Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

We announced the upcoming end-of-support for AWS SDK for JavaScript v2.
We recommend that you migrate to AWS SDK for JavaScript v3. For dates, additional details, and information on how to migrate, please refer to the linked announcement.

Class: AWS.S3Control

Inherits:
AWS.Service show all
Identifier:
s3control
API Version:
2018-08-20
Defined in:
(unknown)

Overview

Constructs a service interface object. Each API operation is exposed as a function on service.

Service Description

Amazon Web Services S3 Control provides access to Amazon S3 control plane actions.

Sending a Request Using S3Control

var s3control = new AWS.S3Control();
s3control.associateAccessGrantsIdentityCenter(params, function (err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Locking the API Version

In order to ensure that the S3Control object uses this specific API, you can construct the object by passing the apiVersion option to the constructor:

var s3control = new AWS.S3Control({apiVersion: '2018-08-20'});

You can also set the API version globally in AWS.config.apiVersions using the s3control service identifier:

AWS.config.apiVersions = {
  s3control: '2018-08-20',
  // other service API versions
};

var s3control = new AWS.S3Control();

Version:

  • 2018-08-20

Constructor Summary collapse

Property Summary collapse

Properties inherited from AWS.Service

apiVersions

Method Summary collapse

Methods inherited from AWS.Service

makeRequest, makeUnauthenticatedRequest, waitFor, defineService

Constructor Details

new AWS.S3Control(options = {}) ⇒ Object

Constructs a service object. This object has one method for each API operation.

Examples:

Constructing a S3Control object

var s3control = new AWS.S3Control({apiVersion: '2018-08-20'});

Options Hash (options):

  • params (map)

    An optional map of parameters to bind to every request sent by this service object. For more information on bound parameters, see "Working with Services" in the Getting Started Guide.

  • endpoint (String|AWS.Endpoint)

    The endpoint URI to send requests to. The default endpoint is built from the configured region. The endpoint should be a string like 'https://{service}.{region}.amazonaws.com' or an Endpoint object.

  • useDualstack (Boolean)

    Enables IPv6/IPv4 dualstack endpoint. When a DNS lookup is performed on an endpoint of this type, it returns an “A” record with an IPv4 address and an “AAAA” record with an IPv6 address. In most cases the network stack in the client environment will automatically prefer the AAAA record and make a connection using the IPv6 address. Note, however, that currently on Windows, the IPv4 address will be preferred.

  • accessKeyId (String)

    your AWS access key ID.

  • secretAccessKey (String)

    your AWS secret access key.

  • sessionToken (AWS.Credentials)

    the optional AWS session token to sign requests with.

  • credentials (AWS.Credentials)

    the AWS credentials to sign requests with. You can either specify this object, or specify the accessKeyId and secretAccessKey options directly.

  • credentialProvider (AWS.CredentialProviderChain)

    the provider chain used to resolve credentials if no static credentials property is set.

  • region (String)

    the region to send service requests to. See AWS.S3Control.region for more information.

  • maxRetries (Integer)

    the maximum amount of retries to attempt with a request. See AWS.S3Control.maxRetries for more information.

  • maxRedirects (Integer)

    the maximum amount of redirects to follow with a request. See AWS.S3Control.maxRedirects for more information.

  • sslEnabled (Boolean)

    whether to enable SSL for requests.

  • paramValidation (Boolean|map)

    whether input parameters should be validated against the operation description before sending the request. Defaults to true. Pass a map to enable any of the following specific validation features:

    • min [Boolean] — Validates that a value meets the min constraint. This is enabled by default when paramValidation is set to true.
    • max [Boolean] — Validates that a value meets the max constraint.
    • pattern [Boolean] — Validates that a string value matches a regular expression.
    • enum [Boolean] — Validates that a string value matches one of the allowable enum values.
  • computeChecksums (Boolean)

    whether to compute checksums for payload bodies when the service accepts it (currently supported in S3 only)

  • convertResponseTypes (Boolean)

    whether types are converted when parsing response data. Currently only supported for JSON based services. Turning this off may improve performance on large response payloads. Defaults to true.

  • correctClockSkew (Boolean)

    whether to apply a clock skew correction and retry requests that fail because of an skewed client clock. Defaults to false.

  • s3ForcePathStyle (Boolean)

    whether to force path style URLs for S3 objects.

  • s3BucketEndpoint (Boolean)

    whether the provided endpoint addresses an individual bucket (false if it addresses the root API endpoint). Note that setting this configuration option requires an endpoint to be provided explicitly to the service constructor.

  • s3DisableBodySigning (Boolean)

    whether S3 body signing should be disabled when using signature version v4. Body signing can only be disabled when using https. Defaults to true.

  • s3UsEast1RegionalEndpoint ('legacy'|'regional')

    when region is set to 'us-east-1', whether to send s3 request to global endpoints or 'us-east-1' regional endpoints. This config is only applicable to S3 client. Defaults to legacy

  • s3UseArnRegion (Boolean)

    whether to override the request region with the region inferred from requested resource's ARN. Only available for S3 buckets Defaults to true

  • retryDelayOptions (map)

    A set of options to configure the retry delay on retryable errors. Currently supported options are:

    • base [Integer] — The base number of milliseconds to use in the exponential backoff for operation retries. Defaults to 100 ms for all services except DynamoDB, where it defaults to 50ms.
    • customBackoff [function] — A custom function that accepts a retry count and error and returns the amount of time to delay in milliseconds. If the result is a non-zero negative value, no further retry attempts will be made. The base option will be ignored if this option is supplied. The function is only called for retryable errors.
  • httpOptions (map)

    A set of options to pass to the low-level HTTP request. Currently supported options are:

    • proxy [String] — the URL to proxy requests through
    • agent [http.Agent, https.Agent] — the Agent object to perform HTTP requests with. Used for connection pooling. Defaults to the global agent (http.globalAgent) for non-SSL connections. Note that for SSL connections, a special Agent object is used in order to enable peer certificate verification. This feature is only available in the Node.js environment.
    • connectTimeout [Integer] — Sets the socket to timeout after failing to establish a connection with the server after connectTimeout milliseconds. This timeout has no effect once a socket connection has been established.
    • timeout [Integer] — Sets the socket to timeout after timeout milliseconds of inactivity on the socket. Defaults to two minutes (120000).
    • xhrAsync [Boolean] — Whether the SDK will send asynchronous HTTP requests. Used in the browser environment only. Set to false to send requests synchronously. Defaults to true (async on).
    • xhrWithCredentials [Boolean] — Sets the "withCredentials" property of an XMLHttpRequest object. Used in the browser environment only. Defaults to false.
  • apiVersion (String, Date)

    a String in YYYY-MM-DD format (or a date) that represents the latest possible API version that can be used in all services (unless overridden by apiVersions). Specify 'latest' to use the latest possible version.

  • apiVersions (map<String, String|Date>)

    a map of service identifiers (the lowercase service class name) with the API version to use when instantiating a service. Specify 'latest' for each individual that can use the latest available version.

  • logger (#write, #log)

    an object that responds to .write() (like a stream) or .log() (like the console object) in order to log information about requests

  • systemClockOffset (Number)

    an offset value in milliseconds to apply to all signing times. Use this to compensate for clock skew when your system may be out of sync with the service time. Note that this configuration option can only be applied to the global AWS.config object and cannot be overridden in service-specific configuration. Defaults to 0 milliseconds.

  • signatureVersion (String)

    the signature version to sign requests with (overriding the API configuration). Possible values are: 'v2', 'v3', 'v4'.

  • signatureCache (Boolean)

    whether the signature to sign requests with (overriding the API configuration) is cached. Only applies to the signature version 'v4'. Defaults to true.

  • dynamoDbCrc32 (Boolean)

    whether to validate the CRC32 checksum of HTTP response bodies returned by DynamoDB. Default: true.

  • useAccelerateEndpoint (Boolean)

    Whether to use the S3 Transfer Acceleration endpoint with the S3 service. Default: false.

  • clientSideMonitoring (Boolean)

    whether to collect and publish this client's performance metrics of all its API requests.

  • endpointDiscoveryEnabled (Boolean|undefined)

    whether to call operations with endpoints given by service dynamically. Setting this

  • endpointCacheSize (Number)

    the size of the global cache storing endpoints from endpoint discovery operations. Once endpoint cache is created, updating this setting cannot change existing cache size. Defaults to 1000

  • hostPrefixEnabled (Boolean)

    whether to marshal request parameters to the prefix of hostname. Defaults to true.

  • stsRegionalEndpoints ('legacy'|'regional')

    whether to send sts request to global endpoints or regional endpoints. Defaults to 'legacy'.

  • useFipsEndpoint (Boolean)

    Enables FIPS compatible endpoints. Defaults to false.

  • useDualstackEndpoint (Boolean)

    Enables IPv6 dualstack endpoint. Defaults to false.

Property Details

endpointAWS.Endpoint (readwrite)

Returns an Endpoint object representing the endpoint URL for service requests.

Returns:

  • (AWS.Endpoint)

    an Endpoint object representing the endpoint URL for service requests.

Method Details

addOutpostIdHeader(req) ⇒ void

Adds outpostId header

associateAccessGrantsIdentityCenter(params = {}, callback) ⇒ AWS.Request

Associate your S3 Access Grants instance with an Amazon Web Services IAM Identity Center instance. Use this action if you want to create access grants for users or groups from your corporate identity directory. First, you must add your corporate identity directory to Amazon Web Services IAM Identity Center. Then, you can associate this IAM Identity Center instance with your S3 Access Grants instance.

Permissions

You must have the s3:AssociateAccessGrantsIdentityCenter permission to use this operation.

Additional Permissions

You must also have the following permissions: sso:CreateApplication, sso:PutApplicationGrant, and sso:PutApplicationAuthenticationMethod.

Examples:

Calling the associateAccessGrantsIdentityCenter operation

var params = {
  AccountId: 'STRING_VALUE', /* required */
  IdentityCenterArn: 'STRING_VALUE' /* required */
};
s3control.associateAccessGrantsIdentityCenter(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • AccountId — (String)

      The Amazon Web Services account ID of the S3 Access Grants instance.

    • IdentityCenterArn — (String)

      The Amazon Resource Name (ARN) of the Amazon Web Services IAM Identity Center instance that you are associating with your S3 Access Grants instance. An IAM Identity Center instance is your corporate identity directory that you added to the IAM Identity Center. You can use the ListInstances API operation to retrieve a list of your Identity Center instances and their ARNs.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

createAccessGrant(params = {}, callback) ⇒ AWS.Request

Creates an access grant that gives a grantee access to your S3 data. The grantee can be an IAM user or role or a directory user, or group. Before you can create a grant, you must have an S3 Access Grants instance in the same Region as the S3 data. You can create an S3 Access Grants instance using the CreateAccessGrantsInstance. You must also have registered at least one S3 data location in your S3 Access Grants instance using CreateAccessGrantsLocation.

Permissions

You must have the s3:CreateAccessGrant permission to use this operation.

Additional Permissions

For any directory identity - sso:DescribeInstance and sso:DescribeApplication

For directory users - identitystore:DescribeUser

For directory groups - identitystore:DescribeGroup

Service Reference:

Examples:

Calling the createAccessGrant operation

var params = {
  AccessGrantsLocationId: 'STRING_VALUE', /* required */
  AccountId: 'STRING_VALUE', /* required */
  Grantee: { /* required */
    GranteeIdentifier: 'STRING_VALUE',
    GranteeType: DIRECTORY_USER | DIRECTORY_GROUP | IAM
  },
  Permission: READ | WRITE | READWRITE, /* required */
  AccessGrantsLocationConfiguration: {
    S3SubPrefix: 'STRING_VALUE'
  },
  ApplicationArn: 'STRING_VALUE',
  S3PrefixType: Object,
  Tags: [
    {
      Key: 'STRING_VALUE', /* required */
      Value: 'STRING_VALUE' /* required */
    },
    /* more items */
  ]
};
s3control.createAccessGrant(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • AccountId — (String)

      The Amazon Web Services account ID of the S3 Access Grants instance.

    • AccessGrantsLocationId — (String)

      The ID of the registered location to which you are granting access. S3 Access Grants assigns this ID when you register the location. S3 Access Grants assigns the ID default to the default location s3:// and assigns an auto-generated ID to other locations that you register.

      If you are passing the default location, you cannot create an access grant for the entire default location. You must also specify a bucket or a bucket and prefix in the Subprefix field.

    • AccessGrantsLocationConfiguration — (map)

      The configuration options of the grant location. The grant location is the S3 path to the data to which you are granting access. It contains the S3SubPrefix field. The grant scope is the result of appending the subprefix to the location scope of the registered location.

      • S3SubPrefix — (String)

        The S3SubPrefix is appended to the location scope creating the grant scope. Use this field to narrow the scope of the grant to a subset of the location scope. This field is required if the location scope is the default location s3:// because you cannot create a grant for all of your S3 data in the Region and must narrow the scope. For example, if the location scope is the default location s3://, the S3SubPrefx can be a <bucket-name>/*, so the full grant scope path would be s3://<bucket-name>/*. Or the S3SubPrefx can be <bucket-name>/<prefix-name>*, so the full grant scope path would be or s3://<bucket-name>/<prefix-name>*.

        If the S3SubPrefix includes a prefix, append the wildcard character * after the prefix to indicate that you want to include all object key names in the bucket that start with that prefix.

    • Grantee — (map)

      The user, group, or role to which you are granting access. You can grant access to an IAM user or role. If you have added your corporate directory to Amazon Web Services IAM Identity Center and associated your Identity Center instance with your S3 Access Grants instance, the grantee can also be a corporate directory user or group.

      • GranteeType — (String)

        The type of the grantee to which access has been granted. It can be one of the following values:

        • IAM - An IAM user or role.

        • DIRECTORY_USER - Your corporate directory user. You can use this option if you have added your corporate identity directory to IAM Identity Center and associated the IAM Identity Center instance with your S3 Access Grants instance.

        • DIRECTORY_GROUP - Your corporate directory group. You can use this option if you have added your corporate identity directory to IAM Identity Center and associated the IAM Identity Center instance with your S3 Access Grants instance.

        Possible values include:
        • "DIRECTORY_USER"
        • "DIRECTORY_GROUP"
        • "IAM"
      • GranteeIdentifier — (String)

        The unique identifier of the Grantee. If the grantee type is IAM, the identifier is the IAM Amazon Resource Name (ARN) of the user or role. If the grantee type is a directory user or group, the identifier is 128-bit universally unique identifier (UUID) in the format a1b2c3d4-5678-90ab-cdef-EXAMPLE11111. You can obtain this UUID from your Amazon Web Services IAM Identity Center instance.

    • Permission — (String)

      The type of access that you are granting to your S3 data, which can be set to one of the following values:

      • READ – Grant read-only access to the S3 data.

      • WRITE – Grant write-only access to the S3 data.

      • READWRITE – Grant both read and write access to the S3 data.

      Possible values include:
      • "READ"
      • "WRITE"
      • "READWRITE"
    • ApplicationArn — (String)

      The Amazon Resource Name (ARN) of an Amazon Web Services IAM Identity Center application associated with your Identity Center instance. If an application ARN is included in the request to create an access grant, the grantee can only access the S3 data through this application.

    • S3PrefixType — (String)

      The type of S3SubPrefix. The only possible value is Object. Pass this value if the access grant scope is an object. Do not pass this value if the access grant scope is a bucket or a bucket and a prefix.

      Possible values include:
      • "Object"
    • Tags — (Array<map>)

      The Amazon Web Services resource tags that you are adding to the access grant. Each tag is a label consisting of a user-defined key and value. Tags can help you manage, identify, organize, search for, and filter resources.

      • Keyrequired — (String)

        The key of the key-value pair of a tag added to your Amazon Web Services resource. A tag key can be up to 128 Unicode characters in length and is case-sensitive. System created tags that begin with aws: aren’t supported.

      • Valuerequired — (String)

        The value of the key-value pair of a tag added to your Amazon Web Services resource. A tag value can be up to 256 Unicode characters in length and is case-sensitive.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • CreatedAt — (Date)

        The date and time when you created the access grant.

      • AccessGrantId — (String)

        The ID of the access grant. S3 Access Grants auto-generates this ID when you create the access grant.

      • AccessGrantArn — (String)

        The Amazon Resource Name (ARN) of the access grant.

      • Grantee — (map)

        The user, group, or role to which you are granting access. You can grant access to an IAM user or role. If you have added your corporate directory to Amazon Web Services IAM Identity Center and associated your Identity Center instance with your S3 Access Grants instance, the grantee can also be a corporate directory user or group.

        • GranteeType — (String)

          The type of the grantee to which access has been granted. It can be one of the following values:

          • IAM - An IAM user or role.

          • DIRECTORY_USER - Your corporate directory user. You can use this option if you have added your corporate identity directory to IAM Identity Center and associated the IAM Identity Center instance with your S3 Access Grants instance.

          • DIRECTORY_GROUP - Your corporate directory group. You can use this option if you have added your corporate identity directory to IAM Identity Center and associated the IAM Identity Center instance with your S3 Access Grants instance.

          Possible values include:
          • "DIRECTORY_USER"
          • "DIRECTORY_GROUP"
          • "IAM"
        • GranteeIdentifier — (String)

          The unique identifier of the Grantee. If the grantee type is IAM, the identifier is the IAM Amazon Resource Name (ARN) of the user or role. If the grantee type is a directory user or group, the identifier is 128-bit universally unique identifier (UUID) in the format a1b2c3d4-5678-90ab-cdef-EXAMPLE11111. You can obtain this UUID from your Amazon Web Services IAM Identity Center instance.

      • AccessGrantsLocationId — (String)

        The ID of the registered location to which you are granting access. S3 Access Grants assigns this ID when you register the location. S3 Access Grants assigns the ID default to the default location s3:// and assigns an auto-generated ID to other locations that you register.

      • AccessGrantsLocationConfiguration — (map)

        The configuration options of the grant location. The grant location is the S3 path to the data to which you are granting access.

        • S3SubPrefix — (String)

          The S3SubPrefix is appended to the location scope creating the grant scope. Use this field to narrow the scope of the grant to a subset of the location scope. This field is required if the location scope is the default location s3:// because you cannot create a grant for all of your S3 data in the Region and must narrow the scope. For example, if the location scope is the default location s3://, the S3SubPrefx can be a <bucket-name>/*, so the full grant scope path would be s3://<bucket-name>/*. Or the S3SubPrefx can be <bucket-name>/<prefix-name>*, so the full grant scope path would be or s3://<bucket-name>/<prefix-name>*.

          If the S3SubPrefix includes a prefix, append the wildcard character * after the prefix to indicate that you want to include all object key names in the bucket that start with that prefix.

      • Permission — (String)

        The type of access that you are granting to your S3 data, which can be set to one of the following values:

        • READ – Grant read-only access to the S3 data.

        • WRITE – Grant write-only access to the S3 data.

        • READWRITE – Grant both read and write access to the S3 data.

        Possible values include:
        • "READ"
        • "WRITE"
        • "READWRITE"
      • ApplicationArn — (String)

        The Amazon Resource Name (ARN) of an Amazon Web Services IAM Identity Center application associated with your Identity Center instance. If the grant includes an application ARN, the grantee can only access the S3 data through this application.

      • GrantScope — (String)

        The S3 path of the data to which you are granting access. It is the result of appending the Subprefix to the location scope.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

createAccessGrantsInstance(params = {}, callback) ⇒ AWS.Request

Creates an S3 Access Grants instance, which serves as a logical grouping for access grants. You can create one S3 Access Grants instance per Region per account.

Permissions

You must have the s3:CreateAccessGrantsInstance permission to use this operation.

Additional Permissions

To associate an IAM Identity Center instance with your S3 Access Grants instance, you must also have the sso:DescribeInstance, sso:CreateApplication, sso:PutApplicationGrant, and sso:PutApplicationAuthenticationMethod permissions.

Service Reference:

Examples:

Calling the createAccessGrantsInstance operation

var params = {
  AccountId: 'STRING_VALUE', /* required */
  IdentityCenterArn: 'STRING_VALUE',
  Tags: [
    {
      Key: 'STRING_VALUE', /* required */
      Value: 'STRING_VALUE' /* required */
    },
    /* more items */
  ]
};
s3control.createAccessGrantsInstance(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • AccountId — (String)

      The Amazon Web Services account ID of the S3 Access Grants instance.

    • IdentityCenterArn — (String)

      If you would like to associate your S3 Access Grants instance with an Amazon Web Services IAM Identity Center instance, use this field to pass the Amazon Resource Name (ARN) of the Amazon Web Services IAM Identity Center instance that you are associating with your S3 Access Grants instance. An IAM Identity Center instance is your corporate identity directory that you added to the IAM Identity Center. You can use the ListInstances API operation to retrieve a list of your Identity Center instances and their ARNs.

    • Tags — (Array<map>)

      The Amazon Web Services resource tags that you are adding to the S3 Access Grants instance. Each tag is a label consisting of a user-defined key and value. Tags can help you manage, identify, organize, search for, and filter resources.

      • Keyrequired — (String)

        The key of the key-value pair of a tag added to your Amazon Web Services resource. A tag key can be up to 128 Unicode characters in length and is case-sensitive. System created tags that begin with aws: aren’t supported.

      • Valuerequired — (String)

        The value of the key-value pair of a tag added to your Amazon Web Services resource. A tag value can be up to 256 Unicode characters in length and is case-sensitive.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • CreatedAt — (Date)

        The date and time when you created the S3 Access Grants instance.

      • AccessGrantsInstanceId — (String)

        The ID of the S3 Access Grants instance. The ID is default. You can have one S3 Access Grants instance per Region per account.

      • AccessGrantsInstanceArn — (String)

        The Amazon Resource Name (ARN) of the Amazon Web Services IAM Identity Center instance that you are associating with your S3 Access Grants instance. An IAM Identity Center instance is your corporate identity directory that you added to the IAM Identity Center. You can use the ListInstances API operation to retrieve a list of your Identity Center instances and their ARNs.

      • IdentityCenterArn — (String)

        If you associated your S3 Access Grants instance with an Amazon Web Services IAM Identity Center instance, this field returns the Amazon Resource Name (ARN) of the IAM Identity Center instance application; a subresource of the original Identity Center instance. S3 Access Grants creates this Identity Center application for the specific S3 Access Grants instance.

      • IdentityCenterInstanceArn — (String)

        The Amazon Resource Name (ARN) of the Amazon Web Services IAM Identity Center instance that you are associating with your S3 Access Grants instance. An IAM Identity Center instance is your corporate identity directory that you added to the IAM Identity Center. You can use the ListInstances API operation to retrieve a list of your Identity Center instances and their ARNs.

      • IdentityCenterApplicationArn — (String)

        If you associated your S3 Access Grants instance with an Amazon Web Services IAM Identity Center instance, this field returns the Amazon Resource Name (ARN) of the IAM Identity Center instance application; a subresource of the original Identity Center instance. S3 Access Grants creates this Identity Center application for the specific S3 Access Grants instance.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

createAccessGrantsLocation(params = {}, callback) ⇒ AWS.Request

The S3 data location that you would like to register in your S3 Access Grants instance. Your S3 data must be in the same Region as your S3 Access Grants instance. The location can be one of the following:

  • The default S3 location s3://

  • A bucket - S3://<bucket-name>

  • A bucket and prefix - S3://<bucket-name>/<prefix>

When you register a location, you must include the IAM role that has permission to manage the S3 location that you are registering. Give S3 Access Grants permission to assume this role using a policy. S3 Access Grants assumes this role to manage access to the location and to vend temporary credentials to grantees or client applications.

Permissions

You must have the s3:CreateAccessGrantsLocation permission to use this operation.

