2025/06/25 - Amazon FSx - 3 new api methods
Changes Add support for the ability to create Amazon S3 Access Points for Amazon FSx for OpenZFS file systems.
Creates an S3 access point and attaches it to an Amazon FSx volume. For FSx for OpenZFS file systems, the volume must be hosted on a high-availability file system, either Single-AZ or Multi-AZ. For more information, see Accessing your data using access points in the Amazon FSx for OpenZFS User Guide.
The requester requires the following permissions to perform these actions:
fsx:CreateAndAttachS3AccessPoint
s3:CreateAccessPoint
s3:GetAccessPoint
s3:PutAccessPointPolicy
s3:DeleteAccessPoint
The following actions are related to CreateAndAttachS3AccessPoint:
DescribeS3AccessPointAttachments
DetachAndDeleteS3AccessPoint
See also: AWS API Documentation
Request Syntax
client.create_and_attach_s3_access_point(
ClientRequestToken='string',
Name='string',
Type='OPENZFS',
OpenZFSConfiguration={
'VolumeId': 'string',
'FileSystemIdentity': {
'Type': 'POSIX',
'PosixUser': {
'Uid': 123,
'Gid': 123,
'SecondaryGids': [
123,
]
}
}
},
S3AccessPoint={
'VpcConfiguration': {
'VpcId': 'string'
},
'Policy': 'string'
}
)
string
(Optional) An idempotency token for resource creation, in a string of up to 63 ASCII characters. This token is automatically filled on your behalf when you use the Command Line Interface (CLI) or an Amazon Web Services SDK.
This field is autopopulated if not provided.
string
[REQUIRED]
The name you want to assign to this S3 access point.
string
[REQUIRED]
The type of S3 access point you want to create. Only OpenZFS is supported.
dict
Specifies the configuration to use when creating and attaching an S3 access point to an FSx for OpenZFS volume.
VolumeId (string) -- [REQUIRED]
The ID of the FSx for OpenZFS volume to which you want the S3 access point attached.
FileSystemIdentity (dict) -- [REQUIRED]
Specifies the file system user identity to use for authorizing file read and write requests that are made using this S3 access point.
Type (string) -- [REQUIRED]
Specifies the FSx for OpenZFS user identity type, accepts only POSIX.
PosixUser (dict) --
Specifies the UID and GIDs of the file system POSIX user.
Uid (integer) -- [REQUIRED]
The UID of the file system user.
Gid (integer) -- [REQUIRED]
The GID of the file system user.
SecondaryGids (list) --
The list of secondary GIDs for the file system user.
(integer) --
dict
Specifies the virtual private cloud (VPC) configuration if you're creating an access point that is restricted to a VPC. For more information, see Creating access points restricted to a virtual private cloud.
VpcConfiguration (dict) --
If included, Amazon S3 restricts access to this S3 access point to requests made from the specified virtual private cloud (VPC).
VpcId (string) --
Specifies the virtual private cloud (VPC) for the S3 access point VPC configuration, if one exists.
Policy (string) --
Specifies an access policy to associate with the S3 access point configuration. For more information, see Configuring IAM policies for using access points in the Amazon Simple Storage Service User Guide.
dict
Response Syntax
{
'S3AccessPointAttachment': {
'Lifecycle': 'AVAILABLE'|'CREATING'|'DELETING'|'UPDATING'|'FAILED',
'LifecycleTransitionReason': {
'Message': 'string'
},
'CreationTime': datetime(2015, 1, 1),
'Name': 'string',
'Type': 'OPENZFS',
'OpenZFSConfiguration': {
'VolumeId': 'string',
'FileSystemIdentity': {
'Type': 'POSIX',
'PosixUser': {
'Uid': 123,
'Gid': 123,
'SecondaryGids': [
123,
]
}
}
},
'S3AccessPoint': {
'ResourceARN': 'string',
'Alias': 'string',
'VpcConfiguration': {
'VpcId': 'string'
}
}
}
}
Response Structure
(dict) --
S3AccessPointAttachment (dict) --
Describes the configuration of the S3 access point created.
Lifecycle (string) --
The lifecycle status of the S3 access point attachment. The lifecycle can have the following values:
AVAILABLE - the S3 access point attachment is available for use
CREATING - Amazon FSx is creating the S3 access point and attachment
DELETING - Amazon FSx is deleting the S3 access point and attachment
FAILED - The S3 access point attachment is in a failed state. Delete and detach the S3 access point attachment, and create a new one.
UPDATING - Amazon FSx is updating the S3 access point attachment
LifecycleTransitionReason (dict) --
Describes why a resource lifecycle state changed.
Message (string) --
A detailed error message.
CreationTime (datetime) --
The time that the resource was created, in seconds (since 1970-01-01T00:00:00Z), also known as Unix time.
Name (string) --
The name of the S3 access point attachment; also used for the name of the S3 access point.
Type (string) --
The type of Amazon FSx volume that the S3 access point is attached to.
OpenZFSConfiguration (dict) --
The OpenZFSConfiguration of the S3 access point attachment.
VolumeId (string) --
The ID of the FSx for OpenZFS volume that the S3 access point is attached to.
FileSystemIdentity (dict) --
The file system identity used to authorize file access requests made using the S3 access point.
Type (string) --
Specifies the FSx for OpenZFS user identity type, accepts only POSIX.
PosixUser (dict) --
Specifies the UID and GIDs of the file system POSIX user.
Uid (integer) --
The UID of the file system user.
Gid (integer) --
The GID of the file system user.
SecondaryGids (list) --
The list of secondary GIDs for the file system user.
