2017/11/07 - Amazon Simple Storage Service - 3 new 6 updated api methods
Changes This releases adds support for 4 features: 1. Default encryption for S3 Bucket, 2. Encryption status in inventory and Encryption support for inventory. 3. Cross region replication of KMS-encrypted objects, and 4. ownership overwrite for CRR.
Returns the server-side encryption configuration of a bucket.
See also: AWS API Documentation
Request Syntax
client.get_bucket_encryption(
Bucket='string'
)
string
[REQUIRED] The name of the bucket from which the server-side encryption configuration is retrieved.
dict
Response Syntax
{
'ServerSideEncryptionConfiguration': {
'Rules': [
{
'ApplyServerSideEncryptionByDefault': {
'SSEAlgorithm': 'AES256'|'aws:kms',
'KMSMasterKeyID': 'string'
}
},
]
}
}
Response Structure
(dict) --
ServerSideEncryptionConfiguration (dict) -- Container for server-side encryption configuration rules. Currently S3 supports one rule only.
Rules (list) -- Container for information about a particular server-side encryption configuration rule.
(dict) -- Container for information about a particular server-side encryption configuration rule.
ApplyServerSideEncryptionByDefault (dict) -- Describes the default server-side encryption to apply to new objects in the bucket. If Put Object request does not specify any server-side encryption, this default encryption will be applied.
SSEAlgorithm (string) -- Server-side encryption algorithm to use for the default encryption.
KMSMasterKeyID (string) -- KMS master key ID to use for the default encryption. This parameter is allowed if SSEAlgorithm is aws:kms.
Deletes the server-side encryption configuration from the bucket.
See also: AWS API Documentation
Request Syntax
client.delete_bucket_encryption(
Bucket='string'
)
string
[REQUIRED] The name of the bucket containing the server-side encryption configuration to delete.
None
Creates a new server-side encryption configuration (or replaces an existing one, if present).
See also: AWS API Documentation
Request Syntax
client.put_bucket_encryption(
Bucket='string',
ContentMD5='string',
ServerSideEncryptionConfiguration={
'Rules': [
{
'ApplyServerSideEncryptionByDefault': {
'SSEAlgorithm': 'AES256'|'aws:kms',
'KMSMasterKeyID': 'string'
}
},
]
}
)
string
[REQUIRED] The name of the bucket for which the server-side encryption configuration is set.
string
The base64-encoded 128-bit MD5 digest of the server-side encryption configuration.
dict
[REQUIRED] Container for server-side encryption configuration rules. Currently S3 supports one rule only.
Rules (list) -- [REQUIRED] Container for information about a particular server-side encryption configuration rule.
(dict) -- Container for information about a particular server-side encryption configuration rule.
ApplyServerSideEncryptionByDefault (dict) -- Describes the default server-side encryption to apply to new objects in the bucket. If Put Object request does not specify any server-side encryption, this default encryption will be applied.
SSEAlgorithm (string) -- [REQUIRED] Server-side encryption algorithm to use for the default encryption.
KMSMasterKeyID (string) -- KMS master key ID to use for the default encryption. This parameter is allowed if SSEAlgorithm is aws:kms.
None
{'InventoryConfiguration': {'Destination': {'S3BucketDestination': {'Encryption': {'SSEKMS': {'KeyId': 'string'},
'SSES3': {}}}},
'OptionalFields': {'EncryptionStatus'}}}
Returns an inventory configuration (identified by the inventory ID) from the bucket.