Additional Permissions

You must also have the following permission for the specified IAM role: iam:PassRole

Service Reference:

Examples:

Calling the createAccessGrantsLocation operation

var params = {
  AccountId: 'STRING_VALUE', /* required */
  IAMRoleArn: 'STRING_VALUE', /* required */
  LocationScope: 'STRING_VALUE', /* required */
  Tags: [
    {
      Key: 'STRING_VALUE', /* required */
      Value: 'STRING_VALUE' /* required */
    },
    /* more items */
  ]
};
s3control.createAccessGrantsLocation(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • AccountId — (String)

      The Amazon Web Services account ID of the S3 Access Grants instance.

    • LocationScope — (String)

      The S3 path to the location that you are registering. The location scope can be the default S3 location s3://, the S3 path to a bucket s3://<bucket>, or the S3 path to a bucket and prefix s3://<bucket>/<prefix>. A prefix in S3 is a string of characters at the beginning of an object key name used to organize the objects that you store in your S3 buckets. For example, object key names that start with the engineering/ prefix or object key names that start with the marketing/campaigns/ prefix.

    • IAMRoleArn — (String)

      The Amazon Resource Name (ARN) of the IAM role for the registered location. S3 Access Grants assumes this role to manage access to the registered location.

    • Tags — (Array<map>)

      The Amazon Web Services resource tags that you are adding to the S3 Access Grants location. Each tag is a label consisting of a user-defined key and value. Tags can help you manage, identify, organize, search for, and filter resources.

      • Keyrequired — (String)

        The key of the key-value pair of a tag added to your Amazon Web Services resource. A tag key can be up to 128 Unicode characters in length and is case-sensitive. System created tags that begin with aws: aren’t supported.

      • Valuerequired — (String)

        The value of the key-value pair of a tag added to your Amazon Web Services resource. A tag value can be up to 256 Unicode characters in length and is case-sensitive.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • CreatedAt — (Date)

        The date and time when you registered the location.

      • AccessGrantsLocationId — (String)

        The ID of the registered location to which you are granting access. S3 Access Grants assigns this ID when you register the location. S3 Access Grants assigns the ID default to the default location s3:// and assigns an auto-generated ID to other locations that you register.

      • AccessGrantsLocationArn — (String)

        The Amazon Resource Name (ARN) of the location you are registering.

      • LocationScope — (String)

        The S3 URI path to the location that you are registering. The location scope can be the default S3 location s3://, the S3 path to a bucket, or the S3 path to a bucket and prefix. A prefix in S3 is a string of characters at the beginning of an object key name used to organize the objects that you store in your S3 buckets. For example, object key names that start with the engineering/ prefix or object key names that start with the marketing/campaigns/ prefix.

      • IAMRoleArn — (String)

        The Amazon Resource Name (ARN) of the IAM role for the registered location. S3 Access Grants assumes this role to manage access to the registered location.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

createAccessPoint(params = {}, callback) ⇒ AWS.Request

Note: This operation is not supported by directory buckets.

Creates an access point and associates it with the specified bucket. For more information, see Managing Data Access with Amazon S3 Access Points in the Amazon S3 User Guide.

Note: S3 on Outposts only supports VPC-style access points. For more information, see Accessing Amazon S3 on Outposts using virtual private cloud (VPC) only access points in the Amazon S3 User Guide.

All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.

The following actions are related to CreateAccessPoint:

Service Reference:

Examples:

Calling the createAccessPoint operation

var params = {
  AccountId: 'STRING_VALUE', /* required */
  Bucket: 'STRING_VALUE', /* required */
  Name: 'STRING_VALUE', /* required */
  BucketAccountId: 'STRING_VALUE',
  PublicAccessBlockConfiguration: {
    BlockPublicAcls: true || false,
    BlockPublicPolicy: true || false,
    IgnorePublicAcls: true || false,
    RestrictPublicBuckets: true || false
  },
  VpcConfiguration: {
    VpcId: 'STRING_VALUE' /* required */
  }
};
s3control.createAccessPoint(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • AccountId — (String)

      The Amazon Web Services account ID for the account that owns the specified access point.

    • Name — (String)

      The name you want to assign to this access point.

    • Bucket — (String)

      The name of the bucket that you want to associate this access point with.

      For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.

      For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>. For example, to access the bucket reports through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports. The value must be URL encoded.

    • VpcConfiguration — (map)

      If you include this field, Amazon S3 restricts access to this access point to requests from the specified virtual private cloud (VPC).

      Note: This is required for creating an access point for Amazon S3 on Outposts buckets.
      • VpcIdrequired — (String)

        If this field is specified, this access point will only allow connections from the specified VPC ID.

    • PublicAccessBlockConfiguration — (map)

      The PublicAccessBlock configuration that you want to apply to the access point.

      • BlockPublicAcls — (Boolean)

        Specifies whether Amazon S3 should block public access control lists (ACLs) for buckets in this account. Setting this element to TRUE causes the following behavior:

        • PutBucketAcl and PutObjectAcl calls fail if the specified ACL is public.

        • PUT Object calls fail if the request includes a public ACL.

        • PUT Bucket calls fail if the request includes a public ACL.

        Enabling this setting doesn't affect existing policies or ACLs.

        This property is not supported for Amazon S3 on Outposts.

      • IgnorePublicAcls — (Boolean)

        Specifies whether Amazon S3 should ignore public ACLs for buckets in this account. Setting this element to TRUE causes Amazon S3 to ignore all public ACLs on buckets in this account and any objects that they contain.

        Enabling this setting doesn't affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set.

        This property is not supported for Amazon S3 on Outposts.

      • BlockPublicPolicy — (Boolean)

        Specifies whether Amazon S3 should block public bucket policies for buckets in this account. Setting this element to TRUE causes Amazon S3 to reject calls to PUT Bucket policy if the specified bucket policy allows public access.

        Enabling this setting doesn't affect existing bucket policies.

        This property is not supported for Amazon S3 on Outposts.

      • RestrictPublicBuckets — (Boolean)

        Specifies whether Amazon S3 should restrict public bucket policies for buckets in this account. Setting this element to TRUE restricts access to buckets with public policies to only Amazon Web Servicesservice principals and authorized users within this account.

        Enabling this setting doesn't affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked.

        This property is not supported for Amazon S3 on Outposts.

    • BucketAccountId — (String)

      The Amazon Web Services account ID associated with the S3 bucket associated with this access point.

      For same account access point when your bucket and access point belong to the same account owner, the BucketAccountId is not required. For cross-account access point when your bucket and access point are not in the same account, the BucketAccountId is required.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • AccessPointArn — (String)

        The ARN of the access point.

        Note: This is only supported by Amazon S3 on Outposts.
      • Alias — (String)

        The name or alias of the access point.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

createAccessPointForObjectLambda(params = {}, callback) ⇒ AWS.Request

Note: This operation is not supported by directory buckets.

Creates an Object Lambda Access Point. For more information, see Transforming objects with Object Lambda Access Points in the Amazon S3 User Guide.

The following actions are related to CreateAccessPointForObjectLambda:

Examples:

Calling the createAccessPointForObjectLambda operation

var params = {
  AccountId: 'STRING_VALUE', /* required */
  Configuration: { /* required */
    SupportingAccessPoint: 'STRING_VALUE', /* required */
    TransformationConfigurations: [ /* required */
      {
        Actions: [ /* required */
          GetObject | HeadObject | ListObjects | ListObjectsV2,
          /* more items */
        ],
        ContentTransformation: { /* required */
          AwsLambda: {
            FunctionArn: 'STRING_VALUE', /* required */
            FunctionPayload: 'STRING_VALUE'
          }
        }
      },
      /* more items */
    ],
    AllowedFeatures: [
      GetObject-Range | GetObject-PartNumber | HeadObject-Range | HeadObject-PartNumber,
      /* more items */
    ],
    CloudWatchMetricsEnabled: true || false
  },
  Name: 'STRING_VALUE' /* required */
};
s3control.createAccessPointForObjectLambda(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • AccountId — (String)

      The Amazon Web Services account ID for owner of the specified Object Lambda Access Point.

    • Name — (String)

      The name you want to assign to this Object Lambda Access Point.

    • Configuration — (map)

      Object Lambda Access Point configuration as a JSON document.

      • SupportingAccessPointrequired — (String)

        Standard access point associated with the Object Lambda Access Point.

      • CloudWatchMetricsEnabled — (Boolean)

        A container for whether the CloudWatch metrics configuration is enabled.

      • AllowedFeatures — (Array<String>)

        A container for allowed features. Valid inputs are GetObject-Range, GetObject-PartNumber, HeadObject-Range, and HeadObject-PartNumber.

      • TransformationConfigurationsrequired — (Array<map>)

        A container for transformation configurations for an Object Lambda Access Point.

        • Actionsrequired — (Array<String>)

          A container for the action of an Object Lambda Access Point configuration. Valid inputs are GetObject, ListObjects, HeadObject, and ListObjectsV2.

        • ContentTransformationrequired — (map)

          A container for the content transformation of an Object Lambda Access Point configuration.

          • AwsLambda — (map)

            A container for an Lambda function.

            • FunctionArnrequired — (String)

              The Amazon Resource Name (ARN) of the Lambda function.

            • FunctionPayload — (String)

              Additional JSON that provides supplemental data to the Lambda function used to transform objects.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • ObjectLambdaAccessPointArn — (String)

        Specifies the ARN for the Object Lambda Access Point.

      • Alias — (map)

        The alias of the Object Lambda Access Point.

        • Value — (String)

          The alias value of the Object Lambda Access Point.

        • Status — (String)

          The status of the Object Lambda Access Point alias. If the status is PROVISIONING, the Object Lambda Access Point is provisioning the alias and the alias is not ready for use yet. If the status is READY, the Object Lambda Access Point alias is successfully provisioned and ready for use.

          Possible values include:
          • "PROVISIONING"
          • "READY"

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

createBucket(params = {}, callback) ⇒ AWS.Request

Note: This action creates an Amazon S3 on Outposts bucket. To create an S3 bucket, see Create Bucket in the Amazon S3 API Reference.

Creates a new Outposts bucket. By creating the bucket, you become the bucket owner. To create an Outposts bucket, you must have S3 on Outposts. For more information, see Using Amazon S3 on Outposts in Amazon S3 User Guide.

Not every string is an acceptable bucket name. For information on bucket naming restrictions, see Working with Amazon S3 Buckets.

S3 on Outposts buckets support:

  • Tags

  • LifecycleConfigurations for deleting expired objects

For a complete list of restrictions and Amazon S3 feature limitations on S3 on Outposts, see Amazon S3 on Outposts Restrictions and Limitations.

For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and x-amz-outpost-id in your API request, see the Examples section.

The following actions are related to CreateBucket for Amazon S3 on Outposts:

Service Reference:

Examples:

Calling the createBucket operation

var params = {
  Bucket: 'STRING_VALUE', /* required */
  ACL: private | public-read | public-read-write | authenticated-read,
  CreateBucketConfiguration: {
    LocationConstraint: EU | eu-west-1 | us-west-1 | us-west-2 | ap-south-1 | ap-southeast-1 | ap-southeast-2 | ap-northeast-1 | sa-east-1 | cn-north-1 | eu-central-1
  },
  GrantFullControl: 'STRING_VALUE',
  GrantRead: 'STRING_VALUE',
  GrantReadACP: 'STRING_VALUE',
  GrantWrite: 'STRING_VALUE',
  GrantWriteACP: 'STRING_VALUE',
  ObjectLockEnabledForBucket: true || false,
  OutpostId: 'STRING_VALUE'
};
s3control.createBucket(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • ACL — (String)

      The canned ACL to apply to the bucket.

      Note: This is not supported by Amazon S3 on Outposts buckets.
      Possible values include:
      • "private"
      • "public-read"
      • "public-read-write"
      • "authenticated-read"
    • Bucket — (String)

      The name of the bucket.

    • CreateBucketConfiguration — (map)

      The configuration information for the bucket.

      Note: This is not supported by Amazon S3 on Outposts buckets.
      • LocationConstraint — (String)

        Specifies the Region where the bucket will be created. If you are creating a bucket on the US East (N. Virginia) Region (us-east-1), you do not need to specify the location.

        Note: This is not supported by Amazon S3 on Outposts buckets.
        Possible values include:
        • "EU"
        • "eu-west-1"
        • "us-west-1"
        • "us-west-2"
        • "ap-south-1"
        • "ap-southeast-1"
        • "ap-southeast-2"
        • "ap-northeast-1"
        • "sa-east-1"
        • "cn-north-1"
        • "eu-central-1"
    • GrantFullControl — (String)

      Allows grantee the read, write, read ACP, and write ACP permissions on the bucket.

      Note: This is not supported by Amazon S3 on Outposts buckets.
    • GrantRead — (String)

      Allows grantee to list the objects in the bucket.

      Note: This is not supported by Amazon S3 on Outposts buckets.
    • GrantReadACP — (String)

      Allows grantee to read the bucket ACL.

      Note: This is not supported by Amazon S3 on Outposts buckets.
    • GrantWrite — (String)

      Allows grantee to create, overwrite, and delete any object in the bucket.

      Note: This is not supported by Amazon S3 on Outposts buckets.
    • GrantWriteACP — (String)

      Allows grantee to write the ACL for the applicable bucket.

      Note: This is not supported by Amazon S3 on Outposts buckets.
    • ObjectLockEnabledForBucket — (Boolean)

      Specifies whether you want S3 Object Lock to be enabled for the new bucket.

      Note: This is not supported by Amazon S3 on Outposts buckets.
    • OutpostId — (String)

      The ID of the Outposts where the bucket is being created.

      Note: This ID is required by Amazon S3 on Outposts buckets.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • Location — (String)

        The location of the bucket.

      • BucketArn — (String)

        The Amazon Resource Name (ARN) of the bucket.

        For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.

        For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>. For example, to access the bucket reports through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports. The value must be URL encoded.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

createJob(params = {}, callback) ⇒ AWS.Request

This operation creates an S3 Batch Operations job.

You can use S3 Batch Operations to perform large-scale batch actions on Amazon S3 objects. Batch Operations can run a single action on lists of Amazon S3 objects that you specify. For more information, see S3 Batch Operations in the Amazon S3 User Guide.

Permissions

For information about permissions required to use the Batch Operations, see Granting permissions for S3 Batch Operations in the Amazon S3 User Guide.

Related actions include:

Service Reference:

Examples:

Calling the createJob operation

var params = {
  AccountId: 'STRING_VALUE', /* required */
  ClientRequestToken: 'STRING_VALUE', /* required */
  Operation: { /* required */
    LambdaInvoke: {
      FunctionArn: 'STRING_VALUE',
      InvocationSchemaVersion: 'STRING_VALUE',
      UserArguments: {
        '<NonEmptyMaxLength64String>': 'STRING_VALUE',
        /* '<NonEmptyMaxLength64String>': ... */
      }
    },
    S3DeleteObjectTagging: {
    },
    S3InitiateRestoreObject: {
      ExpirationInDays: 'NUMBER_VALUE',
      GlacierJobTier: BULK | STANDARD
    },
    S3PutObjectAcl: {
      AccessControlPolicy: {
        AccessControlList: {
          Owner: { /* required */
            DisplayName: 'STRING_VALUE',
            ID: 'STRING_VALUE'
          },
          Grants: [
            {
              Grantee: {
                DisplayName: 'STRING_VALUE',
                Identifier: 'STRING_VALUE',
                TypeIdentifier: id | emailAddress | uri
              },
              Permission: FULL_CONTROL | READ | WRITE | READ_ACP | WRITE_ACP
            },
            /* more items */
          ]
        },
        CannedAccessControlList: private | public-read | public-read-write | aws-exec-read | authenticated-read | bucket-owner-read | bucket-owner-full-control
      }
    },
    S3PutObjectCopy: {
      AccessControlGrants: [
        {
          Grantee: {
            DisplayName: 'STRING_VALUE',
            Identifier: 'STRING_VALUE',
            TypeIdentifier: id | emailAddress | uri
          },
          Permission: FULL_CONTROL | READ | WRITE | READ_ACP | WRITE_ACP
        },
        /* more items */
      ],
      BucketKeyEnabled: true || false,
      CannedAccessControlList: private | public-read | public-read-write | aws-exec-read | authenticated-read | bucket-owner-read | bucket-owner-full-control,
      ChecksumAlgorithm: CRC32 | CRC32C | SHA1 | SHA256,
      MetadataDirective: COPY | REPLACE,
      ModifiedSinceConstraint: new Date || 'Wed Dec 31 1969 16:00:00 GMT-0800 (PST)' || 123456789,
      NewObjectMetadata: {
        CacheControl: 'STRING_VALUE',
        ContentDisposition: 'STRING_VALUE',
        ContentEncoding: 'STRING_VALUE',
        ContentLanguage: 'STRING_VALUE',
        ContentLength: 'NUMBER_VALUE',
        ContentMD5: 'STRING_VALUE',
        ContentType: 'STRING_VALUE',
        HttpExpiresDate: new Date || 'Wed Dec 31 1969 16:00:00 GMT-0800 (PST)' || 123456789,
        RequesterCharged: true || false,
        SSEAlgorithm: AES256 | KMS,
        UserMetadata: {
          '<NonEmptyMaxLength1024String>': 'STRING_VALUE',
          /* '<NonEmptyMaxLength1024String>': ... */
        }
      },
      NewObjectTagging: [
        {
          Key: 'STRING_VALUE', /* required */
          Value: 'STRING_VALUE' /* required */
        },
        /* more items */
      ],
      ObjectLockLegalHoldStatus: OFF | ON,
      ObjectLockMode: COMPLIANCE | GOVERNANCE,
      ObjectLockRetainUntilDate: new Date || 'Wed Dec 31 1969 16:00:00 GMT-0800 (PST)' || 123456789,
      RedirectLocation: 'STRING_VALUE',
      RequesterPays: true || false,
      SSEAwsKmsKeyId: 'STRING_VALUE',
      StorageClass: STANDARD | STANDARD_IA | ONEZONE_IA | GLACIER | INTELLIGENT_TIERING | DEEP_ARCHIVE | GLACIER_IR,
      TargetKeyPrefix: 'STRING_VALUE',
      TargetResource: 'STRING_VALUE',
      UnModifiedSinceConstraint: new Date || 'Wed Dec 31 1969 16:00:00 GMT-0800 (PST)' || 123456789
    },
    S3PutObjectLegalHold: {
      LegalHold: { /* required */
        Status: OFF | ON /* required */
      }
    },
    S3PutObjectRetention: {
      Retention: { /* required */
        Mode: COMPLIANCE | GOVERNANCE,
        RetainUntilDate: new Date || 'Wed Dec 31 1969 16:00:00 GMT-0800 (PST)' || 123456789
      },
      BypassGovernanceRetention: true || false
    },
    S3PutObjectTagging: {
      TagSet: [
        {
          Key: 'STRING_VALUE', /* required */
          Value: 'STRING_VALUE' /* required */
        },
        /* more items */
      ]
    },
    S3ReplicateObject: {
    }
  },
  Priority: 'NUMBER_VALUE', /* required */
  Report: { /* required */
    Enabled: true || false, /* required */
    Bucket: 'STRING_VALUE',
    Format: Report_CSV_20180820,
    Prefix: 'STRING_VALUE',
    ReportScope: AllTasks | FailedTasksOnly
  },
  RoleArn: 'STRING_VALUE', /* required */
  ConfirmationRequired: true || false,
  Description: 'STRING_VALUE',
  Manifest: {
    Location: { /* required */
      ETag: 'STRING_VALUE', /* required */
      ObjectArn: 'STRING_VALUE', /* required */
      ObjectVersionId: 'STRING_VALUE'
    },
    Spec: { /* required */
      Format: S3BatchOperations_CSV_20180820 | S3InventoryReport_CSV_20161130, /* required */
      Fields: [
        Ignore | Bucket | Key | VersionId,
        /* more items */
      ]
    }
  },
  ManifestGenerator: {
    S3JobManifestGenerator: {
      EnableManifestOutput: true || false, /* required */
      SourceBucket: 'STRING_VALUE', /* required */
      ExpectedBucketOwner: 'STRING_VALUE',
      Filter: {
        CreatedAfter: new Date || 'Wed Dec 31 1969 16:00:00 GMT-0800 (PST)' || 123456789,
        CreatedBefore: new Date || 'Wed Dec 31 1969 16:00:00 GMT-0800 (PST)' || 123456789,
        EligibleForReplication: true || false,
        KeyNameConstraint: {
          MatchAnyPrefix: [
            'STRING_VALUE',
            /* more items */
          ],
          MatchAnySubstring: [
            'STRING_VALUE',
            /* more items */
          ],
          MatchAnySuffix: [
            'STRING_VALUE',
            /* more items */
          ]
        },
        MatchAnyStorageClass: [
          STANDARD | STANDARD_IA | ONEZONE_IA | GLACIER | INTELLIGENT_TIERING | DEEP_ARCHIVE | GLACIER_IR,
          /* more items */
        ],
        ObjectReplicationStatuses: [
          COMPLETED | FAILED | REPLICA | NONE,
          /* more items */
        ],
        ObjectSizeGreaterThanBytes: 'NUMBER_VALUE',
        ObjectSizeLessThanBytes: 'NUMBER_VALUE'
      },
      ManifestOutputLocation: {
        Bucket: 'STRING_VALUE', /* required */
        ManifestFormat: S3InventoryReport_CSV_20211130, /* required */
        ExpectedManifestBucketOwner: 'STRING_VALUE',
        ManifestEncryption: {
          SSEKMS: {
            KeyId: 'STRING_VALUE' /* required */
          },
          SSES3: {
          }
        },
        ManifestPrefix: 'STRING_VALUE'
      }
    }
  },
  Tags: [
    {
      Key: 'STRING_VALUE', /* required */
      Value: 'STRING_VALUE' /* required */
    },
    /* more items */
  ]
};
s3control.createJob(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • AccountId — (String)

      The Amazon Web Services account ID that creates the job.

    • ConfirmationRequired — (Boolean)

      Indicates whether confirmation is required before Amazon S3 runs the job. Confirmation is only required for jobs created through the Amazon S3 console.

    • Operation — (map)

      The action that you want this job to perform on every object listed in the manifest. For more information about the available actions, see Operations in the Amazon S3 User Guide.

      • LambdaInvoke — (map)

        Directs the specified job to invoke an Lambda function on every object in the manifest.

        • FunctionArn — (String)

          The Amazon Resource Name (ARN) for the Lambda function that the specified job will invoke on every object in the manifest.

        • InvocationSchemaVersion — (String)

          Specifies the schema version for the payload that Batch Operations sends when invoking an Lambda function. Version 1.0 is the default. Version 2.0 is required when you use Batch Operations to invoke Lambda functions that act on directory buckets, or if you need to specify UserArguments. For more information, see Automate object processing in Amazon S3 directory buckets with S3 Batch Operations and Lambda in the Amazon Web Services Storage Blog.

          Ensure that your Lambda function code expects InvocationSchemaVersion 2.0 and uses bucket name rather than bucket ARN. If the InvocationSchemaVersion does not match what your Lambda function expects, your function might not work as expected.

          Note: Directory buckets - To initiate Amazon Web Services Lambda function to perform custom actions on objects in directory buckets, you must specify 2.0.
        • UserArguments — (map<String>)

          Key-value pairs that are passed in the payload that Batch Operations sends when invoking an Lambda function. You must specify InvocationSchemaVersion 2.0 for LambdaInvoke operations that include UserArguments. For more information, see Automate object processing in Amazon S3 directory buckets with S3 Batch Operations and Lambda in the Amazon Web Services Storage Blog.

      • S3PutObjectCopy — (map)

        Directs the specified job to run a PUT Copy object call on every object in the manifest.

        • TargetResource — (String)

          Specifies the destination bucket Amazon Resource Name (ARN) for the batch copy operation.

          • General purpose buckets - For example, to copy objects to a general purpose bucket named destinationBucket, set the TargetResource property to arn:aws:s3:::destinationBucket.

