2021/09/02 - AWS S3 Control - 8 new api methods
Changes Added support for S3 Multi-Region Access Points
Indicates whether the specified Multi-Region Access Point has an access control policy that allows public access.
This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around managing Multi-Region Access Points, see Managing Multi-Region Access Points in the Amazon S3 User Guide.
The following actions are related to GetMultiRegionAccessPointPolicyStatus:
See also: AWS API Documentation
Request Syntax
client.get_multi_region_access_point_policy_status( AccountId='string', Name='string' )
string
[REQUIRED]
The Amazon Web Services account ID for the owner of the Multi-Region Access Point.
string
[REQUIRED]
Specifies the Multi-Region Access Point. The name of the Multi-Region Access Point is different from the alias. For more information about the distinction between the name and the alias of an Multi-Region Access Point, see Managing Multi-Region Access Points in the Amazon S3 User Guide.
dict
Response Syntax
{ 'Established': { 'IsPublic': True|False } }
Response Structure
(dict) --
Established (dict) --
Indicates whether this access point policy is public. For more information about how Amazon S3 evaluates policies to determine whether they are public, see The Meaning of "Public" in the Amazon S3 User Guide.
IsPublic (boolean) --
Returns configuration information about the specified Multi-Region Access Point.
This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around managing Multi-Region Access Points, see Managing Multi-Region Access Points in the Amazon S3 User Guide.
The following actions are related to GetMultiRegionAccessPoint:
See also: AWS API Documentation
Request Syntax
client.get_multi_region_access_point( AccountId='string', Name='string' )
string
[REQUIRED]
The Amazon Web Services account ID for the owner of the Multi-Region Access Point.
string
[REQUIRED]
The name of the Multi-Region Access Point whose configuration information you want to receive. The name of the Multi-Region Access Point is different from the alias. For more information about the distinction between the name and the alias of an Multi-Region Access Point, see Managing Multi-Region Access Points in the Amazon S3 User Guide.
dict
Response Syntax
{ 'AccessPoint': { 'Name': 'string', 'Alias': 'string', 'CreatedAt': datetime(2015, 1, 1), 'PublicAccessBlock': { 'BlockPublicAcls': True|False, 'IgnorePublicAcls': True|False, 'BlockPublicPolicy': True|False, 'RestrictPublicBuckets': True|False }, 'Status': 'READY'|'INCONSISTENT_ACROSS_REGIONS'|'CREATING'|'PARTIALLY_CREATED'|'PARTIALLY_DELETED'|'DELETING', 'Regions': [ { 'Bucket': 'string', 'Region': 'string' }, ] } }
Response Structure
(dict) --
AccessPoint (dict) --
A container element containing the details of the requested Multi-Region Access Point.
Name (string) --
The name of the Multi-Region Access Point.
Alias (string) --
The alias for the Multi-Region Access Point. For more information about the distinction between the name and the alias of an Multi-Region Access Point, see Managing Multi-Region Access Points.
CreatedAt (datetime) --
When the Multi-Region Access Point create request was received.
PublicAccessBlock (dict) --
The PublicAccessBlock configuration that you want to apply to this Amazon S3 account. You can enable the configuration options in any combination. For more information about when Amazon S3 considers a bucket or object public, see The Meaning of "Public" in the Amazon S3 User Guide.
This is not supported for Amazon S3 on Outposts.
BlockPublicAcls (boolean) --
Specifies whether Amazon S3 should block public access control lists (ACLs) for buckets in this account. Setting this element to TRUE causes the following behavior:
PUT Bucket acl and PUT Object acl calls fail if the specified ACL is public.
PUT Object calls fail if the request includes a public ACL.
PUT Bucket calls fail if the request includes a public ACL.
Enabling this setting doesn't affect existing policies or ACLs.
This is not supported for Amazon S3 on Outposts.