See also: AWS API Documentation
Request Syntax
client.get_bucket_inventory_configuration(
Bucket='string',
Id='string'
)
string
[REQUIRED] The name of the bucket containing the inventory configuration to retrieve.
string
[REQUIRED] The ID used to identify the inventory configuration.
dict
Response Syntax
{
'InventoryConfiguration': {
'Destination': {
'S3BucketDestination': {
'AccountId': 'string',
'Bucket': 'string',
'Format': 'CSV',
'Prefix': 'string',
'Encryption': {
'SSES3': {},
'SSEKMS': {
'KeyId': 'string'
}
}
}
},
'IsEnabled': True|False,
'Filter': {
'Prefix': 'string'
},
'Id': 'string',
'IncludedObjectVersions': 'All'|'Current',
'OptionalFields': [
'Size'|'LastModifiedDate'|'StorageClass'|'ETag'|'IsMultipartUploaded'|'ReplicationStatus'|'EncryptionStatus',
],
'Schedule': {
'Frequency': 'Daily'|'Weekly'
}
}
}
Response Structure
(dict) --
InventoryConfiguration (dict) -- Specifies the inventory configuration.
Destination (dict) -- Contains information about where to publish the inventory results.
S3BucketDestination (dict) -- Contains the bucket name, file format, bucket owner (optional), and prefix (optional) where inventory results are published.
AccountId (string) -- The ID of the account that owns the destination bucket.
Bucket (string) -- The Amazon resource name (ARN) of the bucket where inventory results will be published.
Format (string) -- Specifies the output format of the inventory results.
Prefix (string) -- The prefix that is prepended to all inventory results.
Encryption (dict) -- Contains the type of server-side encryption used to encrypt the inventory results.
SSES3 (dict) -- Specifies the use of SSE-S3 to encrypt delievered Inventory reports.
SSEKMS (dict) -- Specifies the use of SSE-KMS to encrypt delievered Inventory reports.
KeyId (string) -- Specifies the ID of the AWS Key Management Service (KMS) master encryption key to use for encrypting Inventory reports.
IsEnabled (boolean) -- Specifies whether the inventory is enabled or disabled.
Filter (dict) -- Specifies an inventory filter. The inventory only includes objects that meet the filter's criteria.
Prefix (string) -- The prefix that an object must have to be included in the inventory results.
Id (string) -- The ID used to identify the inventory configuration.
IncludedObjectVersions (string) -- Specifies which object version(s) to included in the inventory results.
OptionalFields (list) -- Contains the optional fields that are included in the inventory results.
(string) --
Schedule (dict) -- Specifies the schedule for generating inventory results.
Frequency (string) -- Specifies how frequently inventory results are produced.
{'ReplicationConfiguration': {'Rules': {'Destination': {'AccessControlTranslation': {'Owner': 'Destination'},
'Account': 'string',
'EncryptionConfiguration': {'ReplicaKmsKeyID': 'string'}},
'SourceSelectionCriteria': {'SseKmsEncryptedObjects': {'Status': 'Enabled '
'| '
'Disabled'}}}}}
Returns the replication configuration of a bucket.
See also: AWS API Documentation
Request Syntax
client.get_bucket_replication(
Bucket='string'
)
string
[REQUIRED]
dict
Response Syntax
{
'ReplicationConfiguration': {
'Role': 'string',
'Rules': [
{
'ID': 'string',
'Prefix': 'string',
'Status': 'Enabled'|'Disabled',
'SourceSelectionCriteria': {
'SseKmsEncryptedObjects': {
'Status': 'Enabled'|'Disabled'
}
},
'Destination': {
'Bucket': 'string',
'Account': 'string',
'StorageClass': 'STANDARD'|'REDUCED_REDUNDANCY'|'STANDARD_IA',
'AccessControlTranslation': {
'Owner': 'Destination'
},
'EncryptionConfiguration': {
'ReplicaKmsKeyID': 'string'
}
}
},
]
}
}
Response Structure
(dict) --
ReplicationConfiguration (dict) -- Container for replication rules. You can add as many as 1,000 rules. Total replication configuration size can be up to 2 MB.
Role (string) -- Amazon Resource Name (ARN) of an IAM role for Amazon S3 to assume when replicating the objects.
Rules (list) -- Container for information about a particular replication rule. Replication configuration must have at least one rule and can contain up to 1,000 rules.
(dict) -- Container for information about a particular replication rule.