          • Directory buckets - For example, to copy objects to a directory bucket named destinationBucket in the Availability Zone; identified by the AZ ID usw2-az1, set the TargetResource property to arn:aws:s3express:region:account_id:/bucket/destination_bucket_base_name--usw2-az1--x-s3.

        • CannedAccessControlList — (String)

          Note: This functionality is not supported by directory buckets.
          Possible values include:
          • "private"
          • "public-read"
          • "public-read-write"
          • "aws-exec-read"
          • "authenticated-read"
          • "bucket-owner-read"
          • "bucket-owner-full-control"
        • AccessControlGrants — (Array<map>)

          Note: This functionality is not supported by directory buckets.
          • Grantee — (map)

            • TypeIdentifier — (String)

              Possible values include:

              • "id"
              • "emailAddress"
              • "uri"
            • Identifier — (String)

            • DisplayName — (String)

          • Permission — (String)

            Possible values include:

            • "FULL_CONTROL"
            • "READ"
            • "WRITE"
            • "READ_ACP"
            • "WRITE_ACP"
        • MetadataDirective — (String)

          Possible values include:

          • "COPY"
          • "REPLACE"
        • ModifiedSinceConstraint — (Date)

        • NewObjectMetadata — (map)

          If you don't provide this parameter, Amazon S3 copies all the metadata from the original objects. If you specify an empty set, the new objects will have no tags. Otherwise, Amazon S3 assigns the supplied tags to the new objects.

          • CacheControl — (String)

          • ContentDisposition — (String)

          • ContentEncoding — (String)

          • ContentLanguage — (String)

          • UserMetadata — (map<String>)

          • ContentLength — (Integer)

            This member has been deprecated.

          • ContentMD5 — (String)

            This member has been deprecated.

          • ContentType — (String)

          • HttpExpiresDate — (Date)

          • RequesterCharged — (Boolean)

            This member has been deprecated.

          • SSEAlgorithm — (String)

            Note: For directory buckets, only the server-side encryption with Amazon S3 managed keys (SSE-S3) (AES256) is supported.
            Possible values include:
            • "AES256"
            • "KMS"
        • NewObjectTagging — (Array<map>)

          Specifies a list of tags to add to the destination objects after they are copied. If NewObjectTagging is not specified, the tags of the source objects are copied to destination objects by default.

          Note: Directory buckets - Tags aren't supported by directory buckets. If your source objects have tags and your destination bucket is a directory bucket, specify an empty tag set in the NewObjectTagging field to prevent copying the source object tags to the directory bucket.
          • Keyrequired — (String)

            Key of the tag

          • Valuerequired — (String)

            Value of the tag

        • RedirectLocation — (String)

          If the destination bucket is configured as a website, specifies an optional metadata property for website redirects, x-amz-website-redirect-location. Allows webpage redirects if the object copy is accessed through a website endpoint.

          Note: This functionality is not supported by directory buckets.
        • RequesterPays — (Boolean)

          Note: This functionality is not supported by directory buckets.
        • StorageClass — (String)

          Specify the storage class for the destination objects in a Copy operation.

          Note: Directory buckets - This functionality is not supported by directory buckets.
          Possible values include:
          • "STANDARD"
          • "STANDARD_IA"
          • "ONEZONE_IA"
          • "GLACIER"
          • "INTELLIGENT_TIERING"
          • "DEEP_ARCHIVE"
          • "GLACIER_IR"
        • UnModifiedSinceConstraint — (Date)

        • SSEAwsKmsKeyId — (String)

          Note: This functionality is not supported by directory buckets.
        • TargetKeyPrefix — (String)

          Specifies the folder prefix that you want the objects to be copied into. For example, to copy objects into a folder named Folder1 in the destination bucket, set the TargetKeyPrefix property to Folder1.

        • ObjectLockLegalHoldStatus — (String)

          The legal hold status to be applied to all objects in the Batch Operations job.

          Note: This functionality is not supported by directory buckets.
          Possible values include:
          • "OFF"
          • "ON"
        • ObjectLockMode — (String)

          The retention mode to be applied to all objects in the Batch Operations job.

          Note: This functionality is not supported by directory buckets.
          Possible values include:
          • "COMPLIANCE"
          • "GOVERNANCE"
        • ObjectLockRetainUntilDate — (Date)

          The date when the applied object retention configuration expires on all objects in the Batch Operations job.

          Note: This functionality is not supported by directory buckets.
        • BucketKeyEnabled — (Boolean)

          Specifies whether Amazon S3 should use an S3 Bucket Key for object encryption with server-side encryption using Amazon Web Services KMS (SSE-KMS). Setting this header to true causes Amazon S3 to use an S3 Bucket Key for object encryption with SSE-KMS.

          Specifying this header with an object action doesn’t affect bucket-level settings for S3 Bucket Key.

          Note: This functionality is not supported by directory buckets.
        • ChecksumAlgorithm — (String)

          Indicates the algorithm that you want Amazon S3 to use to create the checksum. For more information, see Checking object integrity in the Amazon S3 User Guide.

          Possible values include:
          • "CRC32"
          • "CRC32C"
          • "SHA1"
          • "SHA256"
      • S3PutObjectAcl — (map)

        Directs the specified job to run a PutObjectAcl call on every object in the manifest.

        Note: This functionality is not supported by directory buckets.
        • AccessControlPolicy — (map)

          • AccessControlList — (map)

            • Ownerrequired — (map)

              • ID — (String)

              • DisplayName — (String)

            • Grants — (Array<map>)

              • Grantee — (map)

                • TypeIdentifier — (String)

                  Possible values include:

                  • "id"
                  • "emailAddress"
                  • "uri"
                • Identifier — (String)

                • DisplayName — (String)

              • Permission — (String)

                Possible values include:

                • "FULL_CONTROL"
                • "READ"
                • "WRITE"
                • "READ_ACP"
                • "WRITE_ACP"
          • CannedAccessControlList — (String)

            Possible values include:

            • "private"
            • "public-read"
            • "public-read-write"
            • "aws-exec-read"
            • "authenticated-read"
            • "bucket-owner-read"
            • "bucket-owner-full-control"
      • S3PutObjectTagging — (map)

        Directs the specified job to run a PUT Object tagging call on every object in the manifest.

        Note: This functionality is not supported by directory buckets.
        • TagSet — (Array<map>)

          • Keyrequired — (String)

            Key of the tag

          • Valuerequired — (String)

            Value of the tag

      • S3DeleteObjectTagging — (map)

        Directs the specified job to execute a DELETE Object tagging call on every object in the manifest.

        Note: This functionality is not supported by directory buckets.
      • S3InitiateRestoreObject — (map)

        Directs the specified job to initiate restore requests for every archived object in the manifest.

        Note: This functionality is not supported by directory buckets.
        • ExpirationInDays — (Integer)

          This argument specifies how long the S3 Glacier or S3 Glacier Deep Archive object remains available in Amazon S3. S3 Initiate Restore Object jobs that target S3 Glacier and S3 Glacier Deep Archive objects require ExpirationInDays set to 1 or greater.

          Conversely, do not set ExpirationInDays when creating S3 Initiate Restore Object jobs that target S3 Intelligent-Tiering Archive Access and Deep Archive Access tier objects. Objects in S3 Intelligent-Tiering archive access tiers are not subject to restore expiry, so specifying ExpirationInDays results in restore request failure.

          S3 Batch Operations jobs can operate either on S3 Glacier and S3 Glacier Deep Archive storage class objects or on S3 Intelligent-Tiering Archive Access and Deep Archive Access storage tier objects, but not both types in the same job. If you need to restore objects of both types you must create separate Batch Operations jobs.

        • GlacierJobTier — (String)

          S3 Batch Operations supports STANDARD and BULK retrieval tiers, but not the EXPEDITED retrieval tier.

          Possible values include:
          • "BULK"
          • "STANDARD"
      • S3PutObjectLegalHold — (map)

        Contains the configuration for an S3 Object Lock legal hold operation that an S3 Batch Operations job passes to every object to the underlying PutObjectLegalHold API operation. For more information, see Using S3 Object Lock legal hold with S3 Batch Operations in the Amazon S3 User Guide.

        Note: This functionality is not supported by directory buckets.
        • LegalHoldrequired — (map)

          Contains the Object Lock legal hold status to be applied to all objects in the Batch Operations job.

          • Statusrequired — (String)

            The Object Lock legal hold status to be applied to all objects in the Batch Operations job.

            Possible values include:
            • "OFF"
            • "ON"
      • S3PutObjectRetention — (map)

        Contains the configuration parameters for the Object Lock retention action for an S3 Batch Operations job. Batch Operations passes every object to the underlying PutObjectRetention API operation. For more information, see Using S3 Object Lock retention with S3 Batch Operations in the Amazon S3 User Guide.

        Note: This functionality is not supported by directory buckets.
        • BypassGovernanceRetention — (Boolean)

          Indicates if the action should be applied to objects in the Batch Operations job even if they have Object Lock GOVERNANCE type in place.

        • Retentionrequired — (map)

          Contains the Object Lock retention mode to be applied to all objects in the Batch Operations job. For more information, see Using S3 Object Lock retention with S3 Batch Operations in the Amazon S3 User Guide.

          • RetainUntilDate — (Date)

            The date when the applied Object Lock retention will expire on all objects set by the Batch Operations job.

          • Mode — (String)

            The Object Lock retention mode to be applied to all objects in the Batch Operations job.

            Possible values include:
            • "COMPLIANCE"
            • "GOVERNANCE"
      • S3ReplicateObject — (map)

        Directs the specified job to invoke ReplicateObject on every object in the job's manifest.

        Note: This functionality is not supported by directory buckets.
    • Report — (map)

      Configuration parameters for the optional job-completion report.

      • Bucket — (String)

        The Amazon Resource Name (ARN) for the bucket where specified job-completion report will be stored.

        Note: Directory buckets - Directory buckets aren't supported as a location for Batch Operations to store job completion reports.
      • Format — (String)

        The format of the specified job-completion report.

        Possible values include:
        • "Report_CSV_20180820"
      • Enabledrequired — (Boolean)

        Indicates whether the specified job will generate a job-completion report.

      • Prefix — (String)

        An optional prefix to describe where in the specified bucket the job-completion report will be stored. Amazon S3 stores the job-completion report at <prefix>/job-<job-id>/report.json.

      • ReportScope — (String)

        Indicates whether the job-completion report will include details of all tasks or only failed tasks.

        Possible values include:
        • "AllTasks"
        • "FailedTasksOnly"
    • ClientRequestToken — (String)

      An idempotency token to ensure that you don't accidentally submit the same request twice. You can use any string up to the maximum length.

      If a token is not provided, the SDK will use a version 4 UUID.
    • Manifest — (map)

      Configuration parameters for the manifest.

      • Specrequired — (map)

        Describes the format of the specified job's manifest. If the manifest is in CSV format, also describes the columns contained within the manifest.

        • Formatrequired — (String)

          Indicates which of the available formats the specified manifest uses.

          Possible values include:
          • "S3BatchOperations_CSV_20180820"
          • "S3InventoryReport_CSV_20161130"
        • Fields — (Array<String>)

          If the specified manifest object is in the S3BatchOperations_CSV_20180820 format, this element describes which columns contain the required data.

      • Locationrequired — (map)

        Contains the information required to locate the specified job's manifest. Manifests can't be imported from directory buckets. For more information, see Directory buckets.

        • ObjectArnrequired — (String)

          The Amazon Resource Name (ARN) for a manifest object.

          When you're using XML requests, you must replace special characters (such as carriage returns) in object keys with their equivalent XML entity codes. For more information, see XML-related object key constraints in the Amazon S3 User Guide.

        • ObjectVersionId — (String)

          The optional version ID to identify a specific version of the manifest object.

        • ETagrequired — (String)

          The ETag for the specified manifest object.

    • Description — (String)

      A description for this job. You can use any string within the permitted length. Descriptions don't need to be unique and can be used for multiple jobs.

    • Priority — (Integer)

      The numerical priority for this job. Higher numbers indicate higher priority.

    • RoleArn — (String)

      The Amazon Resource Name (ARN) for the Identity and Access Management (IAM) role that Batch Operations will use to run this job's action on every object in the manifest.

    • Tags — (Array<map>)

      A set of tags to associate with the S3 Batch Operations job. This is an optional parameter.

      • Keyrequired — (String)

        Key of the tag

      • Valuerequired — (String)

        Value of the tag

    • ManifestGenerator — (map)

      The attribute container for the ManifestGenerator details. Jobs must be created with either a manifest file or a ManifestGenerator, but not both.

      • S3JobManifestGenerator — (map)

        The S3 job ManifestGenerator's configuration details.

        • ExpectedBucketOwner — (String)

          The Amazon Web Services account ID that owns the bucket the generated manifest is written to. If provided the generated manifest bucket's owner Amazon Web Services account ID must match this value, else the job fails.

        • SourceBucketrequired — (String)

          The ARN of the source bucket used by the ManifestGenerator.

          Note: Directory buckets - Directory buckets aren't supported as the source buckets used by S3JobManifestGenerator to generate the job manifest.
        • ManifestOutputLocation — (map)

          Specifies the location the generated manifest will be written to. Manifests can't be written to directory buckets. For more information, see Directory buckets.

          • ExpectedManifestBucketOwner — (String)

            The Account ID that owns the bucket the generated manifest is written to.

          • Bucketrequired — (String)

            The bucket ARN the generated manifest should be written to.

            Note: Directory buckets - Directory buckets aren't supported as the buckets to store the generated manifest.
          • ManifestPrefix — (String)

            Prefix identifying one or more objects to which the manifest applies.

          • ManifestEncryption — (map)

            Specifies what encryption should be used when the generated manifest objects are written.

            • SSES3 — (map)

              Specifies the use of SSE-S3 to encrypt generated manifest objects.

            • SSEKMS — (map)

              Configuration details on how SSE-KMS is used to encrypt generated manifest objects.

              • KeyIdrequired — (String)

                Specifies the ID of the Amazon Web Services Key Management Service (Amazon Web Services KMS) symmetric encryption customer managed key to use for encrypting generated manifest objects.

          • ManifestFormatrequired — (String)

            The format of the generated manifest.

            Possible values include:
            • "S3InventoryReport_CSV_20211130"
        • Filter — (map)

          Specifies rules the S3JobManifestGenerator should use to decide whether an object in the source bucket should or should not be included in the generated job manifest.

          • EligibleForReplication — (Boolean)

            Include objects in the generated manifest only if they are eligible for replication according to the Replication configuration on the source bucket.

          • CreatedAfter — (Date)

            If provided, the generated manifest includes only source bucket objects that were created after this time.

          • CreatedBefore — (Date)

            If provided, the generated manifest includes only source bucket objects that were created before this time.

          • ObjectReplicationStatuses — (Array<String>)

            If provided, the generated manifest includes only source bucket objects that have one of the specified Replication statuses.

          • KeyNameConstraint — (map)

            If provided, the generated manifest includes only source bucket objects whose object keys match the string constraints specified for MatchAnyPrefix, MatchAnySuffix, and MatchAnySubstring.

            • MatchAnyPrefix — (Array<String>)

              If provided, the generated manifest includes objects where the specified string appears at the start of the object key string. Each KeyNameConstraint filter accepts an array of strings with a length of 1 string.

            • MatchAnySuffix — (Array<String>)

              If provided, the generated manifest includes objects where the specified string appears at the end of the object key string. Each KeyNameConstraint filter accepts an array of strings with a length of 1 string.

            • MatchAnySubstring — (Array<String>)

              If provided, the generated manifest includes objects where the specified string appears anywhere within the object key string. Each KeyNameConstraint filter accepts an array of strings with a length of 1 string.

          • ObjectSizeGreaterThanBytes — (Integer)

            If provided, the generated manifest includes only source bucket objects whose file size is greater than the specified number of bytes.

          • ObjectSizeLessThanBytes — (Integer)

            If provided, the generated manifest includes only source bucket objects whose file size is less than the specified number of bytes.

          • MatchAnyStorageClass — (Array<String>)

            If provided, the generated manifest includes only source bucket objects that are stored with the specified storage class.

        • EnableManifestOutputrequired — (Boolean)

          Determines whether or not to write the job's generated manifest to a bucket.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • JobId — (String)

        The ID for this job. Amazon S3 generates this ID automatically and returns it after a successful Create Job request.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

createMultiRegionAccessPoint(params = {}, callback) ⇒ AWS.Request

Note: This operation is not supported by directory buckets.

Creates a Multi-Region Access Point and associates it with the specified buckets. For more information about creating Multi-Region Access Points, see Creating Multi-Region Access Points in the Amazon S3 User Guide.

This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around working with Multi-Region Access Points, see Multi-Region Access Point restrictions and limitations in the Amazon S3 User Guide.

This request is asynchronous, meaning that you might receive a response before the command has completed. When this request provides a response, it provides a token that you can use to monitor the status of the request with DescribeMultiRegionAccessPointOperation.

The following actions are related to CreateMultiRegionAccessPoint:

Service Reference:

Examples:

Calling the createMultiRegionAccessPoint operation

var params = {
  AccountId: 'STRING_VALUE', /* required */
  ClientToken: 'STRING_VALUE', /* required */
  Details: { /* required */
    Name: 'STRING_VALUE', /* required */
    Regions: [ /* required */
      {
        Bucket: 'STRING_VALUE', /* required */
        BucketAccountId: 'STRING_VALUE'
      },
      /* more items */
    ],
    PublicAccessBlock: {
      BlockPublicAcls: true || false,
      BlockPublicPolicy: true || false,
      IgnorePublicAcls: true || false,
      RestrictPublicBuckets: true || false
    }
  }
};
s3control.createMultiRegionAccessPoint(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • AccountId — (String)

      The Amazon Web Services account ID for the owner of the Multi-Region Access Point. The owner of the Multi-Region Access Point also must own the underlying buckets.

    • ClientToken — (String)

      An idempotency token used to identify the request and guarantee that requests are unique.

      If a token is not provided, the SDK will use a version 4 UUID.
    • Details — (map)

      A container element containing details about the Multi-Region Access Point.

      • Namerequired — (String)

        The name of the Multi-Region Access Point associated with this request.

      • PublicAccessBlock — (map)

        The PublicAccessBlock configuration that you want to apply to this Amazon S3 account. You can enable the configuration options in any combination. For more information about when Amazon S3 considers a bucket or object public, see The Meaning of "Public" in the Amazon S3 User Guide.

        This data type is not supported for Amazon S3 on Outposts.

        • BlockPublicAcls — (Boolean)

          Specifies whether Amazon S3 should block public access control lists (ACLs) for buckets in this account. Setting this element to TRUE causes the following behavior:

          • PutBucketAcl and PutObjectAcl calls fail if the specified ACL is public.

          • PUT Object calls fail if the request includes a public ACL.

          • PUT Bucket calls fail if the request includes a public ACL.

          Enabling this setting doesn't affect existing policies or ACLs.

          This property is not supported for Amazon S3 on Outposts.

        • IgnorePublicAcls — (Boolean)

          Specifies whether Amazon S3 should ignore public ACLs for buckets in this account. Setting this element to TRUE causes Amazon S3 to ignore all public ACLs on buckets in this account and any objects that they contain.

          Enabling this setting doesn't affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set.

          This property is not supported for Amazon S3 on Outposts.

        • BlockPublicPolicy — (Boolean)

          Specifies whether Amazon S3 should block public bucket policies for buckets in this account. Setting this element to TRUE causes Amazon S3 to reject calls to PUT Bucket policy if the specified bucket policy allows public access.

          Enabling this setting doesn't affect existing bucket policies.

          This property is not supported for Amazon S3 on Outposts.

        • RestrictPublicBuckets — (Boolean)

          Specifies whether Amazon S3 should restrict public bucket policies for buckets in this account. Setting this element to TRUE restricts access to buckets with public policies to only Amazon Web Servicesservice principals and authorized users within this account.

          Enabling this setting doesn't affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked.

          This property is not supported for Amazon S3 on Outposts.

      • Regionsrequired — (Array<map>)

        The buckets in different Regions that are associated with the Multi-Region Access Point.

        • Bucketrequired — (String)

          The name of the associated bucket for the Region.

        • BucketAccountId — (String)

          The Amazon Web Services account ID that owns the Amazon S3 bucket that's associated with this Multi-Region Access Point.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • RequestTokenARN — (String)

        The request token associated with the request. You can use this token with DescribeMultiRegionAccessPointOperation to determine the status of asynchronous requests.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

createStorageLensGroup(params = {}, callback) ⇒ AWS.Request

Creates a new S3 Storage Lens group and associates it with the specified Amazon Web Services account ID. An S3 Storage Lens group is a custom grouping of objects based on prefix, suffix, object tags, object size, object age, or a combination of these filters. For each Storage Lens group that you’ve created, you can also optionally add Amazon Web Services resource tags. For more information about S3 Storage Lens groups, see Working with S3 Storage Lens groups.

To use this operation, you must have the permission to perform the s3:CreateStorageLensGroup action. If you’re trying to create a Storage Lens group with Amazon Web Services resource tags, you must also have permission to perform the s3:TagResource action. For more information about the required Storage Lens Groups permissions, see Setting account permissions to use S3 Storage Lens groups.

For information about Storage Lens groups errors, see List of Amazon S3 Storage Lens error codes.

Service Reference:

Examples:

Calling the createStorageLensGroup operation

var params = {
  AccountId: 'STRING_VALUE', /* required */
  StorageLensGroup: { /* required */
    Filter: { /* required */
      And: {
        MatchAnyPrefix: [
          'STRING_VALUE',
          /* more items */
        ],
        MatchAnySuffix: [
          'STRING_VALUE',
          /* more items */
        ],
        MatchAnyTag: [
          {
            Key: 'STRING_VALUE', /* required */
            Value: 'STRING_VALUE' /* required */
          },
          /* more items */
        ],
        MatchObjectAge: {
          DaysGreaterThan: 'NUMBER_VALUE',
          DaysLessThan: 'NUMBER_VALUE'
        },
        MatchObjectSize: {
          BytesGreaterThan: 'NUMBER_VALUE',
          BytesLessThan: 'NUMBER_VALUE'
        }
      },
      MatchAnyPrefix: [
        'STRING_VALUE',
        /* more items */
      ],
      MatchAnySuffix: [
        'STRING_VALUE',
        /* more items */
      ],
      MatchAnyTag: [
        {
          Key: 'STRING_VALUE', /* required */
          Value: 'STRING_VALUE' /* required */
        },
        /* more items */
      ],
      MatchObjectAge: {
        DaysGreaterThan: 'NUMBER_VALUE',
        DaysLessThan: 'NUMBER_VALUE'
      },
      MatchObjectSize: {
        BytesGreaterThan: 'NUMBER_VALUE',
        BytesLessThan: 'NUMBER_VALUE'
      },
      Or: {
        MatchAnyPrefix: [
          'STRING_VALUE',
          /* more items */
        ],
        MatchAnySuffix: [
          'STRING_VALUE',
          /* more items */
        ],
        MatchAnyTag: [
          {
            Key: 'STRING_VALUE', /* required */
            Value: 'STRING_VALUE' /* required */
          },
          /* more items */
        ],
        MatchObjectAge: {
          DaysGreaterThan: 'NUMBER_VALUE',
          DaysLessThan: 'NUMBER_VALUE'
        },
        MatchObjectSize: {
          BytesGreaterThan: 'NUMBER_VALUE',
          BytesLessThan: 'NUMBER_VALUE'
        }
      }
    },
    Name: 'STRING_VALUE', /* required */
    StorageLensGroupArn: 'STRING_VALUE'
  },
  Tags: [
    {
      Key: 'STRING_VALUE', /* required */
      Value: 'STRING_VALUE' /* required */
    },
    /* more items */
  ]
};
s3control.createStorageLensGroup(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • AccountId — (String)

      The Amazon Web Services account ID that the Storage Lens group is created from and associated with.

    • StorageLensGroup — (map)

      The Storage Lens group configuration.