(integer) --
S3AccessPoint (dict) --
The S3 access point configuration of the S3 access point attachment.
ResourceARN (string) --
he S3 access point's ARN.
Alias (string) --
The S3 access point's alias.
VpcConfiguration (dict) --
The S3 access point's virtual private cloud (VPC) configuration.
VpcId (string) --
Specifies the virtual private cloud (VPC) for the S3 access point VPC configuration, if one exists.
Describes one or more S3 access points attached to Amazon FSx volumes.
The requester requires the following permission to perform this action:
fsx:DescribeS3AccessPointAttachments
See also: AWS API Documentation
Request Syntax
client.describe_s3_access_point_attachments(
Names=[
'string',
],
Filters=[
{
'Name': 'file-system-id'|'volume-id'|'type',
'Values': [
'string',
]
},
],
MaxResults=123,
NextToken='string'
)
list
The names of the S3 access point attachments whose descriptions you want to retrieve.
(string) --
list
Enter a filter Name and Values pair to view a select set of S3 access point attachments.
(dict) --
A set of Name and Values pairs used to view a select set of S3 access point attachments.
Name (string) --
The name of the filter.
Values (list) --
The values of the filter.
(string) --
integer
The maximum number of resources to return in the response. This value must be an integer greater than zero.
string
(Optional) Opaque pagination token returned from a previous operation (String). If present, this token indicates from what point you can continue processing the request, where the previous NextToken value left off.
dict
Response Syntax
{
'S3AccessPointAttachments': [
{
'Lifecycle': 'AVAILABLE'|'CREATING'|'DELETING'|'UPDATING'|'FAILED',
'LifecycleTransitionReason': {
'Message': 'string'
},
'CreationTime': datetime(2015, 1, 1),
'Name': 'string',
'Type': 'OPENZFS',
'OpenZFSConfiguration': {
'VolumeId': 'string',
'FileSystemIdentity': {
'Type': 'POSIX',
'PosixUser': {
'Uid': 123,
'Gid': 123,
'SecondaryGids': [
123,
]
}
}
},
'S3AccessPoint': {
'ResourceARN': 'string',
'Alias': 'string',
'VpcConfiguration': {
'VpcId': 'string'
}
}
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
S3AccessPointAttachments (list) --
Array of S3 access point attachments returned after a successful DescribeS3AccessPointAttachments operation.
(dict) --
An S3 access point attached to an Amazon FSx volume.
Lifecycle (string) --
The lifecycle status of the S3 access point attachment. The lifecycle can have the following values:
AVAILABLE - the S3 access point attachment is available for use
CREATING - Amazon FSx is creating the S3 access point and attachment
DELETING - Amazon FSx is deleting the S3 access point and attachment
FAILED - The S3 access point attachment is in a failed state. Delete and detach the S3 access point attachment, and create a new one.
UPDATING - Amazon FSx is updating the S3 access point attachment
LifecycleTransitionReason (dict) --
Describes why a resource lifecycle state changed.
Message (string) --
A detailed error message.
CreationTime (datetime) --
The time that the resource was created, in seconds (since 1970-01-01T00:00:00Z), also known as Unix time.
Name (string) --
The name of the S3 access point attachment; also used for the name of the S3 access point.
Type (string) --
The type of Amazon FSx volume that the S3 access point is attached to.
OpenZFSConfiguration (dict) --
The OpenZFSConfiguration of the S3 access point attachment.
VolumeId (string) --
The ID of the FSx for OpenZFS volume that the S3 access point is attached to.
FileSystemIdentity (dict) --
The file system identity used to authorize file access requests made using the S3 access point.
Type (string) --
Specifies the FSx for OpenZFS user identity type, accepts only POSIX.
PosixUser (dict) --
Specifies the UID and GIDs of the file system POSIX user.
Uid (integer) --
The UID of the file system user.
Gid (integer) --
The GID of the file system user.
SecondaryGids (list) --
The list of secondary GIDs for the file system user.
(integer) --
S3AccessPoint (dict) --
The S3 access point configuration of the S3 access point attachment.
ResourceARN (string) --
he S3 access point's ARN.
Alias (string) --
The S3 access point's alias.
VpcConfiguration (dict) --
The S3 access point's virtual private cloud (VPC) configuration.
VpcId (string) --
Specifies the virtual private cloud (VPC) for the S3 access point VPC configuration, if one exists.
NextToken (string) --
(Optional) Opaque pagination token returned from a previous operation (String). If present, this token indicates from what point you can continue processing the request, where the previous NextToken value left off.
Detaches an S3 access point from an Amazon FSx volume and deletes the S3 access point.
The requester requires the following permission to perform this action:
fsx:DetachAndDeleteS3AccessPoint
s3:DeleteAccessPoint
See also: AWS API Documentation
Request Syntax
client.detach_and_delete_s3_access_point(
ClientRequestToken='string',
Name='string'
)
string
(Optional) An idempotency token for resource creation, in a string of up to 63 ASCII characters. This token is automatically filled on your behalf when you use the Command Line Interface (CLI) or an Amazon Web Services SDK.
This field is autopopulated if not provided.
string
[REQUIRED]
The name of the S3 access point attachment that you want to delete.
dict
Response Syntax
{
'Lifecycle': 'AVAILABLE'|'CREATING'|'DELETING'|'UPDATING'|'FAILED',
'Name': 'string'
}
Response Structure
(dict) --
Lifecycle (string) --
The lifecycle status of the S3 access point attachment.
Name (string) --
The name of the S3 access point attachment being deleted.