aws-sdk-s3control 1.72.0 → 1.74.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +10 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-s3control/client.rb +1522 -92
- data/lib/aws-sdk-s3control/client_api.rb +567 -1
- data/lib/aws-sdk-s3control/endpoints.rb +400 -0
- data/lib/aws-sdk-s3control/plugins/endpoints.rb +43 -2
- data/lib/aws-sdk-s3control/types.rb +1710 -141
- data/lib/aws-sdk-s3control.rb +2 -2
- metadata +2 -2
@@ -400,6 +400,367 @@ module Aws::S3Control
|
|
400
400
|
|
401
401
|
# @!group API Operations
|
402
402
|
|
403
|
+
# Associate your S3 Access Grants instance with an Amazon Web Services
|
404
|
+
# IAM Identity Center instance. Use this action if you want to create
|
405
|
+
# access grants for users or groups from your corporate identity
|
406
|
+
# directory. First, you must add your corporate identity directory to
|
407
|
+
# Amazon Web Services IAM Identity Center. Then, you can associate this
|
408
|
+
# IAM Identity Center instance with your S3 Access Grants instance.
|
409
|
+
#
|
410
|
+
# Permissions
|
411
|
+
#
|
412
|
+
# : You must have the `s3:AssociateAccessGrantsIdentityCenter`
|
413
|
+
# permission to use this operation.
|
414
|
+
#
|
415
|
+
# Additional Permissions
|
416
|
+
#
|
417
|
+
# : You must also have the following permissions:
|
418
|
+
# `sso:CreateApplication`, `sso:PutApplicationGrant`, and
|
419
|
+
# `sso:PutApplicationAuthenticationMethod`.
|
420
|
+
#
|
421
|
+
# @option params [String] :account_id
|
422
|
+
# The ID of the Amazon Web Services account that is making this request.
|
423
|
+
#
|
424
|
+
# @option params [required, String] :identity_center_arn
|
425
|
+
# The Amazon Resource Name (ARN) of the Amazon Web Services IAM Identity
|
426
|
+
# Center instance that you are associating with your S3 Access Grants
|
427
|
+
# instance. An IAM Identity Center instance is your corporate identity
|
428
|
+
# directory that you added to the IAM Identity Center. You can use the
|
429
|
+
# [ListInstances][1] API operation to retrieve a list of your Identity
|
430
|
+
# Center instances and their ARNs.
|
431
|
+
#
|
432
|
+
#
|
433
|
+
#
|
434
|
+
# [1]: https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListInstances.html
|
435
|
+
#
|
436
|
+
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
437
|
+
#
|
438
|
+
# @example Request syntax with placeholder values
|
439
|
+
#
|
440
|
+
# resp = client.associate_access_grants_identity_center({
|
441
|
+
# account_id: "AccountId",
|
442
|
+
# identity_center_arn: "IdentityCenterArn", # required
|
443
|
+
# })
|
444
|
+
#
|
445
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/AssociateAccessGrantsIdentityCenter AWS API Documentation
|
446
|
+
#
|
447
|
+
# @overload associate_access_grants_identity_center(params = {})
|
448
|
+
# @param [Hash] params ({})
|
449
|
+
def associate_access_grants_identity_center(params = {}, options = {})
|
450
|
+
req = build_request(:associate_access_grants_identity_center, params)
|
451
|
+
req.send_request(options)
|
452
|
+
end
|
453
|
+
|
454
|
+
# Creates an access grant that gives a grantee access to your S3 data.
|
455
|
+
# The grantee can be an IAM user or role or a directory user, or group.
|
456
|
+
# Before you can create a grant, you must have an S3 Access Grants
|
457
|
+
# instance in the same Region as the S3 data. You can create an S3
|
458
|
+
# Access Grants instance using the [CreateAccessGrantsInstance][1]. You
|
459
|
+
# must also have registered at least one S3 data location in your S3
|
460
|
+
# Access Grants instance using [CreateAccessGrantsLocation][2].
|
461
|
+
#
|
462
|
+
# Permissions
|
463
|
+
#
|
464
|
+
# : You must have the `s3:CreateAccessGrant` permission to use this
|
465
|
+
# operation.
|
466
|
+
#
|
467
|
+
# Additional Permissions
|
468
|
+
#
|
469
|
+
# : For any directory identity - `sso:DescribeInstance` and
|
470
|
+
# `sso:DescribeApplication`
|
471
|
+
#
|
472
|
+
# For directory users - `identitystore:DescribeUser`
|
473
|
+
#
|
474
|
+
# For directory groups - `identitystore:DescribeGroup`
|
475
|
+
#
|
476
|
+
#
|
477
|
+
#
|
478
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_CreateAccessGrantsInstance.html
|
479
|
+
# [2]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_CreateAccessGrantsLocation.html
|
480
|
+
#
|
481
|
+
# @option params [String] :account_id
|
482
|
+
# The ID of the Amazon Web Services account that is making this request.
|
483
|
+
#
|
484
|
+
# @option params [required, String] :access_grants_location_id
|
485
|
+
# The ID of the registered location to which you are granting access. S3
|
486
|
+
# Access Grants assigns this ID when you register the location. S3
|
487
|
+
# Access Grants assigns the ID `default` to the default location `s3://`
|
488
|
+
# and assigns an auto-generated ID to other locations that you register.
|
489
|
+
#
|
490
|
+
# If you are passing the `default` location, you cannot create an access
|
491
|
+
# grant for the entire default location. You must also specify a bucket
|
492
|
+
# or a bucket and prefix in the `Subprefix` field.
|
493
|
+
#
|
494
|
+
# @option params [Types::AccessGrantsLocationConfiguration] :access_grants_location_configuration
|
495
|
+
# The configuration options of the grant location. The grant location is
|
496
|
+
# the S3 path to the data to which you are granting access. It contains
|
497
|
+
# the `S3SubPrefix` field. The grant scope is the result of appending
|
498
|
+
# the subprefix to the location scope of the registered location.
|
499
|
+
#
|
500
|
+
# @option params [required, Types::Grantee] :grantee
|
501
|
+
# The user, group, or role to which you are granting access. You can
|
502
|
+
# grant access to an IAM user or role. If you have added your corporate
|
503
|
+
# directory to Amazon Web Services IAM Identity Center and associated
|
504
|
+
# your Identity Center instance with your S3 Access Grants instance, the
|
505
|
+
# grantee can also be a corporate directory user or group.
|
506
|
+
#
|
507
|
+
# @option params [required, String] :permission
|
508
|
+
# The type of access that you are granting to your S3 data, which can be
|
509
|
+
# set to one of the following values:
|
510
|
+
#
|
511
|
+
# * `READ` – Grant read-only access to the S3 data.
|
512
|
+
#
|
513
|
+
# * `WRITE` – Grant write-only access to the S3 data.
|
514
|
+
#
|
515
|
+
# * `READWRITE` – Grant both read and write access to the S3 data.
|
516
|
+
#
|
517
|
+
# @option params [String] :application_arn
|
518
|
+
# The Amazon Resource Name (ARN) of an Amazon Web Services IAM Identity
|
519
|
+
# Center application associated with your Identity Center instance. If
|
520
|
+
# an application ARN is included in the request to create an access
|
521
|
+
# grant, the grantee can only access the S3 data through this
|
522
|
+
# application.
|
523
|
+
#
|
524
|
+
# @option params [String] :s3_prefix_type
|
525
|
+
# The type of `S3SubPrefix`. The only possible value is `Object`. Pass
|
526
|
+
# this value if the access grant scope is an object. Do not pass this
|
527
|
+
# value if the access grant scope is a bucket or a bucket and a prefix.
|
528
|
+
#
|
529
|
+
# @option params [Array<Types::Tag>] :tags
|
530
|
+
# The Amazon Web Services resource tags that you are adding to the
|
531
|
+
# access grant. Each tag is a label consisting of a user-defined key and
|
532
|
+
# value. Tags can help you manage, identify, organize, search for, and
|
533
|
+
# filter resources.
|
534
|
+
#
|
535
|
+
# @return [Types::CreateAccessGrantResult] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
536
|
+
#
|
537
|
+
# * {Types::CreateAccessGrantResult#created_at #created_at} => Time
|
538
|
+
# * {Types::CreateAccessGrantResult#access_grant_id #access_grant_id} => String
|
539
|
+
# * {Types::CreateAccessGrantResult#access_grant_arn #access_grant_arn} => String
|
540
|
+
# * {Types::CreateAccessGrantResult#grantee #grantee} => Types::Grantee
|
541
|
+
# * {Types::CreateAccessGrantResult#access_grants_location_id #access_grants_location_id} => String
|
542
|
+
# * {Types::CreateAccessGrantResult#access_grants_location_configuration #access_grants_location_configuration} => Types::AccessGrantsLocationConfiguration
|
543
|
+
# * {Types::CreateAccessGrantResult#permission #permission} => String
|
544
|
+
# * {Types::CreateAccessGrantResult#application_arn #application_arn} => String
|
545
|
+
# * {Types::CreateAccessGrantResult#grant_scope #grant_scope} => String
|
546
|
+
#
|
547
|
+
# @example Request syntax with placeholder values
|
548
|
+
#
|
549
|
+
# resp = client.create_access_grant({
|
550
|
+
# account_id: "AccountId",
|
551
|
+
# access_grants_location_id: "AccessGrantsLocationId", # required
|
552
|
+
# access_grants_location_configuration: {
|
553
|
+
# s3_sub_prefix: "S3Prefix",
|
554
|
+
# },
|
555
|
+
# grantee: { # required
|
556
|
+
# grantee_type: "DIRECTORY_USER", # accepts DIRECTORY_USER, DIRECTORY_GROUP, IAM
|
557
|
+
# grantee_identifier: "GranteeIdentifier",
|
558
|
+
# },
|
559
|
+
# permission: "READ", # required, accepts READ, WRITE, READWRITE
|
560
|
+
# application_arn: "IdentityCenterApplicationArn",
|
561
|
+
# s3_prefix_type: "Object", # accepts Object
|
562
|
+
# tags: [
|
563
|
+
# {
|
564
|
+
# key: "TagKeyString", # required
|
565
|
+
# value: "TagValueString", # required
|
566
|
+
# },
|
567
|
+
# ],
|
568
|
+
# })
|
569
|
+
#
|
570
|
+
# @example Response structure
|
571
|
+
#
|
572
|
+
# resp.created_at #=> Time
|
573
|
+
# resp.access_grant_id #=> String
|
574
|
+
# resp.access_grant_arn #=> String
|
575
|
+
# resp.grantee.grantee_type #=> String, one of "DIRECTORY_USER", "DIRECTORY_GROUP", "IAM"
|
576
|
+
# resp.grantee.grantee_identifier #=> String
|
577
|
+
# resp.access_grants_location_id #=> String
|
578
|
+
# resp.access_grants_location_configuration.s3_sub_prefix #=> String
|
579
|
+
# resp.permission #=> String, one of "READ", "WRITE", "READWRITE"
|
580
|
+
# resp.application_arn #=> String
|
581
|
+
# resp.grant_scope #=> String
|
582
|
+
#
|
583
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/CreateAccessGrant AWS API Documentation
|
584
|
+
#
|
585
|
+
# @overload create_access_grant(params = {})
|
586
|
+
# @param [Hash] params ({})
|
587
|
+
def create_access_grant(params = {}, options = {})
|
588
|
+
req = build_request(:create_access_grant, params)
|
589
|
+
req.send_request(options)
