2023/07/13 - Amazon Simple Storage Service - 5 updated api methods
Changes S3 Inventory now supports Object Access Control List and Object Owner as available object metadata fields in inventory reports.
{'CreateBucketConfiguration': {'LocationConstraint': {'ap-south-2',
'eu-south-2'}}}
Creates a new S3 bucket. To create a bucket, you must register with Amazon S3 and have a valid Amazon Web Services Access Key ID to authenticate requests. Anonymous requests are never allowed to create buckets. By creating the bucket, you become the bucket owner.
Not every string is an acceptable bucket name. For information about bucket naming restrictions, see Bucket naming rules.
If you want to create an Amazon S3 on Outposts bucket, see Create Bucket.
By default, the bucket is created in the US East (N. Virginia) Region. You can optionally specify a Region in the request body. You might choose a Region to optimize latency, minimize costs, or address regulatory requirements. For example, if you reside in Europe, you will probably find it advantageous to create buckets in the Europe (Ireland) Region. For more information, see Accessing a bucket.
Note
If you send your create bucket request to the s3.amazonaws.com endpoint, the request goes to the us-east-1 Region. Accordingly, the signature calculations in Signature Version 4 must use us-east-1 as the Region, even if the location constraint in the request specifies another Region where the bucket is to be created. If you create a bucket in a Region other than US East (N. Virginia), your application must be able to handle 307 redirect. For more information, see Virtual hosting of buckets.
Permissions
In addition to s3:CreateBucket , the following permissions are required when your CreateBucket request includes specific headers:
Access control lists (ACLs) - If your CreateBucket request specifies access control list (ACL) permissions and the ACL is public-read, public-read-write, authenticated-read, or if you specify access permissions explicitly through any other ACL, both s3:CreateBucket and s3:PutBucketAcl permissions are needed. If the ACL for the CreateBucket request is private or if the request doesn't specify any ACLs, only s3:CreateBucket permission is needed.
Object Lock - If ObjectLockEnabledForBucket is set to true in your CreateBucket request, s3:PutBucketObjectLockConfiguration and s3:PutBucketVersioning permissions are required.
S3 Object Ownership - If your CreateBucket request includes the x-amz-object-ownership header, then the s3:PutBucketOwnershipControls permission is required. By default, ObjectOwnership is set to BucketOWnerEnforced and ACLs are disabled. We recommend keeping ACLs disabled, except in uncommon use cases where you must control access for each object individually. If you want to change the ObjectOwnership setting, you can use the x-amz-object-ownership header in your CreateBucket request to set the ObjectOwnership setting of your choice. For more information about S3 Object Ownership, see Controlling object ownership in the Amazon S3 User Guide .
S3 Block Public Access - If your specific use case requires granting public access to your S3 resources, you can disable Block Public Access. You can create a new bucket with Block Public Access enabled, then separately call the DeletePublicAccessBlock API. To use this operation, you must have the s3:PutBucketPublicAccessBlock permission. By default, all Block Public Access settings are enabled for new buckets. To avoid inadvertent exposure of your resources, we recommend keeping the S3 Block Public Access settings enabled. For more information about S3 Block Public Access, see Blocking public access to your Amazon S3 storage in the Amazon S3 User Guide .
Warning
If your CreateBucket request sets BucketOwnerEnforced for Amazon S3 Object Ownership and specifies a bucket ACL that provides access to an external Amazon Web Services account, your request fails with a 400 error and returns the InvalidBucketAcLWithObjectOwnership error code. For more information, see Setting Object Ownership on an existing bucket in the Amazon S3 User Guide .