IgnorePublicAcls (boolean) --
Specifies whether Amazon S3 should ignore public ACLs for buckets in this account. Setting this element to TRUE causes Amazon S3 to ignore all public ACLs on buckets in this account and any objects that they contain.
Enabling this setting doesn't affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set.
This is not supported for Amazon S3 on Outposts.
BlockPublicPolicy (boolean) --
Specifies whether Amazon S3 should block public bucket policies for buckets in this account. Setting this element to TRUE causes Amazon S3 to reject calls to PUT Bucket policy if the specified bucket policy allows public access.
Enabling this setting doesn't affect existing bucket policies.
This is not supported for Amazon S3 on Outposts.
RestrictPublicBuckets (boolean) --
Specifies whether Amazon S3 should restrict public bucket policies for buckets in this account. Setting this element to TRUE restricts access to buckets with public policies to only Amazon Web Service principals and authorized users within this account.
Enabling this setting doesn't affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked.
This is not supported for Amazon S3 on Outposts.
Status (string) --
The current status of the Multi-Region Access Point.
CREATING and DELETING are temporary states that exist while the request is propogating and being completed. If a Multi-Region Access Point has a status of PARTIALLY_CREATED, you can retry creation or send a request to delete the Multi-Region Access Point. If a Multi-Region Access Point has a status of PARTIALLY_DELETED, you can retry a delete request to finish the deletion of the Multi-Region Access Point.
Regions (list) --
A collection of the Regions and buckets associated with the Multi-Region Access Point.
(dict) --
A combination of a bucket and Region that's part of a Multi-Region Access Point.
Bucket (string) --
The name of the bucket.
Region (string) --
The name of the Region.
Returns a list of the Multi-Region Access Points currently associated with the specified Amazon Web Services account. Each call can return up to 100 Multi-Region Access Points, the maximum number of Multi-Region Access Points that can be associated with a single account.
This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around managing Multi-Region Access Points, see Managing Multi-Region Access Points in the Amazon S3 User Guide.
The following actions are related to ListMultiRegionAccessPoint:
See also: AWS API Documentation
Request Syntax
client.list_multi_region_access_points( AccountId='string', NextToken='string', MaxResults=123 )
string
[REQUIRED]
The Amazon Web Services account ID for the owner of the Multi-Region Access Point.
string
Not currently used. Do not use this parameter.
integer
Not currently used. Do not use this parameter.
dict
Response Syntax
{ 'AccessPoints': [ { 'Name': 'string', 'Alias': 'string', 'CreatedAt': datetime(2015, 1, 1), 'PublicAccessBlock': { 'BlockPublicAcls': True|False, 'IgnorePublicAcls': True|False, 'BlockPublicPolicy': True|False, 'RestrictPublicBuckets': True|False }, 'Status': 'READY'|'INCONSISTENT_ACROSS_REGIONS'|'CREATING'|'PARTIALLY_CREATED'|'PARTIALLY_DELETED'|'DELETING', 'Regions': [ { 'Bucket': 'string', 'Region': 'string' }, ] }, ], 'NextToken': 'string' }
Response Structure
(dict) --
AccessPoints (list) --
The list of Multi-Region Access Points associated with the user.
(dict) --
A collection of statuses for a Multi-Region Access Point in the various Regions it supports.
Name (string) --
The name of the Multi-Region Access Point.
Alias (string) --
The alias for the Multi-Region Access Point. For more information about the distinction between the name and the alias of an Multi-Region Access Point, see Managing Multi-Region Access Points.
CreatedAt (datetime) --
When the Multi-Region Access Point create request was received.
PublicAccessBlock (dict) --
The PublicAccessBlock configuration that you want to apply to this Amazon S3 account. You can enable the configuration options in any combination. For more information about when Amazon S3 considers a bucket or object public, see The Meaning of "Public" in the Amazon S3 User Guide.
This is not supported for Amazon S3 on Outposts.
