstanceResourcePolicy`
|
5593
|
+
# permission to use this operation.
|
5594
|
+
#
|
5595
|
+
# @option params [String] :account_id
|
5596
|
+
# The ID of the Amazon Web Services account that is making this request.
|
5597
|
+
#
|
5598
|
+
# @option params [required, String] :policy
|
5599
|
+
# The resource policy of the S3 Access Grants instance that you are
|
5600
|
+
# updating.
|
5601
|
+
#
|
5602
|
+
# @option params [String] :organization
|
5603
|
+
# The Organization of the resource policy of the S3 Access Grants
|
5604
|
+
# instance.
|
5605
|
+
#
|
5606
|
+
# @return [Types::PutAccessGrantsInstanceResourcePolicyResult] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
5607
|
+
#
|
5608
|
+
# * {Types::PutAccessGrantsInstanceResourcePolicyResult#policy #policy} => String
|
5609
|
+
# * {Types::PutAccessGrantsInstanceResourcePolicyResult#organization #organization} => String
|
5610
|
+
# * {Types::PutAccessGrantsInstanceResourcePolicyResult#created_at #created_at} => Time
|
5611
|
+
#
|
5612
|
+
# @example Request syntax with placeholder values
|
5613
|
+
#
|
5614
|
+
# resp = client.put_access_grants_instance_resource_policy({
|
5615
|
+
# account_id: "AccountId",
|
5616
|
+
# policy: "PolicyDocument", # required
|
5617
|
+
# organization: "Organization",
|
5618
|
+
# })
|
5619
|
+
#
|
5620
|
+
# @example Response structure
|
5621
|
+
#
|
5622
|
+
# resp.policy #=> String
|
5623
|
+
# resp.organization #=> String
|
5624
|
+
# resp.created_at #=> Time
|
5625
|
+
#
|
5626
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/PutAccessGrantsInstanceResourcePolicy AWS API Documentation
|
5627
|
+
#
|
5628
|
+
# @overload put_access_grants_instance_resource_policy(params = {})
|
5629
|
+
# @param [Hash] params ({})
|
5630
|
+
def put_access_grants_instance_resource_policy(params = {}, options = {})
|
5631
|
+
req = build_request(:put_access_grants_instance_resource_policy, params)
|
5632
|
+
req.send_request(options)