      • Namerequired — (String)

        Contains the name of the Storage Lens group.

      • Filterrequired — (map)

        Sets the criteria for the Storage Lens group data that is displayed. For multiple filter conditions, the AND or OR logical operator is used.

        • MatchAnyPrefix — (Array<String>)

          Contains a list of prefixes. At least one prefix must be specified. Up to 10 prefixes are allowed.

        • MatchAnySuffix — (Array<String>)

          Contains a list of suffixes. At least one suffix must be specified. Up to 10 suffixes are allowed.

        • MatchAnyTag — (Array<map>)

          Contains the list of S3 object tags. At least one object tag must be specified. Up to 10 object tags are allowed.

          • Keyrequired — (String)

            Key of the tag

          • Valuerequired — (String)

            Value of the tag

        • MatchObjectAge — (map)

          Contains DaysGreaterThan and DaysLessThan to define the object age range (minimum and maximum number of days).

          • DaysGreaterThan — (Integer)

            Specifies the maximum object age in days. Must be a positive whole number, greater than the minimum object age and less than or equal to 2,147,483,647.

          • DaysLessThan — (Integer)

            Specifies the minimum object age in days. The value must be a positive whole number, greater than 0 and less than or equal to 2,147,483,647.

        • MatchObjectSize — (map)

          Contains BytesGreaterThan and BytesLessThan to define the object size range (minimum and maximum number of Bytes).

          • BytesGreaterThan — (Integer)

            Specifies the minimum object size in Bytes. The value must be a positive number, greater than 0 and less than 5 TB.

          • BytesLessThan — (Integer)

            Specifies the maximum object size in Bytes. The value must be a positive number, greater than the minimum object size and less than 5 TB.

        • And — (map)

          A logical operator that allows multiple filter conditions to be joined for more complex comparisons of Storage Lens group data. Objects must match all of the listed filter conditions that are joined by the And logical operator. Only one of each filter condition is allowed.

          • MatchAnyPrefix — (Array<String>)

            Contains a list of prefixes. At least one prefix must be specified. Up to 10 prefixes are allowed.

          • MatchAnySuffix — (Array<String>)

            Contains a list of suffixes. At least one suffix must be specified. Up to 10 suffixes are allowed.

          • MatchAnyTag — (Array<map>)

            Contains the list of object tags. At least one object tag must be specified. Up to 10 object tags are allowed.

            • Keyrequired — (String)

              Key of the tag

            • Valuerequired — (String)

              Value of the tag

          • MatchObjectAge — (map)

            Contains DaysGreaterThan and DaysLessThan to define the object age range (minimum and maximum number of days).

            • DaysGreaterThan — (Integer)

              Specifies the maximum object age in days. Must be a positive whole number, greater than the minimum object age and less than or equal to 2,147,483,647.

            • DaysLessThan — (Integer)

              Specifies the minimum object age in days. The value must be a positive whole number, greater than 0 and less than or equal to 2,147,483,647.

          • MatchObjectSize — (map)

            Contains BytesGreaterThan and BytesLessThan to define the object size range (minimum and maximum number of Bytes).

            • BytesGreaterThan — (Integer)

              Specifies the minimum object size in Bytes. The value must be a positive number, greater than 0 and less than 5 TB.

            • BytesLessThan — (Integer)

              Specifies the maximum object size in Bytes. The value must be a positive number, greater than the minimum object size and less than 5 TB.

        • Or — (map)

          A single logical operator that allows multiple filter conditions to be joined. Objects can match any of the listed filter conditions, which are joined by the Or logical operator. Only one of each filter condition is allowed.

          • MatchAnyPrefix — (Array<String>)

            Filters objects that match any of the specified prefixes.

          • MatchAnySuffix — (Array<String>)

            Filters objects that match any of the specified suffixes.

          • MatchAnyTag — (Array<map>)

            Filters objects that match any of the specified S3 object tags.

            • Keyrequired — (String)

              Key of the tag

            • Valuerequired — (String)

              Value of the tag

          • MatchObjectAge — (map)

            Filters objects that match the specified object age range.

            • DaysGreaterThan — (Integer)

              Specifies the maximum object age in days. Must be a positive whole number, greater than the minimum object age and less than or equal to 2,147,483,647.

            • DaysLessThan — (Integer)

              Specifies the minimum object age in days. The value must be a positive whole number, greater than 0 and less than or equal to 2,147,483,647.

          • MatchObjectSize — (map)

            Filters objects that match the specified object size range.

            • BytesGreaterThan — (Integer)

              Specifies the minimum object size in Bytes. The value must be a positive number, greater than 0 and less than 5 TB.

            • BytesLessThan — (Integer)

              Specifies the maximum object size in Bytes. The value must be a positive number, greater than the minimum object size and less than 5 TB.

      • StorageLensGroupArn — (String)

        Contains the Amazon Resource Name (ARN) of the Storage Lens group. This property is read-only.

    • Tags — (Array<map>)

      The Amazon Web Services resource tags that you're adding to your Storage Lens group. This parameter is optional.

      • Keyrequired — (String)

        The key of the key-value pair of a tag added to your Amazon Web Services resource. A tag key can be up to 128 Unicode characters in length and is case-sensitive. System created tags that begin with aws: aren’t supported.

      • Valuerequired — (String)

        The value of the key-value pair of a tag added to your Amazon Web Services resource. A tag value can be up to 256 Unicode characters in length and is case-sensitive.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

deleteAccessGrant(params = {}, callback) ⇒ AWS.Request

Deletes the access grant from the S3 Access Grants instance. You cannot undo an access grant deletion and the grantee will no longer have access to the S3 data.

Permissions

You must have the s3:DeleteAccessGrant permission to use this operation.

Service Reference:

Examples:

Calling the deleteAccessGrant operation

var params = {
  AccessGrantId: 'STRING_VALUE', /* required */
  AccountId: 'STRING_VALUE' /* required */
};
s3control.deleteAccessGrant(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • AccountId — (String)

      The Amazon Web Services account ID of the S3 Access Grants instance.

    • AccessGrantId — (String)

      The ID of the access grant. S3 Access Grants auto-generates this ID when you create the access grant.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

deleteAccessGrantsInstance(params = {}, callback) ⇒ AWS.Request

Deletes your S3 Access Grants instance. You must first delete the access grants and locations before S3 Access Grants can delete the instance. See DeleteAccessGrant and DeleteAccessGrantsLocation. If you have associated an IAM Identity Center instance with your S3 Access Grants instance, you must first dissassociate the Identity Center instance from the S3 Access Grants instance before you can delete the S3 Access Grants instance. See AssociateAccessGrantsIdentityCenter and DissociateAccessGrantsIdentityCenter.

Permissions

You must have the s3:DeleteAccessGrantsInstance permission to use this operation.

Service Reference:

Examples:

Calling the deleteAccessGrantsInstance operation

var params = {
  AccountId: 'STRING_VALUE' /* required */
};
s3control.deleteAccessGrantsInstance(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • AccountId — (String)

      The Amazon Web Services account ID of the S3 Access Grants instance.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

deleteAccessGrantsInstanceResourcePolicy(params = {}, callback) ⇒ AWS.Request

Deletes the resource policy of the S3 Access Grants instance. The resource policy is used to manage cross-account access to your S3 Access Grants instance. By deleting the resource policy, you delete any cross-account permissions to your S3 Access Grants instance.

Permissions

You must have the s3:DeleteAccessGrantsInstanceResourcePolicy permission to use this operation.

Examples:

Calling the deleteAccessGrantsInstanceResourcePolicy operation

var params = {
  AccountId: 'STRING_VALUE' /* required */
};
s3control.deleteAccessGrantsInstanceResourcePolicy(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • AccountId — (String)

      The Amazon Web Services account ID of the S3 Access Grants instance.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

deleteAccessGrantsLocation(params = {}, callback) ⇒ AWS.Request

Deregisters a location from your S3 Access Grants instance. You can only delete a location registration from an S3 Access Grants instance if there are no grants associated with this location. See Delete a grant for information on how to delete grants. You need to have at least one registered location in your S3 Access Grants instance in order to create access grants.

Permissions

You must have the s3:DeleteAccessGrantsLocation permission to use this operation.

Service Reference:

Examples:

Calling the deleteAccessGrantsLocation operation

var params = {
  AccessGrantsLocationId: 'STRING_VALUE', /* required */
  AccountId: 'STRING_VALUE' /* required */
};
s3control.deleteAccessGrantsLocation(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • AccountId — (String)

      The Amazon Web Services account ID of the S3 Access Grants instance.

    • AccessGrantsLocationId — (String)

      The ID of the registered location that you are deregistering from your S3 Access Grants instance. S3 Access Grants assigned this ID when you registered the location. S3 Access Grants assigns the ID default to the default location s3:// and assigns an auto-generated ID to other locations that you register.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

deleteAccessPoint(params = {}, callback) ⇒ AWS.Request

Note: This operation is not supported by directory buckets.

Deletes the specified access point.

All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.

The following actions are related to DeleteAccessPoint:

Service Reference:

Examples:

Calling the deleteAccessPoint operation

var params = {
  AccountId: 'STRING_VALUE', /* required */
  Name: 'STRING_VALUE' /* required */
};
s3control.deleteAccessPoint(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • AccountId — (String)

      The Amazon Web Services account ID for the account that owns the specified access point.

    • Name — (String)

      The name of the access point you want to delete.

      For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.

      For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the access point accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/accesspoint/<my-accesspoint-name>. For example, to access the access point reports-ap through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/accesspoint/reports-ap. The value must be URL encoded.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

deleteAccessPointForObjectLambda(params = {}, callback) ⇒ AWS.Request

Note: This operation is not supported by directory buckets.

Deletes the specified Object Lambda Access Point.

The following actions are related to DeleteAccessPointForObjectLambda:

Examples:

Calling the deleteAccessPointForObjectLambda operation

var params = {
  AccountId: 'STRING_VALUE', /* required */
  Name: 'STRING_VALUE' /* required */
};
s3control.deleteAccessPointForObjectLambda(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • AccountId — (String)

      The account ID for the account that owns the specified Object Lambda Access Point.

    • Name — (String)

      The name of the access point you want to delete.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

deleteAccessPointPolicy(params = {}, callback) ⇒ AWS.Request

Note: This operation is not supported by directory buckets.

Deletes the access point policy for the specified access point.

All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.

The following actions are related to DeleteAccessPointPolicy:

Service Reference:

Examples:

Calling the deleteAccessPointPolicy operation

var params = {
  AccountId: 'STRING_VALUE', /* required */
  Name: 'STRING_VALUE' /* required */
};
s3control.deleteAccessPointPolicy(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • AccountId — (String)

      The account ID for the account that owns the specified access point.

    • Name — (String)

      The name of the access point whose policy you want to delete.

      For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.

      For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the access point accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/accesspoint/<my-accesspoint-name>. For example, to access the access point reports-ap through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/accesspoint/reports-ap. The value must be URL encoded.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

deleteAccessPointPolicyForObjectLambda(params = {}, callback) ⇒ AWS.Request

Note: This operation is not supported by directory buckets.

Removes the resource policy for an Object Lambda Access Point.

The following actions are related to DeleteAccessPointPolicyForObjectLambda:

Examples:

Calling the deleteAccessPointPolicyForObjectLambda operation

var params = {
  AccountId: 'STRING_VALUE', /* required */
  Name: 'STRING_VALUE' /* required */
};
s3control.deleteAccessPointPolicyForObjectLambda(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • AccountId — (String)

      The account ID for the account that owns the specified Object Lambda Access Point.

    • Name — (String)

      The name of the Object Lambda Access Point you want to delete the policy for.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

deleteBucket(params = {}, callback) ⇒ AWS.Request

Note: This action deletes an Amazon S3 on Outposts bucket. To delete an S3 bucket, see DeleteBucket in the Amazon S3 API Reference.

Deletes the Amazon S3 on Outposts bucket. All objects (including all object versions and delete markers) in the bucket must be deleted before the bucket itself can be deleted. For more information, see Using Amazon S3 on Outposts in Amazon S3 User Guide.

All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.

Related Resources

Service Reference:

Examples:

Calling the deleteBucket operation

var params = {
  AccountId: 'STRING_VALUE', /* required */
  Bucket: 'STRING_VALUE' /* required */
};
s3control.deleteBucket(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • AccountId — (String)

      The account ID that owns the Outposts bucket.

    • Bucket — (String)

      Specifies the bucket being deleted.

      For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.

      For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>. For example, to access the bucket reports through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports. The value must be URL encoded.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

deleteBucketLifecycleConfiguration(params = {}, callback) ⇒ AWS.Request

Note: This action deletes an Amazon S3 on Outposts bucket's lifecycle configuration. To delete an S3 bucket's lifecycle configuration, see DeleteBucketLifecycle in the Amazon S3 API Reference.

Deletes the lifecycle configuration from the specified Outposts bucket. Amazon S3 on Outposts removes all the lifecycle configuration rules in the lifecycle subresource associated with the bucket. Your objects never expire, and Amazon S3 on Outposts no longer automatically deletes any objects on the basis of rules contained in the deleted lifecycle configuration. For more information, see Using Amazon S3 on Outposts in Amazon S3 User Guide.

To use this operation, you must have permission to perform the s3-outposts:PutLifecycleConfiguration action. By default, the bucket owner has this permission and the Outposts bucket owner can grant this permission to others.

All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.

For more information about object expiration, see Elements to Describe Lifecycle Actions.

Related actions include:

Examples:

Calling the deleteBucketLifecycleConfiguration operation

var params = {
  AccountId: 'STRING_VALUE', /* required */
  Bucket: 'STRING_VALUE' /* required */
};
s3control.deleteBucketLifecycleConfiguration(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • AccountId — (String)

      The account ID of the lifecycle configuration to delete.

    • Bucket — (String)

      Specifies the bucket.

      For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.

      For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>. For example, to access the bucket reports through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports. The value must be URL encoded.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

deleteBucketPolicy(params = {}, callback) ⇒ AWS.Request

Note: This action deletes an Amazon S3 on Outposts bucket policy. To delete an S3 bucket policy, see DeleteBucketPolicy in the Amazon S3 API Reference.

This implementation of the DELETE action uses the policy subresource to delete the policy of a specified Amazon S3 on Outposts bucket. If you are using an identity other than the root user of the Amazon Web Services account that owns the bucket, the calling identity must have the s3-outposts:DeleteBucketPolicy permissions on the specified Outposts bucket and belong to the bucket owner's account to use this action. For more information, see Using Amazon S3 on Outposts in Amazon S3 User Guide.

If you don't have DeleteBucketPolicy permissions, Amazon S3 returns a 403 Access Denied error. If you have the correct permissions, but you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 405 Method Not Allowed error.

As a security precaution, the root user of the Amazon Web Services account that owns a bucket can always use this action, even if the policy explicitly denies the root user the ability to perform this action.

For more information about bucket policies, see Using Bucket Policies and User Policies.

All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.

The following actions are related to DeleteBucketPolicy:

Service Reference:

Examples:

Calling the deleteBucketPolicy operation

var params = {
  AccountId: 'STRING_VALUE', /* required */
  Bucket: 'STRING_VALUE' /* required */
};
s3control.deleteBucketPolicy(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • AccountId — (String)

      The account ID of the Outposts bucket.

    • Bucket — (String)

      Specifies the bucket.

      For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.

      For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>. For example, to access the bucket reports through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports. The value must be URL encoded.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

deleteBucketReplication(params = {}, callback) ⇒ AWS.Request

Note: This operation deletes an Amazon S3 on Outposts bucket's replication configuration. To delete an S3 bucket's replication configuration, see DeleteBucketReplication in the Amazon S3 API Reference.

Deletes the replication configuration from the specified S3 on Outposts bucket.

To use this operation, you must have permissions to perform the s3-outposts:PutReplicationConfiguration action. The Outposts bucket owner has this permission by default and can grant it to others. For more information about permissions, see Setting up IAM with S3 on Outposts and Managing access to S3 on Outposts buckets in the Amazon S3 User Guide.

Note: It can take a while to propagate PUT or DELETE requests for a replication configuration to all S3 on Outposts systems. Therefore, the replication configuration that's returned by a GET request soon after a PUT or DELETE request might return a more recent result than what's on the Outpost. If an Outpost is offline, the delay in updating the replication configuration on that Outpost can be significant.

All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.

For information about S3 replication on Outposts configuration, see Replicating objects for S3 on Outposts in the Amazon S3 User Guide.

The following operations are related to DeleteBucketReplication:

Service Reference:

Examples:

Calling the deleteBucketReplication operation

var params = {
  AccountId: 'STRING_VALUE', /* required */
  Bucket: 'STRING_VALUE' /* required */
};
s3control.deleteBucketReplication(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • AccountId — (String)

      The Amazon Web Services account ID of the Outposts bucket to delete the replication configuration for.

    • Bucket — (String)

      Specifies the S3 on Outposts bucket to delete the replication configuration for.

      For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.

      For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>. For example, to access the bucket reports through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports. The value must be URL encoded.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

deleteBucketTagging(params = {}, callback) ⇒ AWS.Request

Note: This action deletes an Amazon S3 on Outposts bucket's tags. To delete an S3 bucket tags, see DeleteBucketTagging in the Amazon S3 API Reference.

Deletes the tags from the Outposts bucket. For more information, see Using Amazon S3 on Outposts in Amazon S3 User Guide.

To use this action, you must have permission to perform the PutBucketTagging action. By default, the bucket owner has this permission and can grant this permission to others.

All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.

The following actions are related to DeleteBucketTagging:

Service Reference:

Examples:

Calling the deleteBucketTagging operation

var params = {
  AccountId: 'STRING_VALUE', /* required */
  Bucket: 'STRING_VALUE' /* required */
};
s3control.deleteBucketTagging(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • AccountId — (String)

      The Amazon Web Services account ID of the Outposts bucket tag set to be removed.

    • Bucket — (String)

      The bucket ARN that has the tag set to be removed.

      For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.

      For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>. For example, to access the bucket reports through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports. The value must be URL encoded.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

deleteJobTagging(params = {}, callback) ⇒ AWS.Request

Removes the entire tag set from the specified S3 Batch Operations job.

Permissions

To use the DeleteJobTagging operation, you must have permission to perform the s3:DeleteJobTagging action. For more information, see Controlling access and labeling jobs using tags in the Amazon S3 User Guide.

Related actions include:

Service Reference:

Examples:

Calling the deleteJobTagging operation

var params = {
  AccountId: 'STRING_VALUE', /* required */
  JobId: 'STRING_VALUE' /* required */
};
s3control.deleteJobTagging(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • AccountId — (String)

      The Amazon Web Services account ID associated with the S3 Batch Operations job.

    • JobId — (String)

      The ID for the S3 Batch Operations job whose tags you want to delete.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

deleteMultiRegionAccessPoint(params = {}, callback) ⇒ AWS.Request

Note: This operation is not supported by directory buckets.

Deletes a Multi-Region Access Point. This action does not delete the buckets associated with the Multi-Region Access Point, only the Multi-Region Access Point itself.

This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around working with Multi-Region Access Points, see Multi-Region Access Point restrictions and limitations in the Amazon S3 User Guide.

This request is asynchronous, meaning that you might receive a response before the command has completed. When this request provides a response, it provides a token that you can use to monitor the status of the request with DescribeMultiRegionAccessPointOperation.

The following actions are related to DeleteMultiRegionAccessPoint:

Service Reference:

Examples:

Calling the deleteMultiRegionAccessPoint operation

var params = {
  AccountId: 'STRING_VALUE', /* required */
  ClientToken: 'STRING_VALUE', /* required */
  Details: { /* required */
    Name: 'STRING_VALUE' /* required */
  }
};
s3control.deleteMultiRegionAccessPoint(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • AccountId — (String)

      The Amazon Web Services account ID for the owner of the Multi-Region Access Point.

    • ClientToken — (String)

      An idempotency token used to identify the request and guarantee that requests are unique.

      If a token is not provided, the SDK will use a version 4 UUID.
    • Details — (map)

      A container element containing details about the Multi-Region Access Point.

      • Namerequired — (String)

        The name of the Multi-Region Access Point associated with this request.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • RequestTokenARN — (String)

        The request token associated with the request. You can use this token with DescribeMultiRegionAccessPointOperation to determine the status of asynchronous requests.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

deletePublicAccessBlock(params = {}, callback) ⇒ AWS.Request

Note: This operation is not supported by directory buckets.

Removes the PublicAccessBlock configuration for an Amazon Web Services account. For more information, see Using Amazon S3 block public access.

Related actions include:

Service Reference:

Examples:

Calling the deletePublicAccessBlock operation

var params = {
  AccountId: 'STRING_VALUE' /* required */
};
s3control.deletePublicAccessBlock(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • AccountId — (String)

      The account ID for the Amazon Web Services account whose PublicAccessBlock configuration you want to remove.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

deleteStorageLensConfiguration(params = {}, callback) ⇒ AWS.Request

Note: This operation is not supported by directory buckets.

Deletes the Amazon S3 Storage Lens configuration. For more information about S3 Storage Lens, see Assessing your storage activity and usage with Amazon S3 Storage Lens in the Amazon S3 User Guide.

Note: To use this action, you must have permission to perform the s3:DeleteStorageLensConfiguration action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon S3 User Guide.

Service Reference:

Examples:

Calling the deleteStorageLensConfiguration operation

var params = {
  AccountId: 'STRING_VALUE', /* required */
  ConfigId: 'STRING_VALUE' /* required */
};
s3control.deleteStorageLensConfiguration(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • ConfigId — (String)

      The ID of the S3 Storage Lens configuration.

    • AccountId — (String)

      The account ID of the requester.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

deleteStorageLensConfigurationTagging(params = {}, callback) ⇒ AWS.Request

Note: This operation is not supported by directory buckets.

Deletes the Amazon S3 Storage Lens configuration tags. For more information about S3 Storage Lens, see Assessing your storage activity and usage with Amazon S3 Storage Lens in the Amazon S3 User Guide.

Note: To use this action, you must have permission to perform the s3:DeleteStorageLensConfigurationTagging action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon S3 User Guide.

Examples:

Calling the deleteStorageLensConfigurationTagging operation

var params = {
  AccountId: 'STRING_VALUE', /* required */
  ConfigId: 'STRING_VALUE' /* required */
};
s3control.deleteStorageLensConfigurationTagging(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • ConfigId — (String)

      The ID of the S3 Storage Lens configuration.

    • AccountId — (String)

      The account ID of the requester.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

deleteStorageLensGroup(params = {}, callback) ⇒ AWS.Request

Deletes an existing S3 Storage Lens group.

To use this operation, you must have the permission to perform the s3:DeleteStorageLensGroup action. For more information about the required Storage Lens Groups permissions, see Setting account permissions to use S3 Storage Lens groups.

For information about Storage Lens groups errors, see List of Amazon S3 Storage Lens error codes.

Service Reference:

Examples:

Calling the deleteStorageLensGroup operation

var params = {
  AccountId: 'STRING_VALUE', /* required */
  Name: 'STRING_VALUE' /* required */
};
s3control.deleteStorageLensGroup(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • Name — (String)

      The name of the Storage Lens group that you're trying to delete.

    • AccountId — (String)

      The Amazon Web Services account ID used to create the Storage Lens group that you're trying to delete.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

describeJob(params = {}, callback) ⇒ AWS.Request

Retrieves the configuration parameters and status for a Batch Operations job. For more information, see S3 Batch Operations in the Amazon S3 User Guide.

Permissions

To use the DescribeJob operation, you must have permission to perform the s3:DescribeJob action.

Related actions include:

Service Reference:

Examples:

Calling the describeJob operation

var params = {
  AccountId: 'STRING_VALUE', /* required */
  JobId: 'STRING_VALUE' /* required */
};
s3control.describeJob(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • AccountId — (String)

      The Amazon Web Services account ID associated with the S3 Batch Operations job.