BlockPublicAcls (boolean) --
Specifies whether Amazon S3 should block public access control lists (ACLs) for buckets in this account. Setting this element to TRUE causes the following behavior:
PUT Bucket acl and PUT Object acl calls fail if the specified ACL is public.
PUT Object calls fail if the request includes a public ACL.
PUT Bucket calls fail if the request includes a public ACL.
Enabling this setting doesn't affect existing policies or ACLs.
This is not supported for Amazon S3 on Outposts.
IgnorePublicAcls (boolean) --
Specifies whether Amazon S3 should ignore public ACLs for buckets in this account. Setting this element to TRUE causes Amazon S3 to ignore all public ACLs on buckets in this account and any objects that they contain.
Enabling this setting doesn't affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set.
This is not supported for Amazon S3 on Outposts.
BlockPublicPolicy (boolean) --
Specifies whether Amazon S3 should block public bucket policies for buckets in this account. Setting this element to TRUE causes Amazon S3 to reject calls to PUT Bucket policy if the specified bucket policy allows public access.
Enabling this setting doesn't affect existing bucket policies.
This is not supported for Amazon S3 on Outposts.
RestrictPublicBuckets (boolean) --
Specifies whether Amazon S3 should restrict public bucket policies for buckets in this account. Setting this element to TRUE restricts access to buckets with public policies to only Amazon Web Service principals and authorized users within this account.
Enabling this setting doesn't affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked.
This is not supported for Amazon S3 on Outposts.
Status (string) --
The current status of the Multi-Region Access Point.
CREATING and DELETING are temporary states that exist while the request is propogating and being completed. If a Multi-Region Access Point has a status of PARTIALLY_CREATED, you can retry creation or send a request to delete the Multi-Region Access Point. If a Multi-Region Access Point has a status of PARTIALLY_DELETED, you can retry a delete request to finish the deletion of the Multi-Region Access Point.
Regions (list) --
A collection of the Regions and buckets associated with the Multi-Region Access Point.
(dict) --
A combination of a bucket and Region that's part of a Multi-Region Access Point.
Bucket (string) --
The name of the bucket.
Region (string) --
The name of the Region.
NextToken (string) --
If the specified bucket has more Multi-Region Access Points than can be returned in one call to this action, this field contains a continuation token. You can use this token tin subsequent calls to this action to retrieve additional Multi-Region Access Points.
Creates a Multi-Region Access Point and associates it with the specified buckets. For more information about creating Multi-Region Access Points, see Creating Multi-Region Access Points in the Amazon S3 User Guide.
This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around managing Multi-Region Access Points, see Managing Multi-Region Access Points in the Amazon S3 User Guide.
This request is asynchronous, meaning that you might receive a response before the command has completed. When this request provides a response, it provides a token that you can use to monitor the status of the request with DescribeMultiRegionAccessPointOperation.
The following actions are related to CreateMultiRegionAccessPoint:
See also: AWS API Documentation
Request Syntax
client.create_multi_region_access_point( AccountId='string', ClientToken='string', Details={ 'Name': 'string', 'PublicAccessBlock': { 'BlockPublicAcls': True|False, 'IgnorePublicAcls': True|False, 'BlockPublicPolicy': True|False, 'RestrictPublicBuckets': True|False }, 'Regions': [ { 'Bucket': 'string' }, ] } )
string
[REQUIRED]
The Amazon Web Services account ID for the owner of the Multi-Region Access Point. The owner of the Multi-Region Access Point also must own the underlying buckets.
string
[REQUIRED]
An idempotency token used to identify the request and guarantee that requests are unique.
This field is autopopulated if not provided.
dict
[REQUIRED]
A container element containing details about the Multi-Region Access Point.
Name (string) -- [REQUIRED]
The name of the Multi-Region Access Point associated with this request.
PublicAccessBlock (dict) --
The PublicAccessBlock configuration that you want to apply to this Amazon S3 account. You can enable the configuration options in any combination. For more information about when Amazon S3 considers a bucket or object public, see The Meaning of "Public" in the Amazon S3 User Guide.