|
590
|
+
end
|
591
|
+
|
592
|
+
# Creates an S3 Access Grants instance, which serves as a logical
|
593
|
+
# grouping for access grants. You can create one S3 Access Grants
|
594
|
+
# instance per Region per account.
|
595
|
+
#
|
596
|
+
# Permissions
|
597
|
+
#
|
598
|
+
# : You must have the `s3:CreateAccessGrantsInstance` permission to use
|
599
|
+
# this operation.
|
600
|
+
#
|
601
|
+
# Additional Permissions
|
602
|
+
#
|
603
|
+
# : To associate an IAM Identity Center instance with your S3 Access
|
604
|
+
# Grants instance, you must also have the `sso:DescribeInstance`,
|
605
|
+
# `sso:CreateApplication`, `sso:PutApplicationGrant`, and
|
606
|
+
# `sso:PutApplicationAuthenticationMethod` permissions.
|
607
|
+
#
|
608
|
+
# @option params [String] :account_id
|
609
|
+
# The ID of the Amazon Web Services account that is making this request.
|
610
|
+
#
|
611
|
+
# @option params [String] :identity_center_arn
|
612
|
+
# If you would like to associate your S3 Access Grants instance with an
|
613
|
+
# Amazon Web Services IAM Identity Center instance, use this field to
|
614
|
+
# pass the Amazon Resource Name (ARN) of the Amazon Web Services IAM
|
615
|
+
# Identity Center instance that you are associating with your S3 Access
|
616
|
+
# Grants instance. An IAM Identity Center instance is your corporate
|
617
|
+
# identity directory that you added to the IAM Identity Center. You can
|
618
|
+
# use the [ListInstances][1] API operation to retrieve a list of your
|
619
|
+
# Identity Center instances and their ARNs.
|
620
|
+
#
|
621
|
+
#
|
622
|
+
#
|
623
|
+
# [1]: https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListInstances.html
|
624
|
+
#
|
625
|
+
# @option params [Array<Types::Tag>] :tags
|
626
|
+
# The Amazon Web Services resource tags that you are adding to the S3
|
627
|
+
# Access Grants instance. Each tag is a label consisting of a
|
628
|
+
# user-defined key and value. Tags can help you manage, identify,
|
629
|
+
# organize, search for, and filter resources.
|
630
|
+
#
|
631
|
+
# @return [Types::CreateAccessGrantsInstanceResult] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
632
|
+
#
|
633
|
+
# * {Types::CreateAccessGrantsInstanceResult#created_at #created_at} => Time
|
634
|
+
# * {Types::CreateAccessGrantsInstanceResult#access_grants_instance_id #access_grants_instance_id} => String
|
635
|
+
# * {Types::CreateAccessGrantsInstanceResult#access_grants_instance_arn #access_grants_instance_arn} => String
|
636
|
+
# * {Types::CreateAccessGrantsInstanceResult#identity_center_arn #identity_center_arn} => String
|
637
|
+
#
|
638
|
+
# @example Request syntax with placeholder values
|
639
|
+
#
|
640
|
+
# resp = client.create_access_grants_instance({
|
641
|
+
# account_id: "AccountId",
|
642
|
+
# identity_center_arn: "IdentityCenterArn",
|
643
|
+
# tags: [
|
644
|
+
# {
|
645
|
+
# key: "TagKeyString", # required
|
646
|
+
# value: "TagValueString", # required
|
647
|
+
# },
|
648
|
+
# ],
|
649
|
+
# })
|
650
|
+
#
|
651
|
+
# @example Response structure
|
652
|
+
#
|
653
|
+
# resp.created_at #=> Time
|
654
|
+
# resp.access_grants_instance_id #=> String
|
655
|
+
# resp.access_grants_instance_arn #=> String
|
656
|
+
# resp.identity_center_arn #=> String
|
657
|
+
#
|
658
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/CreateAccessGrantsInstance AWS API Documentation
|
659
|
+
#
|
660
|
+
# @overload create_access_grants_instance(params = {})
|
661
|
+
# @param [Hash] params ({})
|
662
|
+
def create_access_grants_instance(params = {}, options = {})
|
663
|
+
req = build_request(:create_access_grants_instance, params)
|
664
|
+
req.send_request(options)
|
665
|
+
end
|
666
|
+
|
667
|
+
# The S3 data location that you would like to register in your S3 Access
|
668
|
+
# Grants instance. Your S3 data must be in the same Region as your S3
|
669
|
+
# Access Grants instance. The location can be one of the following:
|
670
|
+
#
|
671
|
+
# * The default S3 location `s3://`
|
672
|
+
#
|
673
|
+
# * A bucket - `S3://<bucket-name>`
|
674
|
+
#
|
675
|
+
# * A bucket and prefix - `S3://<bucket-name>/<prefix>`
|
676
|
+
#
|
677
|
+
# When you register a location, you must include the IAM role that has
|
678
|
+
# permission to manage the S3 location that you are registering. Give S3
|
679
|
+
# Access Grants permission to assume this role [using a policy][1]. S3
|
680
|
+
# Access Grants assumes this role to manage access to the location and
|
681
|
+
# to vend temporary credentials to grantees or client applications.
|
682
|
+
#
|
683
|
+
# Permissions
|
684
|
+
#
|
685
|
+
# : You must have the `s3:CreateAccessGrantsLocation` permission to use
|
686
|
+
# this operation.
|
687
|
+
#
|
688
|
+
# Additional Permissions
|
689
|
+
#
|
690
|
+
# : You must also have the following permission for the specified IAM
|
691
|
+
# role: `iam:PassRole`
|
692
|
+
#
|
693
|
+
#
|
694
|
+
#
|
695
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-grants-location.html
|
696
|
+
#
|
697
|
+
# @option params [String] :account_id
|
698
|
+
# The ID of the Amazon Web Services account that is making this request.
|
699
|
+
#
|
700
|
+
# @option params [required, String] :location_scope
|
701
|
+
# The S3 path to the location that you are registering. The location
|
702
|
+
# scope can be the default S3 location `s3://`, the S3 path to a bucket
|
703
|
+
# `s3://<bucket>`, or the S3 path to a bucket and prefix
|
704
|
+
# `s3://<bucket>/<prefix>`. A prefix in S3 is a string of characters at
|
705
|
+
# the beginning of an object key name used to organize the objects that
|
706
|
+
# you store in your S3 buckets. For example, object key names that start
|
707
|
+
# with the `engineering/` prefix or object key names that start with the
|
708
|
+
# `marketing/campaigns/` prefix.
|
709
|
+
#
|
710
|
+
# @option params [required, String] :iam_role_arn
|
711
|
+
# The Amazon Resource Name (ARN) of the IAM role for the registered
|
712
|
+
# location. S3 Access Grants assumes this role to manage access to the
|
713
|
+
# registered location.
|
714
|
+
#
|
715
|
+
# @option params [Array<Types::Tag>] :tags
|
716
|
+
# The Amazon Web Services resource tags that you are adding to the S3
|
717
|
+
# Access Grants location. Each tag is a label consisting of a
|
718
|
+
# user-defined key and value. Tags can help you manage, identify,
|
719
|
+
# organize, search for, and filter resources.
|
720
|
+
#
|
721
|
+
# @return [Types::CreateAccessGrantsLocationResult] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
722
|
+
#
|
723
|
+
# * {Types::CreateAccessGrantsLocationResult#created_at #created_at} => Time
|
724
|
+
# * {Types::CreateAccessGrantsLocationResult#access_grants_location_id #access_grants_location_id} => String
|
725
|
+
# * {Types::CreateAccessGrantsLocationResult#access_grants_location_arn #access_grants_location_arn} => String
|
726
|
+
# * {Types::CreateAccessGrantsLocationResult#location_scope #location_scope} => String
|
727
|
+
# * {Types::CreateAccessGrantsLocationResult#iam_role_arn #iam_role_arn} => String
|
728
|
+
#
|
729
|
+
# @example Request syntax with placeholder values
|
730
|
+
#
|
731
|
+
# resp = client.create_access_grants_location({
|
732
|
+
# account_id: "AccountId",
|
733
|
+
# location_scope: "S3Prefix", # required
|
734
|
+
# iam_role_arn: "IAMRoleArn", # required
|
735
|
+
# tags: [
|
736
|
+
# {
|
737
|
+
# key: "TagKeyString", # required
|
738
|
+
# value: "TagValueString", # required
|
739
|
+
# },
|
740
|
+
# ],
|
741
|
+
# })
|
742
|
+
#
|
743
|
+
# @example Response structure
|
744
|
+
#
|
745
|
+
# resp.created_at #=> Time
|
746
|
+
# resp.access_grants_location_id #=> String
|
747
|
+
# resp.access_grants_location_arn #=> String
|
748
|
+
# resp.location_scope #=> String
|
749
|
+
# resp.iam_role_arn #=> String
|
750
|
+
#
|
751
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/CreateAccessGrantsLocation AWS API Documentation
|
752
|
+
#
|
753
|
+
# @overload create_access_grants_location(params = {})
|
754
|
+
# @param [Hash] params ({})
|
755
|
+
def create_access_grants_location(params = {}, options = {})
|
756
|
+
req = build_request(:create_access_grants_location, params)
|
757
|
+
req.send_request(options)
|
758
|
+
end
|
759
|
+
|
760
|
+
# <note markdown="1"> This operation is not supported by directory buckets.
|
761
|
+
#
|
762
|
+
# </note>
|
763
|
+
#
|
403
764
|
# Creates an access point and associates it with the specified bucket.
|
404
765
|
# For more information, see [Managing Data Access with Amazon S3 Access
|
405
766
|
# Points][1] in the *Amazon S3 User Guide*.
|
@@ -519,6 +880,10 @@ module Aws::S3Control
|
|
519
880
|
req.send_request(options)
|
520
881
|
end
|
521
882
|
|
883
|
+
# <note markdown="1"> This operation is not supported by directory buckets.
|
884
|
+
#
|
885
|
+
# </note>
|
886
|
+
#
|
522
887
|
# Creates an Object Lambda Access Point. For more information, see
|
523
888
|
# [Transforming objects with Object Lambda Access Points][1] in the
|
524
889
|
# *Amazon S3 User Guide*.
|
@@ -750,35 +1115,42 @@ module Aws::S3Control
|
|
750
1115
|
req.send_request(options)
|
751
1116
|
end
|
752
1117
|
|
1118
|
+
# This operation creates an S3 Batch Operations job.
|
1119
|
+
#
|
753
1120
|
# You can use S3 Batch Operations to perform large-scale batch actions
|
754
1121
|
# on Amazon S3 objects. Batch Operations can run a single action on
|
755
1122
|
# lists of Amazon S3 objects that you specify. For more information, see
|
756
1123
|
# [S3 Batch Operations][1] in the *Amazon S3 User Guide*.
|
757
1124
|
#
|
758
|
-
#
|
1125
|
+
# Permissions
|
1126
|
+
#
|
1127
|
+
# : For information about permissions required to use the Batch
|
1128
|
+
# Operations, see [Granting permissions for S3 Batch Operations][2] in
|
1129
|
+
# the *Amazon S3 User Guide*.
|
759
1130
|
#
|
760
1131
|
#
|
761
1132
|
#
|
762
1133
|
# Related actions include:
|
763
1134
|
#
|
764
|
-
# * [DescribeJob][
|
1135
|
+
# * [DescribeJob][3]
|
765
1136
|
#
|
766
|
-
# * [ListJobs][
|
1137
|
+
# * [ListJobs][4]
|
767
1138
|
#
|
768
|
-
# * [UpdateJobPriority][
|
1139
|
+
# * [UpdateJobPriority][5]
|
769
1140
|
#
|
770
|
-
# * [UpdateJobStatus][
|
1141
|
+
# * [UpdateJobStatus][6]
|
771
1142
|
#
|
772
|
-
# * [JobOperation][
|
1143
|
+
# * [JobOperation][7]
|
773
1144
|
#
|
774
1145
|
#
|
775
1146
|
#
|
776
1147
|
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/batch-ops.html
|
777
|
-
# [2]: https://docs.aws.amazon.com/AmazonS3/latest/
|
778
|
-
# [3]: https://docs.aws.amazon.com/AmazonS3/latest/API/
|
779
|
-
# [4]: https://docs.aws.amazon.com/AmazonS3/latest/API/
|
780
|
-
# [5]: https://docs.aws.amazon.com/AmazonS3/latest/API/
|
781
|
-
# [6]: https://docs.aws.amazon.com/AmazonS3/latest/API/
|
1148
|
+
# [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html
|
1149
|
+
# [3]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DescribeJob.html
|
1150
|
+
# [4]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_ListJobs.html
|
1151
|
+
# [5]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_UpdateJobPriority.html
|
1152
|
+
# [6]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_UpdateJobStatus.html
|
1153
|
+
# [7]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_JobOperation.html
|
782
1154
|
#
|
783
1155
|
# @option params [String] :account_id
|
784
1156
|
# The Amazon Web Services account ID that creates the job.
|
@@ -845,9 +1217,13 @@ module Aws::S3Control
|
|
845
1217
|
# operation: { # required
|
846
1218
|
# lambda_invoke: {
|
847
1219
|
# function_arn: "FunctionArnString",
|
1220
|
+
# invocation_schema_version: "NonEmptyMaxLength64String",
|
1221
|
+
# user_arguments: {
|
1222
|
+
# "NonEmptyMaxLength64String" => "MaxLength1024String",
|
1223
|
+
# },
|
848
1224
|
# },
|
849
1225
|
# s3_put_object_copy: {
|
850
|
-
# target_resource: "
|
1226
|
+
# target_resource: "S3RegionalOrS3ExpressBucketArnString",
|
851
1227
|
# canned_access_control_list: "private", # accepts private, public-read, public-read-write, aws-exec-read, authenticated-read, bucket-owner-read, bucket-owner-full-control
|
852
1228
|
# access_control_grants: [
|
853
1229
|
# {
|
@@ -1021,6 +1397,10 @@ module Aws::S3Control
|
|
1021
1397
|
req.send_request(options)
|
1022
1398
|
end
|
1023
1399
|
|
1400
|
+
# <note markdown="1"> This operation is not supported by directory buckets.
|
1401
|
+
#
|
1402
|
+
# </note>
|
1403
|
+
#
|
1024
1404
|
# Creates a Multi-Region Access Point and associates it with the
|
1025
1405
|
# specified buckets. For more information about creating Multi-Region
|
1026
1406
|
# Access Points, see [Creating Multi-Region Access Points][1] in the
|
@@ -1226,6 +1606,160 @@ module Aws::S3Control
|
|
1226
1606
|
req.send_request(options)
|
1227
1607
|
end
|
1228
1608
|
|
1609
|
+
# Deletes the access grant from the S3 Access Grants instance. You
|
1610
|
+
# cannot undo an access grant deletion and the grantee will no longer
|
1611
|
+
# have access to the S3 data.
|
1612
|
+
#
|
1613
|
+
# Permissions
|
1614
|
+
#
|
1615
|
+
# : You must have the `s3:DeleteAccessGrant` permission to use this
|
1616
|
+
# operation.
|
1617
|
+
#
|
1618
|
+
# @option params [String] :account_id
|
1619
|
+
# The ID of the Amazon Web Services account that is making this request.
|
1620
|
+
#
|
1621
|
+
# @option params [required, String] :access_grant_id
|
1622
|
+
# The ID of the access grant. S3 Access Grants auto-generates this ID
|
1623
|
+
# when you create the access grant.
|
1624
|
+
#
|
1625
|
+
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
1626
|
+
#
|
1627
|
+
# @example Request syntax with placeholder values
|
1628
|
+
#
|
1629
|
+
# resp = client.delete_access_grant({
|
1630
|
+
# account_id: "AccountId",
|
1631
|
+
# access_grant_id: "AccessGrantId", # required
|
1632
|
+
# })
|
1633
|
+
#
|
1634
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/DeleteAccessGrant AWS API Documentation
|
1635
|
+
#
|
1636
|
+
# @overload delete_access_grant(params = {})
|
1637
|
+
# @param [Hash] params ({})
|
1638
|
+
def delete_access_grant(params = {}, options = {})
|
1639
|
+
req = build_request(:delete_access_grant, params)
|
1640
|
+
req.send_request(options)