    • JobId — (String)

      The ID for the job whose information you want to retrieve.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • Job — (map)

        Contains the configuration parameters and status for the job specified in the Describe Job request.

        • JobId — (String)

          The ID for the specified job.

        • ConfirmationRequired — (Boolean)

          Indicates whether confirmation is required before Amazon S3 begins running the specified job. Confirmation is required only for jobs created through the Amazon S3 console.

        • Description — (String)

          The description for this job, if one was provided in this job's Create Job request.

        • JobArn — (String)

          The Amazon Resource Name (ARN) for this job.

        • Status — (String)

          The current status of the specified job.

          Possible values include:
          • "Active"
          • "Cancelled"
          • "Cancelling"
          • "Complete"
          • "Completing"
          • "Failed"
          • "Failing"
          • "New"
          • "Paused"
          • "Pausing"
          • "Preparing"
          • "Ready"
          • "Suspended"
        • Manifest — (map)

          The configuration information for the specified job's manifest object.

          • Specrequired — (map)

            Describes the format of the specified job's manifest. If the manifest is in CSV format, also describes the columns contained within the manifest.

            • Formatrequired — (String)

              Indicates which of the available formats the specified manifest uses.

              Possible values include:
              • "S3BatchOperations_CSV_20180820"
              • "S3InventoryReport_CSV_20161130"
            • Fields — (Array<String>)

              If the specified manifest object is in the S3BatchOperations_CSV_20180820 format, this element describes which columns contain the required data.

          • Locationrequired — (map)

            Contains the information required to locate the specified job's manifest. Manifests can't be imported from directory buckets. For more information, see Directory buckets.

            • ObjectArnrequired — (String)

              The Amazon Resource Name (ARN) for a manifest object.

              When you're using XML requests, you must replace special characters (such as carriage returns) in object keys with their equivalent XML entity codes. For more information, see XML-related object key constraints in the Amazon S3 User Guide.

            • ObjectVersionId — (String)

              The optional version ID to identify a specific version of the manifest object.

            • ETagrequired — (String)

              The ETag for the specified manifest object.

        • Operation — (map)

          The operation that the specified job is configured to run on the objects listed in the manifest.

          • LambdaInvoke — (map)

            Directs the specified job to invoke an Lambda function on every object in the manifest.

            • FunctionArn — (String)

              The Amazon Resource Name (ARN) for the Lambda function that the specified job will invoke on every object in the manifest.

            • InvocationSchemaVersion — (String)

              Specifies the schema version for the payload that Batch Operations sends when invoking an Lambda function. Version 1.0 is the default. Version 2.0 is required when you use Batch Operations to invoke Lambda functions that act on directory buckets, or if you need to specify UserArguments. For more information, see Automate object processing in Amazon S3 directory buckets with S3 Batch Operations and Lambda in the Amazon Web Services Storage Blog.

              Ensure that your Lambda function code expects InvocationSchemaVersion 2.0 and uses bucket name rather than bucket ARN. If the InvocationSchemaVersion does not match what your Lambda function expects, your function might not work as expected.

              Note: Directory buckets - To initiate Amazon Web Services Lambda function to perform custom actions on objects in directory buckets, you must specify 2.0.
            • UserArguments — (map<String>)

              Key-value pairs that are passed in the payload that Batch Operations sends when invoking an Lambda function. You must specify InvocationSchemaVersion 2.0 for LambdaInvoke operations that include UserArguments. For more information, see Automate object processing in Amazon S3 directory buckets with S3 Batch Operations and Lambda in the Amazon Web Services Storage Blog.

          • S3PutObjectCopy — (map)

            Directs the specified job to run a PUT Copy object call on every object in the manifest.

            • TargetResource — (String)

              Specifies the destination bucket Amazon Resource Name (ARN) for the batch copy operation.

              • General purpose buckets - For example, to copy objects to a general purpose bucket named destinationBucket, set the TargetResource property to arn:aws:s3:::destinationBucket.

              • Directory buckets - For example, to copy objects to a directory bucket named destinationBucket in the Availability Zone; identified by the AZ ID usw2-az1, set the TargetResource property to arn:aws:s3express:region:account_id:/bucket/destination_bucket_base_name--usw2-az1--x-s3.

            • CannedAccessControlList — (String)

              Note: This functionality is not supported by directory buckets.
              Possible values include:
              • "private"
              • "public-read"
              • "public-read-write"
              • "aws-exec-read"
              • "authenticated-read"
              • "bucket-owner-read"
              • "bucket-owner-full-control"
            • AccessControlGrants — (Array<map>)

              Note: This functionality is not supported by directory buckets.
              • Grantee — (map)

                • TypeIdentifier — (String)

                  Possible values include:

                  • "id"
                  • "emailAddress"
                  • "uri"
                • Identifier — (String)

                • DisplayName — (String)

              • Permission — (String)

                Possible values include:

                • "FULL_CONTROL"
                • "READ"
                • "WRITE"
                • "READ_ACP"
                • "WRITE_ACP"
            • MetadataDirective — (String)

              Possible values include:

              • "COPY"
              • "REPLACE"
            • ModifiedSinceConstraint — (Date)

            • NewObjectMetadata — (map)

              If you don't provide this parameter, Amazon S3 copies all the metadata from the original objects. If you specify an empty set, the new objects will have no tags. Otherwise, Amazon S3 assigns the supplied tags to the new objects.

              • CacheControl — (String)

              • ContentDisposition — (String)

              • ContentEncoding — (String)

              • ContentLanguage — (String)

              • UserMetadata — (map<String>)

              • ContentLength — (Integer)

                This member has been deprecated.

              • ContentMD5 — (String)

                This member has been deprecated.

              • ContentType — (String)

              • HttpExpiresDate — (Date)

              • RequesterCharged — (Boolean)

                This member has been deprecated.

              • SSEAlgorithm — (String)

                Note: For directory buckets, only the server-side encryption with Amazon S3 managed keys (SSE-S3) (AES256) is supported.
                Possible values include:
                • "AES256"
                • "KMS"
            • NewObjectTagging — (Array<map>)

              Specifies a list of tags to add to the destination objects after they are copied. If NewObjectTagging is not specified, the tags of the source objects are copied to destination objects by default.

              Note: Directory buckets - Tags aren't supported by directory buckets. If your source objects have tags and your destination bucket is a directory bucket, specify an empty tag set in the NewObjectTagging field to prevent copying the source object tags to the directory bucket.
              • Keyrequired — (String)

                Key of the tag

              • Valuerequired — (String)

                Value of the tag

            • RedirectLocation — (String)

              If the destination bucket is configured as a website, specifies an optional metadata property for website redirects, x-amz-website-redirect-location. Allows webpage redirects if the object copy is accessed through a website endpoint.

              Note: This functionality is not supported by directory buckets.
            • RequesterPays — (Boolean)

              Note: This functionality is not supported by directory buckets.
            • StorageClass — (String)

              Specify the storage class for the destination objects in a Copy operation.

              Note: Directory buckets - This functionality is not supported by directory buckets.
              Possible values include:
              • "STANDARD"
              • "STANDARD_IA"
              • "ONEZONE_IA"
              • "GLACIER"
              • "INTELLIGENT_TIERING"
              • "DEEP_ARCHIVE"
              • "GLACIER_IR"
            • UnModifiedSinceConstraint — (Date)

            • SSEAwsKmsKeyId — (String)

              Note: This functionality is not supported by directory buckets.
            • TargetKeyPrefix — (String)

              Specifies the folder prefix that you want the objects to be copied into. For example, to copy objects into a folder named Folder1 in the destination bucket, set the TargetKeyPrefix property to Folder1.

            • ObjectLockLegalHoldStatus — (String)

              The legal hold status to be applied to all objects in the Batch Operations job.

              Note: This functionality is not supported by directory buckets.
              Possible values include:
              • "OFF"
              • "ON"
            • ObjectLockMode — (String)

              The retention mode to be applied to all objects in the Batch Operations job.

              Note: This functionality is not supported by directory buckets.
              Possible values include:
              • "COMPLIANCE"
              • "GOVERNANCE"
            • ObjectLockRetainUntilDate — (Date)

              The date when the applied object retention configuration expires on all objects in the Batch Operations job.

              Note: This functionality is not supported by directory buckets.
            • BucketKeyEnabled — (Boolean)

              Specifies whether Amazon S3 should use an S3 Bucket Key for object encryption with server-side encryption using Amazon Web Services KMS (SSE-KMS). Setting this header to true causes Amazon S3 to use an S3 Bucket Key for object encryption with SSE-KMS.

              Specifying this header with an object action doesn’t affect bucket-level settings for S3 Bucket Key.

              Note: This functionality is not supported by directory buckets.
            • ChecksumAlgorithm — (String)

              Indicates the algorithm that you want Amazon S3 to use to create the checksum. For more information, see Checking object integrity in the Amazon S3 User Guide.

              Possible values include:
              • "CRC32"
              • "CRC32C"
              • "SHA1"
              • "SHA256"
          • S3PutObjectAcl — (map)

            Directs the specified job to run a PutObjectAcl call on every object in the manifest.

            Note: This functionality is not supported by directory buckets.
            • AccessControlPolicy — (map)

              • AccessControlList — (map)

                • Ownerrequired — (map)

                  • ID — (String)

                  • DisplayName — (String)

                • Grants — (Array<map>)

                  • Grantee — (map)

                    • TypeIdentifier — (String)

                      Possible values include:

                      • "id"
                      • "emailAddress"
                      • "uri"
                    • Identifier — (String)

                    • DisplayName — (String)

                  • Permission — (String)

                    Possible values include:

                    • "FULL_CONTROL"
                    • "READ"
                    • "WRITE"
                    • "READ_ACP"
                    • "WRITE_ACP"
              • CannedAccessControlList — (String)

                Possible values include:

                • "private"
                • "public-read"
                • "public-read-write"
                • "aws-exec-read"
                • "authenticated-read"
                • "bucket-owner-read"
                • "bucket-owner-full-control"
          • S3PutObjectTagging — (map)

            Directs the specified job to run a PUT Object tagging call on every object in the manifest.

            Note: This functionality is not supported by directory buckets.
            • TagSet — (Array<map>)

              • Keyrequired — (String)

                Key of the tag

              • Valuerequired — (String)

                Value of the tag

          • S3DeleteObjectTagging — (map)

            Directs the specified job to execute a DELETE Object tagging call on every object in the manifest.

            Note: This functionality is not supported by directory buckets.
          • S3InitiateRestoreObject — (map)

            Directs the specified job to initiate restore requests for every archived object in the manifest.

            Note: This functionality is not supported by directory buckets.
            • ExpirationInDays — (Integer)

              This argument specifies how long the S3 Glacier or S3 Glacier Deep Archive object remains available in Amazon S3. S3 Initiate Restore Object jobs that target S3 Glacier and S3 Glacier Deep Archive objects require ExpirationInDays set to 1 or greater.

              Conversely, do not set ExpirationInDays when creating S3 Initiate Restore Object jobs that target S3 Intelligent-Tiering Archive Access and Deep Archive Access tier objects. Objects in S3 Intelligent-Tiering archive access tiers are not subject to restore expiry, so specifying ExpirationInDays results in restore request failure.

              S3 Batch Operations jobs can operate either on S3 Glacier and S3 Glacier Deep Archive storage class objects or on S3 Intelligent-Tiering Archive Access and Deep Archive Access storage tier objects, but not both types in the same job. If you need to restore objects of both types you must create separate Batch Operations jobs.

            • GlacierJobTier — (String)

              S3 Batch Operations supports STANDARD and BULK retrieval tiers, but not the EXPEDITED retrieval tier.

              Possible values include:
              • "BULK"
              • "STANDARD"
          • S3PutObjectLegalHold — (map)

            Contains the configuration for an S3 Object Lock legal hold operation that an S3 Batch Operations job passes to every object to the underlying PutObjectLegalHold API operation. For more information, see Using S3 Object Lock legal hold with S3 Batch Operations in the Amazon S3 User Guide.

            Note: This functionality is not supported by directory buckets.
            • LegalHoldrequired — (map)

              Contains the Object Lock legal hold status to be applied to all objects in the Batch Operations job.

              • Statusrequired — (String)

                The Object Lock legal hold status to be applied to all objects in the Batch Operations job.

                Possible values include:
                • "OFF"
                • "ON"
          • S3PutObjectRetention — (map)

            Contains the configuration parameters for the Object Lock retention action for an S3 Batch Operations job. Batch Operations passes every object to the underlying PutObjectRetention API operation. For more information, see Using S3 Object Lock retention with S3 Batch Operations in the Amazon S3 User Guide.

            Note: This functionality is not supported by directory buckets.
            • BypassGovernanceRetention — (Boolean)

              Indicates if the action should be applied to objects in the Batch Operations job even if they have Object Lock GOVERNANCE type in place.

            • Retentionrequired — (map)

              Contains the Object Lock retention mode to be applied to all objects in the Batch Operations job. For more information, see Using S3 Object Lock retention with S3 Batch Operations in the Amazon S3 User Guide.

              • RetainUntilDate — (Date)

                The date when the applied Object Lock retention will expire on all objects set by the Batch Operations job.

              • Mode — (String)

                The Object Lock retention mode to be applied to all objects in the Batch Operations job.

                Possible values include:
                • "COMPLIANCE"
                • "GOVERNANCE"
          • S3ReplicateObject — (map)

            Directs the specified job to invoke ReplicateObject on every object in the job's manifest.

            Note: This functionality is not supported by directory buckets.
        • Priority — (Integer)

          The priority of the specified job.

        • ProgressSummary — (map)

          Describes the total number of tasks that the specified job has run, the number of tasks that succeeded, and the number of tasks that failed.

          • TotalNumberOfTasks — (Integer)

          • NumberOfTasksSucceeded — (Integer)

          • NumberOfTasksFailed — (Integer)

          • Timers — (map)

            The JobTimers attribute of a job's progress summary.

            • ElapsedTimeInActiveSeconds — (Integer)

              Indicates the elapsed time in seconds the job has been in the Active job state.

        • StatusUpdateReason — (String)

          The reason for updating the job.

        • FailureReasons — (Array<map>)

          If the specified job failed, this field contains information describing the failure.

          • FailureCode — (String)

            The failure code, if any, for the specified job.

          • FailureReason — (String)

            The failure reason, if any, for the specified job.

        • Report — (map)

          Contains the configuration information for the job-completion report if you requested one in the Create Job request.

          • Bucket — (String)

            The Amazon Resource Name (ARN) for the bucket where specified job-completion report will be stored.

            Note: Directory buckets - Directory buckets aren't supported as a location for Batch Operations to store job completion reports.
          • Format — (String)

            The format of the specified job-completion report.

            Possible values include:
            • "Report_CSV_20180820"
          • Enabledrequired — (Boolean)

            Indicates whether the specified job will generate a job-completion report.

          • Prefix — (String)

            An optional prefix to describe where in the specified bucket the job-completion report will be stored. Amazon S3 stores the job-completion report at <prefix>/job-<job-id>/report.json.

          • ReportScope — (String)

            Indicates whether the job-completion report will include details of all tasks or only failed tasks.

            Possible values include:
            • "AllTasks"
            • "FailedTasksOnly"
        • CreationTime — (Date)

          A timestamp indicating when this job was created.

        • TerminationDate — (Date)

          A timestamp indicating when this job terminated. A job's termination date is the date and time when it succeeded, failed, or was canceled.

        • RoleArn — (String)

          The Amazon Resource Name (ARN) for the Identity and Access Management (IAM) role assigned to run the tasks for this job.

        • SuspendedDate — (Date)

          The timestamp when this job was suspended, if it has been suspended.

        • SuspendedCause — (String)

          The reason why the specified job was suspended. A job is only suspended if you create it through the Amazon S3 console. When you create the job, it enters the Suspended state to await confirmation before running. After you confirm the job, it automatically exits the Suspended state.

        • ManifestGenerator — (map)

          The manifest generator that was used to generate a job manifest for this job.

          • S3JobManifestGenerator — (map)

            The S3 job ManifestGenerator's configuration details.

            • ExpectedBucketOwner — (String)

              The Amazon Web Services account ID that owns the bucket the generated manifest is written to. If provided the generated manifest bucket's owner Amazon Web Services account ID must match this value, else the job fails.

            • SourceBucketrequired — (String)

              The ARN of the source bucket used by the ManifestGenerator.

              Note: Directory buckets - Directory buckets aren't supported as the source buckets used by S3JobManifestGenerator to generate the job manifest.
            • ManifestOutputLocation — (map)

              Specifies the location the generated manifest will be written to. Manifests can't be written to directory buckets. For more information, see Directory buckets.

              • ExpectedManifestBucketOwner — (String)

                The Account ID that owns the bucket the generated manifest is written to.

              • Bucketrequired — (String)

                The bucket ARN the generated manifest should be written to.

                Note: Directory buckets - Directory buckets aren't supported as the buckets to store the generated manifest.
              • ManifestPrefix — (String)

                Prefix identifying one or more objects to which the manifest applies.

              • ManifestEncryption — (map)

                Specifies what encryption should be used when the generated manifest objects are written.

                • SSES3 — (map)

                  Specifies the use of SSE-S3 to encrypt generated manifest objects.

                • SSEKMS — (map)

                  Configuration details on how SSE-KMS is used to encrypt generated manifest objects.

                  • KeyIdrequired — (String)

                    Specifies the ID of the Amazon Web Services Key Management Service (Amazon Web Services KMS) symmetric encryption customer managed key to use for encrypting generated manifest objects.

              • ManifestFormatrequired — (String)

                The format of the generated manifest.

                Possible values include:
                • "S3InventoryReport_CSV_20211130"
            • Filter — (map)

              Specifies rules the S3JobManifestGenerator should use to decide whether an object in the source bucket should or should not be included in the generated job manifest.

              • EligibleForReplication — (Boolean)

                Include objects in the generated manifest only if they are eligible for replication according to the Replication configuration on the source bucket.

              • CreatedAfter — (Date)

                If provided, the generated manifest includes only source bucket objects that were created after this time.

              • CreatedBefore — (Date)

                If provided, the generated manifest includes only source bucket objects that were created before this time.

              • ObjectReplicationStatuses — (Array<String>)

                If provided, the generated manifest includes only source bucket objects that have one of the specified Replication statuses.

              • KeyNameConstraint — (map)

                If provided, the generated manifest includes only source bucket objects whose object keys match the string constraints specified for MatchAnyPrefix, MatchAnySuffix, and MatchAnySubstring.

                • MatchAnyPrefix — (Array<String>)

                  If provided, the generated manifest includes objects where the specified string appears at the start of the object key string. Each KeyNameConstraint filter accepts an array of strings with a length of 1 string.

                • MatchAnySuffix — (Array<String>)

                  If provided, the generated manifest includes objects where the specified string appears at the end of the object key string. Each KeyNameConstraint filter accepts an array of strings with a length of 1 string.

                • MatchAnySubstring — (Array<String>)

                  If provided, the generated manifest includes objects where the specified string appears anywhere within the object key string. Each KeyNameConstraint filter accepts an array of strings with a length of 1 string.

              • ObjectSizeGreaterThanBytes — (Integer)

                If provided, the generated manifest includes only source bucket objects whose file size is greater than the specified number of bytes.

              • ObjectSizeLessThanBytes — (Integer)

                If provided, the generated manifest includes only source bucket objects whose file size is less than the specified number of bytes.

              • MatchAnyStorageClass — (Array<String>)

                If provided, the generated manifest includes only source bucket objects that are stored with the specified storage class.

            • EnableManifestOutputrequired — (Boolean)

              Determines whether or not to write the job's generated manifest to a bucket.

        • GeneratedManifestDescriptor — (map)

          The attribute of the JobDescriptor containing details about the job's generated manifest.

          • Format — (String)

            The format of the generated manifest.

            Possible values include:
            • "S3InventoryReport_CSV_20211130"
          • Location — (map)

            Contains the information required to locate a manifest object. Manifests can't be imported from directory buckets. For more information, see Directory buckets.

            • ObjectArnrequired — (String)

              The Amazon Resource Name (ARN) for a manifest object.

              When you're using XML requests, you must replace special characters (such as carriage returns) in object keys with their equivalent XML entity codes. For more information, see XML-related object key constraints in the Amazon S3 User Guide.

            • ObjectVersionId — (String)

              The optional version ID to identify a specific version of the manifest object.

            • ETagrequired — (String)

              The ETag for the specified manifest object.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

describeMultiRegionAccessPointOperation(params = {}, callback) ⇒ AWS.Request

Note: This operation is not supported by directory buckets.

Retrieves the status of an asynchronous request to manage a Multi-Region Access Point. For more information about managing Multi-Region Access Points and how asynchronous requests work, see Using Multi-Region Access Points in the Amazon S3 User Guide.

The following actions are related to GetMultiRegionAccessPoint:

Examples:

Calling the describeMultiRegionAccessPointOperation operation

var params = {
  AccountId: 'STRING_VALUE', /* required */
  RequestTokenARN: 'STRING_VALUE' /* required */
};
s3control.describeMultiRegionAccessPointOperation(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • AccountId — (String)

      The Amazon Web Services account ID for the owner of the Multi-Region Access Point.

    • RequestTokenARN — (String)

      The request token associated with the request you want to know about. This request token is returned as part of the response when you make an asynchronous request. You provide this token to query about the status of the asynchronous action.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • AsyncOperation — (map)

        A container element containing the details of the asynchronous operation.

        • CreationTime — (Date)

          The time that the request was sent to the service.

        • Operation — (String)

          The specific operation for the asynchronous request.

          Possible values include:
          • "CreateMultiRegionAccessPoint"
          • "DeleteMultiRegionAccessPoint"
          • "PutMultiRegionAccessPointPolicy"
        • RequestTokenARN — (String)

          The request token associated with the request.

        • RequestParameters — (map)

          The parameters associated with the request.

          • CreateMultiRegionAccessPointRequest — (map)

            A container of the parameters for a CreateMultiRegionAccessPoint request.

            • Namerequired — (String)

              The name of the Multi-Region Access Point associated with this request.

            • PublicAccessBlock — (map)

              The PublicAccessBlock configuration that you want to apply to this Amazon S3 account. You can enable the configuration options in any combination. For more information about when Amazon S3 considers a bucket or object public, see The Meaning of "Public" in the Amazon S3 User Guide.

              This data type is not supported for Amazon S3 on Outposts.

              • BlockPublicAcls — (Boolean)

                Specifies whether Amazon S3 should block public access control lists (ACLs) for buckets in this account. Setting this element to TRUE causes the following behavior:

                • PutBucketAcl and PutObjectAcl calls fail if the specified ACL is public.

                • PUT Object calls fail if the request includes a public ACL.

                • PUT Bucket calls fail if the request includes a public ACL.

                Enabling this setting doesn't affect existing policies or ACLs.

                This property is not supported for Amazon S3 on Outposts.

              • IgnorePublicAcls — (Boolean)

                Specifies whether Amazon S3 should ignore public ACLs for buckets in this account. Setting this element to TRUE causes Amazon S3 to ignore all public ACLs on buckets in this account and any objects that they contain.

                Enabling this setting doesn't affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set.

                This property is not supported for Amazon S3 on Outposts.

              • BlockPublicPolicy — (Boolean)

                Specifies whether Amazon S3 should block public bucket policies for buckets in this account. Setting this element to TRUE causes Amazon S3 to reject calls to PUT Bucket policy if the specified bucket policy allows public access.

                Enabling this setting doesn't affect existing bucket policies.

                This property is not supported for Amazon S3 on Outposts.

              • RestrictPublicBuckets — (Boolean)

                Specifies whether Amazon S3 should restrict public bucket policies for buckets in this account. Setting this element to TRUE restricts access to buckets with public policies to only Amazon Web Servicesservice principals and authorized users within this account.

                Enabling this setting doesn't affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked.

                This property is not supported for Amazon S3 on Outposts.

