2025/04/16 - Amazon S3 Tables - 4 new8 updated api methods
Changes S3 Tables now supports setting encryption configurations on table buckets and tables. Encryption configurations can use server side encryption using AES256 or KMS customer-managed keys.
Sets the encryption configuration for a table bucket.
Permissions
You must have the s3tables:PutTableBucketEncryption permission to use this operation.
See also: AWS API Documentation
Request Syntax
client.put_table_bucket_encryption(
tableBucketARN='string',
encryptionConfiguration={
'sseAlgorithm': 'AES256'|'aws:kms',
'kmsKeyArn': 'string'
}
)
string
[REQUIRED]
The Amazon Resource Name (ARN) of the table bucket.
dict
[REQUIRED]
The encryption configuration to apply to the table bucket.
sseAlgorithm (string) -- [REQUIRED]
The server-side encryption algorithm to use. Valid values are AES256 for S3-managed encryption keys, or aws:kms for Amazon Web Services KMS-managed encryption keys. If you choose SSE-KMS encryption you must grant the S3 Tables maintenance principal access to your KMS key. For more information, see Permissions requirements for S3 Tables SSE-KMS encryption.
kmsKeyArn (string) --
The Amazon Resource Name (ARN) of the KMS key to use for encryption. This field is required only when sseAlgorithm is set to aws:kms.
None
Gets the encryption configuration for a table.
Permissions
You must have the s3tables:GetTableEncryption permission to use this operation.
See also: AWS API Documentation
Request Syntax
client.get_table_encryption(
tableBucketARN='string',
namespace='string',
name='string'
)
string
[REQUIRED]
The Amazon Resource Name (ARN) of the table bucket containing the table.
string
[REQUIRED]
The namespace associated with the table.
string
[REQUIRED]
The name of the table.
dict
Response Syntax
{
'encryptionConfiguration': {
'sseAlgorithm': 'AES256'|'aws:kms',
'kmsKeyArn': 'string'
}
}
Response Structure
(dict) --
encryptionConfiguration (dict) --
The encryption configuration for the table.
sseAlgorithm (string) --
The server-side encryption algorithm to use. Valid values are AES256 for S3-managed encryption keys, or aws:kms for Amazon Web Services KMS-managed encryption keys. If you choose SSE-KMS encryption you must grant the S3 Tables maintenance principal access to your KMS key. For more information, see Permissions requirements for S3 Tables SSE-KMS encryption.
kmsKeyArn (string) --
The Amazon Resource Name (ARN) of the KMS key to use for encryption. This field is required only when sseAlgorithm is set to aws:kms.
Gets the encryption configuration for a table bucket.
Permissions
You must have the s3tables:GetTableBucketEncryption permission to use this operation.
See also: AWS API Documentation
Request Syntax
client.get_table_bucket_encryption(
tableBucketARN='string'
)
string
[REQUIRED]
The Amazon Resource Name (ARN) of the table bucket.
dict
Response Syntax
{
'encryptionConfiguration': {
'sseAlgorithm': 'AES256'|'aws:kms',
'kmsKeyArn': 'string'
}
}
Response Structure
(dict) --
encryptionConfiguration (dict) --
The encryption configuration for the table bucket.
sseAlgorithm (string) --
The server-side encryption algorithm to use. Valid values are AES256 for S3-managed encryption keys, or aws:kms for Amazon Web Services KMS-managed encryption keys. If you choose SSE-KMS encryption you must grant the S3 Tables maintenance principal access to your KMS key. For more information, see Permissions requirements for S3 Tables SSE-KMS encryption.
kmsKeyArn (string) --
The Amazon Resource Name (ARN) of the KMS key to use for encryption. This field is required only when sseAlgorithm is set to aws:kms.
Deletes the encryption configuration for a table bucket.
Permissions
You must have the s3tables:DeleteTableBucketEncryption permission to use this operation.
See also: AWS API Documentation
Request Syntax
client.delete_table_bucket_encryption(
tableBucketARN='string'
)
string
[REQUIRED]
The Amazon Resource Name (ARN) of the table bucket.
None
{'encryptionConfiguration': {'kmsKeyArn': 'string',
'sseAlgorithm': 'AES256 | aws:kms'}}
Creates a new table associated with the given namespace in a table bucket. For more information, see Creating an Amazon S3 table in the Amazon Simple Storage Service User Guide.
Permissions
You must have the s3tables:CreateTable permission to use this operation.