|
1641
|
+
end
|
1642
|
+
|
1643
|
+
# Deletes your S3 Access Grants instance. You must first delete the
|
1644
|
+
# access grants and locations before S3 Access Grants can delete the
|
1645
|
+
# instance. See [DeleteAccessGrant][1] and
|
1646
|
+
# [DeleteAccessGrantsLocation][2]. If you have associated an IAM
|
1647
|
+
# Identity Center instance with your S3 Access Grants instance, you must
|
1648
|
+
# first dissassociate the Identity Center instance from the S3 Access
|
1649
|
+
# Grants instance before you can delete the S3 Access Grants instance.
|
1650
|
+
# See [AssociateAccessGrantsIdentityCenter][3] and
|
1651
|
+
# [DissociateAccessGrantsIdentityCenter][4].
|
1652
|
+
#
|
1653
|
+
# Permissions
|
1654
|
+
#
|
1655
|
+
# : You must have the `s3:DeleteAccessGrantsInstance` permission to use
|
1656
|
+
# this operation.
|
1657
|
+
#
|
1658
|
+
#
|
1659
|
+
#
|
1660
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeleteAccessGrant.html
|
1661
|
+
# [2]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeleteAccessGrantsLocation.html
|
1662
|
+
# [3]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_AssociateAccessGrantsIdentityCenter.html
|
1663
|
+
# [4]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DissociateAccessGrantsIdentityCenter.html
|
1664
|
+
#
|
1665
|
+
# @option params [String] :account_id
|
1666
|
+
# The ID of the Amazon Web Services account that is making this request.
|
1667
|
+
#
|
1668
|
+
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
1669
|
+
#
|
1670
|
+
# @example Request syntax with placeholder values
|
1671
|
+
#
|
1672
|
+
# resp = client.delete_access_grants_instance({
|
1673
|
+
# account_id: "AccountId",
|
1674
|
+
# })
|
1675
|
+
#
|
1676
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/DeleteAccessGrantsInstance AWS API Documentation
|
1677
|
+
#
|
1678
|
+
# @overload delete_access_grants_instance(params = {})
|
1679
|
+
# @param [Hash] params ({})
|
1680
|
+
def delete_access_grants_instance(params = {}, options = {})
|
1681
|
+
req = build_request(:delete_access_grants_instance, params)
|
1682
|
+
req.send_request(options)
|
1683
|
+
end
|
1684
|
+
|
1685
|
+
# Deletes the resource policy of the S3 Access Grants instance. The
|
1686
|
+
# resource policy is used to manage cross-account access to your S3
|
1687
|
+
# Access Grants instance. By deleting the resource policy, you delete
|
1688
|
+
# any cross-account permissions to your S3 Access Grants instance.
|
1689
|
+
#
|
1690
|
+
# Permissions
|
1691
|
+
#
|
1692
|
+
# : You must have the `s3:DeleteAccessGrantsInstanceResourcePolicy`
|
1693
|
+
# permission to use this operation.
|
1694
|
+
#
|
1695
|
+
# @option params [String] :account_id
|
1696
|
+
# The ID of the Amazon Web Services account that is making this request.
|
1697
|
+
#
|
1698
|
+
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
1699
|
+
#
|
1700
|
+
# @example Request syntax with placeholder values
|
1701
|
+
#
|
1702
|
+
# resp = client.delete_access_grants_instance_resource_policy({
|
1703
|
+
# account_id: "AccountId",
|
1704
|
+
# })
|
1705
|
+
#
|
1706
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/DeleteAccessGrantsInstanceResourcePolicy AWS API Documentation
|
1707
|
+
#
|
1708
|
+
# @overload delete_access_grants_instance_resource_policy(params = {})
|
1709
|
+
# @param [Hash] params ({})
|
1710
|
+
def delete_access_grants_instance_resource_policy(params = {}, options = {})
|
1711
|
+
req = build_request(:delete_access_grants_instance_resource_policy, params)
|
1712
|
+
req.send_request(options)
|
1713
|
+
end
|
1714
|
+
|
1715
|
+
# Deregisters a location from your S3 Access Grants instance. You can
|
1716
|
+
# only delete a location registration from an S3 Access Grants instance
|
1717
|
+
# if there are no grants associated with this location. See [Delete a
|
1718
|
+
# grant][1] for information on how to delete grants. You need to have at
|
1719
|
+
# least one registered location in your S3 Access Grants instance in
|
1720
|
+
# order to create access grants.
|
1721
|
+
#
|
1722
|
+
# Permissions
|
1723
|
+
#
|
1724
|
+
# : You must have the `s3:DeleteAccessGrantsLocation` permission to use
|
1725
|
+
# this operation.
|
1726
|
+
#
|
1727
|
+
#
|
1728
|
+
#
|
1729
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeleteAccessGrant.html
|
1730
|
+
#
|
1731
|
+
# @option params [String] :account_id
|
1732
|
+
# The ID of the Amazon Web Services account that is making this request.
|
1733
|
+
#
|
1734
|
+
# @option params [required, String] :access_grants_location_id
|
1735
|
+
# The ID of the registered location that you are deregistering from your
|
1736
|
+
# S3 Access Grants instance. S3 Access Grants assigned this ID when you
|
1737
|
+
# registered the location. S3 Access Grants assigns the ID `default` to
|
1738
|
+
# the default location `s3://` and assigns an auto-generated ID to other
|
1739
|
+
# locations that you register.
|
1740
|
+
#
|
1741
|
+
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
1742
|
+
#
|
1743
|
+
# @example Request syntax with placeholder values
|
1744
|
+
#
|
1745
|
+
# resp = client.delete_access_grants_location({
|
1746
|
+
# account_id: "AccountId",
|
1747
|
+
# access_grants_location_id: "AccessGrantsLocationId", # required
|
1748
|
+
# })
|
1749
|
+
#
|
1750
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/DeleteAccessGrantsLocation AWS API Documentation
|
1751
|
+
#
|
1752
|
+
# @overload delete_access_grants_location(params = {})
|
1753
|
+
# @param [Hash] params ({})
|
1754
|
+
def delete_access_grants_location(params = {}, options = {})
|
1755
|
+
req = build_request(:delete_access_grants_location, params)
|
1756
|
+
req.send_request(options)
|
1757
|
+
end
|
1758
|
+
|
1759
|
+
# <note markdown="1"> This operation is not supported by directory buckets.
|
1760
|
+
#
|
1761
|
+
# </note>
|
1762
|
+
#
|
1229
1763
|
# Deletes the specified access point.
|
1230
1764
|
#
|
1231
1765
|
# All Amazon S3 on Outposts REST API requests for this action require an
|
@@ -1289,6 +1823,10 @@ module Aws::S3Control
|
|
1289
1823
|
req.send_request(options)
|
1290
1824
|
end
|
1291
1825
|
|
1826
|
+
# <note markdown="1"> This operation is not supported by directory buckets.
|
1827
|
+
#
|
1828
|
+
# </note>
|
1829
|
+
#
|
1292
1830
|
# Deletes the specified Object Lambda Access Point.
|
1293
1831
|
#
|
1294
1832
|
# The following actions are related to
|
@@ -1331,6 +1869,10 @@ module Aws::S3Control
|
|
1331
1869
|
req.send_request(options)
|
1332
1870
|
end
|
1333
1871
|
|
1872
|
+
# <note markdown="1"> This operation is not supported by directory buckets.
|
1873
|
+
#
|
1874
|
+
# </note>
|
1875
|
+
#
|
1334
1876
|
# Deletes the access point policy for the specified access point.
|
1335
1877
|
#
|
1336
1878
|
#
|
@@ -1392,6 +1934,10 @@ module Aws::S3Control
|
|
1392
1934
|
req.send_request(options)
|
1393
1935
|
end
|
1394
1936
|
|
1937
|
+
# <note markdown="1"> This operation is not supported by directory buckets.
|
1938
|
+
#
|
1939
|
+
# </note>
|
1940
|
+
#
|
1395
1941
|
# Removes the resource policy for an Object Lambda Access Point.
|
1396
1942
|
#
|
1397
1943
|
# The following actions are related to
|
@@ -1841,12 +2387,13 @@ module Aws::S3Control
|
|
1841
2387
|
end
|
1842
2388
|
|
1843
2389
|
# Removes the entire tag set from the specified S3 Batch Operations job.
|
1844
|
-
# To use the `DeleteJobTagging` operation, you must have permission to
|
1845
|
-
# perform the `s3:DeleteJobTagging` action. For more information, see
|
1846
|
-
# [Controlling access and labeling jobs using tags][1] in the *Amazon S3
|
1847
|
-
# User Guide*.
|
1848
2390
|
#
|
2391
|
+
# Permissions
|
1849
2392
|
#
|
2393
|
+
# : To use the `DeleteJobTagging` operation, you must have permission to
|
2394
|
+
# perform the `s3:DeleteJobTagging` action. For more information, see
|
2395
|
+
# [Controlling access and labeling jobs using tags][1] in the *Amazon
|
2396
|
+
# S3 User Guide*.
|
1850
2397
|
#
|
1851
2398
|
# Related actions include:
|
1852
2399
|
#
|
@@ -1888,6 +2435,10 @@ module Aws::S3Control
|
|
1888
2435
|
req.send_request(options)
|
1889
2436
|
end
|
1890
2437
|
|
2438
|
+
# <note markdown="1"> This operation is not supported by directory buckets.
|
2439
|
+
#
|
2440
|
+
# </note>
|
2441
|
+
#
|
1891
2442
|
# Deletes a Multi-Region Access Point. This action does not delete the
|
1892
2443
|
# buckets associated with the Multi-Region Access Point, only the
|
1893
2444
|
# Multi-Region Access Point itself.
|
@@ -1962,6 +2513,10 @@ module Aws::S3Control
|
|
1962
2513
|
req.send_request(options)
|
1963
2514
|
end
|
1964
2515
|
|
2516
|
+
# <note markdown="1"> This operation is not supported by directory buckets.
|
2517
|
+
#
|
2518
|
+
# </note>
|
2519
|
+
#
|
1965
2520
|
# Removes the `PublicAccessBlock` configuration for an Amazon Web
|
1966
2521
|
# Services account. For more information, see [ Using Amazon S3 block
|
1967
2522
|
# public access][1].
|
@@ -1999,6 +2554,10 @@ module Aws::S3Control
|
|
1999
2554
|
req.send_request(options)
|
2000
2555
|
end
|
2001
2556
|
|
2557
|
+
# <note markdown="1"> This operation is not supported by directory buckets.
|
2558
|
+
#
|
2559
|
+
# </note>
|
2560
|
+
#
|
2002
2561
|
# Deletes the Amazon S3 Storage Lens configuration. For more information
|
2003
2562
|
# about S3 Storage Lens, see [Assessing your storage activity and usage
|
2004
2563
|
# with Amazon S3 Storage Lens ][1] in the *Amazon S3 User Guide*.
|
@@ -2039,6 +2598,10 @@ module Aws::S3Control
|
|
2039
2598
|
req.send_request(options)
|
2040
2599
|
end
|
2041
2600
|
|
2601
|
+
# <note markdown="1"> This operation is not supported by directory buckets.
|
2602
|
+
#
|
2603
|
+
# </note>
|
2604
|
+
#
|
2042
2605
|
# Deletes the Amazon S3 Storage Lens configuration tags. For more
|
2043
2606
|
# information about S3 Storage Lens, see [Assessing your storage
|
2044
2607
|
# activity and usage with Amazon S3 Storage Lens ][1] in the *Amazon S3
|
@@ -2124,7 +2687,10 @@ module Aws::S3Control
|
|
2124
2687
|
# Operations job. For more information, see [S3 Batch Operations][1] in
|
2125
2688
|
# the *Amazon S3 User Guide*.
|
2126
2689
|
#
|
2690
|
+
# Permissions
|
2127
2691
|
#
|
2692
|
+
# : To use the `DescribeJob` operation, you must have permission to
|
2693
|
+
# perform the `s3:DescribeJob` action.
|
2128
2694
|
#
|
2129
2695
|
# Related actions include:
|
2130
2696
|
#
|
@@ -2176,6 +2742,9 @@ module Aws::S3Control
|
|
2176
2742
|
# resp.job.manifest.location.object_version_id #=> String
|
2177
2743
|
# resp.job.manifest.location.etag #=> String
|
2178
2744
|
# resp.job.operation.lambda_invoke.function_arn #=> String
|
2745
|
+
# resp.job.operation.lambda_invoke.invocation_schema_version #=> String
|
2746
|
+
# resp.job.operation.lambda_invoke.user_arguments #=> Hash
|
2747
|
+
# resp.job.operation.lambda_invoke.user_arguments["NonEmptyMaxLength64String"] #=> String
|
2179
2748
|
# resp.job.operation.s3_put_object_copy.target_resource #=> String
|
2180
2749
|
# resp.job.operation.s3_put_object_copy.canned_access_control_list #=> String, one of "private", "public-read", "public-read-write", "aws-exec-read", "authenticated-read", "bucket-owner-read", "bucket-owner-full-control"
|
2181
2750
|
# resp.job.operation.s3_put_object_copy.access_control_grants #=> Array
|
@@ -2284,6 +2853,10 @@ module Aws::S3Control
|
|
2284
2853
|
req.send_request(options)
|
2285
2854
|
end
|
2286
2855
|
|
2856
|
+
# <note markdown="1"> This operation is not supported by directory buckets.
|
2857
|
+
#
|
2858
|
+
# </note>
|
2859
|
+
#
|
2287
2860
|
# Retrieves the status of an asynchronous request to manage a
|
2288
2861
|
# Multi-Region Access Point. For more information about managing
|
2289
2862
|
# Multi-Region Access Points and how asynchronous requests work, see
|
@@ -2363,6 +2936,270 @@ module Aws::S3Control
|
|
2363
2936
|
req.send_request(options)
|
2364
2937
|
end
|
2365
2938
|
|
2939
|
+
# Dissociates the Amazon Web Services IAM Identity Center instance from
|
2940
|
+
# the S3 Access Grants instance.
|
2941
|
+
#
|
2942
|
+
# Permissions
|
2943
|
+
#
|
2944
|
+
# : You must have the `s3:DissociateAccessGrantsIdentityCenter`
|
2945
|
+
# permission to use this operation.
|
2946
|
+
#
|
2947
|
+
# Additional Permissions
|
2948
|
+
#
|
2949
|
+
# : You must have the `sso:DeleteApplication` permission to use this
|
2950
|
+
# operation.
|
2951
|
+
#
|
2952
|
+
# @option params [String] :account_id
|
2953
|
+
# The ID of the Amazon Web Services account that is making this request.
|
2954
|
+
#
|
2955
|
+
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
2956
|
+
#
|
2957
|
+
# @example Request syntax with placeholder values
|
2958
|
+
#
|
2959
|
+
# resp = client.dissociate_access_grants_identity_center({
|
2960
|
+
# account_id: "AccountId",
|
2961
|
+
# })
|
2962
|
+
#
|
2963
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/DissociateAccessGrantsIdentityCenter AWS API Documentation
|
2964
|
+
#
|
2965
|
+
# @overload dissociate_access_grants_identity_center(params = {})
|
2966
|
+
# @param [Hash] params ({})
|
2967
|
+
def dissociate_access_grants_identity_center(params = {}, options = {})
|
2968
|
+
req = build_request(:dissociate_access_grants_identity_center, params)
|
2969
|
+
req.send_request(options)