            • Regionsrequired — (Array<map>)

              The buckets in different Regions that are associated with the Multi-Region Access Point.

              • Bucketrequired — (String)

                The name of the associated bucket for the Region.

              • BucketAccountId — (String)

                The Amazon Web Services account ID that owns the Amazon S3 bucket that's associated with this Multi-Region Access Point.

          • DeleteMultiRegionAccessPointRequest — (map)

            A container of the parameters for a DeleteMultiRegionAccessPoint request.

            • Namerequired — (String)

              The name of the Multi-Region Access Point associated with this request.

          • PutMultiRegionAccessPointPolicyRequest — (map)

            A container of the parameters for a PutMultiRegionAccessPoint request.

            • Namerequired — (String)

              The name of the Multi-Region Access Point associated with the request.

            • Policyrequired — (String)

              The policy details for the PutMultiRegionAccessPoint request.

        • RequestStatus — (String)

          The current status of the request.

        • ResponseDetails — (map)

          The details of the response.

          • MultiRegionAccessPointDetails — (map)

            The details for the Multi-Region Access Point.

            • Regions — (Array<map>)

              A collection of status information for the different Regions that a Multi-Region Access Point supports.

              • Name — (String)

                The name of the Region in the Multi-Region Access Point.

              • RequestStatus — (String)

                The current status of the Multi-Region Access Point in this Region.

          • ErrorDetails — (map)

            Error details for an asynchronous request.

            • Code — (String)

              A string that uniquely identifies the error condition.

            • Message — (String)

              A generic description of the error condition in English.

            • Resource — (String)

              The identifier of the resource associated with the error.

            • RequestId — (String)

              The ID of the request associated with the error.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

dissociateAccessGrantsIdentityCenter(params = {}, callback) ⇒ AWS.Request

Dissociates the Amazon Web Services IAM Identity Center instance from the S3 Access Grants instance.

Permissions

You must have the s3:DissociateAccessGrantsIdentityCenter permission to use this operation.

Additional Permissions

You must have the sso:DeleteApplication permission to use this operation.

Examples:

Calling the dissociateAccessGrantsIdentityCenter operation

var params = {
  AccountId: 'STRING_VALUE' /* required */
};
s3control.dissociateAccessGrantsIdentityCenter(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • AccountId — (String)

      The Amazon Web Services account ID of the S3 Access Grants instance.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

getAccessGrant(params = {}, callback) ⇒ AWS.Request

Get the details of an access grant from your S3 Access Grants instance.

Permissions

You must have the s3:GetAccessGrant permission to use this operation.

Service Reference:

Examples:

Calling the getAccessGrant operation

var params = {
  AccessGrantId: 'STRING_VALUE', /* required */
  AccountId: 'STRING_VALUE' /* required */
};
s3control.getAccessGrant(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • AccountId — (String)

      The Amazon Web Services account ID of the S3 Access Grants instance.

    • AccessGrantId — (String)

      The ID of the access grant. S3 Access Grants auto-generates this ID when you create the access grant.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • CreatedAt — (Date)

        The date and time when you created the access grant.

      • AccessGrantId — (String)

        The ID of the access grant. S3 Access Grants auto-generates this ID when you create the access grant.

      • AccessGrantArn — (String)

        The Amazon Resource Name (ARN) of the access grant.

      • Grantee — (map)

        The user, group, or role to which you are granting access. You can grant access to an IAM user or role. If you have added a corporate directory to Amazon Web Services IAM Identity Center and associated this Identity Center instance with the S3 Access Grants instance, the grantee can also be a corporate directory user or group.

        • GranteeType — (String)

          The type of the grantee to which access has been granted. It can be one of the following values:

          • IAM - An IAM user or role.

          • DIRECTORY_USER - Your corporate directory user. You can use this option if you have added your corporate identity directory to IAM Identity Center and associated the IAM Identity Center instance with your S3 Access Grants instance.

          • DIRECTORY_GROUP - Your corporate directory group. You can use this option if you have added your corporate identity directory to IAM Identity Center and associated the IAM Identity Center instance with your S3 Access Grants instance.

          Possible values include:
          • "DIRECTORY_USER"
          • "DIRECTORY_GROUP"
          • "IAM"
        • GranteeIdentifier — (String)

          The unique identifier of the Grantee. If the grantee type is IAM, the identifier is the IAM Amazon Resource Name (ARN) of the user or role. If the grantee type is a directory user or group, the identifier is 128-bit universally unique identifier (UUID) in the format a1b2c3d4-5678-90ab-cdef-EXAMPLE11111. You can obtain this UUID from your Amazon Web Services IAM Identity Center instance.

      • Permission — (String)

        The type of permission that was granted in the access grant. Can be one of the following values:

        • READ – Grant read-only access to the S3 data.

        • WRITE – Grant write-only access to the S3 data.

        • READWRITE – Grant both read and write access to the S3 data.

        Possible values include:
        • "READ"
        • "WRITE"
        • "READWRITE"
      • AccessGrantsLocationId — (String)

        The ID of the registered location to which you are granting access. S3 Access Grants assigns this ID when you register the location. S3 Access Grants assigns the ID default to the default location s3:// and assigns an auto-generated ID to other locations that you register.

      • AccessGrantsLocationConfiguration — (map)

        The configuration options of the grant location. The grant location is the S3 path to the data to which you are granting access.

        • S3SubPrefix — (String)

          The S3SubPrefix is appended to the location scope creating the grant scope. Use this field to narrow the scope of the grant to a subset of the location scope. This field is required if the location scope is the default location s3:// because you cannot create a grant for all of your S3 data in the Region and must narrow the scope. For example, if the location scope is the default location s3://, the S3SubPrefx can be a <bucket-name>/*, so the full grant scope path would be s3://<bucket-name>/*. Or the S3SubPrefx can be <bucket-name>/<prefix-name>*, so the full grant scope path would be or s3://<bucket-name>/<prefix-name>*.

          If the S3SubPrefix includes a prefix, append the wildcard character * after the prefix to indicate that you want to include all object key names in the bucket that start with that prefix.

      • GrantScope — (String)

        The S3 path of the data to which you are granting access. It is the result of appending the Subprefix to the location scope.

      • ApplicationArn — (String)

        The Amazon Resource Name (ARN) of an Amazon Web Services IAM Identity Center application associated with your Identity Center instance. If the grant includes an application ARN, the grantee can only access the S3 data through this application.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

getAccessGrantsInstance(params = {}, callback) ⇒ AWS.Request

Retrieves the S3 Access Grants instance for a Region in your account.

Permissions

You must have the s3:GetAccessGrantsInstance permission to use this operation.

Note: GetAccessGrantsInstance is not supported for cross-account access. You can only call the API from the account that owns the S3 Access Grants instance.

Service Reference:

Examples:

Calling the getAccessGrantsInstance operation

var params = {
  AccountId: 'STRING_VALUE' /* required */
};
s3control.getAccessGrantsInstance(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • AccountId — (String)

      The Amazon Web Services account ID of the S3 Access Grants instance.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • AccessGrantsInstanceArn — (String)

        The Amazon Resource Name (ARN) of the S3 Access Grants instance.

      • AccessGrantsInstanceId — (String)

        The ID of the S3 Access Grants instance. The ID is default. You can have one S3 Access Grants instance per Region per account.

      • IdentityCenterArn — (String)

        If you associated your S3 Access Grants instance with an Amazon Web Services IAM Identity Center instance, this field returns the Amazon Resource Name (ARN) of the IAM Identity Center instance application; a subresource of the original Identity Center instance. S3 Access Grants creates this Identity Center application for the specific S3 Access Grants instance.

      • IdentityCenterInstanceArn — (String)

        The Amazon Resource Name (ARN) of the Amazon Web Services IAM Identity Center instance that you are associating with your S3 Access Grants instance. An IAM Identity Center instance is your corporate identity directory that you added to the IAM Identity Center. You can use the ListInstances API operation to retrieve a list of your Identity Center instances and their ARNs.

      • IdentityCenterApplicationArn — (String)

        If you associated your S3 Access Grants instance with an Amazon Web Services IAM Identity Center instance, this field returns the Amazon Resource Name (ARN) of the IAM Identity Center instance application; a subresource of the original Identity Center instance. S3 Access Grants creates this Identity Center application for the specific S3 Access Grants instance.

      • CreatedAt — (Date)

        The date and time when you created the S3 Access Grants instance.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

getAccessGrantsInstanceForPrefix(params = {}, callback) ⇒ AWS.Request

Retrieve the S3 Access Grants instance that contains a particular prefix.

Permissions

You must have the s3:GetAccessGrantsInstanceForPrefix permission for the caller account to use this operation.

Additional Permissions

The prefix owner account must grant you the following permissions to their S3 Access Grants instance: s3:GetAccessGrantsInstanceForPrefix.

Examples:

Calling the getAccessGrantsInstanceForPrefix operation

var params = {
  AccountId: 'STRING_VALUE', /* required */
  S3Prefix: 'STRING_VALUE' /* required */
};
s3control.getAccessGrantsInstanceForPrefix(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • AccountId — (String)

      The ID of the Amazon Web Services account that is making this request.

    • S3Prefix — (String)

      The S3 prefix of the access grants that you would like to retrieve.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • AccessGrantsInstanceArn — (String)

        The Amazon Resource Name (ARN) of the S3 Access Grants instance.

      • AccessGrantsInstanceId — (String)

        The ID of the S3 Access Grants instance. The ID is default. You can have one S3 Access Grants instance per Region per account.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

getAccessGrantsInstanceResourcePolicy(params = {}, callback) ⇒ AWS.Request

Returns the resource policy of the S3 Access Grants instance.

Permissions

You must have the s3:GetAccessGrantsInstanceResourcePolicy permission to use this operation.

Examples:

Calling the getAccessGrantsInstanceResourcePolicy operation

var params = {
  AccountId: 'STRING_VALUE' /* required */
};
s3control.getAccessGrantsInstanceResourcePolicy(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • AccountId — (String)

      The Amazon Web Services account ID of the S3 Access Grants instance.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • Policy — (String)

        The resource policy of the S3 Access Grants instance.

      • Organization — (String)

        The Organization of the resource policy of the S3 Access Grants instance.

      • CreatedAt — (Date)

        The date and time when you created the S3 Access Grants instance resource policy.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

getAccessGrantsLocation(params = {}, callback) ⇒ AWS.Request

Retrieves the details of a particular location registered in your S3 Access Grants instance.

Permissions

You must have the s3:GetAccessGrantsLocation permission to use this operation.

Service Reference:

Examples:

Calling the getAccessGrantsLocation operation

var params = {
  AccessGrantsLocationId: 'STRING_VALUE', /* required */
  AccountId: 'STRING_VALUE' /* required */
};
s3control.getAccessGrantsLocation(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • AccountId — (String)

      The Amazon Web Services account ID of the S3 Access Grants instance.

    • AccessGrantsLocationId — (String)

      The ID of the registered location that you are retrieving. S3 Access Grants assigns this ID when you register the location. S3 Access Grants assigns the ID default to the default location s3:// and assigns an auto-generated ID to other locations that you register.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • CreatedAt — (Date)

        The date and time when you registered the location.

      • AccessGrantsLocationId — (String)

        The ID of the registered location to which you are granting access. S3 Access Grants assigns this ID when you register the location. S3 Access Grants assigns the ID default to the default location s3:// and assigns an auto-generated ID to other locations that you register.

      • AccessGrantsLocationArn — (String)

        The Amazon Resource Name (ARN) of the registered location.

      • LocationScope — (String)

        The S3 URI path to the registered location. The location scope can be the default S3 location s3://, the S3 path to a bucket, or the S3 path to a bucket and prefix. A prefix in S3 is a string of characters at the beginning of an object key name used to organize the objects that you store in your S3 buckets. For example, object key names that start with the engineering/ prefix or object key names that start with the marketing/campaigns/ prefix.

      • IAMRoleArn — (String)

        The Amazon Resource Name (ARN) of the IAM role for the registered location. S3 Access Grants assumes this role to manage access to the registered location.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

getAccessPoint(params = {}, callback) ⇒ AWS.Request

Note: This operation is not supported by directory buckets.

Returns configuration information about the specified access point.

All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.

The following actions are related to GetAccessPoint:

Service Reference:

Examples:

Calling the getAccessPoint operation

var params = {
  AccountId: 'STRING_VALUE', /* required */
  Name: 'STRING_VALUE' /* required */
};
s3control.getAccessPoint(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • AccountId — (String)

      The Amazon Web Services account ID for the account that owns the specified access point.

    • Name — (String)

      The name of the access point whose configuration information you want to retrieve.

      For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.

      For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the access point accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/accesspoint/<my-accesspoint-name>. For example, to access the access point reports-ap through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/accesspoint/reports-ap. The value must be URL encoded.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • Name — (String)

        The name of the specified access point.

      • Bucket — (String)

        The name of the bucket associated with the specified access point.

      • NetworkOrigin — (String)

        Indicates whether this access point allows access from the public internet. If VpcConfiguration is specified for this access point, then NetworkOrigin is VPC, and the access point doesn't allow access from the public internet. Otherwise, NetworkOrigin is Internet, and the access point allows access from the public internet, subject to the access point and bucket access policies.

        This will always be true for an Amazon S3 on Outposts access point

        Possible values include:
        • "Internet"
        • "VPC"
      • VpcConfiguration — (map)

        Contains the virtual private cloud (VPC) configuration for the specified access point.

        Note: This element is empty if this access point is an Amazon S3 on Outposts access point that is used by other Amazon Web Servicesservices.
        • VpcIdrequired — (String)

          If this field is specified, this access point will only allow connections from the specified VPC ID.

      • PublicAccessBlockConfiguration — (map)

        The PublicAccessBlock configuration that you want to apply to this Amazon S3 account. You can enable the configuration options in any combination. For more information about when Amazon S3 considers a bucket or object public, see The Meaning of "Public" in the Amazon S3 User Guide.

        This data type is not supported for Amazon S3 on Outposts.

        • BlockPublicAcls — (Boolean)

          Specifies whether Amazon S3 should block public access control lists (ACLs) for buckets in this account. Setting this element to TRUE causes the following behavior:

          • PutBucketAcl and PutObjectAcl calls fail if the specified ACL is public.

          • PUT Object calls fail if the request includes a public ACL.

          • PUT Bucket calls fail if the request includes a public ACL.

          Enabling this setting doesn't affect existing policies or ACLs.

          This property is not supported for Amazon S3 on Outposts.

        • IgnorePublicAcls — (Boolean)

          Specifies whether Amazon S3 should ignore public ACLs for buckets in this account. Setting this element to TRUE causes Amazon S3 to ignore all public ACLs on buckets in this account and any objects that they contain.

          Enabling this setting doesn't affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set.

          This property is not supported for Amazon S3 on Outposts.

        • BlockPublicPolicy — (Boolean)

          Specifies whether Amazon S3 should block public bucket policies for buckets in this account. Setting this element to TRUE causes Amazon S3 to reject calls to PUT Bucket policy if the specified bucket policy allows public access.

          Enabling this setting doesn't affect existing bucket policies.

          This property is not supported for Amazon S3 on Outposts.

        • RestrictPublicBuckets — (Boolean)

          Specifies whether Amazon S3 should restrict public bucket policies for buckets in this account. Setting this element to TRUE restricts access to buckets with public policies to only Amazon Web Servicesservice principals and authorized users within this account.

          Enabling this setting doesn't affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked.

          This property is not supported for Amazon S3 on Outposts.

      • CreationDate — (Date)

        The date and time when the specified access point was created.

      • Alias — (String)

        The name or alias of the access point.

      • AccessPointArn — (String)

        The ARN of the access point.

      • Endpoints — (map<String>)

        The VPC endpoint for the access point.

      • BucketAccountId — (String)

        The Amazon Web Services account ID associated with the S3 bucket associated with this access point.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

getAccessPointConfigurationForObjectLambda(params = {}, callback) ⇒ AWS.Request

Note: This operation is not supported by directory buckets.

Returns configuration for an Object Lambda Access Point.

The following actions are related to GetAccessPointConfigurationForObjectLambda:

Examples:

Calling the getAccessPointConfigurationForObjectLambda operation

var params = {
  AccountId: 'STRING_VALUE', /* required */
  Name: 'STRING_VALUE' /* required */
};
s3control.getAccessPointConfigurationForObjectLambda(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • AccountId — (String)

      The account ID for the account that owns the specified Object Lambda Access Point.

    • Name — (String)

      The name of the Object Lambda Access Point you want to return the configuration for.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • Configuration — (map)

        Object Lambda Access Point configuration document.

        • SupportingAccessPointrequired — (String)

          Standard access point associated with the Object Lambda Access Point.

        • CloudWatchMetricsEnabled — (Boolean)

          A container for whether the CloudWatch metrics configuration is enabled.

        • AllowedFeatures — (Array<String>)

          A container for allowed features. Valid inputs are GetObject-Range, GetObject-PartNumber, HeadObject-Range, and HeadObject-PartNumber.

        • TransformationConfigurationsrequired — (Array<map>)

          A container for transformation configurations for an Object Lambda Access Point.

          • Actionsrequired — (Array<String>)

            A container for the action of an Object Lambda Access Point configuration. Valid inputs are GetObject, ListObjects, HeadObject, and ListObjectsV2.

          • ContentTransformationrequired — (map)

            A container for the content transformation of an Object Lambda Access Point configuration.

            • AwsLambda — (map)

              A container for an Lambda function.

              • FunctionArnrequired — (String)

                The Amazon Resource Name (ARN) of the Lambda function.

              • FunctionPayload — (String)

                Additional JSON that provides supplemental data to the Lambda function used to transform objects.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

getAccessPointForObjectLambda(params = {}, callback) ⇒ AWS.Request

Note: This operation is not supported by directory buckets.

Returns configuration information about the specified Object Lambda Access Point

The following actions are related to GetAccessPointForObjectLambda:

Service Reference:

Examples:

Calling the getAccessPointForObjectLambda operation

var params = {
  AccountId: 'STRING_VALUE', /* required */
  Name: 'STRING_VALUE' /* required */
};
s3control.getAccessPointForObjectLambda(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • AccountId — (String)

      The account ID for the account that owns the specified Object Lambda Access Point.

    • Name — (String)

      The name of the Object Lambda Access Point.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • Name — (String)

        The name of the Object Lambda Access Point.

      • PublicAccessBlockConfiguration — (map)

        Configuration to block all public access. This setting is turned on and can not be edited.

        • BlockPublicAcls — (Boolean)

          Specifies whether Amazon S3 should block public access control lists (ACLs) for buckets in this account. Setting this element to TRUE causes the following behavior:

          • PutBucketAcl and PutObjectAcl calls fail if the specified ACL is public.

          • PUT Object calls fail if the request includes a public ACL.

          • PUT Bucket calls fail if the request includes a public ACL.

          Enabling this setting doesn't affect existing policies or ACLs.

          This property is not supported for Amazon S3 on Outposts.

        • IgnorePublicAcls — (Boolean)

          Specifies whether Amazon S3 should ignore public ACLs for buckets in this account. Setting this element to TRUE causes Amazon S3 to ignore all public ACLs on buckets in this account and any objects that they contain.

          Enabling this setting doesn't affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set.

          This property is not supported for Amazon S3 on Outposts.

        • BlockPublicPolicy — (Boolean)

          Specifies whether Amazon S3 should block public bucket policies for buckets in this account. Setting this element to TRUE causes Amazon S3 to reject calls to PUT Bucket policy if the specified bucket policy allows public access.

          Enabling this setting doesn't affect existing bucket policies.

          This property is not supported for Amazon S3 on Outposts.

        • RestrictPublicBuckets — (Boolean)

          Specifies whether Amazon S3 should restrict public bucket policies for buckets in this account. Setting this element to TRUE restricts access to buckets with public policies to only Amazon Web Servicesservice principals and authorized users within this account.

          Enabling this setting doesn't affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked.

          This property is not supported for Amazon S3 on Outposts.

      • CreationDate — (Date)

        The date and time when the specified Object Lambda Access Point was created.

      • Alias — (map)

        The alias of the Object Lambda Access Point.

        • Value — (String)

          The alias value of the Object Lambda Access Point.

        • Status — (String)

          The status of the Object Lambda Access Point alias. If the status is PROVISIONING, the Object Lambda Access Point is provisioning the alias and the alias is not ready for use yet. If the status is READY, the Object Lambda Access Point alias is successfully provisioned and ready for use.

          Possible values include:
          • "PROVISIONING"
          • "READY"

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

getAccessPointPolicy(params = {}, callback) ⇒ AWS.Request

Note: This operation is not supported by directory buckets.

Returns the access point policy associated with the specified access point.

The following actions are related to GetAccessPointPolicy:

Service Reference:

Examples:

Calling the getAccessPointPolicy operation

var params = {
  AccountId: 'STRING_VALUE', /* required */
  Name: 'STRING_VALUE' /* required */
};
s3control.getAccessPointPolicy(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • AccountId — (String)

      The account ID for the account that owns the specified access point.

    • Name — (String)

      The name of the access point whose policy you want to retrieve.

      For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.

      For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the access point accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/accesspoint/<my-accesspoint-name>. For example, to access the access point reports-ap through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/accesspoint/reports-ap. The value must be URL encoded.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • Policy — (String)

        The access point policy associated with the specified access point.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

getAccessPointPolicyForObjectLambda(params = {}, callback) ⇒ AWS.Request

Note: This operation is not supported by directory buckets.

Returns the resource policy for an Object Lambda Access Point.

The following actions are related to GetAccessPointPolicyForObjectLambda:

Examples:

Calling the getAccessPointPolicyForObjectLambda operation

var params = {
  AccountId: 'STRING_VALUE', /* required */
  Name: 'STRING_VALUE' /* required */
};
s3control.getAccessPointPolicyForObjectLambda(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • AccountId — (String)

      The account ID for the account that owns the specified Object Lambda Access Point.

    • Name — (String)

      The name of the Object Lambda Access Point.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • Policy — (String)

        Object Lambda Access Point resource policy document.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

getAccessPointPolicyStatus(params = {}, callback) ⇒ AWS.Request

Note: This operation is not supported by directory buckets.

Indicates whether the specified access point currently has a policy that allows public access. For more information about public access through access points, see Managing Data Access with Amazon S3 access points in the Amazon S3 User Guide.

Service Reference:

Examples:

Calling the getAccessPointPolicyStatus operation

var params = {
  AccountId: 'STRING_VALUE', /* required */
  Name: 'STRING_VALUE' /* required */
};
s3control.getAccessPointPolicyStatus(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • AccountId — (String)

      The account ID for the account that owns the specified access point.

    • Name — (String)

      The name of the access point whose policy status you want to retrieve.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • PolicyStatus — (map)

        Indicates the current policy status of the specified access point.

        • IsPublic — (Boolean)

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

getAccessPointPolicyStatusForObjectLambda(params = {}, callback) ⇒ AWS.Request

Note: This operation is not supported by directory buckets.

Returns the status of the resource policy associated with an Object Lambda Access Point.

Examples:

Calling the getAccessPointPolicyStatusForObjectLambda operation

var params = {
  AccountId: 'STRING_VALUE', /* required */
  Name: 'STRING_VALUE' /* required */
};
s3control.getAccessPointPolicyStatusForObjectLambda(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • AccountId — (String)

      The account ID for the account that owns the specified Object Lambda Access Point.

    • Name — (String)

      The name of the Object Lambda Access Point.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • PolicyStatus — (map)

        Indicates whether this access point policy is public. For more information about how Amazon S3 evaluates policies to determine whether they are public, see The Meaning of "Public" in the Amazon S3 User Guide.

        • IsPublic — (Boolean)

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

getBucket(params = {}, callback) ⇒ AWS.Request

Gets an Amazon S3 on Outposts bucket. For more information, see Using Amazon S3 on Outposts in the Amazon S3 User Guide.