If you use this operation with the optional metadata request parameter you must have the s3tables:PutTableData permission.
If you use this operation with the optional encryptionConfiguration request parameter you must have the s3tables:PutTableEncryption permission.
See also: AWS API Documentation
Request Syntax
client.create_table(
tableBucketARN='string',
namespace='string',
name='string',
format='ICEBERG',
metadata={
'iceberg': {
'schema': {
'fields': [
{
'name': 'string',
'type': 'string',
'required': True|False
},
]
}
}
},
encryptionConfiguration={
'sseAlgorithm': 'AES256'|'aws:kms',
'kmsKeyArn': 'string'
}
)
string
[REQUIRED]
The Amazon Resource Name (ARN) of the table bucket to create the table in.
string
[REQUIRED]
The namespace to associated with the table.
string
[REQUIRED]
The name for the table.
string
[REQUIRED]
The format for the table.
dict
The metadata for the table.
iceberg (dict) --
Contains details about the metadata of an Iceberg table.
schema (dict) -- [REQUIRED]
The schema for an Iceberg table.
fields (list) -- [REQUIRED]
The schema fields for the table
(dict) --
Contains details about a schema field.
name (string) -- [REQUIRED]
The name of the field.
type (string) -- [REQUIRED]
The field type. S3 Tables supports all Apache Iceberg primitive types. For more information, see the Apache Iceberg documentation.
required (boolean) --
A Boolean value that specifies whether values are required for each row in this field. By default, this is false and null values are allowed in the field. If this is true the field does not allow null values.
dict
The encryption configuration to use for the table. This configuration specifies the encryption algorithm and, if using SSE-KMS, the KMS key to use for encrypting the table.
sseAlgorithm (string) -- [REQUIRED]
The server-side encryption algorithm to use. Valid values are AES256 for S3-managed encryption keys, or aws:kms for Amazon Web Services KMS-managed encryption keys. If you choose SSE-KMS encryption you must grant the S3 Tables maintenance principal access to your KMS key. For more information, see Permissions requirements for S3 Tables SSE-KMS encryption.
kmsKeyArn (string) --
The Amazon Resource Name (ARN) of the KMS key to use for encryption. This field is required only when sseAlgorithm is set to aws:kms.
dict
Response Syntax
{
'tableARN': 'string',
'versionToken': 'string'
}
Response Structure
(dict) --
tableARN (string) --
The Amazon Resource Name (ARN) of the table.
versionToken (string) --
The version token of the table.
{'encryptionConfiguration': {'kmsKeyArn': 'string',
'sseAlgorithm': 'AES256 | aws:kms'}}
Creates a table bucket. For more information, see Creating a table bucket in the Amazon Simple Storage Service User Guide.
Permissions
You must have the s3tables:CreateTableBucket permission to use this operation.
If you use this operation with the optional encryptionConfiguration parameter you must have the s3tables:PutTableBucketEncryption permission.
See also: AWS API Documentation
Request Syntax
client.create_table_bucket(
name='string',
encryptionConfiguration={
'sseAlgorithm': 'AES256'|'aws:kms',
'kmsKeyArn': 'string'
}
)
string
[REQUIRED]
The name for the table bucket.
dict
The encryption configuration to use for the table bucket. This configuration specifies the default encryption settings that will be applied to all tables created in this bucket unless overridden at the table level. The configuration includes the encryption algorithm and, if using SSE-KMS, the KMS key to use.
sseAlgorithm (string) -- [REQUIRED]
The server-side encryption algorithm to use. Valid values are AES256 for S3-managed encryption keys, or aws:kms for Amazon Web Services KMS-managed encryption keys. If you choose SSE-KMS encryption you must grant the S3 Tables maintenance principal access to your KMS key. For more information, see Permissions requirements for S3 Tables SSE-KMS encryption.
kmsKeyArn (string) --
The Amazon Resource Name (ARN) of the KMS key to use for encryption. This field is required only when sseAlgorithm is set to aws:kms.
dict
Response Syntax
{
'arn': 'string'
}
Response Structure
(dict) --
arn (string) --
The Amazon Resource Name (ARN) of the table bucket.
{'namespaceId': 'string', 'tableBucketId': 'string'}
Gets details about a namespace. For more information, see Table namespaces in the Amazon Simple Storage Service User Guide.
Permissions
You must have the s3tables:GetNamespace permission to use this operation.