|
5633
|
+
end
|
5634
|
+
|
4481
5635
|
# Replaces configuration for an Object Lambda Access Point.
|
4482
5636
|
#
|
4483
5637
|
# The following actions are related to
|
@@ -5798,34 +6952,44 @@ module Aws::S3Control
|
|
5798
6952
|
end
|
5799
6953
|
|
5800
6954
|
# Creates a new Amazon Web Services resource tag or updates an existing
|
5801
|
-
# resource tag.
|
5802
|
-
#
|
6955
|
+
# resource tag. Each tag is a label consisting of a user-defined key and
|
6956
|
+
# value. Tags can help you manage, identify, organize, search for, and
|
6957
|
+
# filter resources. You can add up to 50 Amazon Web Services resource
|
6958
|
+
# tags for each S3 resource.
|
5803
6959
|
#
|
5804
|
-
#
|
5805
|
-
#
|
5806
|
-
#
|
5807
|
-
#
|
6960
|
+
# <note markdown="1"> This operation is only supported for [S3 Storage Lens groups][1] and
|
6961
|
+
# for [S3 Access Grants][2]. The tagged resource can be an S3 Storage
|
6962
|
+
# Lens group or S3 Access Grants instance, registered location, or
|
6963
|
+
# grant.
|
5808
6964
|
#
|
5809
|
-
#
|
5810
|
-
# Tagging error codes][2].
|
6965
|
+
# </note>
|
5811
6966
|
#
|
5812
|
-
#
|
6967
|
+
# Permissions
|
5813
6968
|
#
|
5814
|
-
#
|
6969
|
+
# : You must have the `s3:TagResource` permission to use this operation.
|
5815
6970
|
#
|
6971
|
+
# For more information about the required Storage Lens Groups
|
6972
|
+
# permissions, see [Setting account permissions to use S3 Storage Lens
|
6973
|
+
# groups][3].
|
5816
6974
|
#
|
6975
|
+
# For information about S3 Tagging errors, see [List of Amazon S3
|
6976
|
+
# Tagging error codes][4].
|
5817
6977
|
#
|
5818
|
-
#
|
5819
|
-
#
|
5820
|
-
# [
|
6978
|
+
#
|
6979
|
+
#
|
6980
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage-lens-groups.html
|
6981
|
+
# [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-grants-tagging.html
|
6982
|
+
# [3]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage_lens_iam_permissions.html#storage_lens_groups_permissions
|
6983
|
+
# [4]: https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#S3TaggingErrorCodeList
|
5821
6984
|
#
|
5822
6985
|
# @option params [String] :account_id
|
5823
6986
|
# The Amazon Web Services account ID that created the S3 resource that
|
5824
|
-
# you're trying to add tags to.
|
6987
|
+
# you're trying to add tags to or the requester's account ID.
|
5825
6988
|
#
|
5826
6989
|
# @option params [required, String] :resource_arn
|
5827
6990
|
# The Amazon Resource Name (ARN) of the S3 resource that you're trying
|
5828
|
-
# to add tags to.
|
6991
|
+
# to add tags to. The tagged resource can be an S3 Storage Lens group or
|
6992
|
+
# S3 Access Grants instance, registered location, or grant.
|
5829
6993
|
#
|
5830
6994
|
# @option params [required, Array<Types::Tag>] :tags
|
5831
6995
|
# The Amazon Web Services resource tags that you want to add to the
|
@@ -5856,36 +7020,47 @@ module Aws::S3Control
|
|
5856
7020
|
end
|
5857
7021
|
|
5858
7022
|
# This operation removes the specified Amazon Web Services resource tags
|
5859
|
-
# from an S3 resource.
|
7023
|
+
# from an S3 resource. Each tag is a label consisting of a user-defined
|
7024
|
+
# key and value. Tags can help you manage, identify, organize, search
|
7025
|
+
# for, and filter resources.
|
5860
7026
|
#
|
5861
|
-
#
|
5862
|
-
#
|
5863
|
-
#
|
5864
|
-
#
|
7027
|
+
# <note markdown="1"> This operation is only supported for [S3 Storage Lens groups][1] and
|
7028
|
+
# for [S3 Access Grants][2]. The tagged resource can be an S3 Storage
|
7029
|
+
# Lens group or S3 Access Grants instance, registered location, or
|
7030
|
+
# grant.
|
5865
7031
|
#
|
5866
|
-
#
|
5867
|
-
# Tagging error codes][2].
|
7032
|
+
# </note>
|
5868
7033
|
#
|
5869
|
-
#
|
7034
|
+
# Permissions
|
5870
7035
|
#
|
5871
|
-
#
|
7036
|
+
# : You must have the `s3:UntagResource` permission to use this
|
7037
|
+
# operation.
|
5872
7038
|
#
|
7039
|
+
# For more information about the required Storage Lens Groups
|
7040
|
+
# permissions, see [Setting account permissions to use S3 Storage Lens
|
7041
|
+
# groups][3].
|
5873
7042
|
#
|
7043
|
+
# For information about S3 Tagging errors, see [List of Amazon S3
|
7044
|
+
# Tagging error codes][4].
|
5874
7045
|
#
|
5875
|
-
#
|
5876
|
-
#
|
5877
|
-
# [
|
7046
|
+
#
|
7047
|
+
#
|
7048
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage-lens-groups.html
|
7049
|
+
# [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-grants-tagging.html
|
7050
|
+
# [3]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage_lens_iam_permissions.html#storage_lens_groups_permissions
|
7051
|
+
# [4]: https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#S3TaggingErrorCodeList
|
5878
7052
|
#
|
5879
7053
|
# @option params [String] :account_id
|
5880
7054
|
# The Amazon Web Services account ID that owns the resource that you're
|
5881
7055
|
# trying to remove the tags from.
|
5882
7056
|
#
|
5883
7057
|
# @option params [required, String] :resource_arn
|
5884
|
-
# The Amazon Resource Name (ARN) of the S3 resource that you
|
5885
|
-
# remove the
|
7058
|
+
# The Amazon Resource Name (ARN) of the S3 resource that you're trying
|
7059
|
+
# to remove the tags from.
|
5886
7060
|
#
|
5887
7061
|
# @option params [required, Array<String>] :tag_keys
|
5888
|
-
# The
|
7062
|
+
# The array of tag key-value pairs that you're trying to remove from of
|
7063
|
+
# the S3 resource.
|
5889
7064
|
#
|
5890
7065
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
5891
7066
|
#
|
@@ -5906,6 +7081,74 @@ module Aws::S3Control
|
|
5906
7081
|
req.send_request(options)