If you are using an identity other than the root user of the Amazon Web Services account that owns the Outposts bucket, the calling identity must have the s3-outposts:GetBucket permissions on the specified Outposts bucket and belong to the Outposts bucket owner's account in order to use this action. Only users from Outposts bucket owner account with the right permissions can perform actions on an Outposts bucket.

If you don't have s3-outposts:GetBucket permissions or you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 403 Access Denied error.

The following actions are related to GetBucket for Amazon S3 on Outposts:

All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.

Service Reference:

Examples:

Calling the getBucket operation

var params = {
  AccountId: 'STRING_VALUE', /* required */
  Bucket: 'STRING_VALUE' /* required */
};
s3control.getBucket(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • AccountId — (String)

      The Amazon Web Services account ID of the Outposts bucket.

    • Bucket — (String)

      Specifies the bucket.

      For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.

      For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>. For example, to access the bucket reports through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports. The value must be URL encoded.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • Bucket — (String)

        The Outposts bucket requested.

      • PublicAccessBlockEnabled — (Boolean)

      • CreationDate — (Date)

        The creation date of the Outposts bucket.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

getBucketLifecycleConfiguration(params = {}, callback) ⇒ AWS.Request

Note: This action gets an Amazon S3 on Outposts bucket's lifecycle configuration. To get an S3 bucket's lifecycle configuration, see GetBucketLifecycleConfiguration in the Amazon S3 API Reference.

Returns the lifecycle configuration information set on the Outposts bucket. For more information, see Using Amazon S3 on Outposts and for information about lifecycle configuration, see Object Lifecycle Management in Amazon S3 User Guide.

To use this action, you must have permission to perform the s3-outposts:GetLifecycleConfiguration action. The Outposts bucket owner has this permission, by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.

All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.

GetBucketLifecycleConfiguration has the following special error:

  • Error code: NoSuchLifecycleConfiguration

    • Description: The lifecycle configuration does not exist.

    • HTTP Status Code: 404 Not Found

    • SOAP Fault Code Prefix: Client

The following actions are related to GetBucketLifecycleConfiguration:

Service Reference:

Examples:

Calling the getBucketLifecycleConfiguration operation

var params = {
  AccountId: 'STRING_VALUE', /* required */
  Bucket: 'STRING_VALUE' /* required */
};
s3control.getBucketLifecycleConfiguration(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • AccountId — (String)

      The Amazon Web Services account ID of the Outposts bucket.

    • Bucket — (String)

      The Amazon Resource Name (ARN) of the bucket.

      For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.

      For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>. For example, to access the bucket reports through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports. The value must be URL encoded.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • Rules — (Array<map>)

        Container for the lifecycle rule of the Outposts bucket.

        • Expiration — (map)

          Specifies the expiration for the lifecycle of the object in the form of date, days and, whether the object has a delete marker.

          • Date — (Date)

            Indicates at what date the object is to be deleted. Should be in GMT ISO 8601 format.

          • Days — (Integer)

            Indicates the lifetime, in days, of the objects that are subject to the rule. The value must be a non-zero positive integer.

          • ExpiredObjectDeleteMarker — (Boolean)

            Indicates whether Amazon S3 will remove a delete marker with no noncurrent versions. If set to true, the delete marker will be expired. If set to false, the policy takes no action. This cannot be specified with Days or Date in a Lifecycle Expiration Policy.

        • ID — (String)

          Unique identifier for the rule. The value cannot be longer than 255 characters.

        • Filter — (map)

          The container for the filter of lifecycle rule.

          • Prefix — (String)

            Prefix identifying one or more objects to which the rule applies.

            When you're using XML requests, you must replace special characters (such as carriage returns) in object keys with their equivalent XML entity codes. For more information, see XML-related object key constraints in the Amazon S3 User Guide.

          • Tag — (map)

            A container for a key-value name pair.

            • Keyrequired — (String)

              Key of the tag

            • Valuerequired — (String)

              Value of the tag

          • And — (map)

            The container for the AND condition for the lifecycle rule.

            • Prefix — (String)

              Prefix identifying one or more objects to which the rule applies.

            • Tags — (Array<map>)

              All of these tags must exist in the object's tag set in order for the rule to apply.

              • Keyrequired — (String)

                Key of the tag

              • Valuerequired — (String)

                Value of the tag

            • ObjectSizeGreaterThan — (Integer)

              The non-inclusive minimum object size for the lifecycle rule. Setting this property to 7 means the rule applies to objects with a size that is greater than 7.

            • ObjectSizeLessThan — (Integer)

              The non-inclusive maximum object size for the lifecycle rule. Setting this property to 77 means the rule applies to objects with a size that is less than 77.

          • ObjectSizeGreaterThan — (Integer)

            Minimum object size to which the rule applies.

          • ObjectSizeLessThan — (Integer)

            Maximum object size to which the rule applies.

        • Statusrequired — (String)

          If 'Enabled', the rule is currently being applied. If 'Disabled', the rule is not currently being applied.

          Possible values include:
          • "Enabled"
          • "Disabled"
        • Transitions — (Array<map>)

          Specifies when an Amazon S3 object transitions to a specified storage class.

          Note: This is not supported by Amazon S3 on Outposts buckets.
          • Date — (Date)

            Indicates when objects are transitioned to the specified storage class. The date value must be in ISO 8601 format. The time is always midnight UTC.

          • Days — (Integer)

            Indicates the number of days after creation when objects are transitioned to the specified storage class. The value must be a positive integer.

          • StorageClass — (String)

            The storage class to which you want the object to transition.

            Possible values include:
            • "GLACIER"
            • "STANDARD_IA"
            • "ONEZONE_IA"
            • "INTELLIGENT_TIERING"
            • "DEEP_ARCHIVE"
        • NoncurrentVersionTransitions — (Array<map>)

          Specifies the transition rule for the lifecycle rule that describes when noncurrent objects transition to a specific storage class. If your bucket is versioning-enabled (or versioning is suspended), you can set this action to request that Amazon S3 transition noncurrent object versions to a specific storage class at a set period in the object's lifetime.

          Note: This is not supported by Amazon S3 on Outposts buckets.
          • NoncurrentDays — (Integer)

            Specifies the number of days an object is noncurrent before Amazon S3 can perform the associated action. For information about the noncurrent days calculations, see How Amazon S3 Calculates How Long an Object Has Been Noncurrent in the Amazon S3 User Guide.

          • StorageClass — (String)

            The class of storage used to store the object.

            Possible values include:
            • "GLACIER"
            • "STANDARD_IA"
            • "ONEZONE_IA"
            • "INTELLIGENT_TIERING"
            • "DEEP_ARCHIVE"
        • NoncurrentVersionExpiration — (map)

          The noncurrent version expiration of the lifecycle rule.

          • NoncurrentDays — (Integer)

            Specifies the number of days an object is noncurrent before Amazon S3 can perform the associated action. For information about the noncurrent days calculations, see How Amazon S3 Calculates When an Object Became Noncurrent in the Amazon S3 User Guide.

          • NewerNoncurrentVersions — (Integer)

            Specifies how many noncurrent versions S3 on Outposts will retain. If there are this many more recent noncurrent versions, S3 on Outposts will take the associated action. For more information about noncurrent versions, see Lifecycle configuration elements in the Amazon S3 User Guide.

        • AbortIncompleteMultipartUpload — (map)

          Specifies the days since the initiation of an incomplete multipart upload that Amazon S3 waits before permanently removing all parts of the upload. For more information, see Aborting Incomplete Multipart Uploads Using a Bucket Lifecycle Configuration in the Amazon S3 User Guide.

          • DaysAfterInitiation — (Integer)

            Specifies the number of days after which Amazon S3 aborts an incomplete multipart upload to the Outposts bucket.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

getBucketPolicy(params = {}, callback) ⇒ AWS.Request

Note: This action gets a bucket policy for an Amazon S3 on Outposts bucket. To get a policy for an S3 bucket, see GetBucketPolicy in the Amazon S3 API Reference.

Returns the policy of a specified Outposts bucket. For more information, see Using Amazon S3 on Outposts in the Amazon S3 User Guide.

If you are using an identity other than the root user of the Amazon Web Services account that owns the bucket, the calling identity must have the GetBucketPolicy permissions on the specified bucket and belong to the bucket owner's account in order to use this action.

Only users from Outposts bucket owner account with the right permissions can perform actions on an Outposts bucket. If you don't have s3-outposts:GetBucketPolicy permissions or you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 403 Access Denied error.

As a security precaution, the root user of the Amazon Web Services account that owns a bucket can always use this action, even if the policy explicitly denies the root user the ability to perform this action.

For more information about bucket policies, see Using Bucket Policies and User Policies.

All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.

The following actions are related to GetBucketPolicy:

Service Reference:

Examples:

Calling the getBucketPolicy operation

var params = {
  AccountId: 'STRING_VALUE', /* required */
  Bucket: 'STRING_VALUE' /* required */
};
s3control.getBucketPolicy(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • AccountId — (String)

      The Amazon Web Services account ID of the Outposts bucket.

    • Bucket — (String)

      Specifies the bucket.

      For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.

      For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>. For example, to access the bucket reports through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports. The value must be URL encoded.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • Policy — (String)

        The policy of the Outposts bucket.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

getBucketReplication(params = {}, callback) ⇒ AWS.Request

Note: This operation gets an Amazon S3 on Outposts bucket's replication configuration. To get an S3 bucket's replication configuration, see GetBucketReplication in the Amazon S3 API Reference.

Returns the replication configuration of an S3 on Outposts bucket. For more information about S3 on Outposts, see Using Amazon S3 on Outposts in the Amazon S3 User Guide. For information about S3 replication on Outposts configuration, see Replicating objects for S3 on Outposts in the Amazon S3 User Guide.

Note: It can take a while to propagate PUT or DELETE requests for a replication configuration to all S3 on Outposts systems. Therefore, the replication configuration that's returned by a GET request soon after a PUT or DELETE request might return a more recent result than what's on the Outpost. If an Outpost is offline, the delay in updating the replication configuration on that Outpost can be significant.

This action requires permissions for the s3-outposts:GetReplicationConfiguration action. The Outposts bucket owner has this permission by default and can grant it to others. For more information about permissions, see Setting up IAM with S3 on Outposts and Managing access to S3 on Outposts bucket in the Amazon S3 User Guide.

All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.

If you include the Filter element in a replication configuration, you must also include the DeleteMarkerReplication, Status, and Priority elements. The response also returns those elements.

For information about S3 on Outposts replication failure reasons, see Replication failure reasons in the Amazon S3 User Guide.

The following operations are related to GetBucketReplication:

Service Reference:

Examples:

Calling the getBucketReplication operation

var params = {
  AccountId: 'STRING_VALUE', /* required */
  Bucket: 'STRING_VALUE' /* required */
};
s3control.getBucketReplication(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • AccountId — (String)

      The Amazon Web Services account ID of the Outposts bucket.

    • Bucket — (String)

      Specifies the bucket to get the replication information for.

      For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.

      For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>. For example, to access the bucket reports through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports. The value must be URL encoded.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • ReplicationConfiguration — (map)

        A container for one or more replication rules. A replication configuration must have at least one rule and you can add up to 100 rules. The maximum size of a replication configuration is 128 KB.

        • Rolerequired — (String)

          The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role that S3 on Outposts assumes when replicating objects. For information about S3 replication on Outposts configuration, see Setting up replication in the Amazon S3 User Guide.

        • Rulesrequired — (Array<map>)

          A container for one or more replication rules. A replication configuration must have at least one rule and can contain an array of 100 rules at the most.

          • ID — (String)

            A unique identifier for the rule. The maximum value is 255 characters.

          • Priority — (Integer)

            The priority indicates which rule has precedence whenever two or more replication rules conflict. S3 on Outposts attempts to replicate objects according to all replication rules. However, if there are two or more rules with the same destination Outposts bucket, then objects will be replicated according to the rule with the highest priority. The higher the number, the higher the priority.

            For more information, see Creating replication rules on Outposts in the Amazon S3 User Guide.

          • Prefix — (String)

            An object key name prefix that identifies the object or objects to which the rule applies. The maximum prefix length is 1,024 characters. To include all objects in an Outposts bucket, specify an empty string.

            When you're using XML requests, you must replace special characters (such as carriage returns) in object keys with their equivalent XML entity codes. For more information, see XML-related object key constraints in the Amazon S3 User Guide.

          • Filter — (map)

            A filter that identifies the subset of objects to which the replication rule applies. A Filter element must specify exactly one Prefix, Tag, or And child element.

            • Prefix — (String)

              An object key name prefix that identifies the subset of objects that the rule applies to.

              When you're using XML requests, you must replace special characters (such as carriage returns) in object keys with their equivalent XML entity codes. For more information, see XML-related object key constraints in the Amazon S3 User Guide.

            • Tag — (map)

              A container for a key-value name pair.

              • Keyrequired — (String)

                Key of the tag

              • Valuerequired — (String)

                Value of the tag

            • And — (map)

              A container for specifying rule filters. The filters determine the subset of objects that the rule applies to. This element is required only if you specify more than one filter. For example:

              • If you specify both a Prefix and a Tag filter, wrap these filters in an And element.

              • If you specify a filter based on multiple tags, wrap the Tag elements in an And element.

              • Prefix — (String)

                An object key name prefix that identifies the subset of objects that the rule applies to.

              • Tags — (Array<map>)

                An array of tags that contain key and value pairs.

                • Keyrequired — (String)

                  Key of the tag

                • Valuerequired — (String)

                  Value of the tag

          • Statusrequired — (String)

            Specifies whether the rule is enabled.

            Possible values include:
            • "Enabled"
            • "Disabled"
          • SourceSelectionCriteria — (map)

            A container that describes additional filters for identifying the source Outposts objects that you want to replicate. You can choose to enable or disable the replication of these objects.

            • SseKmsEncryptedObjects — (map)

              A filter that you can use to select Amazon S3 objects that are encrypted with server-side encryption by using Key Management Service (KMS) keys. If you include SourceSelectionCriteria in the replication configuration, this element is required.

              Note: This is not supported by Amazon S3 on Outposts buckets.
              • Statusrequired — (String)

                Specifies whether Amazon S3 replicates objects that are created with server-side encryption by using an KMS key stored in Key Management Service.

                Possible values include:
                • "Enabled"
                • "Disabled"
            • ReplicaModifications — (map)

              A filter that you can use to specify whether replica modification sync is enabled. S3 on Outposts replica modification sync can help you keep object metadata synchronized between replicas and source objects. By default, S3 on Outposts replicates metadata from the source objects to the replicas only. When replica modification sync is enabled, S3 on Outposts replicates metadata changes made to the replica copies back to the source object, making the replication bidirectional.

              To replicate object metadata modifications on replicas, you can specify this element and set the Status of this element to Enabled.

              Note: You must enable replica modification sync on the source and destination buckets to replicate replica metadata changes between the source and the replicas.
              • Statusrequired — (String)

                Specifies whether S3 on Outposts replicates modifications to object metadata on replicas.

                Possible values include:
                • "Enabled"
                • "Disabled"
          • ExistingObjectReplication — (map)

            An optional configuration to replicate existing source bucket objects.

            Note: This is not supported by Amazon S3 on Outposts buckets.
            • Statusrequired — (String)

              Specifies whether Amazon S3 replicates existing source bucket objects.

              Possible values include:
              • "Enabled"
              • "Disabled"
          • Destinationrequired — (map)

            A container for information about the replication destination and its configurations.

            • Account — (String)

              The destination bucket owner's account ID.

            • Bucketrequired — (String)

              The Amazon Resource Name (ARN) of the access point for the destination bucket where you want S3 on Outposts to store the replication results.

            • ReplicationTime — (map)

              A container that specifies S3 Replication Time Control (S3 RTC) settings, including whether S3 RTC is enabled and the time when all objects and operations on objects must be replicated. Must be specified together with a Metrics block.

              Note: This is not supported by Amazon S3 on Outposts buckets.
              • Statusrequired — (String)

                Specifies whether S3 Replication Time Control (S3 RTC) is enabled.

                Possible values include:
                • "Enabled"
                • "Disabled"
              • Timerequired — (map)

                A container that specifies the time by which replication should be complete for all objects and operations on objects.

                • Minutes — (Integer)

                  Contains an integer that specifies the time period in minutes.

                  Valid value: 15

            • AccessControlTranslation — (map)

              Specify this property only in a cross-account scenario (where the source and destination bucket owners are not the same), and you want to change replica ownership to the Amazon Web Services account that owns the destination bucket. If this property is not specified in the replication configuration, the replicas are owned by same Amazon Web Services account that owns the source object.

              Note: This is not supported by Amazon S3 on Outposts buckets.
              • Ownerrequired — (String)

                Specifies the replica ownership.

                Possible values include:
                • "Destination"
            • EncryptionConfiguration — (map)

              A container that provides information about encryption. If SourceSelectionCriteria is specified, you must specify this element.

              Note: This is not supported by Amazon S3 on Outposts buckets.
              • ReplicaKmsKeyID — (String)

                Specifies the ID of the customer managed KMS key that's stored in Key Management Service (KMS) for the destination bucket. This ID is either the Amazon Resource Name (ARN) for the KMS key or the alias ARN for the KMS key. Amazon S3 uses this KMS key to encrypt replica objects. Amazon S3 supports only symmetric encryption KMS keys. For more information, see Symmetric encryption KMS keys in the Amazon Web Services Key Management Service Developer Guide.

            • Metrics — (map)

              A container that specifies replication metrics-related settings.

              • Statusrequired — (String)

                Specifies whether replication metrics are enabled.

                Possible values include:
                • "Enabled"
                • "Disabled"
              • EventThreshold — (map)

                A container that specifies the time threshold for emitting the s3:Replication:OperationMissedThreshold event.

                Note: This is not supported by Amazon S3 on Outposts buckets.
                • Minutes — (Integer)

                  Contains an integer that specifies the time period in minutes.

                  Valid value: 15

            • StorageClass — (String)

              The storage class to use when replicating objects. All objects stored on S3 on Outposts are stored in the OUTPOSTS storage class. S3 on Outposts uses the OUTPOSTS storage class to create the object replicas.

              Note: Values other than OUTPOSTS aren't supported by Amazon S3 on Outposts.
              Possible values include:
              • "STANDARD"
              • "REDUCED_REDUNDANCY"
              • "STANDARD_IA"
              • "ONEZONE_IA"
              • "INTELLIGENT_TIERING"
              • "GLACIER"
              • "DEEP_ARCHIVE"
              • "OUTPOSTS"
              • "GLACIER_IR"
          • DeleteMarkerReplication — (map)

            Specifies whether S3 on Outposts replicates delete markers. If you specify a Filter element in your replication configuration, you must also include a DeleteMarkerReplication element. If your Filter includes a Tag element, the DeleteMarkerReplication element's Status child element must be set to Disabled, because S3 on Outposts doesn't support replicating delete markers for tag-based rules.

            For more information about delete marker replication, see How delete operations affect replication in the Amazon S3 User Guide.

            • Statusrequired — (String)

              Indicates whether to replicate delete markers.

              Possible values include:
              • "Enabled"
              • "Disabled"
          • Bucketrequired — (String)

            The Amazon Resource Name (ARN) of the access point for the source Outposts bucket that you want S3 on Outposts to replicate the objects from.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

getBucketTagging(params = {}, callback) ⇒ AWS.Request

Note: This action gets an Amazon S3 on Outposts bucket's tags. To get an S3 bucket tags, see GetBucketTagging in the Amazon S3 API Reference.

Returns the tag set associated with the Outposts bucket. For more information, see Using Amazon S3 on Outposts in the Amazon S3 User Guide.

To use this action, you must have permission to perform the GetBucketTagging action. By default, the bucket owner has this permission and can grant this permission to others.

GetBucketTagging has the following special error:

  • Error code: NoSuchTagSetError

    • Description: There is no tag set associated with the bucket.

All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.

The following actions are related to GetBucketTagging:

Service Reference:

Examples:

Calling the getBucketTagging operation

var params = {
  AccountId: 'STRING_VALUE', /* required */
  Bucket: 'STRING_VALUE' /* required */
};
s3control.getBucketTagging(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • AccountId — (String)

      The Amazon Web Services account ID of the Outposts bucket.

    • Bucket — (String)

      Specifies the bucket.

      For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.

      For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>. For example, to access the bucket reports through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports. The value must be URL encoded.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • TagSet — (Array<map>)

        The tags set of the Outposts bucket.

        • Keyrequired — (String)

          Key of the tag

        • Valuerequired — (String)

          Value of the tag

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

getBucketVersioning(params = {}, callback) ⇒ AWS.Request

Note: This operation returns the versioning state for S3 on Outposts buckets only. To return the versioning state for an S3 bucket, see GetBucketVersioning in the Amazon S3 API Reference.

Returns the versioning state for an S3 on Outposts bucket. With S3 Versioning, you can save multiple distinct copies of your objects and recover from unintended user actions and application failures.

If you've never set versioning on your bucket, it has no versioning state. In that case, the GetBucketVersioning request does not return a versioning state value.

For more information about versioning, see Versioning in the Amazon S3 User Guide.

All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.

The following operations are related to GetBucketVersioning for S3 on Outposts.

Service Reference:

Examples:

Calling the getBucketVersioning operation

var params = {
  AccountId: 'STRING_VALUE', /* required */
  Bucket: 'STRING_VALUE' /* required */
};
s3control.getBucketVersioning(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • AccountId — (String)

      The Amazon Web Services account ID of the S3 on Outposts bucket.

    • Bucket — (String)

      The S3 on Outposts bucket to return the versioning state for.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • Status — (String)

        The versioning state of the S3 on Outposts bucket.

        Possible values include:
        • "Enabled"
        • "Suspended"
      • MFADelete — (String)

        Specifies whether MFA delete is enabled in the bucket versioning configuration. This element is returned only if the bucket has been configured with MFA delete. If MFA delete has never been configured for the bucket, this element is not returned.

        Possible values include:
        • "Enabled"
        • "Disabled"

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

getDataAccess(params = {}, callback) ⇒ AWS.Request

Returns a temporary access credential from S3 Access Grants to the grantee or client application. The temporary credential is an Amazon Web Services STS token that grants them access to the S3 data.

Permissions

You must have the s3:GetDataAccess permission to use this operation.

Additional Permissions

The IAM role that S3 Access Grants assumes must have the following permissions specified in the trust policy when registering the location: sts:AssumeRole, for directory users or groups sts:SetContext, and for IAM users or roles sts:SetSourceIdentity.

Service Reference:

Examples:

Calling the getDataAccess operation

var params = {
  AccountId: 'STRING_VALUE', /* required */
  Permission: READ | WRITE | READWRITE, /* required */
  Target: 'STRING_VALUE', /* required */
  DurationSeconds: 'NUMBER_VALUE',
  Privilege: Minimal | Default,
  TargetType: Object
};
s3control.getDataAccess(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • AccountId — (String)

      The Amazon Web Services account ID of the S3 Access Grants instance.

    • Target — (String)

      The S3 URI path of the data to which you are requesting temporary access credentials. If the requesting account has an access grant for this data, S3 Access Grants vends temporary access credentials in the response.

    • Permission — (String)

      The type of permission granted to your S3 data, which can be set to one of the following values:

      • READ – Grant read-only access to the S3 data.

      • WRITE – Grant write-only access to the S3 data.

      • READWRITE – Grant both read and write access to the S3 data.

      Possible values include:
      • "READ"
      • "WRITE"
      • "READWRITE"
    • DurationSeconds — (Integer)

      The session duration, in seconds, of the temporary access credential that S3 Access Grants vends to the grantee or client application. The default value is 1 hour, but the grantee can specify a range from 900 seconds (15 minutes) up to 43200 seconds (12 hours). If the grantee requests a value higher than this maximum, the operation fails.

    • Privilege — (String)

      The scope of the temporary access credential that S3 Access Grants vends to the grantee or client application.