ID (string) -- Unique identifier for the rule. The value cannot be longer than 255 characters.
Prefix (string) -- Object keyname prefix identifying one or more objects to which the rule applies. Maximum prefix length can be up to 1,024 characters. Overlapping prefixes are not supported.
Status (string) -- The rule is ignored if status is not Enabled.
SourceSelectionCriteria (dict) -- Container for filters that define which source objects should be replicated.
SseKmsEncryptedObjects (dict) -- Container for filter information of selection of KMS Encrypted S3 objects.
Status (string) -- The replication for KMS encrypted S3 objects is disabled if status is not Enabled.
Destination (dict) -- Container for replication destination information.
Bucket (string) -- Amazon resource name (ARN) of the bucket where you want Amazon S3 to store replicas of the object identified by the rule.
Account (string) -- Account ID of the destination bucket. Currently this is only being verified if Access Control Translation is enabled
StorageClass (string) -- The class of storage used to store the object.
AccessControlTranslation (dict) -- Container for information regarding the access control for replicas.
Owner (string) -- The override value for the owner of the replica object.
EncryptionConfiguration (dict) -- Container for information regarding encryption based configuration for replicas.
ReplicaKmsKeyID (string) -- The id of the KMS key used to encrypt the replica object.
{'InventoryConfigurationList': {'Destination': {'S3BucketDestination': {'Encryption': {'SSEKMS': {'KeyId': 'string'},
'SSES3': {}}}},
'OptionalFields': {'EncryptionStatus'}}}
Returns a list of inventory configurations for the bucket.
See also: AWS API Documentation
Request Syntax
client.list_bucket_inventory_configurations(
Bucket='string',
ContinuationToken='string'
)
string
[REQUIRED] The name of the bucket containing the inventory configurations to retrieve.
string
The marker used to continue an inventory configuration listing that has been truncated. Use the NextContinuationToken from a previously truncated list response to continue the listing. The continuation token is an opaque value that Amazon S3 understands.
dict
Response Syntax
{
'ContinuationToken': 'string',
'InventoryConfigurationList': [
{
'Destination': {
'S3BucketDestination': {
'AccountId': 'string',
'Bucket': 'string',
'Format': 'CSV',
'Prefix': 'string',
'Encryption': {
'SSES3': {},
'SSEKMS': {
'KeyId': 'string'
}
}
}
},
'IsEnabled': True|False,
'Filter': {
'Prefix': 'string'
},
'Id': 'string',
'IncludedObjectVersions': 'All'|'Current',
'OptionalFields': [
'Size'|'LastModifiedDate'|'StorageClass'|'ETag'|'IsMultipartUploaded'|'ReplicationStatus'|'EncryptionStatus',
],
'Schedule': {
'Frequency': 'Daily'|'Weekly'
}
},
],
'IsTruncated': True|False,
'NextContinuationToken': 'string'
}
Response Structure
(dict) --
ContinuationToken (string) -- If sent in the request, the marker that is used as a starting point for this inventory configuration list response.
InventoryConfigurationList (list) -- The list of inventory configurations for a bucket.
(dict) --
Destination (dict) -- Contains information about where to publish the inventory results.
S3BucketDestination (dict) -- Contains the bucket name, file format, bucket owner (optional), and prefix (optional) where inventory results are published.
AccountId (string) -- The ID of the account that owns the destination bucket.
Bucket (string) -- The Amazon resource name (ARN) of the bucket where inventory results will be published.
Format (string) -- Specifies the output format of the inventory results.
Prefix (string) -- The prefix that is prepended to all inventory results.
Encryption (dict) -- Contains the type of server-side encryption used to encrypt the inventory results.
SSES3 (dict) -- Specifies the use of SSE-S3 to encrypt delievered Inventory reports.
SSEKMS (dict) -- Specifies the use of SSE-KMS to encrypt delievered Inventory reports.