The following operations are related to CreateBucket :
See also: AWS API Documentation
Request Syntax
client.create_bucket(
ACL='private'|'public-read'|'public-read-write'|'authenticated-read',
Bucket='string',
CreateBucketConfiguration={
'LocationConstraint': 'af-south-1'|'ap-east-1'|'ap-northeast-1'|'ap-northeast-2'|'ap-northeast-3'|'ap-south-1'|'ap-southeast-1'|'ap-southeast-2'|'ap-southeast-3'|'ca-central-1'|'cn-north-1'|'cn-northwest-1'|'EU'|'eu-central-1'|'eu-north-1'|'eu-south-1'|'eu-west-1'|'eu-west-2'|'eu-west-3'|'me-south-1'|'sa-east-1'|'us-east-2'|'us-gov-east-1'|'us-gov-west-1'|'us-west-1'|'us-west-2'|'ap-south-2'|'eu-south-2'
},
GrantFullControl='string',
GrantRead='string',
GrantReadACP='string',
GrantWrite='string',
GrantWriteACP='string',
ObjectLockEnabledForBucket=True|False,
ObjectOwnership='BucketOwnerPreferred'|'ObjectWriter'|'BucketOwnerEnforced'
)
string
The canned ACL to apply to the bucket.
string
[REQUIRED]
The name of the bucket to create.
dict
The configuration information for the bucket.
LocationConstraint (string) --
Specifies the Region where the bucket will be created. If you don't specify a Region, the bucket is created in the US East (N. Virginia) Region (us-east-1).
string
Allows grantee the read, write, read ACP, and write ACP permissions on the bucket.
string
Allows grantee to list the objects in the bucket.
string
Allows grantee to read the bucket ACL.
string
Allows grantee to create new objects in the bucket.
For the bucket and object owners of existing objects, also allows deletions and overwrites of those objects.
string
Allows grantee to write the ACL for the applicable bucket.
boolean
Specifies whether you want S3 Object Lock to be enabled for the new bucket.
string
The container element for object ownership for a bucket's ownership controls.
BucketOwnerPreferred - Objects uploaded to the bucket change ownership to the bucket owner if the objects are uploaded with the bucket-owner-full-control canned ACL.
ObjectWriter - The uploading account will own the object if the object is uploaded with the bucket-owner-full-control canned ACL.
BucketOwnerEnforced - Access control lists (ACLs) are disabled and no longer affect permissions. The bucket owner automatically owns and has full control over every object in the bucket. The bucket only accepts PUT requests that don't specify an ACL or bucket owner full control ACLs, such as the bucket-owner-full-control canned ACL or an equivalent form of this ACL expressed in the XML format.
dict
Response Syntax
{
'Location': 'string'
}
Response Structure
(dict) --
Location (string) --
A forward slash followed by the name of the bucket.
{'InventoryConfiguration': {'OptionalFields': {'ObjectAccessControlList',
'ObjectOwner'}}}
Returns an inventory configuration (identified by the inventory configuration ID) from the bucket.
To use this operation, you must have permissions to perform the s3:GetInventoryConfiguration action. The bucket owner has this permission by default and can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.
For information about the Amazon S3 inventory feature, see Amazon S3 Inventory.
The following operations are related to GetBucketInventoryConfiguration :
See also: AWS API Documentation
Request Syntax
client.get_bucket_inventory_configuration(
Bucket='string',
Id='string',
ExpectedBucketOwner='string'
)
string
[REQUIRED]
The name of the bucket containing the inventory configuration to retrieve.
string
[REQUIRED]
The ID used to identify the inventory configuration.
string
The account ID of the expected bucket owner. If the bucket is owned by a different account, the request fails with the HTTP status code 403 Forbidden (access denied).
dict
Response Syntax
{
'InventoryConfiguration': {
'Destination': {
'S3BucketDestination': {
'AccountId': 'string',
'Bucket': 'string',
'Format': 'CSV'|'ORC'|'Parquet',
'Prefix': 'string',
'Encryption': {
'SSES3': {},
'SSEKMS': {
'KeyId': 'string'
}
}
}
},
'IsEnabled': True|False,
'Filter': {
'Prefix': 'string'
},
'Id': 'string',
'IncludedObjectVersions': 'All'|'Current',
'OptionalFields': [
'Size'|'LastModifiedDate'|'StorageClass'|'ETag'|'IsMultipartUploaded'|'ReplicationStatus'|'EncryptionStatus'|'ObjectLockRetainUntilDate'|'ObjectLockMode'|'ObjectLockLegalHoldStatus'|'IntelligentTieringAccessTier'|'BucketKeyStatus'|'ChecksumAlgorithm'|'ObjectAccessControlList'|'ObjectOwner',
],
'Schedule': {
'Frequency': 'Daily'|'Weekly'
}
}
}
Response Structure
(dict) --
InventoryConfiguration (dict) --
Specifies the inventory configuration.