|
2970
|
+
end
|
2971
|
+
|
2972
|
+
# Get the details of an access grant from your S3 Access Grants
|
2973
|
+
# instance.
|
2974
|
+
#
|
2975
|
+
# Permissions
|
2976
|
+
#
|
2977
|
+
# : You must have the `s3:GetAccessGrant` permission to use this
|
2978
|
+
# operation.
|
2979
|
+
#
|
2980
|
+
# @option params [String] :account_id
|
2981
|
+
# The ID of the Amazon Web Services account that is making this request.
|
2982
|
+
#
|
2983
|
+
# @option params [required, String] :access_grant_id
|
2984
|
+
# The ID of the access grant. S3 Access Grants auto-generates this ID
|
2985
|
+
# when you create the access grant.
|
2986
|
+
#
|
2987
|
+
# @return [Types::GetAccessGrantResult] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
2988
|
+
#
|
2989
|
+
# * {Types::GetAccessGrantResult#created_at #created_at} => Time
|
2990
|
+
# * {Types::GetAccessGrantResult#access_grant_id #access_grant_id} => String
|
2991
|
+
# * {Types::GetAccessGrantResult#access_grant_arn #access_grant_arn} => String
|
2992
|
+
# * {Types::GetAccessGrantResult#grantee #grantee} => Types::Grantee
|
2993
|
+
# * {Types::GetAccessGrantResult#permission #permission} => String
|
2994
|
+
# * {Types::GetAccessGrantResult#access_grants_location_id #access_grants_location_id} => String
|
2995
|
+
# * {Types::GetAccessGrantResult#access_grants_location_configuration #access_grants_location_configuration} => Types::AccessGrantsLocationConfiguration
|
2996
|
+
# * {Types::GetAccessGrantResult#grant_scope #grant_scope} => String
|
2997
|
+
# * {Types::GetAccessGrantResult#application_arn #application_arn} => String
|
2998
|
+
#
|
2999
|
+
# @example Request syntax with placeholder values
|
3000
|
+
#
|
3001
|
+
# resp = client.get_access_grant({
|
3002
|
+
# account_id: "AccountId",
|
3003
|
+
# access_grant_id: "AccessGrantId", # required
|
3004
|
+
# })
|
3005
|
+
#
|
3006
|
+
# @example Response structure
|
3007
|
+
#
|
3008
|
+
# resp.created_at #=> Time
|
3009
|
+
# resp.access_grant_id #=> String
|
3010
|
+
# resp.access_grant_arn #=> String
|
3011
|
+
# resp.grantee.grantee_type #=> String, one of "DIRECTORY_USER", "DIRECTORY_GROUP", "IAM"
|
3012
|
+
# resp.grantee.grantee_identifier #=> String
|
3013
|
+
# resp.permission #=> String, one of "READ", "WRITE", "READWRITE"
|
3014
|
+
# resp.access_grants_location_id #=> String
|
3015
|
+
# resp.access_grants_location_configuration.s3_sub_prefix #=> String
|
3016
|
+
# resp.grant_scope #=> String
|
3017
|
+
# resp.application_arn #=> String
|
3018
|
+
#
|
3019
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetAccessGrant AWS API Documentation
|
3020
|
+
#
|
3021
|
+
# @overload get_access_grant(params = {})
|
3022
|
+
# @param [Hash] params ({})
|
3023
|
+
def get_access_grant(params = {}, options = {})
|
3024
|
+
req = build_request(:get_access_grant, params)
|
3025
|
+
req.send_request(options)
|
3026
|
+
end
|
3027
|
+
|
3028
|
+
# Retrieves the S3 Access Grants instance for a Region in your account.
|
3029
|
+
#
|
3030
|
+
# Permissions
|
3031
|
+
#
|
3032
|
+
# : You must have the `s3:GetAccessGrantsInstance` permission to use
|
3033
|
+
# this operation.
|
3034
|
+
#
|
3035
|
+
# @option params [String] :account_id
|
3036
|
+
# The ID of the Amazon Web Services account that is making this request.
|
3037
|
+
#
|
3038
|
+
# @return [Types::GetAccessGrantsInstanceResult] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
3039
|
+
#
|
3040
|
+
# * {Types::GetAccessGrantsInstanceResult#access_grants_instance_arn #access_grants_instance_arn} => String
|
3041
|
+
# * {Types::GetAccessGrantsInstanceResult#access_grants_instance_id #access_grants_instance_id} => String
|
3042
|
+
# * {Types::GetAccessGrantsInstanceResult#identity_center_arn #identity_center_arn} => String
|
3043
|
+
# * {Types::GetAccessGrantsInstanceResult#created_at #created_at} => Time
|
3044
|
+
#
|
3045
|
+
# @example Request syntax with placeholder values
|
3046
|
+
#
|
3047
|
+
# resp = client.get_access_grants_instance({
|
3048
|
+
# account_id: "AccountId",
|
3049
|
+
# })
|
3050
|
+
#
|
3051
|
+
# @example Response structure
|
3052
|
+
#
|
3053
|
+
# resp.access_grants_instance_arn #=> String
|
3054
|
+
# resp.access_grants_instance_id #=> String
|
3055
|
+
# resp.identity_center_arn #=> String
|
3056
|
+
# resp.created_at #=> Time
|
3057
|
+
#
|
3058
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetAccessGrantsInstance AWS API Documentation
|
3059
|
+
#
|
3060
|
+
# @overload get_access_grants_instance(params = {})
|
3061
|
+
# @param [Hash] params ({})
|
3062
|
+
def get_access_grants_instance(params = {}, options = {})
|
3063
|
+
req = build_request(:get_access_grants_instance, params)
|
3064
|
+
req.send_request(options)
|
3065
|
+
end
|
3066
|
+
|
3067
|
+
# Retrieve the S3 Access Grants instance that contains a particular
|
3068
|
+
# prefix.
|
3069
|
+
#
|
3070
|
+
# Permissions
|
3071
|
+
#
|
3072
|
+
# : You must have the `s3:GetAccessGrantsInstanceForPrefix` permission
|
3073
|
+
# for the caller account to use this operation.
|
3074
|
+
#
|
3075
|
+
# Additional Permissions
|
3076
|
+
#
|
3077
|
+
# : The prefix owner account must grant you the following permissions to
|
3078
|
+
# their S3 Access Grants instance:
|
3079
|
+
# `s3:GetAccessGrantsInstanceForPrefix`.
|
3080
|
+
#
|
3081
|
+
# @option params [String] :account_id
|
3082
|
+
# The ID of the Amazon Web Services account that is making this request.
|
3083
|
+
#
|
3084
|
+
# @option params [required, String] :s3_prefix
|
3085
|
+
# The S3 prefix of the access grants that you would like to retrieve.
|
3086
|
+
#
|
3087
|
+
# @return [Types::GetAccessGrantsInstanceForPrefixResult] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
3088
|
+
#
|
3089
|
+
# * {Types::GetAccessGrantsInstanceForPrefixResult#access_grants_instance_arn #access_grants_instance_arn} => String
|
3090
|
+
# * {Types::GetAccessGrantsInstanceForPrefixResult#access_grants_instance_id #access_grants_instance_id} => String
|
3091
|
+
#
|
3092
|
+
# @example Request syntax with placeholder values
|
3093
|
+
#
|
3094
|
+
# resp = client.get_access_grants_instance_for_prefix({
|
3095
|
+
# account_id: "AccountId",
|
3096
|
+
# s3_prefix: "S3Prefix", # required
|
3097
|
+
# })
|
3098
|
+
#
|
3099
|
+
# @example Response structure
|
3100
|
+
#
|
3101
|
+
# resp.access_grants_instance_arn #=> String
|
3102
|
+
# resp.access_grants_instance_id #=> String
|
3103
|
+
#
|
3104
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetAccessGrantsInstanceForPrefix AWS API Documentation
|
3105
|
+
#
|
3106
|
+
# @overload get_access_grants_instance_for_prefix(params = {})
|
3107
|
+
# @param [Hash] params ({})
|
3108
|
+
def get_access_grants_instance_for_prefix(params = {}, options = {})
|
3109
|
+
req = build_request(:get_access_grants_instance_for_prefix, params)
|
3110
|
+
req.send_request(options)
|
3111
|
+
end
|
3112
|
+
|
3113
|
+
# Returns the resource policy of the S3 Access Grants instance.
|
3114
|
+
#
|
3115
|
+
# Permissions
|
3116
|
+
#
|
3117
|
+
# : You must have the `s3:GetAccessGrantsInstanceResourcePolicy`
|
3118
|
+
# permission to use this operation.
|
3119
|
+
#
|
3120
|
+
# @option params [String] :account_id
|
3121
|
+
# The ID of the Amazon Web Services account that is making this request.
|
3122
|
+
#
|
3123
|
+
# @return [Types::GetAccessGrantsInstanceResourcePolicyResult] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
3124
|
+
#
|
3125
|
+
# * {Types::GetAccessGrantsInstanceResourcePolicyResult#policy #policy} => String
|
3126
|
+
# * {Types::GetAccessGrantsInstanceResourcePolicyResult#organization #organization} => String
|
3127
|
+
# * {Types::GetAccessGrantsInstanceResourcePolicyResult#created_at #created_at} => Time
|
3128
|
+
#
|
3129
|
+
# @example Request syntax with placeholder values
|
3130
|
+
#
|
3131
|
+
# resp = client.get_access_grants_instance_resource_policy({
|
3132
|
+
# account_id: "AccountId",
|
3133
|
+
# })
|
3134
|
+
#
|
3135
|
+
# @example Response structure
|
3136
|
+
#
|
3137
|
+
# resp.policy #=> String
|
3138
|
+
# resp.organization #=> String
|
3139
|
+
# resp.created_at #=> Time
|
3140
|
+
#
|
3141
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetAccessGrantsInstanceResourcePolicy AWS API Documentation
|
3142
|
+
#
|
3143
|
+
# @overload get_access_grants_instance_resource_policy(params = {})
|
3144
|
+
# @param [Hash] params ({})
|
3145
|
+
def get_access_grants_instance_resource_policy(params = {}, options = {})
|
3146
|
+
req = build_request(:get_access_grants_instance_resource_policy, params)
|
3147
|
+
req.send_request(options)
|
3148
|
+
end
|
3149
|
+
|
3150
|
+
# Retrieves the details of a particular location registered in your S3
|
3151
|
+
# Access Grants instance.
|
3152
|
+
#
|
3153
|
+
# Permissions
|
3154
|
+
#
|
3155
|
+
# : You must have the `s3:GetAccessGrantsLocation` permission to use
|
3156
|
+
# this operation.
|
3157
|
+
#
|
3158
|
+
# @option params [String] :account_id
|
3159
|
+
# The ID of the Amazon Web Services account that is making this request.
|
3160
|
+
#
|
3161
|
+
# @option params [required, String] :access_grants_location_id
|
3162
|
+
# The ID of the registered location that you are retrieving. S3 Access
|
3163
|
+
# Grants assigns this ID when you register the location. S3 Access
|
3164
|
+
# Grants assigns the ID `default` to the default location `s3://` and
|
3165
|
+
# assigns an auto-generated ID to other locations that you register.
|
3166
|
+
#
|
3167
|
+
# @return [Types::GetAccessGrantsLocationResult] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
3168
|
+
#
|
3169
|
+
# * {Types::GetAccessGrantsLocationResult#created_at #created_at} => Time
|
3170
|
+
# * {Types::GetAccessGrantsLocationResult#access_grants_location_id #access_grants_location_id} => String
|
3171
|
+
# * {Types::GetAccessGrantsLocationResult#access_grants_location_arn #access_grants_location_arn} => String
|
3172
|
+
# * {Types::GetAccessGrantsLocationResult#location_scope #location_scope} => String
|
3173
|
+
# * {Types::GetAccessGrantsLocationResult#iam_role_arn #iam_role_arn} => String
|
3174
|
+
#
|
3175
|
+
# @example Request syntax with placeholder values
|
3176
|
+
#
|
3177
|
+
# resp = client.get_access_grants_location({
|
3178
|
+
# account_id: "AccountId",
|
3179
|
+
# access_grants_location_id: "AccessGrantsLocationId", # required
|
3180
|
+
# })
|
3181
|
+
#
|
3182
|
+
# @example Response structure
|
3183
|
+
#
|
3184
|
+
# resp.created_at #=> Time
|
3185
|
+
# resp.access_grants_location_id #=> String
|
3186
|
+
# resp.access_grants_location_arn #=> String
|
3187
|
+
# resp.location_scope #=> String
|
3188
|
+
# resp.iam_role_arn #=> String
|
3189
|
+
#
|
3190
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetAccessGrantsLocation AWS API Documentation
|
3191
|
+
#
|
3192
|
+
# @overload get_access_grants_location(params = {})
|
3193
|
+
# @param [Hash] params ({})
|
3194
|
+
def get_access_grants_location(params = {}, options = {})
|
3195
|
+
req = build_request(:get_access_grants_location, params)
|
3196
|
+
req.send_request(options)
|
3197
|
+
end
|
3198
|
+
|
3199
|
+
# <note markdown="1"> This operation is not supported by directory buckets.
|
3200
|
+
#
|
3201
|
+
# </note>
|
3202
|
+
#
|
2366
3203
|
# Returns configuration information about the specified access point.
|
2367
3204
|
#
|
2368
3205
|
#
|
@@ -2457,6 +3294,10 @@ module Aws::S3Control
|
|
2457
3294
|
req.send_request(options)
|
2458
3295
|
end
|
2459
3296
|
|
3297
|
+
# <note markdown="1"> This operation is not supported by directory buckets.
|
3298
|
+
#
|
3299
|
+
# </note>
|
3300
|
+
#
|
2460
3301
|
# Returns configuration for an Object Lambda Access Point.
|
2461
3302
|
#
|
2462
3303
|
# The following actions are related to
|
@@ -2510,6 +3351,10 @@ module Aws::S3Control
|
|
2510
3351
|
req.send_request(options)
|
2511
3352
|
end
|
2512
3353
|
|
3354
|
+
# <note markdown="1"> This operation is not supported by directory buckets.
|
3355
|
+
#
|
3356
|
+
# </note>
|
3357
|
+
#
|
2513
3358
|
# Returns configuration information about the specified Object Lambda
|
2514
3359
|
# Access Point
|
2515
3360
|
#
|
@@ -2568,6 +3413,10 @@ module Aws::S3Control
|
|
2568
3413
|
req.send_request(options)