|
5907
7082
|
end
|
5908
7083
|
|
7084
|
+
# Updates the IAM role of a registered location in your S3 Access Grants
|
7085
|
+
# instance.
|
7086
|
+
#
|
7087
|
+
# Permissions
|
7088
|
+
#
|
7089
|
+
# : You must have the `s3:UpdateAccessGrantsLocation` permission to use
|
7090
|
+
# this operation.
|
7091
|
+
#
|
7092
|
+
# Additional Permissions
|
7093
|
+
#
|
7094
|
+
# : You must also have the following permission: `iam:PassRole`
|
7095
|
+
#
|
7096
|
+
# @option params [String] :account_id
|
7097
|
+
# The ID of the Amazon Web Services account that is making this request.
|
7098
|
+
#
|
7099
|
+
# @option params [required, String] :access_grants_location_id
|
7100
|
+
# The ID of the registered location that you are updating. S3 Access
|
7101
|
+
# Grants assigns this ID when you register the location. S3 Access
|
7102
|
+
# Grants assigns the ID `default` to the default location `s3://` and
|
7103
|
+
# assigns an auto-generated ID to other locations that you register.
|
7104
|
+
#
|
7105
|
+
# The ID of the registered location to which you are granting access. S3
|
7106
|
+
# Access Grants assigned this ID when you registered the location. S3
|
7107
|
+
# Access Grants assigns the ID `default` to the default location `s3://`
|
7108
|
+
# and assigns an auto-generated ID to other locations that you register.
|
7109
|
+
#
|
7110
|
+
# If you are passing the `default` location, you cannot create an access
|
7111
|
+
# grant for the entire default location. You must also specify a bucket
|
7112
|
+
# or a bucket and prefix in the `Subprefix` field.
|
7113
|
+
#
|
7114
|
+
# @option params [required, String] :iam_role_arn
|
7115
|
+
# The Amazon Resource Name (ARN) of the IAM role for the registered
|
7116
|
+
# location. S3 Access Grants assumes this role to manage access to the
|
7117
|
+
# registered location.
|
7118
|
+
#
|
7119
|
+
# @return [Types::UpdateAccessGrantsLocationResult] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
7120
|
+
#
|
7121
|
+
# * {Types::UpdateAccessGrantsLocationResult#created_at #created_at} => Time
|
7122
|
+
# * {Types::UpdateAccessGrantsLocationResult#access_grants_location_id #access_grants_location_id} => String
|
7123
|
+
# * {Types::UpdateAccessGrantsLocationResult#access_grants_location_arn #access_grants_location_arn} => String
|
7124
|
+
# * {Types::UpdateAccessGrantsLocationResult#location_scope #location_scope} => String
|
7125
|
+
# * {Types::UpdateAccessGrantsLocationResult#iam_role_arn #iam_role_arn} => String
|
7126
|
+
#
|
7127
|
+
# @example Request syntax with placeholder values
|
7128
|
+
#
|
7129
|
+
# resp = client.update_access_grants_location({
|
7130
|
+
# account_id: "AccountId",
|
7131
|
+
# access_grants_location_id: "AccessGrantsLocationId", # required
|
7132
|
+
# iam_role_arn: "IAMRoleArn", # required
|
7133
|
+
# })
|
7134
|
+
#
|
7135
|
+
# @example Response structure
|
7136
|
+
#
|
7137
|
+
# resp.created_at #=> Time
|
7138
|
+
# resp.access_grants_location_id #=> String
|
7139
|
+
# resp.access_grants_location_arn #=> String
|
7140
|
+
# resp.location_scope #=> String
|
7141
|
+
# resp.iam_role_arn #=> String
|
7142
|
+
#
|
7143
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/UpdateAccessGrantsLocation AWS API Documentation
|
7144
|
+
#
|
7145
|
+
# @overload update_access_grants_location(params = {})
|
7146
|
+
# @param [Hash] params ({})
|
7147
|
+
def update_access_grants_location(params = {}, options = {})
|
7148
|
+
req = build_request(:update_access_grants_location, params)
|
7149
|
+
req.send_request(options)
|
7150
|
+
end
|
7151
|
+
|
5909
7152
|
# Updates an existing S3 Batch Operations job's priority. For more
|
5910
7153
|
# information, see [S3 Batch Operations][1] in the *Amazon S3 User
|
5911
7154
|
# Guide*.
|
@@ -6149,7 +7392,7 @@ module Aws::S3Control
|
|
6149
7392
|
params: params,
|
6150
7393
|
config: config)
|
6151
7394
|
context[:gem_name] = 'aws-sdk-s3control'
|
6152
|
-
context[:gem_version] = '1.
|
7395
|
+
context[:gem_version] = '1.73.0'
|
6153
7396
|
Seahorse::Client::Request.new(handlers, context)
|
6154
7397
|
end
|
6155
7398
|
|