Destination (dict) --
Contains information about where to publish the inventory results.
S3BucketDestination (dict) --
Contains the bucket name, file format, bucket owner (optional), and prefix (optional) where inventory results are published.
AccountId (string) --
The account ID that owns the destination S3 bucket. If no account ID is provided, the owner is not validated before exporting data.
Note
Although this value is optional, we strongly recommend that you set it to help prevent problems if the destination bucket ownership changes.
Bucket (string) --
The Amazon Resource Name (ARN) of the bucket where inventory results will be published.
Format (string) --
Specifies the output format of the inventory results.
Prefix (string) --
The prefix that is prepended to all inventory results.
Encryption (dict) --
Contains the type of server-side encryption used to encrypt the inventory results.
SSES3 (dict) --
Specifies the use of SSE-S3 to encrypt delivered inventory reports.
SSEKMS (dict) --
Specifies the use of SSE-KMS to encrypt delivered inventory reports.
KeyId (string) --
Specifies the ID of the Key Management Service (KMS) symmetric encryption customer managed key to use for encrypting inventory reports.
IsEnabled (boolean) --
Specifies whether the inventory is enabled or disabled. If set to True , an inventory list is generated. If set to False , no inventory list is generated.
Filter (dict) --
Specifies an inventory filter. The inventory only includes objects that meet the filter's criteria.
Prefix (string) --
The prefix that an object must have to be included in the inventory results.
Id (string) --
The ID used to identify the inventory configuration.
IncludedObjectVersions (string) --
Object versions to include in the inventory list. If set to All , the list includes all the object versions, which adds the version-related fields VersionId , IsLatest , and DeleteMarker to the list. If set to Current , the list does not contain these version-related fields.
OptionalFields (list) --
Contains the optional fields that are included in the inventory results.
(string) --
Schedule (dict) --
Specifies the schedule for generating inventory results.
Frequency (string) --
Specifies how frequently inventory results are produced.
{'LocationConstraint': {'ap-south-2', 'eu-south-2'}}
Returns the Region the bucket resides in. You set the bucket's Region using the LocationConstraint request parameter in a CreateBucket request. For more information, see CreateBucket.
To use this API operation against an access point, provide the alias of the access point in place of the bucket name.
To use this API operation against an Object Lambda access point, provide the alias of the Object Lambda access point in place of the bucket name. If the Object Lambda access point alias in a request is not valid, the error code InvalidAccessPointAliasError is returned. For more information about InvalidAccessPointAliasError , see List of Error Codes.
Note
We recommend that you use HeadBucket to return the Region that a bucket resides in. For backward compatibility, Amazon S3 continues to support GetBucketLocation.
The following operations are related to GetBucketLocation :
See also: AWS API Documentation
Request Syntax
client.get_bucket_location(
Bucket='string',
ExpectedBucketOwner='string'
)
string
[REQUIRED]
The name of the bucket for which to get the location.
To use this API operation against an access point, provide the alias of the access point in place of the bucket name.
To use this API operation against an Object Lambda access point, provide the alias of the Object Lambda access point in place of the bucket name. If the Object Lambda access point alias in a request is not valid, the error code InvalidAccessPointAliasError is returned. For more information about InvalidAccessPointAliasError , see List of Error Codes.
string
The account ID of the expected bucket owner. If the bucket is owned by a different account, the request fails with the HTTP status code 403 Forbidden (access denied).