KeyId (string) -- Specifies the ID of the AWS Key Management Service (KMS) master encryption key to use for encrypting Inventory reports.
IsEnabled (boolean) -- Specifies whether the inventory is enabled or disabled.
Filter (dict) -- Specifies an inventory filter. The inventory only includes objects that meet the filter's criteria.
Prefix (string) -- The prefix that an object must have to be included in the inventory results.
Id (string) -- The ID used to identify the inventory configuration.
IncludedObjectVersions (string) -- Specifies which object version(s) to included in the inventory results.
OptionalFields (list) -- Contains the optional fields that are included in the inventory results.
(string) --
Schedule (dict) -- Specifies the schedule for generating inventory results.
Frequency (string) -- Specifies how frequently inventory results are produced.
IsTruncated (boolean) -- Indicates whether the returned list of inventory configurations is truncated in this response. A value of true indicates that the list is truncated.
NextContinuationToken (string) -- The marker used to continue this inventory configuration listing. Use the NextContinuationToken from this response to continue the listing in a subsequent request. The continuation token is an opaque value that Amazon S3 understands.
{'InventoryConfiguration': {'Destination': {'S3BucketDestination': {'Encryption': {'SSEKMS': {'KeyId': 'string'},
'SSES3': {}}}},
'OptionalFields': {'EncryptionStatus'}}}
Adds an inventory configuration (identified by the inventory ID) from the bucket.
See also: AWS API Documentation
Request Syntax
client.put_bucket_inventory_configuration(
Bucket='string',
Id='string',
InventoryConfiguration={
'Destination': {
'S3BucketDestination': {
'AccountId': 'string',
'Bucket': 'string',
'Format': 'CSV',
'Prefix': 'string',
'Encryption': {
'SSES3': {}
,
'SSEKMS': {
'KeyId': 'string'
}
}
}
},
'IsEnabled': True|False,
'Filter': {
'Prefix': 'string'
},
'Id': 'string',
'IncludedObjectVersions': 'All'|'Current',
'OptionalFields': [
'Size'|'LastModifiedDate'|'StorageClass'|'ETag'|'IsMultipartUploaded'|'ReplicationStatus'|'EncryptionStatus',
],
'Schedule': {
'Frequency': 'Daily'|'Weekly'
}
}
)
string
[REQUIRED] The name of the bucket where the inventory configuration will be stored.
string
[REQUIRED] The ID used to identify the inventory configuration.
dict
[REQUIRED] Specifies the inventory configuration.
Destination (dict) -- [REQUIRED] Contains information about where to publish the inventory results.
S3BucketDestination (dict) -- [REQUIRED] Contains the bucket name, file format, bucket owner (optional), and prefix (optional) where inventory results are published.
AccountId (string) -- The ID of the account that owns the destination bucket.
Bucket (string) -- [REQUIRED] The Amazon resource name (ARN) of the bucket where inventory results will be published.
Format (string) -- [REQUIRED] Specifies the output format of the inventory results.
Prefix (string) -- The prefix that is prepended to all inventory results.
Encryption (dict) -- Contains the type of server-side encryption used to encrypt the inventory results.
SSES3 (dict) -- Specifies the use of SSE-S3 to encrypt delievered Inventory reports.
SSEKMS (dict) -- Specifies the use of SSE-KMS to encrypt delievered Inventory reports.
KeyId (string) -- [REQUIRED] Specifies the ID of the AWS Key Management Service (KMS) master encryption key to use for encrypting Inventory reports.
IsEnabled (boolean) -- [REQUIRED] Specifies whether the inventory is enabled or disabled.
Filter (dict) -- Specifies an inventory filter. The inventory only includes objects that meet the filter's criteria.
Prefix (string) -- [REQUIRED] The prefix that an object must have to be included in the inventory results.
Id (string) -- [REQUIRED] The ID used to identify the inventory configuration.
IncludedObjectVersions (string) -- [REQUIRED] Specifies which object version(s) to included in the inventory results.