This is not supported for Amazon S3 on Outposts.
BlockPublicAcls (boolean) --
Specifies whether Amazon S3 should block public access control lists (ACLs) for buckets in this account. Setting this element to TRUE causes the following behavior:
PUT Bucket acl and PUT Object acl calls fail if the specified ACL is public.
PUT Object calls fail if the request includes a public ACL.
PUT Bucket calls fail if the request includes a public ACL.
Enabling this setting doesn't affect existing policies or ACLs.
This is not supported for Amazon S3 on Outposts.
IgnorePublicAcls (boolean) --
Specifies whether Amazon S3 should ignore public ACLs for buckets in this account. Setting this element to TRUE causes Amazon S3 to ignore all public ACLs on buckets in this account and any objects that they contain.
Enabling this setting doesn't affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set.
This is not supported for Amazon S3 on Outposts.
BlockPublicPolicy (boolean) --
Specifies whether Amazon S3 should block public bucket policies for buckets in this account. Setting this element to TRUE causes Amazon S3 to reject calls to PUT Bucket policy if the specified bucket policy allows public access.
Enabling this setting doesn't affect existing bucket policies.
This is not supported for Amazon S3 on Outposts.
RestrictPublicBuckets (boolean) --
Specifies whether Amazon S3 should restrict public bucket policies for buckets in this account. Setting this element to TRUE restricts access to buckets with public policies to only Amazon Web Service principals and authorized users within this account.
Enabling this setting doesn't affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked.
This is not supported for Amazon S3 on Outposts.
Regions (list) -- [REQUIRED]
The buckets in different Regions that are associated with the Multi-Region Access Point.
(dict) --
A Region that supports a Multi-Region Access Point as well as the associated bucket for the Region.
Bucket (string) -- [REQUIRED]
The name of the associated bucket for the Region.
dict
Response Syntax
{ 'RequestTokenARN': 'string' }
Response Structure
(dict) --
RequestTokenARN (string) --
The request token associated with the request. You can use this token with DescribeMultiRegionAccessPointOperation to determine the status of asynchronous requests.
Returns the access control policy of the specified Multi-Region Access Point.
This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around managing Multi-Region Access Points, see Managing Multi-Region Access Points in the Amazon S3 User Guide.
The following actions are related to GetMultiRegionAccessPointPolicy:
See also: AWS API Documentation
Request Syntax
client.get_multi_region_access_point_policy( AccountId='string', Name='string' )
string
[REQUIRED]
The Amazon Web Services account ID for the owner of the Multi-Region Access Point.
string
[REQUIRED]
Specifies the Multi-Region Access Point. The name of the Multi-Region Access Point is different from the alias. For more information about the distinction between the name and the alias of an Multi-Region Access Point, see Managing Multi-Region Access Points in the Amazon S3 User Guide.
dict
Response Syntax
{ 'Policy': { 'Established': { 'Policy': 'string' }, 'Proposed': { 'Policy': 'string' } } }
Response Structure
(dict) --
Policy (dict) --
The policy associated with the specified Multi-Region Access Point.
Established (dict) --
The last established policy for the Multi-Region Access Point.
Policy (string) --
The details of the last established policy.
Proposed (dict) --
The proposed policy for the Multi-Region Access Point.
Policy (string) --
The details of the proposed policy.
Deletes a Multi-Region Access Point. This action does not delete the buckets associated with the Multi-Region Access Point, only the Multi-Region Access Point itself.
This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around managing Multi-Region Access Points, see Managing Multi-Region Access Points in the Amazon S3 User Guide.
This request is asynchronous, meaning that you might receive a response before the command has completed. When this request provides a response, it provides a token that you can use to monitor the status of the request with DescribeMultiRegionAccessPointOperation.