dict
Response Syntax
{
'LocationConstraint': 'af-south-1'|'ap-east-1'|'ap-northeast-1'|'ap-northeast-2'|'ap-northeast-3'|'ap-south-1'|'ap-southeast-1'|'ap-southeast-2'|'ap-southeast-3'|'ca-central-1'|'cn-north-1'|'cn-northwest-1'|'EU'|'eu-central-1'|'eu-north-1'|'eu-south-1'|'eu-west-1'|'eu-west-2'|'eu-west-3'|'me-south-1'|'sa-east-1'|'us-east-2'|'us-gov-east-1'|'us-gov-west-1'|'us-west-1'|'us-west-2'|'ap-south-2'|'eu-south-2'
}
Response Structure
(dict) --
LocationConstraint (string) --
Specifies the Region where the bucket resides. For a list of all the Amazon S3 supported location constraints by Region, see Regions and Endpoints. Buckets in Region us-east-1 have a LocationConstraint of null .
{'InventoryConfigurationList': {'OptionalFields': {'ObjectAccessControlList',
'ObjectOwner'}}}
Returns a list of inventory configurations for the bucket. You can have up to 1,000 analytics configurations per bucket.
This action supports list pagination and does not return more than 100 configurations at a time. Always check the IsTruncated element in the response. If there are no more configurations to list, IsTruncated is set to false. If there are more configurations to list, IsTruncated is set to true, and there is a value in NextContinuationToken . You use the NextContinuationToken value to continue the pagination of the list by passing the value in continuation-token in the request to GET the next page.
To use this operation, you must have permissions to perform the s3:GetInventoryConfiguration action. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.
For information about the Amazon S3 inventory feature, see Amazon S3 Inventory
The following operations are related to ListBucketInventoryConfigurations :
See also: AWS API Documentation
Request Syntax
client.list_bucket_inventory_configurations(
Bucket='string',
ContinuationToken='string',
ExpectedBucketOwner='string'
)
string
[REQUIRED]
The name of the bucket containing the inventory configurations to retrieve.
string
The marker used to continue an inventory configuration listing that has been truncated. Use the NextContinuationToken from a previously truncated list response to continue the listing. The continuation token is an opaque value that Amazon S3 understands.
string
The account ID of the expected bucket owner. If the bucket is owned by a different account, the request fails with the HTTP status code 403 Forbidden (access denied).
dict
Response Syntax
{
'ContinuationToken': 'string',
'InventoryConfigurationList': [
{
'Destination': {
'S3BucketDestination': {
'AccountId': 'string',
'Bucket': 'string',
'Format': 'CSV'|'ORC'|'Parquet',
'Prefix': 'string',
'Encryption': {
'SSES3': {},
'SSEKMS': {
'KeyId': 'string'
}
}
}
},
'IsEnabled': True|False,
'Filter': {
'Prefix': 'string'
},
'Id': 'string',
'IncludedObjectVersions': 'All'|'Current',
'OptionalFields': [
'Size'|'LastModifiedDate'|'StorageClass'|'ETag'|'IsMultipartUploaded'|'ReplicationStatus'|'EncryptionStatus'|'ObjectLockRetainUntilDate'|'ObjectLockMode'|'ObjectLockLegalHoldStatus'|'IntelligentTieringAccessTier'|'BucketKeyStatus'|'ChecksumAlgorithm'|'ObjectAccessControlList'|'ObjectOwner',
],
'Schedule': {
'Frequency': 'Daily'|'Weekly'
}
},
],
'IsTruncated': True|False,
'NextContinuationToken': 'string'
}
Response Structure
(dict) --
ContinuationToken (string) --
If sent in the request, the marker that is used as a starting point for this inventory configuration list response.
InventoryConfigurationList (list) --
The list of inventory configurations for a bucket.
(dict) --
Specifies the inventory configuration for an Amazon S3 bucket. For more information, see GET Bucket inventory in the Amazon S3 API Reference .
Destination (dict) --
Contains information about where to publish the inventory results.
S3BucketDestination (dict) --
Contains the bucket name, file format, bucket owner (optional), and prefix (optional) where inventory results are published.
AccountId (string) --
The account ID that owns the destination S3 bucket. If no account ID is provided, the owner is not validated before exporting data.