See also: AWS API Documentation
Request Syntax
client.get_namespace(
tableBucketARN='string',
namespace='string'
)
string
[REQUIRED]
The Amazon Resource Name (ARN) of the table bucket.
string
[REQUIRED]
The name of the namespace.
dict
Response Syntax
{
'namespace': [
'string',
],
'createdAt': datetime(2015, 1, 1),
'createdBy': 'string',
'ownerAccountId': 'string',
'namespaceId': 'string',
'tableBucketId': 'string'
}
Response Structure
(dict) --
namespace (list) --
The name of the namespace.
(string) --
createdAt (datetime) --
The date and time the namespace was created at.
createdBy (string) --
The ID of the account that created the namespace.
ownerAccountId (string) --
The ID of the account that owns the namespcace.
namespaceId (string) --
The unique identifier of the namespace.
tableBucketId (string) --
The unique identifier of the table bucket containing this namespace.
{'namespaceId': 'string', 'tableBucketId': 'string'}
Gets details about a table. For more information, see S3 Tables in the Amazon Simple Storage Service User Guide.
Permissions
You must have the s3tables:GetTable permission to use this operation.
See also: AWS API Documentation
Request Syntax
client.get_table(
tableBucketARN='string',
namespace='string',
name='string'
)
string
[REQUIRED]
The Amazon Resource Name (ARN) of the table bucket associated with the table.
string
[REQUIRED]
The name of the namespace the table is associated with.
string
[REQUIRED]
The name of the table.
dict
Response Syntax
{
'name': 'string',
'type': 'customer'|'aws',
'tableARN': 'string',
'namespace': [
'string',
],
'namespaceId': 'string',
'versionToken': 'string',
'metadataLocation': 'string',
'warehouseLocation': 'string',
'createdAt': datetime(2015, 1, 1),
'createdBy': 'string',
'managedByService': 'string',
'modifiedAt': datetime(2015, 1, 1),
'modifiedBy': 'string',
'ownerAccountId': 'string',
'format': 'ICEBERG',
'tableBucketId': 'string'
}
Response Structure
(dict) --
name (string) --
The name of the table.
type (string) --
The type of the table.
tableARN (string) --
The Amazon Resource Name (ARN) of the table.
namespace (list) --
The namespace associated with the table.
(string) --
namespaceId (string) --
The unique identifier of the namespace containing this table.
versionToken (string) --
The version token of the table.
metadataLocation (string) --
The metadata location of the table.
warehouseLocation (string) --
The warehouse location of the table.
createdAt (datetime) --
The date and time the table bucket was created at.
createdBy (string) --
The ID of the account that created the table.
managedByService (string) --
The service that manages the table.
modifiedAt (datetime) --
The date and time the table was last modified on.
modifiedBy (string) --
The ID of the account that last modified the table.
ownerAccountId (string) --
The ID of the account that owns the table.
format (string) --
The format of the table.
tableBucketId (string) --
The unique identifier of the table bucket containing this table.
{'tableBucketId': 'string'}
Gets details on a table bucket. For more information, see Viewing details about an Amazon S3 table bucket in the Amazon Simple Storage Service User Guide.
Permissions
You must have the s3tables:GetTableBucket permission to use this operation.
See also: AWS API Documentation
Request Syntax
client.get_table_bucket(
tableBucketARN='string'
)
string
[REQUIRED]
The Amazon Resource Name (ARN) of the table bucket.
dict
Response Syntax
{
'arn': 'string',
'name': 'string',
'ownerAccountId': 'string',
'createdAt': datetime(2015, 1, 1),
'tableBucketId': 'string'
}
Response Structure
(dict) --
arn (string) --
The Amazon Resource Name (ARN) of the table bucket.
name (string) --
The name of the table bucket
ownerAccountId (string) --
The ID of the account that owns the table bucket.
createdAt (datetime) --
The date and time the table bucket was created.
tableBucketId (string) --
The unique identifier of the table bucket.
{'namespaces': {'namespaceId': 'string', 'tableBucketId': 'string'}}
Lists the namespaces within a table bucket. For more information, see Table namespaces in the Amazon Simple Storage Service User Guide.
Permissions
You must have the s3tables:ListNamespaces permission to use this operation.