The following actions are related to DeleteMultiRegionAccessPoint:
See also: AWS API Documentation
Request Syntax
client.delete_multi_region_access_point( AccountId='string', ClientToken='string', Details={ 'Name': 'string' } )
string
[REQUIRED]
The Amazon Web Services account ID for the owner of the Multi-Region Access Point.
string
[REQUIRED]
An idempotency token used to identify the request and guarantee that requests are unique.
This field is autopopulated if not provided.
dict
[REQUIRED]
A container element containing details about the Multi-Region Access Point.
Name (string) -- [REQUIRED]
The name of the Multi-Region Access Point associated with this request.
dict
Response Syntax
{ 'RequestTokenARN': 'string' }
Response Structure
(dict) --
RequestTokenARN (string) --
The request token associated with the request. You can use this token with DescribeMultiRegionAccessPointOperation to determine the status of asynchronous requests.
Associates an access control policy with the specified Multi-Region Access Point. Each Multi-Region Access Point can have only one policy, so a request made to this action replaces any existing policy that is associated with the specified Multi-Region Access Point.
This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around managing Multi-Region Access Points, see Managing Multi-Region Access Points in the Amazon S3 User Guide.
The following actions are related to PutMultiRegionAccessPointPolicy:
See also: AWS API Documentation
Request Syntax
client.put_multi_region_access_point_policy( AccountId='string', ClientToken='string', Details={ 'Name': 'string', 'Policy': 'string' } )
string
[REQUIRED]
The Amazon Web Services account ID for the owner of the Multi-Region Access Point.
string
[REQUIRED]
An idempotency token used to identify the request and guarantee that requests are unique.
This field is autopopulated if not provided.
dict
[REQUIRED]
A container element containing the details of the policy for the Multi-Region Access Point.
Name (string) -- [REQUIRED]
The name of the Multi-Region Access Point associated with the request.
Policy (string) -- [REQUIRED]
The policy details for the PutMultiRegionAccessPoint request.
dict
Response Syntax
{ 'RequestTokenARN': 'string' }
Response Structure
(dict) --
RequestTokenARN (string) --
The request token associated with the request. You can use this token with DescribeMultiRegionAccessPointOperation to determine the status of asynchronous requests.
Retrieves the status of an asynchronous request to manage a Multi-Region Access Point. For more information about managing Multi-Region Access Points and how asynchronous requests work, see Managing Multi-Region Access Points in the Amazon S3 User Guide.
The following actions are related to GetMultiRegionAccessPoint:
See also: AWS API Documentation
Request Syntax
client.describe_multi_region_access_point_operation( AccountId='string', RequestTokenARN='string' )
string
[REQUIRED]
The Amazon Web Services account ID for the owner of the Multi-Region Access Point.
string
[REQUIRED]
The request token associated with the request you want to know about. This request token is returned as part of the response when you make an asynchronous request. You provide this token to query about the status of the asynchronous action.
dict
Response Syntax
{ 'AsyncOperation': { 'CreationTime': datetime(2015, 1, 1), 'Operation': 'CreateMultiRegionAccessPoint'|'DeleteMultiRegionAccessPoint'|'PutMultiRegionAccessPointPolicy', 'RequestTokenARN': 'string', 'RequestParameters': { 'CreateMultiRegionAccessPointRequest': { 'Name': 'string', 'PublicAccessBlock': { 'BlockPublicAcls': True|False, 'IgnorePublicAcls': True|False, 'BlockPublicPolicy': True|False, 'RestrictPublicBuckets': True|False }, 'Regions': [ { 'Bucket': 'string' }, ] }, 'DeleteMultiRegionAccessPointRequest': { 'Name': 'string' }, 'PutMultiRegionAccessPointPolicyRequest': { 'Name': 'string', 'Policy': 'string' } }, 'RequestStatus': 'string', 'ResponseDetails': { 'MultiRegionAccessPointDetails': { 'Regions': [ { 'Name': 'string', 'RequestStatus': 'string' }, ] }, 'ErrorDetails': { 'Code': 'string', 'Message': 'string', 'Resource': 'string', 'RequestId': 'string' } } } }
Response Structure
(dict) --
AsyncOperation (dict) --
A container element containing the details of the asynchronous operation.