Note
Although this value is optional, we strongly recommend that you set it to help prevent problems if the destination bucket ownership changes.
Bucket (string) --
The Amazon Resource Name (ARN) of the bucket where inventory results will be published.
Format (string) --
Specifies the output format of the inventory results.
Prefix (string) --
The prefix that is prepended to all inventory results.
Encryption (dict) --
Contains the type of server-side encryption used to encrypt the inventory results.
SSES3 (dict) --
Specifies the use of SSE-S3 to encrypt delivered inventory reports.
SSEKMS (dict) --
Specifies the use of SSE-KMS to encrypt delivered inventory reports.
KeyId (string) --
Specifies the ID of the Key Management Service (KMS) symmetric encryption customer managed key to use for encrypting inventory reports.
IsEnabled (boolean) --
Specifies whether the inventory is enabled or disabled. If set to True , an inventory list is generated. If set to False , no inventory list is generated.
Filter (dict) --
Specifies an inventory filter. The inventory only includes objects that meet the filter's criteria.
Prefix (string) --
The prefix that an object must have to be included in the inventory results.
Id (string) --
The ID used to identify the inventory configuration.
IncludedObjectVersions (string) --
Object versions to include in the inventory list. If set to All , the list includes all the object versions, which adds the version-related fields VersionId , IsLatest , and DeleteMarker to the list. If set to Current , the list does not contain these version-related fields.
OptionalFields (list) --
Contains the optional fields that are included in the inventory results.
(string) --
Schedule (dict) --
Specifies the schedule for generating inventory results.
Frequency (string) --
Specifies how frequently inventory results are produced.
IsTruncated (boolean) --
Tells whether the returned list of inventory configurations is complete. A value of true indicates that the list is not complete and the NextContinuationToken is provided for a subsequent request.
NextContinuationToken (string) --
The marker used to continue this inventory configuration listing. Use the NextContinuationToken from this response to continue the listing in a subsequent request. The continuation token is an opaque value that Amazon S3 understands.
{'InventoryConfiguration': {'OptionalFields': {'ObjectAccessControlList',
'ObjectOwner'}}}
This implementation of the PUT action adds an inventory configuration (identified by the inventory ID) to the bucket. You can have up to 1,000 inventory configurations per bucket.
Amazon S3 inventory generates inventories of the objects in the bucket on a daily or weekly basis, and the results are published to a flat file. The bucket that is inventoried is called the source bucket, and the bucket where the inventory flat file is stored is called the destination bucket. The destination bucket must be in the same Amazon Web Services Region as the source bucket.
When you configure an inventory for a source bucket, you specify the destination bucket where you want the inventory to be stored, and whether to generate the inventory daily or weekly. You can also configure what object metadata to include and whether to inventory all object versions or only current versions. For more information, see Amazon S3 Inventory in the Amazon S3 User Guide.
Warning
You must create a bucket policy on the destination bucket to grant permissions to Amazon S3 to write objects to the bucket in the defined location. For an example policy, see Granting Permissions for Amazon S3 Inventory and Storage Class Analysis.
Permissions
To use this operation, you must have permission to perform the s3:PutInventoryConfiguration action. The bucket owner has this permission by default and can grant this permission to others.
The s3:PutInventoryConfiguration permission allows a user to create an S3 Inventory report that includes all object metadata fields available and to specify the destination bucket to store the inventory. A user with read access to objects in the destination bucket can also access all object metadata fields that are available in the inventory report.
To restrict access to an inventory report, see Restricting access to an Amazon S3 Inventory report in the Amazon S3 User Guide . For more information about the metadata fields available in S3 Inventory, see Amazon S3 Inventory lists in the Amazon S3 User Guide . For more information about permissions, see Permissions related to bucket subresource operations and Identity and access management in Amazon S3 in the Amazon S3 User Guide .
PutBucketInventoryConfiguration has the following special errors:
HTTP 400 Bad Request Error
Code: InvalidArgument
Cause: Invalid Argument
HTTP 400 Bad Request Error
Code: TooManyConfigurations
Cause: You are attempting to create a new configuration but have already reached the 1,000-configuration limit.