|
2569
3414
|
end
|
2570
3415
|
|
3416
|
+
# <note markdown="1"> This operation is not supported by directory buckets.
|
3417
|
+
#
|
3418
|
+
# </note>
|
3419
|
+
#
|
2571
3420
|
# Returns the access point policy associated with the specified access
|
2572
3421
|
# point.
|
2573
3422
|
#
|
@@ -2625,6 +3474,10 @@ module Aws::S3Control
|
|
2625
3474
|
req.send_request(options)
|
2626
3475
|
end
|
2627
3476
|
|
3477
|
+
# <note markdown="1"> This operation is not supported by directory buckets.
|
3478
|
+
#
|
3479
|
+
# </note>
|
3480
|
+
#
|
2628
3481
|
# Returns the resource policy for an Object Lambda Access Point.
|
2629
3482
|
#
|
2630
3483
|
# The following actions are related to
|
@@ -2670,6 +3523,10 @@ module Aws::S3Control
|
|
2670
3523
|
req.send_request(options)
|
2671
3524
|
end
|
2672
3525
|
|
3526
|
+
# <note markdown="1"> This operation is not supported by directory buckets.
|
3527
|
+
#
|
3528
|
+
# </note>
|
3529
|
+
#
|
2673
3530
|
# Indicates whether the specified access point currently has a policy
|
2674
3531
|
# that allows public access. For more information about public access
|
2675
3532
|
# through access points, see [Managing Data Access with Amazon S3 access
|
@@ -2709,6 +3566,10 @@ module Aws::S3Control
|
|
2709
3566
|
req.send_request(options)
|
2710
3567
|
end
|
2711
3568
|
|
3569
|
+
# <note markdown="1"> This operation is not supported by directory buckets.
|
3570
|
+
#
|
3571
|
+
# </note>
|
3572
|
+
#
|
2712
3573
|
# Returns the status of the resource policy associated with an Object
|
2713
3574
|
# Lambda Access Point.
|
2714
3575
|
#
|
@@ -2743,9 +3604,11 @@ module Aws::S3Control
|
|
2743
3604
|
req.send_request(options)
|
2744
3605
|
end
|
2745
3606
|
|
2746
|
-
# Gets an Amazon S3 on Outposts bucket. For more information, see [
|
3607
|
+
# <note markdown="1"> Gets an Amazon S3 on Outposts bucket. For more information, see [
|
2747
3608
|
# Using Amazon S3 on Outposts][1] in the *Amazon S3 User Guide*.
|
2748
3609
|
#
|
3610
|
+
# </note>
|
3611
|
+
#
|
2749
3612
|
# If you are using an identity other than the root user of the Amazon
|
2750
3613
|
# Web Services account that owns the Outposts bucket, the calling
|
2751
3614
|
# identity must have the `s3-outposts:GetBucket` permissions on the
|
@@ -3314,44 +4177,142 @@ module Aws::S3Control
|
|
3314
4177
|
# [5]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_PutBucketLifecycleConfiguration.html
|
3315
4178
|
# [6]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetBucketLifecycleConfiguration.html
|
3316
4179
|
#
|
3317
|
-
# @option params [String] :account_id
|
3318
|
-
# The Amazon Web Services account ID of the S3 on Outposts bucket.
|
4180
|
+
# @option params [String] :account_id
|
4181
|
+
# The Amazon Web Services account ID of the S3 on Outposts bucket.
|
4182
|
+
#
|
4183
|
+
# @option params [required, String] :bucket
|
4184
|
+
# The S3 on Outposts bucket to return the versioning state for.
|
4185
|
+
#
|
4186
|
+
# @return [Types::GetBucketVersioningResult] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
4187
|
+
#
|
4188
|
+
# * {Types::GetBucketVersioningResult#status #status} => String
|
4189
|
+
# * {Types::GetBucketVersioningResult#mfa_delete #mfa_delete} => String
|
4190
|
+
#
|
4191
|
+
# @example Request syntax with placeholder values
|
4192
|
+
#
|
4193
|
+
# resp = client.get_bucket_versioning({
|
4194
|
+
# account_id: "AccountId",
|
4195
|
+
# bucket: "BucketName", # required
|
4196
|
+
# })
|
4197
|
+
#
|
4198
|
+
# @example Response structure
|
4199
|
+
#
|
4200
|
+
# resp.status #=> String, one of "Enabled", "Suspended"
|
4201
|
+
# resp.mfa_delete #=> String, one of "Enabled", "Disabled"
|
4202
|
+
#
|
4203
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetBucketVersioning AWS API Documentation
|
4204
|
+
#
|
4205
|
+
# @overload get_bucket_versioning(params = {})
|
4206
|
+
# @param [Hash] params ({})
|
4207
|
+
def get_bucket_versioning(params = {}, options = {})
|
4208
|
+
req = build_request(:get_bucket_versioning, params)
|
4209
|
+
req.send_request(options)
|
4210
|
+
end
|
4211
|
+
|
4212
|
+
# Returns a temporary access credential from S3 Access Grants to the
|
4213
|
+
# grantee or client application. The [temporary credential][1] is an
|
4214
|
+
# Amazon Web Services STS token that grants them access to the S3 data.
|
4215
|
+
#
|
4216
|
+
# Permissions
|
4217
|
+
#
|
4218
|
+
# : You must have the `s3:GetDataAccess` permission to use this
|
4219
|
+
# operation.
|
4220
|
+
#
|
4221
|
+
# Additional Permissions
|
4222
|
+
#
|
4223
|
+
# : The IAM role that S3 Access Grants assumes must have the following
|
4224
|
+
# permissions specified in the trust policy when registering the
|
4225
|
+
# location: `sts:AssumeRole`, for directory users or groups
|
4226
|
+
# `sts:SetContext`, and for IAM users or roles `sts:SourceIdentity`.
|
4227
|
+
#
|
4228
|
+
#
|
4229
|
+
#
|
4230
|
+
# [1]: https://docs.aws.amazon.com/STS/latest/APIReference/API_Credentials.html
|
4231
|
+
#
|
4232
|
+
# @option params [String] :account_id
|
4233
|
+
# The ID of the Amazon Web Services account that is making this request.
|
4234
|
+
#
|
4235
|
+
# @option params [required, String] :target
|
4236
|
+
# The S3 URI path of the data to which you are requesting temporary
|
4237
|
+
# access credentials. If the requesting account has an access grant for
|
4238
|
+
# this data, S3 Access Grants vends temporary access credentials in the
|
4239
|
+
# response.
|
4240
|
+
#
|
4241
|
+
# @option params [required, String] :permission
|
4242
|
+
# The type of permission granted to your S3 data, which can be set to
|
4243
|
+
# one of the following values:
|
4244
|
+
#
|
4245
|
+
# * `READ` – Grant read-only access to the S3 data.
|
4246
|
+
#
|
4247
|
+
# * `WRITE` – Grant write-only access to the S3 data.
|
4248
|
+
#
|
4249
|
+
# * `READWRITE` – Grant both read and write access to the S3 data.
|
4250
|
+
#
|
4251
|
+
# @option params [Integer] :duration_seconds
|
4252
|
+
# The session duration, in seconds, of the temporary access credential
|
4253
|
+
# that S3 Access Grants vends to the grantee or client application. The
|
4254
|
+
# default value is 1 hour, but the grantee can specify a range from 900
|
4255
|
+
# seconds (15 minutes) up to 43200 seconds (12 hours). If the grantee
|
4256
|
+
# requests a value higher than this maximum, the operation fails.
|
4257
|
+
#
|
4258
|
+
# @option params [String] :privilege
|
4259
|
+
# The scope of the temporary access credential that S3 Access Grants
|
4260
|
+
# vends to the grantee or client application.
|
3319
4261
|
#
|
3320
|
-
#
|
3321
|
-
#
|
4262
|
+
# * `Default` – The scope of the returned temporary access token is the
|
4263
|
+
# scope of the grant that is closest to the target scope.
|
3322
4264
|
#
|
3323
|
-
#
|
4265
|
+
# * `Minimal` – The scope of the returned temporary access token is the
|
4266
|
+
# same as the requested target scope as long as the requested scope is
|
4267
|
+
# the same as or a subset of the grant scope.
|
3324
4268
|
#
|
3325
|
-
#
|
3326
|
-
#
|
4269
|
+
# @option params [String] :target_type
|
4270
|
+
# The type of `Target`. The only possible value is `Object`. Pass this
|
4271
|
+
# value if the target data that you would like to access is a path to an
|
4272
|
+
# object. Do not pass this value if the target data is a bucket or a
|
4273
|
+
# bucket and a prefix.
|
4274
|
+
#
|
4275
|
+
# @return [Types::GetDataAccessResult] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
4276
|
+
#
|
4277
|
+
# * {Types::GetDataAccessResult#credentials #credentials} => Types::Credentials
|
4278
|
+
# * {Types::GetDataAccessResult#matched_grant_target #matched_grant_target} => String
|
3327
4279
|
#
|
3328
4280
|
# @example Request syntax with placeholder values
|
3329
4281
|
#
|
3330
|
-
# resp = client.
|
4282
|
+
# resp = client.get_data_access({
|
3331
4283
|
# account_id: "AccountId",
|
3332
|
-
#
|
4284
|
+
# target: "S3Prefix", # required
|
4285
|
+
# permission: "READ", # required, accepts READ, WRITE, READWRITE
|
4286
|
+
# duration_seconds: 1,
|
4287
|
+
# privilege: "Minimal", # accepts Minimal, Default
|
4288
|
+
# target_type: "Object", # accepts Object
|
3333
4289
|
# })
|
3334
4290
|
#
|
3335
4291
|
# @example Response structure
|
3336
4292
|
#
|
3337
|
-
# resp.
|
3338
|
-
# resp.
|
4293
|
+
# resp.credentials.access_key_id #=> String
|
4294
|
+
# resp.credentials.secret_access_key #=> String
|
4295
|
+
# resp.credentials.session_token #=> String
|
4296
|
+
# resp.credentials.expiration #=> Time
|
4297
|
+
# resp.matched_grant_target #=> String
|
3339
4298
|
#
|
3340
|
-
# @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/
|
4299
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetDataAccess AWS API Documentation
|
3341
4300
|
#
|
3342
|
-
# @overload
|
4301
|
+
# @overload get_data_access(params = {})
|
3343
4302
|
# @param [Hash] params ({})
|
3344
|
-
def
|
3345
|
-
req = build_request(:
|
4303
|
+
def get_data_access(params = {}, options = {})
|
4304
|
+
req = build_request(:get_data_access, params)
|
3346
4305
|
req.send_request(options)
|
3347
4306
|
end
|
3348
4307
|
|
3349
|
-
# Returns the tags on an S3 Batch Operations job.
|
3350
|
-
# `GetJobTagging` operation, you must have permission to perform the
|
3351
|
-
# `s3:GetJobTagging` action. For more information, see [Controlling
|
3352
|
-
# access and labeling jobs using tags][1] in the *Amazon S3 User Guide*.
|
4308
|
+
# Returns the tags on an S3 Batch Operations job.
|
3353
4309
|
#
|
4310
|
+
# Permissions
|
3354
4311
|
#
|
4312
|
+
# : To use the `GetJobTagging` operation, you must have permission to
|
4313
|
+
# perform the `s3:GetJobTagging` action. For more information, see
|
4314
|
+
# [Controlling access and labeling jobs using tags][1] in the *Amazon
|
4315
|
+
# S3 User Guide*.
|
3355
4316
|
#
|
3356
4317
|
# Related actions include:
|
3357
4318
|
#
|
@@ -3402,6 +4363,10 @@ module Aws::S3Control
|
|
3402
4363
|
req.send_request(options)
|
3403
4364
|
end
|
3404
4365
|
|
4366
|
+
# <note markdown="1"> This operation is not supported by directory buckets.
|
4367
|
+
#
|
4368
|
+
# </note>
|
4369
|
+
#
|
3405
4370
|
# Returns configuration information about the specified Multi-Region
|
3406
4371
|
# Access Point.
|
3407
4372
|
#
|
@@ -3479,6 +4444,10 @@ module Aws::S3Control
|
|
3479
4444
|
req.send_request(options)
|
3480
4445
|
end
|
3481
4446
|
|
4447
|
+
# <note markdown="1"> This operation is not supported by directory buckets.
|
4448
|
+
#
|
4449
|
+
# </note>
|
4450
|
+
#
|
3482
4451
|
# Returns the access control policy of the specified Multi-Region Access
|
3483
4452
|
# Point.
|
3484
4453
|
#
|
@@ -3540,6 +4509,10 @@ module Aws::S3Control
|
|
3540
4509
|
req.send_request(options)
|
3541
4510
|
end
|
3542
4511
|
|
4512
|
+
# <note markdown="1"> This operation is not supported by directory buckets.
|
4513
|
+
#
|
4514
|
+
# </note>
|
4515
|
+
#
|
3543
4516
|
# Indicates whether the specified Multi-Region Access Point has an
|
3544
4517
|
# access control policy that allows public access.
|
3545
4518
|
#
|
@@ -3600,6 +4573,10 @@ module Aws::S3Control
|
|
3600
4573
|
req.send_request(options)
|
3601
4574
|
end
|
3602
4575
|
|
4576
|
+
# <note markdown="1"> This operation is not supported by directory buckets.
|
4577
|
+
#
|
4578
|
+
# </note>
|
4579
|
+
#
|
3603
4580
|
# Returns the routing configuration for a Multi-Region Access Point,
|
3604
4581
|
# indicating which Regions are active or passive.
|
3605
4582
|
#
|
@@ -3657,6 +4634,10 @@ module Aws::S3Control
|
|
3657
4634
|
req.send_request(options)
|
3658
4635
|
end
|
3659
4636
|
|
4637
|
+
# <note markdown="1"> This operation is not supported by directory buckets.
|
4638
|
+
#
|
4639
|
+
# </note>
|
4640
|
+
#
|
3660
4641
|
# Retrieves the `PublicAccessBlock` configuration for an Amazon Web
|
3661
4642
|
# Services account. For more information, see [ Using Amazon S3 block
|
3662
4643
|
# public access][1].
|
@@ -3703,6 +4684,10 @@ module Aws::S3Control
|
|
3703
4684
|
req.send_request(options)