CreationTime (datetime) --
The time that the request was sent to the service.
Operation (string) --
The specific operation for the asynchronous request.
RequestTokenARN (string) --
The request token associated with the request.
RequestParameters (dict) --
The parameters associated with the request.
CreateMultiRegionAccessPointRequest (dict) --
A container of the parameters for a CreateMultiRegionAccessPoint request.
Name (string) --
The name of the Multi-Region Access Point associated with this request.
PublicAccessBlock (dict) --
The PublicAccessBlock configuration that you want to apply to this Amazon S3 account. You can enable the configuration options in any combination. For more information about when Amazon S3 considers a bucket or object public, see The Meaning of "Public" in the Amazon S3 User Guide.
This is not supported for Amazon S3 on Outposts.
BlockPublicAcls (boolean) --
Specifies whether Amazon S3 should block public access control lists (ACLs) for buckets in this account. Setting this element to TRUE causes the following behavior:
PUT Bucket acl and PUT Object acl calls fail if the specified ACL is public.
PUT Object calls fail if the request includes a public ACL.
PUT Bucket calls fail if the request includes a public ACL.
Enabling this setting doesn't affect existing policies or ACLs.
This is not supported for Amazon S3 on Outposts.
IgnorePublicAcls (boolean) --
Specifies whether Amazon S3 should ignore public ACLs for buckets in this account. Setting this element to TRUE causes Amazon S3 to ignore all public ACLs on buckets in this account and any objects that they contain.
Enabling this setting doesn't affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set.
This is not supported for Amazon S3 on Outposts.
BlockPublicPolicy (boolean) --
Specifies whether Amazon S3 should block public bucket policies for buckets in this account. Setting this element to TRUE causes Amazon S3 to reject calls to PUT Bucket policy if the specified bucket policy allows public access.
Enabling this setting doesn't affect existing bucket policies.
This is not supported for Amazon S3 on Outposts.
RestrictPublicBuckets (boolean) --
Specifies whether Amazon S3 should restrict public bucket policies for buckets in this account. Setting this element to TRUE restricts access to buckets with public policies to only Amazon Web Service principals and authorized users within this account.
Enabling this setting doesn't affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked.
This is not supported for Amazon S3 on Outposts.
Regions (list) --
The buckets in different Regions that are associated with the Multi-Region Access Point.
(dict) --
A Region that supports a Multi-Region Access Point as well as the associated bucket for the Region.
Bucket (string) --
The name of the associated bucket for the Region.
DeleteMultiRegionAccessPointRequest (dict) --
A container of the parameters for a DeleteMultiRegionAccessPoint request.
Name (string) --
The name of the Multi-Region Access Point associated with this request.
PutMultiRegionAccessPointPolicyRequest (dict) --
A container of the parameters for a PutMultiRegionAccessPoint request.
Name (string) --
The name of the Multi-Region Access Point associated with the request.
Policy (string) --
The policy details for the PutMultiRegionAccessPoint request.
RequestStatus (string) --
The current status of the request.
ResponseDetails (dict) --
The details of the response.
MultiRegionAccessPointDetails (dict) --
The details for the Multi-Region Access Point.
Regions (list) --
A collection of status information for the different Regions that a Multi-Region Access Point supports.
(dict) --
Status information for a single Multi-Region Access Point Region.
Name (string) --
The name of the Region in the Multi-Region Access Point.
RequestStatus (string) --
The current status of the Multi-Region Access Point in this Region.
ErrorDetails (dict) --
Error details for an asynchronous request.
Code (string) --
A string that uniquely identifies the error condition.
Message (string) --
A generic descritpion of the error condition in English.
Resource (string) --
The identifier of the resource associated with the error.
RequestId (string) --
The ID of the request associated with the error.