See also: AWS API Documentation
Request Syntax
client.list_namespaces(
tableBucketARN='string',
prefix='string',
continuationToken='string',
maxNamespaces=123
)
string
[REQUIRED]
The Amazon Resource Name (ARN) of the table bucket.
string
The prefix of the namespaces.
string
ContinuationToken indicates to Amazon S3 that the list is being continued on this bucket with a token. ContinuationToken is obfuscated and is not a real key. You can use this ContinuationToken for pagination of the list results.
integer
The maximum number of namespaces to return in the list.
dict
Response Syntax
{
'namespaces': [
{
'namespace': [
'string',
],
'createdAt': datetime(2015, 1, 1),
'createdBy': 'string',
'ownerAccountId': 'string',
'namespaceId': 'string',
'tableBucketId': 'string'
},
],
'continuationToken': 'string'
}
Response Structure
(dict) --
namespaces (list) --
A list of namespaces.
(dict) --
Contains details about a namespace.
namespace (list) --
The name of the namespace.
(string) --
createdAt (datetime) --
The date and time the namespace was created at.
createdBy (string) --
The ID of the account that created the namespace.
ownerAccountId (string) --
The ID of the account that owns the namespace.
namespaceId (string) --
The system-assigned unique identifier for the namespace.
tableBucketId (string) --
The system-assigned unique identifier for the table bucket that contains this namespace.
continuationToken (string) --
The ContinuationToken for pagination of the list results.
{'tableBuckets': {'tableBucketId': 'string'}}
Lists table buckets for your account. For more information, see S3 Table buckets in the Amazon Simple Storage Service User Guide.
Permissions
You must have the s3tables:ListTableBuckets permission to use this operation.
See also: AWS API Documentation
Request Syntax
client.list_table_buckets(
prefix='string',
continuationToken='string',
maxBuckets=123
)
string
The prefix of the table buckets.
string
ContinuationToken indicates to Amazon S3 that the list is being continued on this bucket with a token. ContinuationToken is obfuscated and is not a real key. You can use this ContinuationToken for pagination of the list results.
integer
The maximum number of table buckets to return in the list.
dict
Response Syntax
{
'tableBuckets': [
{
'arn': 'string',
'name': 'string',
'ownerAccountId': 'string',
'createdAt': datetime(2015, 1, 1),
'tableBucketId': 'string'
},
],
'continuationToken': 'string'
}
Response Structure
(dict) --
tableBuckets (list) --
A list of table buckets.
(dict) --
Contains details about a table bucket.
arn (string) --
The Amazon Resource Name (ARN) of the table bucket.
name (string) --
The name of the table bucket.
ownerAccountId (string) --
The ID of the account that owns the table bucket.
createdAt (datetime) --
The date and time the table bucket was created at.
tableBucketId (string) --
The system-assigned unique identifier for the table bucket.
continuationToken (string) --
You can use this ContinuationToken for pagination of the list results.
{'tables': {'namespaceId': 'string', 'tableBucketId': 'string'}}
List tables in the given table bucket. For more information, see S3 Tables in the Amazon Simple Storage Service User Guide.
Permissions
You must have the s3tables:ListTables permission to use this operation.
See also: AWS API Documentation
Request Syntax
client.list_tables(
tableBucketARN='string',
namespace='string',
prefix='string',
continuationToken='string',
maxTables=123
)
string
[REQUIRED]
The Amazon resource Name (ARN) of the table bucket.
string
The namespace of the tables.
string
The prefix of the tables.
string
ContinuationToken indicates to Amazon S3 that the list is being continued on this bucket with a token. ContinuationToken is obfuscated and is not a real key. You can use this ContinuationToken for pagination of the list results.
integer
The maximum number of tables to return.
dict
Response Syntax
{
'tables': [
{
'namespace': [
'string',
],
'name': 'string',
'type': 'customer'|'aws',
'tableARN': 'string',
'createdAt': datetime(2015, 1, 1),
'modifiedAt': datetime(2015, 1, 1),
'namespaceId': 'string',
'tableBucketId': 'string'
},
],
'continuationToken': 'string'
}
Response Structure
(dict) --
tables (list) --
A list of tables.
(dict) --
Contains details about a table.
namespace (list) --
The name of the namespace.
(string) --
name (string) --
The name of the table.
type (string) --
The type of the table.
tableARN (string) --
The Amazon Resource Name (ARN) of the table.
createdAt (datetime) --
The date and time the table was created at.
modifiedAt (datetime) --
The date and time the table was last modified at.
namespaceId (string) --
The unique identifier for the namespace that contains this table.
tableBucketId (string) --
The unique identifier for the table bucket that contains this table.
continuationToken (string) --
You can use this ContinuationToken for pagination of the list results.