|
3704
4685
|
end
|
3705
4686
|
|
4687
|
+
# <note markdown="1"> This operation is not supported by directory buckets.
|
4688
|
+
#
|
4689
|
+
# </note>
|
4690
|
+
#
|
3706
4691
|
# Gets the Amazon S3 Storage Lens configuration. For more information,
|
3707
4692
|
# see [Assessing your storage activity and usage with Amazon S3 Storage
|
3708
4693
|
# Lens ][1] in the *Amazon S3 User Guide*. For a complete list of S3
|
@@ -3786,6 +4771,10 @@ module Aws::S3Control
|
|
3786
4771
|
req.send_request(options)
|
3787
4772
|
end
|
3788
4773
|
|
4774
|
+
# <note markdown="1"> This operation is not supported by directory buckets.
|
4775
|
+
#
|
4776
|
+
# </note>
|
4777
|
+
#
|
3789
4778
|
# Gets the tags of Amazon S3 Storage Lens configuration. For more
|
3790
4779
|
# information about S3 Storage Lens, see [Assessing your storage
|
3791
4780
|
# activity and usage with Amazon S3 Storage Lens ][1] in the *Amazon S3
|
@@ -3916,6 +4905,243 @@ module Aws::S3Control
|
|
3916
4905
|
req.send_request(options)
|
3917
4906
|
end
|
3918
4907
|
|
4908
|
+
# Returns the list of access grants in your S3 Access Grants instance.
|
4909
|
+
#
|
4910
|
+
# Permissions
|
4911
|
+
#
|
4912
|
+
# : You must have the `s3:ListAccessGrants` permission to use this
|
4913
|
+
# operation.
|
4914
|
+
#
|
4915
|
+
# @option params [String] :account_id
|
4916
|
+
# The ID of the Amazon Web Services account that is making this request.
|
4917
|
+
#
|
4918
|
+
# @option params [String] :next_token
|
4919
|
+
# A pagination token to request the next page of results. Pass this
|
4920
|
+
# value into a subsequent `List Access Grants` request in order to
|
4921
|
+
# retrieve the next page of results.
|
4922
|
+
#
|
4923
|
+
# @option params [Integer] :max_results
|
4924
|
+
# The maximum number of access grants that you would like returned in
|
4925
|
+
# the `List Access Grants` response. If the results include the
|
4926
|
+
# pagination token `NextToken`, make another call using the `NextToken`
|
4927
|
+
# to determine if there are more results.
|
4928
|
+
#
|
4929
|
+
# @option params [String] :grantee_type
|
4930
|
+
# The type of the grantee to which access has been granted. It can be
|
4931
|
+
# one of the following values:
|
4932
|
+
#
|
4933
|
+
# * `IAM` - An IAM user or role.
|
4934
|
+
#
|
4935
|
+
# * `DIRECTORY_USER` - Your corporate directory user. You can use this
|
4936
|
+
# option if you have added your corporate identity directory to IAM
|
4937
|
+
# Identity Center and associated the IAM Identity Center instance with
|
4938
|
+
# your S3 Access Grants instance.
|
4939
|
+
#
|
4940
|
+
# * `DIRECTORY_GROUP` - Your corporate directory group. You can use this
|
4941
|
+
# option if you have added your corporate identity directory to IAM
|
4942
|
+
# Identity Center and associated the IAM Identity Center instance with
|
4943
|
+
# your S3 Access Grants instance.
|
4944
|
+
#
|
4945
|
+
# @option params [String] :grantee_identifier
|
4946
|
+
# The unique identifer of the `Grantee`. If the grantee type is `IAM`,
|
4947
|
+
# the identifier is the IAM Amazon Resource Name (ARN) of the user or
|
4948
|
+
# role. If the grantee type is a directory user or group, the identifier
|
4949
|
+
# is 128-bit universally unique identifier (UUID) in the format
|
4950
|
+
# `a1b2c3d4-5678-90ab-cdef-EXAMPLE11111`. You can obtain this UUID from
|
4951
|
+
# your Amazon Web Services IAM Identity Center instance.
|
4952
|
+
#
|
4953
|
+
# @option params [String] :permission
|
4954
|
+
# The type of permission granted to your S3 data, which can be set to
|
4955
|
+
# one of the following values:
|
4956
|
+
#
|
4957
|
+
# * `READ` – Grant read-only access to the S3 data.
|
4958
|
+
#
|
4959
|
+
# * `WRITE` – Grant write-only access to the S3 data.
|
4960
|
+
#
|
4961
|
+
# * `READWRITE` – Grant both read and write access to the S3 data.
|
4962
|
+
#
|
4963
|
+
# @option params [String] :grant_scope
|
4964
|
+
# The S3 path of the data to which you are granting access. It is the
|
4965
|
+
# result of appending the `Subprefix` to the location scope.
|
4966
|
+
#
|
4967
|
+
# @option params [String] :application_arn
|
4968
|
+
# The Amazon Resource Name (ARN) of an Amazon Web Services IAM Identity
|
4969
|
+
# Center application associated with your Identity Center instance. If
|
4970
|
+
# the grant includes an application ARN, the grantee can only access the
|
4971
|
+
# S3 data through this application.
|
4972
|
+
#
|
4973
|
+
# @return [Types::ListAccessGrantsResult] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
4974
|
+
#
|
4975
|
+
# * {Types::ListAccessGrantsResult#next_token #next_token} => String
|
4976
|
+
# * {Types::ListAccessGrantsResult#access_grants_list #access_grants_list} => Array<Types::ListAccessGrantEntry>
|
4977
|
+
#
|
4978
|
+
# The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
|
4979
|
+
#
|
4980
|
+
# @example Request syntax with placeholder values
|
4981
|
+
#
|
4982
|
+
# resp = client.list_access_grants({
|
4983
|
+
# account_id: "AccountId",
|
4984
|
+
# next_token: "ContinuationToken",
|
4985
|
+
# max_results: 1,
|
4986
|
+
# grantee_type: "DIRECTORY_USER", # accepts DIRECTORY_USER, DIRECTORY_GROUP, IAM
|
4987
|
+
# grantee_identifier: "GranteeIdentifier",
|
4988
|
+
# permission: "READ", # accepts READ, WRITE, READWRITE
|
4989
|
+
# grant_scope: "S3Prefix",
|
4990
|
+
# application_arn: "IdentityCenterApplicationArn",
|
4991
|
+
# })
|
4992
|
+
#
|
4993
|
+
# @example Response structure
|
4994
|
+
#
|
4995
|
+
# resp.next_token #=> String
|
4996
|
+
# resp.access_grants_list #=> Array
|
4997
|
+
# resp.access_grants_list[0].created_at #=> Time
|
4998
|
+
# resp.access_grants_list[0].access_grant_id #=> String
|
4999
|
+
# resp.access_grants_list[0].access_grant_arn #=> String
|
5000
|
+
# resp.access_grants_list[0].grantee.grantee_type #=> String, one of "DIRECTORY_USER", "DIRECTORY_GROUP", "IAM"
|
5001
|
+
# resp.access_grants_list[0].grantee.grantee_identifier #=> String
|
5002
|
+
# resp.access_grants_list[0].permission #=> String, one of "READ", "WRITE", "READWRITE"
|
5003
|
+
# resp.access_grants_list[0].access_grants_location_id #=> String
|
5004
|
+
# resp.access_grants_list[0].access_grants_location_configuration.s3_sub_prefix #=> String
|
5005
|
+
# resp.access_grants_list[0].grant_scope #=> String
|
5006
|
+
# resp.access_grants_list[0].application_arn #=> String
|
5007
|
+
#
|
5008
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/ListAccessGrants AWS API Documentation
|
5009
|
+
#
|
5010
|
+
# @overload list_access_grants(params = {})
|
5011
|
+
# @param [Hash] params ({})
|
5012
|
+
def list_access_grants(params = {}, options = {})
|
5013
|
+
req = build_request(:list_access_grants, params)
|
5014
|
+
req.send_request(options)
|
5015
|
+
end
|
5016
|
+
|
5017
|
+
# Returns a list of S3 Access Grants instances. An S3 Access Grants
|
5018
|
+
# instance serves as a logical grouping for your individual access
|
5019
|
+
# grants. You can only have one S3 Access Grants instance per Region per
|
5020
|
+
# account.
|
5021
|
+
#
|
5022
|
+
# Permissions
|
5023
|
+
#
|
5024
|
+
# : You must have the `s3:ListAccessGrantsInstances` permission to use
|
5025
|
+
# this operation.
|
5026
|
+
#
|
5027
|
+
# @option params [String] :account_id
|
5028
|
+
# The ID of the Amazon Web Services account that is making this request.
|
5029
|
+
#
|
5030
|
+
# @option params [String] :next_token
|
5031
|
+
# A pagination token to request the next page of results. Pass this
|
5032
|
+
# value into a subsequent `List Access Grants Instances` request in
|
5033
|
+
# order to retrieve the next page of results.
|
5034
|
+
#
|
5035
|
+
# @option params [Integer] :max_results
|
5036
|
+
# The maximum number of access grants that you would like returned in
|
5037
|
+
# the `List Access Grants` response. If the results include the
|
5038
|
+
# pagination token `NextToken`, make another call using the `NextToken`
|
5039
|
+
# to determine if there are more results.
|
5040
|
+
#
|
5041
|
+
# @return [Types::ListAccessGrantsInstancesResult] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
5042
|
+
#
|
5043
|
+
# * {Types::ListAccessGrantsInstancesResult#next_token #next_token} => String
|
5044
|
+
# * {Types::ListAccessGrantsInstancesResult#access_grants_instances_list #access_grants_instances_list} => Array<Types::ListAccessGrantsInstanceEntry>
|
5045
|
+
#
|
5046
|
+
# The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
|
5047
|
+
#
|
5048
|
+
# @example Request syntax with placeholder values
|
5049
|
+
#
|
5050
|
+
# resp = client.list_access_grants_instances({
|
5051
|
+
# account_id: "AccountId",
|
5052
|
+
# next_token: "ContinuationToken",
|
5053
|
+
# max_results: 1,
|
5054
|
+
# })
|
5055
|
+
#
|
5056
|
+
# @example Response structure
|
5057
|
+
#
|
5058
|
+
# resp.next_token #=> String
|
5059
|
+
# resp.access_grants_instances_list #=> Array
|
5060
|
+
# resp.access_grants_instances_list[0].access_grants_instance_id #=> String
|
5061
|
+
# resp.access_grants_instances_list[0].access_grants_instance_arn #=> String
|
5062
|
+
# resp.access_grants_instances_list[0].created_at #=> Time
|
5063
|
+
# resp.access_grants_instances_list[0].identity_center_arn #=> String
|
5064
|
+
#
|
5065
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/ListAccessGrantsInstances AWS API Documentation
|
5066
|
+
#
|
5067
|
+
# @overload list_access_grants_instances(params = {})
|
5068
|
+
# @param [Hash] params ({})
|
5069
|
+
def list_access_grants_instances(params = {}, options = {})
|
5070
|
+
req = build_request(:list_access_grants_instances, params)
|
5071
|
+
req.send_request(options)
|
5072
|
+
end
|
5073
|
+
|
5074
|
+
# Returns a list of the locations registered in your S3 Access Grants
|
5075
|
+
# instance.
|
5076
|
+
#
|
5077
|
+
# Permissions
|
5078
|
+
#
|
5079
|
+
# : You must have the `s3:ListAccessGrantsLocations` permission to use
|
5080
|
+
# this operation.
|
5081
|
+
#
|
5082
|
+
# @option params [String] :account_id
|
5083
|
+
# The ID of the Amazon Web Services account that is making this request.
|
5084
|
+
#
|
5085
|
+
# @option params [String] :next_token
|
5086
|
+
# A pagination token to request the next page of results. Pass this
|
5087
|
+
# value into a subsequent `List Access Grants Locations` request in
|
5088
|
+
# order to retrieve the next page of results.
|
5089
|
+
#
|
5090
|
+
# @option params [Integer] :max_results
|
5091
|
+
# The maximum number of access grants that you would like returned in
|
5092
|
+
# the `List Access Grants` response. If the results include the
|
5093
|
+
# pagination token `NextToken`, make another call using the `NextToken`
|
5094
|
+
# to determine if there are more results.
|
5095
|
+
#
|
5096
|
+
# @option params [String] :location_scope
|
5097
|
+
# The S3 path to the location that you are registering. The location
|
5098
|
+
# scope can be the default S3 location `s3://`, the S3 path to a bucket
|
5099
|
+
# `s3://<bucket>`, or the S3 path to a bucket and prefix
|
5100
|
+
# `s3://<bucket>/<prefix>`. A prefix in S3 is a string of characters at
|
5101
|
+
# the beginning of an object key name used to organize the objects that
|
5102
|
+
# you store in your S3 buckets. For example, object key names that start
|
5103
|
+
# with the `engineering/` prefix or object key names that start with the
|
5104
|
+
# `marketing/campaigns/` prefix.
|
5105
|
+
#
|
5106
|
+
# @return [Types::ListAccessGrantsLocationsResult] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
5107
|
+
#
|
5108
|
+
# * {Types::ListAccessGrantsLocationsResult#next_token #next_token} => String
|
5109
|
+
# * {Types::ListAccessGrantsLocationsResult#access_grants_locations_list #access_grants_locations_list} => Array<Types::ListAccessGrantsLocationsEntry>
|
5110
|
+
#
|
5111
|
+
# The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
|
5112
|
+
#
|
5113
|
+
# @example Request syntax with placeholder values
|
5114
|
+
#
|
5115
|
+
# resp = client.list_access_grants_locations({
|
5116
|
+
# account_id: "AccountId",
|
5117
|
+
# next_token: "ContinuationToken",
|
5118
|
+
# max_results: 1,
|
5119
|
+
# location_scope: "S3Prefix",
|
5120
|
+
# })
|
5121
|
+
#
|
5122
|
+
# @example Response structure
|
5123
|
+
#
|
5124
|
+
# resp.next_token #=> String
|
5125
|
+
# resp.access_grants_locations_list #=> Array
|
5126
|
+
# resp.access_grants_locations_list[0].created_at #=> Time
|
5127
|
+
# resp.access_grants_locations_list[0].access_grants_location_id #=> String
|
5128
|
+
# resp.access_grants_locations_list[0].access_grants_location_arn #=> String
|
5129
|
+
# resp.access_grants_locations_list[0].location_scope #=> String
|
5130
|
+
# resp.access_grants_locations_list[0].iam_role_arn #=> String
|
5131
|
+
#
|
5132
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/ListAccessGrantsLocations AWS API Documentation
|
5133
|
+
#
|
5134
|
+
# @overload list_access_grants_locations(params = {})
|
5135
|
+
# @param [Hash] params ({})
|
5136
|
+
def list_access_grants_locations(params = {}, options = {})
|
5137
|
+
req = build_request(:list_access_grants_locations, params)
|
5138
|
+
req.send_request(options)