HTTP 403 Forbidden Error
Cause: You are not the owner of the specified bucket, or you do not have the s3:PutInventoryConfiguration bucket permission to set the configuration on the bucket.
The following operations are related to PutBucketInventoryConfiguration :
See also: AWS API Documentation
Request Syntax
client.put_bucket_inventory_configuration(
Bucket='string',
Id='string',
InventoryConfiguration={
'Destination': {
'S3BucketDestination': {
'AccountId': 'string',
'Bucket': 'string',
'Format': 'CSV'|'ORC'|'Parquet',
'Prefix': 'string',
'Encryption': {
'SSES3': {}
,
'SSEKMS': {
'KeyId': 'string'
}
}
}
},
'IsEnabled': True|False,
'Filter': {
'Prefix': 'string'
},
'Id': 'string',
'IncludedObjectVersions': 'All'|'Current',
'OptionalFields': [
'Size'|'LastModifiedDate'|'StorageClass'|'ETag'|'IsMultipartUploaded'|'ReplicationStatus'|'EncryptionStatus'|'ObjectLockRetainUntilDate'|'ObjectLockMode'|'ObjectLockLegalHoldStatus'|'IntelligentTieringAccessTier'|'BucketKeyStatus'|'ChecksumAlgorithm'|'ObjectAccessControlList'|'ObjectOwner',
],
'Schedule': {
'Frequency': 'Daily'|'Weekly'
}
},
ExpectedBucketOwner='string'
)
string
[REQUIRED]
The name of the bucket where the inventory configuration will be stored.
string
[REQUIRED]
The ID used to identify the inventory configuration.
dict
[REQUIRED]
Specifies the inventory configuration.
Destination (dict) -- [REQUIRED]
Contains information about where to publish the inventory results.
S3BucketDestination (dict) -- [REQUIRED]
Contains the bucket name, file format, bucket owner (optional), and prefix (optional) where inventory results are published.
AccountId (string) --
The account ID that owns the destination S3 bucket. If no account ID is provided, the owner is not validated before exporting data.
Note
Although this value is optional, we strongly recommend that you set it to help prevent problems if the destination bucket ownership changes.
Bucket (string) -- [REQUIRED]
The Amazon Resource Name (ARN) of the bucket where inventory results will be published.
Format (string) -- [REQUIRED]
Specifies the output format of the inventory results.
Prefix (string) --
The prefix that is prepended to all inventory results.
Encryption (dict) --
Contains the type of server-side encryption used to encrypt the inventory results.
SSES3 (dict) --
Specifies the use of SSE-S3 to encrypt delivered inventory reports.
SSEKMS (dict) --
Specifies the use of SSE-KMS to encrypt delivered inventory reports.
KeyId (string) -- [REQUIRED]
Specifies the ID of the Key Management Service (KMS) symmetric encryption customer managed key to use for encrypting inventory reports.
IsEnabled (boolean) -- [REQUIRED]
Specifies whether the inventory is enabled or disabled. If set to True , an inventory list is generated. If set to False , no inventory list is generated.
Filter (dict) --
Specifies an inventory filter. The inventory only includes objects that meet the filter's criteria.
Prefix (string) -- [REQUIRED]
The prefix that an object must have to be included in the inventory results.
Id (string) -- [REQUIRED]
The ID used to identify the inventory configuration.
IncludedObjectVersions (string) -- [REQUIRED]
Object versions to include in the inventory list. If set to All , the list includes all the object versions, which adds the version-related fields VersionId , IsLatest , and DeleteMarker to the list. If set to Current , the list does not contain these version-related fields.
OptionalFields (list) --
Contains the optional fields that are included in the inventory results.
(string) --
Schedule (dict) -- [REQUIRED]
Specifies the schedule for generating inventory results.
Frequency (string) -- [REQUIRED]
Specifies how frequently inventory results are produced.
string
The account ID of the expected bucket owner. If the bucket is owned by a different account, the request fails with the HTTP status code 403 Forbidden (access denied).
None