OptionalFields (list) -- Contains the optional fields that are included in the inventory results.
(string) --
Schedule (dict) -- [REQUIRED] Specifies the schedule for generating inventory results.
Frequency (string) -- [REQUIRED] Specifies how frequently inventory results are produced.
None
{'ConfirmRemoveSelfBucketAccess': 'boolean'}
Replaces a policy on a bucket. If the bucket already has a policy, the one in this request completely replaces it.
See also: AWS API Documentation
Request Syntax
client.put_bucket_policy(
Bucket='string',
ContentMD5='string',
ConfirmRemoveSelfBucketAccess=True|False,
Policy='string'
)
string
[REQUIRED]
string
boolean
Set this parameter to true to confirm that you want to remove your permissions to change this bucket policy in the future.
string
[REQUIRED] The bucket policy as a JSON document.
None
{'ReplicationConfiguration': {'Rules': {'Destination': {'AccessControlTranslation': {'Owner': 'Destination'},
'Account': 'string',
'EncryptionConfiguration': {'ReplicaKmsKeyID': 'string'}},
'SourceSelectionCriteria': {'SseKmsEncryptedObjects': {'Status': 'Enabled '
'| '
'Disabled'}}}}}
Creates a new replication configuration (or replaces an existing one, if present).
See also: AWS API Documentation
Request Syntax
client.put_bucket_replication(
Bucket='string',
ContentMD5='string',
ReplicationConfiguration={
'Role': 'string',
'Rules': [
{
'ID': 'string',
'Prefix': 'string',
'Status': 'Enabled'|'Disabled',
'SourceSelectionCriteria': {
'SseKmsEncryptedObjects': {
'Status': 'Enabled'|'Disabled'
}
},
'Destination': {
'Bucket': 'string',
'Account': 'string',
'StorageClass': 'STANDARD'|'REDUCED_REDUNDANCY'|'STANDARD_IA',
'AccessControlTranslation': {
'Owner': 'Destination'
},
'EncryptionConfiguration': {
'ReplicaKmsKeyID': 'string'
}
}
},
]
}
)
string
[REQUIRED]
string
dict
[REQUIRED] Container for replication rules. You can add as many as 1,000 rules. Total replication configuration size can be up to 2 MB.
Role (string) -- [REQUIRED] Amazon Resource Name (ARN) of an IAM role for Amazon S3 to assume when replicating the objects.
Rules (list) -- [REQUIRED] Container for information about a particular replication rule. Replication configuration must have at least one rule and can contain up to 1,000 rules.
(dict) -- Container for information about a particular replication rule.
ID (string) -- Unique identifier for the rule. The value cannot be longer than 255 characters.
Prefix (string) -- [REQUIRED] Object keyname prefix identifying one or more objects to which the rule applies. Maximum prefix length can be up to 1,024 characters. Overlapping prefixes are not supported.
Status (string) -- [REQUIRED] The rule is ignored if status is not Enabled.
SourceSelectionCriteria (dict) -- Container for filters that define which source objects should be replicated.
SseKmsEncryptedObjects (dict) -- Container for filter information of selection of KMS Encrypted S3 objects.
Status (string) -- [REQUIRED] The replication for KMS encrypted S3 objects is disabled if status is not Enabled.
Destination (dict) -- [REQUIRED] Container for replication destination information.
Bucket (string) -- [REQUIRED] Amazon resource name (ARN) of the bucket where you want Amazon S3 to store replicas of the object identified by the rule.
Account (string) -- Account ID of the destination bucket. Currently this is only being verified if Access Control Translation is enabled
StorageClass (string) -- The class of storage used to store the object.
AccessControlTranslation (dict) -- Container for information regarding the access control for replicas.
Owner (string) -- [REQUIRED] The override value for the owner of the replica object.
EncryptionConfiguration (dict) -- Container for information regarding encryption based configuration for replicas.
ReplicaKmsKeyID (string) -- The id of the KMS key used to encrypt the replica object.
None