|
5139
|
+
end
|
5140
|
+
|
5141
|
+
# <note markdown="1"> This operation is not supported by directory buckets.
|
5142
|
+
#
|
5143
|
+
# </note>
|
5144
|
+
#
|
3919
5145
|
# Returns a list of the access points that are owned by the current
|
3920
5146
|
# account that's associated with the specified bucket. You can retrieve
|
3921
5147
|
# up to 1000 access points per call. If the specified bucket has more
|
@@ -4018,6 +5244,10 @@ module Aws::S3Control
|
|
4018
5244
|
req.send_request(options)
|
4019
5245
|
end
|
4020
5246
|
|
5247
|
+
# <note markdown="1"> This operation is not supported by directory buckets.
|
5248
|
+
#
|
5249
|
+
# </note>
|
5250
|
+
#
|
4021
5251
|
# Returns some or all (up to 1,000) access points associated with the
|
4022
5252
|
# Object Lambda Access Point per call. If there are more access points
|
4023
5253
|
# than what can be returned in one call, the response will include a
|
@@ -4089,10 +5319,15 @@ module Aws::S3Control
|
|
4089
5319
|
req.send_request(options)
|
4090
5320
|
end
|
4091
5321
|
|
4092
|
-
# Lists current S3 Batch Operations jobs
|
4093
|
-
# the last 30 days for the Amazon Web Services account
|
4094
|
-
# request. For more information, see [S3 Batch Operations][1]
|
4095
|
-
# *Amazon S3 User Guide*.
|
5322
|
+
# Lists current S3 Batch Operations jobs as well as the jobs that have
|
5323
|
+
# ended within the last 30 days for the Amazon Web Services account
|
5324
|
+
# making the request. For more information, see [S3 Batch Operations][1]
|
5325
|
+
# in the *Amazon S3 User Guide*.
|
5326
|
+
#
|
5327
|
+
# Permissions
|
5328
|
+
#
|
5329
|
+
# : To use the `ListJobs` operation, you must have permission to perform
|
5330
|
+
# the `s3:ListJobs` action.
|
4096
5331
|
#
|
4097
5332
|
# Related actions include:
|
4098
5333
|
#
|
@@ -4174,6 +5409,10 @@ module Aws::S3Control
|
|
4174
5409
|
req.send_request(options)
|
4175
5410
|
end
|
4176
5411
|
|
5412
|
+
# <note markdown="1"> This operation is not supported by directory buckets.
|
5413
|
+
#
|
5414
|
+
# </note>
|
5415
|
+
#
|
4177
5416
|
# Returns a list of the Multi-Region Access Points currently associated
|
4178
5417
|
# with the specified Amazon Web Services account. Each call can return
|
4179
5418
|
# up to 100 Multi-Region Access Points, the maximum number of
|
@@ -4254,6 +5493,10 @@ module Aws::S3Control
|
|
4254
5493
|
req.send_request(options)
|
4255
5494
|
end
|
4256
5495
|
|
5496
|
+
# <note markdown="1"> This operation is not supported by directory buckets.
|
5497
|
+
#
|
5498
|
+
# </note>
|
5499
|
+
#
|
4257
5500
|
# Returns a list of all Outposts buckets in an Outpost that are owned by
|
4258
5501
|
# the authenticated sender of the request. For more information, see
|
4259
5502
|
# [Using Amazon S3 on Outposts][1] in the *Amazon S3 User Guide*.
|
@@ -4316,6 +5559,10 @@ module Aws::S3Control
|
|
4316
5559
|
req.send_request(options)
|
4317
5560
|
end
|
4318
5561
|
|
5562
|
+
# <note markdown="1"> This operation is not supported by directory buckets.
|
5563
|
+
#
|
5564
|
+
# </note>
|
5565
|
+
#
|
4319
5566
|
# Gets a list of Amazon S3 Storage Lens configurations. For more
|
4320
5567
|
# information about S3 Storage Lens, see [Assessing your storage
|
4321
5568
|
# activity and usage with Amazon S3 Storage Lens ][1] in the *Amazon S3
|
@@ -4425,32 +5672,43 @@ module Aws::S3Control
|
|
4425
5672
|
end
|
4426
5673
|
|
4427
5674
|
# This operation allows you to list all the Amazon Web Services resource
|
4428
|
-
# tags for
|
5675
|
+
# tags for a specified resource. Each tag is a label consisting of a
|
5676
|
+
# user-defined key and value. Tags can help you manage, identify,
|
5677
|
+
# organize, search for, and filter resources.
|
4429
5678
|
#
|
4430
|
-
#
|
4431
|
-
# `s3:ListTagsForResource` action. For more information about the
|
4432
|
-
# required Storage Lens Groups permissions, see [Setting account
|
4433
|
-
# permissions to use S3 Storage Lens groups][1].
|
5679
|
+
# Permissions
|
4434
5680
|
#
|
4435
|
-
#
|
4436
|
-
#
|
5681
|
+
# : You must have the `s3:ListTagsForResource` permission to use this
|
5682
|
+
# operation.
|
4437
5683
|
#
|
4438
|
-
# <note markdown="1"> This operation is only supported for [S3 Storage Lens groups][
|
5684
|
+
# <note markdown="1"> This operation is only supported for [S3 Storage Lens groups][1] and
|
5685
|
+
# for [S3 Access Grants][2]. The tagged resource can be an S3 Storage
|
5686
|
+
# Lens group or S3 Access Grants instance, registered location, or
|
5687
|
+
# grant.
|
4439
5688
|
#
|
4440
5689
|
# </note>
|
4441
5690
|
#
|
5691
|
+
# For more information about the required Storage Lens Groups
|
5692
|
+
# permissions, see [Setting account permissions to use S3 Storage Lens
|
5693
|
+
# groups][3].
|
4442
5694
|
#
|
5695
|
+
# For information about S3 Tagging errors, see [List of Amazon S3
|
5696
|
+
# Tagging error codes][4].
|
4443
5697
|
#
|
4444
|
-
#
|
4445
|
-
#
|
4446
|
-
# [
|
5698
|
+
#
|
5699
|
+
#
|
5700
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage-lens-groups.html
|
5701
|
+
# [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-grants-tagging.html
|
5702
|
+
# [3]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage_lens_iam_permissions.html#storage_lens_groups_permissions
|
5703
|
+
# [4]: https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#S3TaggingErrorCodeList
|
4447
5704
|
#
|
4448
5705
|
# @option params [String] :account_id
|
4449
5706
|
# The Amazon Web Services account ID of the resource owner.
|
4450
5707
|
#
|
4451
5708
|
# @option params [required, String] :resource_arn
|
4452
5709
|
# The Amazon Resource Name (ARN) of the S3 resource that you want to
|
4453
|
-
# list the tags for.
|
5710
|
+
# list the tags for. The tagged resource can be an S3 Storage Lens group
|
5711
|
+
# or S3 Access Grants instance, registered location, or grant.
|
4454
5712
|
#
|
4455
5713
|
# @return [Types::ListTagsForResourceResult] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
4456
5714
|
#
|
@@ -4478,6 +5736,57 @@ module Aws::S3Control
|
|
4478
5736
|
req.send_request(options)
|
4479
5737
|
end
|
4480
5738
|
|
5739
|
+
# Updates the resource policy of the S3 Access Grants instance.
|
5740
|
+
#
|
5741
|
+
# Permissions
|
5742
|
+
#
|
5743
|
+
# : You must have the `s3:PutAccessGrantsInstanceResourcePolicy`
|
5744
|
+
# permission to use this operation.
|
5745
|
+
#
|
5746
|
+
# @option params [String] :account_id
|
5747
|
+
# The ID of the Amazon Web Services account that is making this request.
|
5748
|
+
#
|
5749
|
+
# @option params [required, String] :policy
|
5750
|
+
# The resource policy of the S3 Access Grants instance that you are
|
5751
|
+
# updating.
|
5752
|
+
#
|
5753
|
+
# @option params [String] :organization
|
5754
|
+
# The Organization of the resource policy of the S3 Access Grants
|
5755
|
+
# instance.
|
5756
|
+
#
|
5757
|
+
# @return [Types::PutAccessGrantsInstanceResourcePolicyResult] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
5758
|
+
#
|
5759
|
+
# * {Types::PutAccessGrantsInstanceResourcePolicyResult#policy #policy} => String
|
5760
|
+
# * {Types::PutAccessGrantsInstanceResourcePolicyResult#organization #organization} => String
|
5761
|
+
# * {Types::PutAccessGrantsInstanceResourcePolicyResult#created_at #created_at} => Time
|
5762
|
+
#
|
5763
|
+
# @example Request syntax with placeholder values
|
5764
|
+
#
|
5765
|
+
# resp = client.put_access_grants_instance_resource_policy({
|
5766
|
+
# account_id: "AccountId",
|
5767
|
+
# policy: "PolicyDocument", # required
|
5768
|
+
# organization: "Organization",
|
5769
|
+
# })
|
5770
|
+
#
|
5771
|
+
# @example Response structure
|
5772
|
+
#
|
5773
|
+
# resp.policy #=> String
|
5774
|
+
# resp.organization #=> String
|
5775
|
+
# resp.created_at #=> Time
|
5776
|
+
#
|
5777
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/PutAccessGrantsInstanceResourcePolicy AWS API Documentation
|
5778
|
+
#
|
5779
|
+
# @overload put_access_grants_instance_resource_policy(params = {})
|
5780
|
+
# @param [Hash] params ({})
|
5781
|
+
def put_access_grants_instance_resource_policy(params = {}, options = {})
|
5782
|
+
req = build_request(:put_access_grants_instance_resource_policy, params)
|
5783
|
+
req.send_request(options)
|
5784
|
+
end
|
5785
|
+
|
5786
|
+
# <note markdown="1"> This operation is not supported by directory buckets.
|
5787
|
+
#
|
5788
|
+
# </note>
|
5789
|
+
#
|
4481
5790
|
# Replaces configuration for an Object Lambda Access Point.
|
4482
5791
|
#
|
4483
5792
|
# The following actions are related to
|
@@ -4535,6 +5844,10 @@ module Aws::S3Control
|
|
4535
5844
|
req.send_request(options)
|
4536
5845
|
end
|
4537
5846
|
|
5847
|
+
# <note markdown="1"> This operation is not supported by directory buckets.
|
5848
|
+
#
|
5849
|
+
# </note>
|
5850
|
+
#
|
4538
5851
|
# Associates an access policy with the specified access point. Each
|
4539
5852
|
# access point can have only one policy, so a request made to this API
|
4540
5853
|
# replaces any existing policy associated with the specified access
|
@@ -4611,6 +5924,10 @@ module Aws::S3Control
|
|
4611
5924
|
req.send_request(options)
|
4612
5925
|
end
|
4613
5926
|
|
5927
|
+
# <note markdown="1"> This operation is not supported by directory buckets.
|
5928
|
+
#
|
5929
|
+
# </note>
|
5930
|
+
#
|
4614
5931
|
# Creates or replaces resource policy for an Object Lambda Access Point.
|
4615
5932
|
# For an example policy, see [Creating Object Lambda Access Points][1]
|
4616
5933
|
# in the *Amazon S3 User Guide*.
|
@@ -5327,13 +6644,11 @@ module Aws::S3Control
|
|
5327
6644
|
# that is associated with the job. To modify the existing tag set, you
|
5328
6645
|
# can either replace the existing tag set entirely, or make changes
|
5329
6646
|
# within the existing tag set by retrieving the existing tag set using
|
5330
|
-
# [GetJobTagging][1], modify that tag set, and use this
|
6647
|
+
# [GetJobTagging][1], modify that tag set, and use this operation to
|
5331
6648
|
# replace the tag set with the one you modified. For more information,
|
5332
6649
|
# see [Controlling access and labeling jobs using tags][2] in the
|
5333
6650
|
# *Amazon S3 User Guide*.
|
5334
6651
|
#
|
5335
|
-
#
|
5336
|
-
#
|
5337
6652
|
# <note markdown="1"> * If you send this request with an empty tag set, Amazon S3 deletes
|
5338
6653
|
# the existing tag set on the Batch Operations job. If you use this
|
5339
6654
|
# method, you are charged for a Tier 1 Request (PUT). For more
|
@@ -5361,10 +6676,10 @@ module Aws::S3Control
|
|
5361
6676
|
#
|
5362
6677
|
# </note>
|
5363
6678
|
#
|
6679
|
+
# Permissions
|
5364
6680
|
#
|
5365
|
-
#
|
5366
|
-
#
|
5367
|
-
# perform the `s3:PutJobTagging` action.
|
6681
|
+
# : To use the `PutJobTagging` operation, you must have permission to
|
6682
|
+
# perform the `s3:PutJobTagging` action.
|
5368
6683
|
#
|
5369
6684
|
# Related actions include:
|
5370
6685
|
#
|
@@ -5417,6 +6732,10 @@ module Aws::S3Control
|
|
5417
6732
|
req.send_request(options)
|
5418
6733
|
end
|
5419
6734
|
|
6735
|
+
# <note markdown="1"> This operation is not supported by directory buckets.
|
6736
|
+
#
|
6737
|
+
# </note>
|
6738
|
+
#
|
5420
6739
|
# Associates an access control policy with the specified Multi-Region
|
5421
6740
|
# Access Point. Each Multi-Region Access Point can have only one policy,
|
5422
6741
|
# so a request made to this action replaces any existing policy that is
|
@@ -5483,6 +6802,10 @@ module Aws::S3Control
|
|
5483
6802
|
req.send_request(options)
|
5484
6803
|
end
|
5485
6804
|
|
6805
|
+
# <note markdown="1"> This operation is not supported by directory buckets.
|
6806
|
+
#
|
6807
|
+
# </note>
|
6808
|
+
#
|
5486
6809
|
# Creates or modifies the `PublicAccessBlock` configuration for an
|
5487
6810
|
# Amazon Web Services account. For this operation, users must have the
|
5488
6811
|
# `s3:PutAccountPublicAccessBlock` permission. For more information, see
|
@@ -5531,6 +6854,10 @@ module Aws::S3Control
|
|
5531
6854
|
req.send_request(options)
|
5532
6855
|
end
|
5533
6856
|
|
6857
|
+
# <note markdown="1"> This operation is not supported by directory buckets.
|
6858
|
+
#
|
6859
|
+
# </note>
|
6860
|
+
#
|
5534
6861
|
# Puts an Amazon S3 Storage Lens configuration. For more information
|
5535
6862
|
# about S3 Storage Lens, see [Working with Amazon S3 Storage Lens][1] in
|
5536
6863
|
# the *Amazon S3 User Guide*. For a complete list of S3 Storage Lens
|
@@ -5669,6 +6996,10 @@ module Aws::S3Control
|
|
5669
6996
|
req.send_request(options)
|
5670
6997
|
end
|
5671
6998
|
|
6999
|
+
# <note markdown="1"> This operation is not supported by directory buckets.
|
7000
|
+
#
|
7001
|
+
# </note>
|
7002
|
+
#
|
5672
7003
|
# Put or replace tags on an existing Amazon S3 Storage Lens
|
5673
7004
|
# configuration. For more information about S3 Storage Lens, see
|
5674
7005
|
# [Assessing your storage activity and usage with Amazon S3 Storage Lens
|
@@ -5723,6 +7054,10 @@ module Aws::S3Control
|
|
5723
7054
|
req.send_request(options)
|
5724
7055
|
end
|
5725
7056
|
|
7057
|
+
# <note markdown="1"> This operation is not supported by directory buckets.
|
7058
|
+
#
|
7059
|
+
# </note>
|
7060
|
+
#
|
5726
7061
|
# Submits an updated route configuration for a Multi-Region Access
|
5727
7062
|
# Point. This API operation updates the routing status for the specified
|
5728
7063
|
# Regions from active to passive, or from passive to active. A value of
|
@@ -5798,34 +7133,44 @@ module Aws::S3Control
|
|
5798
7133
|
end
|
5799
7134
|
|
5800
7135
|
# Creates a new Amazon Web Services resource tag or updates an existing
|
5801
|
-
# resource tag.
|
5802
|
-
#
|
7136
|
+
# resource tag. Each tag is a label consisting of a user-defined key and
|
7137
|
+
# value. Tags can help you manage, identify, organize, search for, and
|
7138
|
+
# filter resources. You can add up to 50 Amazon Web Services resource
|
7139
|
+
# tags for each S3 resource.
|
5803
7140
|
#
|
5804
|
-
#
|
5805
|
-
#
|
5806
|
-
#
|
5807
|
-
#
|
7141
|
+
# <note markdown="1"> This operation is only supported for [S3 Storage Lens groups][1] and
|
7142
|
+
# for [S3 Access Grants][2]. The tagged resource can be an S3 Storage
|
7143
|
+
# Lens group or S3 Access Grants instance, registered location, or
|
7144
|
+
# grant.
|
5808
7145
|
#
|
5809
|
-
#
|
5810
|
-
# Tagging error codes][2].
|
7146
|
+
# </note>
|
5811
7147
|
#
|
5812
|
-
#
|
7148
|
+
# Permissions
|
5813
7149
|
#
|
5814
|
-
#
|
7150
|
+
# : You must have the `s3:TagResource` permission to use this operation.
|
7151
|
+
#
|
7152
|
+
# For more information about the required Storage Lens Groups
|
7153
|
+
# permissions, see [Setting account permissions to use S3 Storage Lens
|
7154
|
+
# groups][3].
|
5815
7155
|
#
|
7156
|
+
# For information about S3 Tagging errors, see [List of Amazon S3
|
7157
|
+
# Tagging error codes][4].
|
5816
7158
|
#
|
5817
7159
|
#
|
5818
|
-
#
|
5819
|
-
# [
|
5820
|
-
# [
|
7160
|
+
#
|
7161
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage-lens-groups.html
|
7162
|
+
# [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-grants-tagging.html
|
7163
|
+
# [3]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage_lens_iam_permissions.html#storage_lens_groups_permissions
|
7164
|
+
# [4]: https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#S3TaggingErrorCodeList
|
5821
7165
|
#
|
5822
7166
|
# @option params [String] :account_id
|
5823
7167
|
# The Amazon Web Services account ID that created the S3 resource that
|
5824
|
-
# you're trying to add tags to.
|
7168
|
+
# you're trying to add tags to or the requester's account ID.
|
5825
7169
|
#
|
5826
7170
|
# @option params [required, String] :resource_arn
|
5827
7171
|
# The Amazon Resource Name (ARN) of the S3 resource that you're trying
|
5828
|
-
# to add tags to.
|
7172
|
+
# to add tags to. The tagged resource can be an S3 Storage Lens group or
|
7173
|
+
# S3 Access Grants instance, registered location, or grant.
|
5829
7174
|
#
|
5830
7175
|
# @option params [required, Array<Types::Tag>] :tags
|
5831
7176
|
# The Amazon Web Services resource tags that you want to add to the
|
@@ -5856,36 +7201,47 @@ module Aws::S3Control
|
|
5856
7201
|
end
|
5857
7202
|
|
5858
7203
|
# This operation removes the specified Amazon Web Services resource tags
|
5859
|
-
# from an S3 resource.
|
7204
|
+
# from an S3 resource. Each tag is a label consisting of a user-defined
|
7205
|
+
# key and value. Tags can help you manage, identify, organize, search
|
7206
|
+
# for, and filter resources.
|
5860
7207
|
#
|
5861
|
-
#
|
5862
|
-
#
|
5863
|
-
#
|
5864
|
-
#
|
7208
|
+
# <note markdown="1"> This operation is only supported for [S3 Storage Lens groups][1] and
|
7209
|
+
# for [S3 Access Grants][2]. The tagged resource can be an S3 Storage
|
7210
|
+
# Lens group or S3 Access Grants instance, registered location, or
|
7211
|
+
# grant.
|
5865
7212
|
#
|
5866
|
-
#
|
5867
|
-
# Tagging error codes][2].
|
7213
|
+
# </note>
|
5868
7214
|
#
|
5869
|
-
#
|
7215
|
+
# Permissions
|
5870
7216
|
#
|
5871
|
-
#
|
7217
|
+
# : You must have the `s3:UntagResource` permission to use this
|
7218
|
+
# operation.
|
7219
|
+
#
|
7220
|
+
# For more information about the required Storage Lens Groups
|
7221
|
+
# permissions, see [Setting account permissions to use S3 Storage Lens
|
7222
|
+
# groups][3].
|
5872
7223
|
#
|
7224
|
+
# For information about S3 Tagging errors, see [List of Amazon S3
|
7225
|
+
# Tagging error codes][4].
|
5873
7226
|
#
|
5874
7227
|
#
|
5875
|
-
#
|
5876
|
-
# [
|
5877
|
-
# [
|
7228
|
+
#
|
7229
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage-lens-groups.html
|
7230
|
+
# [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-grants-tagging.html
|
7231
|
+
# [3]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage_lens_iam_permissions.html#storage_lens_groups_permissions
|
7232
|
+
# [4]: https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#S3TaggingErrorCodeList
|
5878
7233
|
#
|
5879
7234
|
# @option params [String] :account_id
|
5880
7235
|
# The Amazon Web Services account ID that owns the resource that you're
|
5881
7236
|
# trying to remove the tags from.
|
5882
7237
|
#
|
5883
7238
|
# @option params [required, String] :resource_arn
|
5884
|
-
# The Amazon Resource Name (ARN) of the S3 resource that you
|
5885
|
-
# remove the
|
7239
|
+
# The Amazon Resource Name (ARN) of the S3 resource that you're trying
|
7240
|
+
# to remove the tags from.
|
5886
7241
|
#
|
5887
7242
|
# @option params [required, Array<String>] :tag_keys
|
5888
|
-
# The
|
7243
|
+
# The array of tag key-value pairs that you're trying to remove from of
|
7244
|
+
# the S3 resource.
|
5889
7245
|
#
|
5890
7246
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
5891
7247
|
#
|
@@ -5906,11 +7262,82 @@ module Aws::S3Control
|
|
5906
7262
|
req.send_request(options)
|
5907
7263
|
end
|
5908
7264
|
|
7265
|
+
# Updates the IAM role of a registered location in your S3 Access Grants
|
7266
|
+
# instance.
|
7267
|
+
#
|
7268
|
+
# Permissions
|
7269
|
+
#
|
7270
|
+
# : You must have the `s3:UpdateAccessGrantsLocation` permission to use
|
7271
|
+
# this operation.
|
7272
|
+
#
|
7273
|
+
# Additional Permissions
|
7274
|
+
#
|
7275
|
+
# : You must also have the following permission: `iam:PassRole`
|
7276
|
+
#
|
7277
|
+
# @option params [String] :account_id
|
7278
|
+
# The ID of the Amazon Web Services account that is making this request.
|
7279
|
+
#
|
7280
|
+
# @option params [required, String] :access_grants_location_id
|
7281
|
+
# The ID of the registered location that you are updating. S3 Access
|
7282
|
+
# Grants assigns this ID when you register the location. S3 Access
|
7283
|
+
# Grants assigns the ID `default` to the default location `s3://` and
|
7284
|
+
# assigns an auto-generated ID to other locations that you register.
|
7285
|
+
#
|
7286
|
+
# The ID of the registered location to which you are granting access. S3
|
7287
|
+
# Access Grants assigned this ID when you registered the location. S3
|
7288
|
+
# Access Grants assigns the ID `default` to the default location `s3://`
|
7289
|
+
# and assigns an auto-generated ID to other locations that you register.
|
7290
|
+
#
|
7291
|
+
# If you are passing the `default` location, you cannot create an access
|
7292
|
+
# grant for the entire default location. You must also specify a bucket
|
7293
|
+
# or a bucket and prefix in the `Subprefix` field.
|
7294
|
+
#
|
7295
|
+
# @option params [required, String] :iam_role_arn
|
7296
|
+
# The Amazon Resource Name (ARN) of the IAM role for the registered
|
7297
|
+
# location. S3 Access Grants assumes this role to manage access to the
|
7298
|
+
# registered location.
|
7299
|
+
#
|
7300
|
+
# @return [Types::UpdateAccessGrantsLocationResult] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
7301
|
+
#
|
7302
|
+
# * {Types::UpdateAccessGrantsLocationResult#created_at #created_at} => Time
|
7303
|
+
# * {Types::UpdateAccessGrantsLocationResult#access_grants_location_id #access_grants_location_id} => String
|
7304
|
+
# * {Types::UpdateAccessGrantsLocationResult#access_grants_location_arn #access_grants_location_arn} => String
|
7305
|
+
# * {Types::UpdateAccessGrantsLocationResult#location_scope #location_scope} => String
|
7306
|
+
# * {Types::UpdateAccessGrantsLocationResult#iam_role_arn #iam_role_arn} => String
|
7307
|
+
#
|
7308
|
+
# @example Request syntax with placeholder values
|
7309
|
+
#
|
7310
|
+
# resp = client.update_access_grants_location({
|
7311
|
+
# account_id: "AccountId",
|
7312
|
+
# access_grants_location_id: "AccessGrantsLocationId", # required
|
7313
|
+
# iam_role_arn: "IAMRoleArn", # required
|
7314
|
+
# })
|
7315
|
+
#
|
7316
|
+
# @example Response structure
|
7317
|
+
#
|
7318
|
+
# resp.created_at #=> Time
|
7319
|
+
# resp.access_grants_location_id #=> String
|
7320
|
+
# resp.access_grants_location_arn #=> String
|
7321
|
+
# resp.location_scope #=> String
|
7322
|
+
# resp.iam_role_arn #=> String
|
7323
|
+
#
|
7324
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/UpdateAccessGrantsLocation AWS API Documentation
|
7325
|
+
#
|
7326
|
+
# @overload update_access_grants_location(params = {})
|
7327
|
+
# @param [Hash] params ({})
|
7328
|
+
def update_access_grants_location(params = {}, options = {})
|
7329
|
+
req = build_request(:update_access_grants_location, params)
|
7330
|
+
req.send_request(options)
|
7331
|
+
end
|
7332
|
+
|
5909
7333
|
# Updates an existing S3 Batch Operations job's priority. For more
|
5910
7334
|
# information, see [S3 Batch Operations][1] in the *Amazon S3 User
|
5911
7335
|
# Guide*.
|
5912
7336
|
#
|
7337
|
+
# Permissions
|
5913
7338
|
#
|
7339
|
+
# : To use the `UpdateJobPriority` operation, you must have permission
|
7340
|
+
# to perform the `s3:UpdateJobPriority` action.
|
5914
7341
|
#
|
5915
7342
|
# Related actions include:
|
5916
7343
|
#
|
@@ -5967,12 +7394,15 @@ module Aws::S3Control
|
|
5967
7394
|
req.send_request(options)
|
5968
7395
|
end
|
5969
7396
|
|
5970
|
-
# Updates the status for the specified job. Use this
|
5971
|
-
# that you want to run a job or to cancel an existing job. For
|
5972
|
-
# information, see [S3 Batch Operations][1] in the *Amazon S3 User
|
7397
|
+
# Updates the status for the specified job. Use this operation to
|
7398
|
+
# confirm that you want to run a job or to cancel an existing job. For
|
7399
|
+
# more information, see [S3 Batch Operations][1] in the *Amazon S3 User
|
5973
7400
|
# Guide*.
|
5974
7401
|
#
|
7402
|
+
# Permissions
|
5975
7403
|
#
|
7404
|
+
# : To use the `UpdateJobStatus` operation, you must have permission to
|
7405
|
+
# perform the `s3:UpdateJobStatus` action.
|
5976
7406
|
#
|
5977
7407
|
# Related actions include:
|
5978
7408
|
#
|
@@ -6149,7 +7579,7 @@ module Aws::S3Control
|
|
6149
7579
|
params: params,
|
6150
7580
|
config: config)
|
6151
7581
|
context[:gem_name] = 'aws-sdk-s3control'
|
6152
|
-
context[:gem_version] = '1.
|
7582
|
+
context[:gem_version] = '1.74.0'
|
6153
7583
|
Seahorse::Client::Request.new(handlers, context)
|
6154
7584
|
end
|
6155
7585
|
|