      • Default – The scope of the returned temporary access token is the scope of the grant that is closest to the target scope.

      • Minimal – The scope of the returned temporary access token is the same as the requested target scope as long as the requested scope is the same as or a subset of the grant scope.

      Possible values include:
      • "Minimal"
      • "Default"
    • TargetType — (String)

      The type of Target. The only possible value is Object. Pass this value if the target data that you would like to access is a path to an object. Do not pass this value if the target data is a bucket or a bucket and a prefix.

      Possible values include:
      • "Object"

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • Credentials — (map)

        The temporary credential token that S3 Access Grants vends.

        • AccessKeyId — (String)

          The unique access key ID of the Amazon Web Services STS temporary credential that S3 Access Grants vends to grantees and client applications.

        • SecretAccessKey — (String)

          The secret access key of the Amazon Web Services STS temporary credential that S3 Access Grants vends to grantees and client applications.

        • SessionToken — (String)

          The Amazon Web Services STS temporary credential that S3 Access Grants vends to grantees and client applications.

        • Expiration — (Date)

          The expiration date and time of the temporary credential that S3 Access Grants vends to grantees and client applications.

      • MatchedGrantTarget — (String)

        The S3 URI path of the data to which you are being granted temporary access credentials.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

getJobTagging(params = {}, callback) ⇒ AWS.Request

Returns the tags on an S3 Batch Operations job.

Permissions

To use the GetJobTagging operation, you must have permission to perform the s3:GetJobTagging action. For more information, see Controlling access and labeling jobs using tags in the Amazon S3 User Guide.

Related actions include:

Service Reference:

Examples:

Calling the getJobTagging operation

var params = {
  AccountId: 'STRING_VALUE', /* required */
  JobId: 'STRING_VALUE' /* required */
};
s3control.getJobTagging(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • AccountId — (String)

      The Amazon Web Services account ID associated with the S3 Batch Operations job.

    • JobId — (String)

      The ID for the S3 Batch Operations job whose tags you want to retrieve.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • Tags — (Array<map>)

        The set of tags associated with the S3 Batch Operations job.

        • Keyrequired — (String)

          Key of the tag

        • Valuerequired — (String)

          Value of the tag

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

getMultiRegionAccessPoint(params = {}, callback) ⇒ AWS.Request

Note: This operation is not supported by directory buckets.

Returns configuration information about the specified Multi-Region Access Point.

This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around working with Multi-Region Access Points, see Multi-Region Access Point restrictions and limitations in the Amazon S3 User Guide.

The following actions are related to GetMultiRegionAccessPoint:

Service Reference:

Examples:

Calling the getMultiRegionAccessPoint operation

var params = {
  AccountId: 'STRING_VALUE', /* required */
  Name: 'STRING_VALUE' /* required */
};
s3control.getMultiRegionAccessPoint(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • AccountId — (String)

      The Amazon Web Services account ID for the owner of the Multi-Region Access Point.

    • Name — (String)

      The name of the Multi-Region Access Point whose configuration information you want to receive. The name of the Multi-Region Access Point is different from the alias. For more information about the distinction between the name and the alias of an Multi-Region Access Point, see Rules for naming Amazon S3 Multi-Region Access Points in the Amazon S3 User Guide.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • AccessPoint — (map)

        A container element containing the details of the requested Multi-Region Access Point.

        • Name — (String)

          The name of the Multi-Region Access Point.

        • Alias — (String)

          The alias for the Multi-Region Access Point. For more information about the distinction between the name and the alias of an Multi-Region Access Point, see Rules for naming Amazon S3 Multi-Region Access Points.

        • CreatedAt — (Date)

          When the Multi-Region Access Point create request was received.

        • PublicAccessBlock — (map)

          The PublicAccessBlock configuration that you want to apply to this Amazon S3 account. You can enable the configuration options in any combination. For more information about when Amazon S3 considers a bucket or object public, see The Meaning of "Public" in the Amazon S3 User Guide.

          This data type is not supported for Amazon S3 on Outposts.

          • BlockPublicAcls — (Boolean)

            Specifies whether Amazon S3 should block public access control lists (ACLs) for buckets in this account. Setting this element to TRUE causes the following behavior:

            • PutBucketAcl and PutObjectAcl calls fail if the specified ACL is public.

            • PUT Object calls fail if the request includes a public ACL.

            • PUT Bucket calls fail if the request includes a public ACL.

            Enabling this setting doesn't affect existing policies or ACLs.

            This property is not supported for Amazon S3 on Outposts.

          • IgnorePublicAcls — (Boolean)

            Specifies whether Amazon S3 should ignore public ACLs for buckets in this account. Setting this element to TRUE causes Amazon S3 to ignore all public ACLs on buckets in this account and any objects that they contain.

            Enabling this setting doesn't affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set.

            This property is not supported for Amazon S3 on Outposts.

          • BlockPublicPolicy — (Boolean)

            Specifies whether Amazon S3 should block public bucket policies for buckets in this account. Setting this element to TRUE causes Amazon S3 to reject calls to PUT Bucket policy if the specified bucket policy allows public access.

            Enabling this setting doesn't affect existing bucket policies.

            This property is not supported for Amazon S3 on Outposts.

          • RestrictPublicBuckets — (Boolean)

            Specifies whether Amazon S3 should restrict public bucket policies for buckets in this account. Setting this element to TRUE restricts access to buckets with public policies to only Amazon Web Servicesservice principals and authorized users within this account.

            Enabling this setting doesn't affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked.

            This property is not supported for Amazon S3 on Outposts.

        • Status — (String)

          The current status of the Multi-Region Access Point.

          CREATING and DELETING are temporary states that exist while the request is propagating and being completed. If a Multi-Region Access Point has a status of PARTIALLY_CREATED, you can retry creation or send a request to delete the Multi-Region Access Point. If a Multi-Region Access Point has a status of PARTIALLY_DELETED, you can retry a delete request to finish the deletion of the Multi-Region Access Point.

          Possible values include:
          • "READY"
          • "INCONSISTENT_ACROSS_REGIONS"
          • "CREATING"
          • "PARTIALLY_CREATED"
          • "PARTIALLY_DELETED"
          • "DELETING"
        • Regions — (Array<map>)

          A collection of the Regions and buckets associated with the Multi-Region Access Point.

          • Bucket — (String)

            The name of the bucket.

          • Region — (String)

            The name of the Region.

          • BucketAccountId — (String)

            The Amazon Web Services account ID that owns the Amazon S3 bucket that's associated with this Multi-Region Access Point.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

getMultiRegionAccessPointPolicy(params = {}, callback) ⇒ AWS.Request

Note: This operation is not supported by directory buckets.

Returns the access control policy of the specified Multi-Region Access Point.

This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around working with Multi-Region Access Points, see Multi-Region Access Point restrictions and limitations in the Amazon S3 User Guide.

The following actions are related to GetMultiRegionAccessPointPolicy:

Service Reference:

Examples:

Calling the getMultiRegionAccessPointPolicy operation

var params = {
  AccountId: 'STRING_VALUE', /* required */
  Name: 'STRING_VALUE' /* required */
};
s3control.getMultiRegionAccessPointPolicy(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • AccountId — (String)

      The Amazon Web Services account ID for the owner of the Multi-Region Access Point.

    • Name — (String)

      Specifies the Multi-Region Access Point. The name of the Multi-Region Access Point is different from the alias. For more information about the distinction between the name and the alias of an Multi-Region Access Point, see Rules for naming Amazon S3 Multi-Region Access Points in the Amazon S3 User Guide.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • Policy — (map)

        The policy associated with the specified Multi-Region Access Point.

        • Established — (map)

          The last established policy for the Multi-Region Access Point.

          • Policy — (String)

            The details of the last established policy.

        • Proposed — (map)

          The proposed policy for the Multi-Region Access Point.

          • Policy — (String)

            The details of the proposed policy.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

getMultiRegionAccessPointPolicyStatus(params = {}, callback) ⇒ AWS.Request

Note: This operation is not supported by directory buckets.

Indicates whether the specified Multi-Region Access Point has an access control policy that allows public access.

This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around working with Multi-Region Access Points, see Multi-Region Access Point restrictions and limitations in the Amazon S3 User Guide.

The following actions are related to GetMultiRegionAccessPointPolicyStatus:

Examples:

Calling the getMultiRegionAccessPointPolicyStatus operation

var params = {
  AccountId: 'STRING_VALUE', /* required */
  Name: 'STRING_VALUE' /* required */
};
s3control.getMultiRegionAccessPointPolicyStatus(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • AccountId — (String)

      The Amazon Web Services account ID for the owner of the Multi-Region Access Point.

    • Name — (String)

      Specifies the Multi-Region Access Point. The name of the Multi-Region Access Point is different from the alias. For more information about the distinction between the name and the alias of an Multi-Region Access Point, see Rules for naming Amazon S3 Multi-Region Access Points in the Amazon S3 User Guide.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • Established — (map)

        Indicates whether this access point policy is public. For more information about how Amazon S3 evaluates policies to determine whether they are public, see The Meaning of "Public" in the Amazon S3 User Guide.

        • IsPublic — (Boolean)

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

getMultiRegionAccessPointRoutes(params = {}, callback) ⇒ AWS.Request

Note: This operation is not supported by directory buckets.

Returns the routing configuration for a Multi-Region Access Point, indicating which Regions are active or passive.

To obtain routing control changes and failover requests, use the Amazon S3 failover control infrastructure endpoints in these five Amazon Web Services Regions:

  • us-east-1

  • us-west-2

  • ap-southeast-2

  • ap-northeast-1

  • eu-west-1

Service Reference:

Examples:

Calling the getMultiRegionAccessPointRoutes operation

var params = {
  AccountId: 'STRING_VALUE', /* required */
  Mrap: 'STRING_VALUE' /* required */
};
s3control.getMultiRegionAccessPointRoutes(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • AccountId — (String)

      The Amazon Web Services account ID for the owner of the Multi-Region Access Point.

    • Mrap — (String)

      The Multi-Region Access Point ARN.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • Mrap — (String)

        The Multi-Region Access Point ARN.

      • Routes — (Array<map>)

        The different routes that make up the route configuration. Active routes return a value of 100, and passive routes return a value of 0.

        • Bucket — (String)

          The name of the Amazon S3 bucket for which you'll submit a routing configuration change. Either the Bucket or the Region value must be provided. If both are provided, the bucket must be in the specified Region.

        • Region — (String)

          The Amazon Web Services Region to which you'll be submitting a routing configuration change. Either the Bucket or the Region value must be provided. If both are provided, the bucket must be in the specified Region.

        • TrafficDialPercentagerequired — (Integer)

          The traffic state for the specified bucket or Amazon Web Services Region.

          A value of 0 indicates a passive state, which means that no new traffic will be routed to the Region.

          A value of 100 indicates an active state, which means that traffic will be routed to the specified Region.

          When the routing configuration for a Region is changed from active to passive, any in-progress operations (uploads, copies, deletes, and so on) to the formerly active Region will continue to run to until a final success or failure status is reached.

          If all Regions in the routing configuration are designated as passive, you'll receive an InvalidRequest error.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

getPublicAccessBlock(params = {}, callback) ⇒ AWS.Request

Note: This operation is not supported by directory buckets.

Retrieves the PublicAccessBlock configuration for an Amazon Web Services account. For more information, see Using Amazon S3 block public access.

Related actions include:

Service Reference:

Examples:

Calling the getPublicAccessBlock operation

var params = {
  AccountId: 'STRING_VALUE' /* required */
};
s3control.getPublicAccessBlock(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • AccountId — (String)

      The account ID for the Amazon Web Services account whose PublicAccessBlock configuration you want to retrieve.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • PublicAccessBlockConfiguration — (map)

        The PublicAccessBlock configuration currently in effect for this Amazon Web Services account.

        • BlockPublicAcls — (Boolean)

          Specifies whether Amazon S3 should block public access control lists (ACLs) for buckets in this account. Setting this element to TRUE causes the following behavior:

          • PutBucketAcl and PutObjectAcl calls fail if the specified ACL is public.

          • PUT Object calls fail if the request includes a public ACL.

          • PUT Bucket calls fail if the request includes a public ACL.

          Enabling this setting doesn't affect existing policies or ACLs.

          This property is not supported for Amazon S3 on Outposts.

        • IgnorePublicAcls — (Boolean)

          Specifies whether Amazon S3 should ignore public ACLs for buckets in this account. Setting this element to TRUE causes Amazon S3 to ignore all public ACLs on buckets in this account and any objects that they contain.

          Enabling this setting doesn't affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set.

          This property is not supported for Amazon S3 on Outposts.

        • BlockPublicPolicy — (Boolean)

          Specifies whether Amazon S3 should block public bucket policies for buckets in this account. Setting this element to TRUE causes Amazon S3 to reject calls to PUT Bucket policy if the specified bucket policy allows public access.

          Enabling this setting doesn't affect existing bucket policies.

          This property is not supported for Amazon S3 on Outposts.

        • RestrictPublicBuckets — (Boolean)

          Specifies whether Amazon S3 should restrict public bucket policies for buckets in this account. Setting this element to TRUE restricts access to buckets with public policies to only Amazon Web Servicesservice principals and authorized users within this account.

          Enabling this setting doesn't affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked.

          This property is not supported for Amazon S3 on Outposts.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

getStorageLensConfiguration(params = {}, callback) ⇒ AWS.Request

Note: This operation is not supported by directory buckets.

Gets the Amazon S3 Storage Lens configuration. For more information, see Assessing your storage activity and usage with Amazon S3 Storage Lens in the Amazon S3 User Guide. For a complete list of S3 Storage Lens metrics, see S3 Storage Lens metrics glossary in the Amazon S3 User Guide.

Note: To use this action, you must have permission to perform the s3:GetStorageLensConfiguration action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon S3 User Guide.

Service Reference:

Examples:

Calling the getStorageLensConfiguration operation

var params = {
  AccountId: 'STRING_VALUE', /* required */
  ConfigId: 'STRING_VALUE' /* required */
};
s3control.getStorageLensConfiguration(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • ConfigId — (String)

      The ID of the Amazon S3 Storage Lens configuration.

    • AccountId — (String)

      The account ID of the requester.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • StorageLensConfiguration — (map)

        The S3 Storage Lens configuration requested.

        • Idrequired — (String)

          A container for the Amazon S3 Storage Lens configuration ID.

        • AccountLevelrequired — (map)

          A container for all the account-level configurations of your S3 Storage Lens configuration.

          • ActivityMetrics — (map)

            A container element for S3 Storage Lens activity metrics.

            • IsEnabled — (Boolean)

              A container that indicates whether activity metrics are enabled.

          • BucketLevelrequired — (map)

            A container element for the S3 Storage Lens bucket-level configuration.

            • ActivityMetrics — (map)

              A container for the bucket-level activity metrics for S3 Storage Lens.

              • IsEnabled — (Boolean)

                A container that indicates whether activity metrics are enabled.

            • PrefixLevel — (map)

              A container for the prefix-level metrics for S3 Storage Lens.

              • StorageMetricsrequired — (map)

                A container for the prefix-level storage metrics for S3 Storage Lens.

                • IsEnabled — (Boolean)

                  A container for whether prefix-level storage metrics are enabled.

                • SelectionCriteria — (map)

                  • Delimiter — (String)

                    A container for the delimiter of the selection criteria being used.

                  • MaxDepth — (Integer)

                    The max depth of the selection criteria

                  • MinStorageBytesPercentage — (Float)

                    The minimum number of storage bytes percentage whose metrics will be selected.

                    Note: You must choose a value greater than or equal to 1.0.
            • AdvancedCostOptimizationMetrics — (map)

              A container for bucket-level advanced cost-optimization metrics for S3 Storage Lens.

              • IsEnabled — (Boolean)

                A container that indicates whether advanced cost-optimization metrics are enabled.

            • AdvancedDataProtectionMetrics — (map)

              A container for bucket-level advanced data-protection metrics for S3 Storage Lens.

              • IsEnabled — (Boolean)

                A container that indicates whether advanced data-protection metrics are enabled.

            • DetailedStatusCodesMetrics — (map)

              A container for bucket-level detailed status code metrics for S3 Storage Lens.

              • IsEnabled — (Boolean)

                A container that indicates whether detailed status code metrics are enabled.

          • AdvancedCostOptimizationMetrics — (map)

            A container element for S3 Storage Lens advanced cost-optimization metrics.

            • IsEnabled — (Boolean)

              A container that indicates whether advanced cost-optimization metrics are enabled.

          • AdvancedDataProtectionMetrics — (map)

            A container element for S3 Storage Lens advanced data-protection metrics.

            • IsEnabled — (Boolean)

              A container that indicates whether advanced data-protection metrics are enabled.

          • DetailedStatusCodesMetrics — (map)

            A container element for detailed status code metrics.

            • IsEnabled — (Boolean)

              A container that indicates whether detailed status code metrics are enabled.

          • StorageLensGroupLevel — (map)

            A container element for S3 Storage Lens groups metrics.

            • SelectionCriteria — (map)

              Indicates which Storage Lens group ARNs to include or exclude in the Storage Lens group aggregation. If this value is left null, then all Storage Lens groups are selected.

              • Include — (Array<String>)

                Indicates which Storage Lens group ARNs to include in the Storage Lens group aggregation.

              • Exclude — (Array<String>)

                Indicates which Storage Lens group ARNs to exclude from the Storage Lens group aggregation.

        • Include — (map)

          A container for what is included in this configuration. This container can only be valid if there is no Exclude container submitted, and it's not empty.

          • Buckets — (Array<String>)

            A container for the S3 Storage Lens bucket includes.

          • Regions — (Array<String>)

            A container for the S3 Storage Lens Region includes.

        • Exclude — (map)

          A container for what is excluded in this configuration. This container can only be valid if there is no Include container submitted, and it's not empty.

          • Buckets — (Array<String>)

            A container for the S3 Storage Lens bucket excludes.

          • Regions — (Array<String>)

            A container for the S3 Storage Lens Region excludes.

        • DataExport — (map)

          A container to specify the properties of your S3 Storage Lens metrics export including, the destination, schema and format.

          • S3BucketDestination — (map)

            A container for the bucket where the S3 Storage Lens metrics export will be located.

            Note: This bucket must be located in the same Region as the storage lens configuration.
            • Formatrequired — (String)

              Possible values include:

              • "CSV"
              • "Parquet"
            • OutputSchemaVersionrequired — (String)

              The schema version of the export file.

              Possible values include:
              • "V_1"
            • AccountIdrequired — (String)

              The account ID of the owner of the S3 Storage Lens metrics export bucket.

            • Arnrequired — (String)

              The Amazon Resource Name (ARN) of the bucket. This property is read-only and follows the following format: arn:aws:s3:us-east-1:example-account-id:bucket/your-destination-bucket-name

            • Prefix — (String)

              The prefix of the destination bucket where the metrics export will be delivered.

            • Encryption — (map)

              The container for the type encryption of the metrics exports in this bucket.

              • SSES3 — (map)

              • SSEKMS — (map)

                • KeyIdrequired — (String)

                  A container for the ARN of the SSE-KMS encryption. This property is read-only and follows the following format: arn:aws:kms:us-east-1:example-account-id:key/example-9a73-4afc-8d29-8f5900cef44e

          • CloudWatchMetrics — (map)

            A container for enabling Amazon CloudWatch publishing for S3 Storage Lens metrics.

            • IsEnabledrequired — (Boolean)

              A container that indicates whether CloudWatch publishing for S3 Storage Lens metrics is enabled. A value of true indicates that CloudWatch publishing for S3 Storage Lens metrics is enabled.

        • IsEnabledrequired — (Boolean)

          A container for whether the S3 Storage Lens configuration is enabled.

        • AwsOrg — (map)

          A container for the Amazon Web Services organization for this S3 Storage Lens configuration.

          • Arnrequired — (String)

            A container for the Amazon Resource Name (ARN) of the Amazon Web Services organization. This property is read-only and follows the following format: arn:aws:organizations:us-east-1:example-account-id:organization/o-ex2l495dck

        • StorageLensArn — (String)

          The Amazon Resource Name (ARN) of the S3 Storage Lens configuration. This property is read-only and follows the following format: arn:aws:s3:us-east-1:example-account-id:storage-lens/your-dashboard-name

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

getStorageLensConfigurationTagging(params = {}, callback) ⇒ AWS.Request

Note: This operation is not supported by directory buckets.

Gets the tags of Amazon S3 Storage Lens configuration. For more information about S3 Storage Lens, see Assessing your storage activity and usage with Amazon S3 Storage Lens in the Amazon S3 User Guide.

Note: To use this action, you must have permission to perform the s3:GetStorageLensConfigurationTagging action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon S3 User Guide.

Examples:

Calling the getStorageLensConfigurationTagging operation

var params = {
  AccountId: 'STRING_VALUE', /* required */
  ConfigId: 'STRING_VALUE' /* required */
};
s3control.getStorageLensConfigurationTagging(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • ConfigId — (String)

      The ID of the Amazon S3 Storage Lens configuration.

    • AccountId — (String)

      The account ID of the requester.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • Tags — (Array<map>)

        The tags of S3 Storage Lens configuration requested.

        • Keyrequired — (String)

        • Valuerequired — (String)

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

getStorageLensGroup(params = {}, callback) ⇒ AWS.Request

Retrieves the Storage Lens group configuration details.

To use this operation, you must have the permission to perform the s3:GetStorageLensGroup action. For more information about the required Storage Lens Groups permissions, see Setting account permissions to use S3 Storage Lens groups.

For information about Storage Lens groups errors, see List of Amazon S3 Storage Lens error codes.

Service Reference:

Examples:

Calling the getStorageLensGroup operation

var params = {
  AccountId: 'STRING_VALUE', /* required */
  Name: 'STRING_VALUE' /* required */
};
s3control.getStorageLensGroup(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • Name — (String)

      The name of the Storage Lens group that you're trying to retrieve the configuration details for.

    • AccountId — (String)

      The Amazon Web Services account ID associated with the Storage Lens group that you're trying to retrieve the details for.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • StorageLensGroup — (map)

        The name of the Storage Lens group that you're trying to retrieve the configuration details for.

        • Namerequired — (String)

          Contains the name of the Storage Lens group.

        • Filterrequired — (map)

          Sets the criteria for the Storage Lens group data that is displayed. For multiple filter conditions, the AND or OR logical operator is used.

          • MatchAnyPrefix — (Array<String>)

            Contains a list of prefixes. At least one prefix must be specified. Up to 10 prefixes are allowed.

          • MatchAnySuffix — (Array<String>)

            Contains a list of suffixes. At least one suffix must be specified. Up to 10 suffixes are allowed.

          • MatchAnyTag — (Array<map>)

            Contains the list of S3 object tags. At least one object tag must be specified. Up to 10 object tags are allowed.

            • Keyrequired — (String)

              Key of the tag

            • Valuerequired — (String)

              Value of the tag

          • MatchObjectAge — (map)

            Contains DaysGreaterThan and DaysLessThan to define the object age range (minimum and maximum number of days).

            • DaysGreaterThan — (Integer)

              Specifies the maximum object age in days. Must be a positive whole number, greater than the minimum object age and less than or equal to 2,147,483,647.

            • DaysLessThan — (Integer)

              Specifies the minimum object age in days. The value must be a positive whole number, greater than 0 and less than or equal to 2,147,483,647.

          • MatchObjectSize — (map)

            Contains BytesGreaterThan and BytesLessThan to define the object size range (minimum and maximum number of Bytes).

            • BytesGreaterThan — (Integer)

              Specifies the minimum object size in Bytes. The value must be a positive number, greater than 0 and less than 5 TB.

            • BytesLessThan — (Integer)

              Specifies the maximum object size in Bytes. The value must be a positive number, greater than the minimum object size and less than 5 TB.

          • And — (map)

            A logical operator that allows multiple filter conditions to be joined for more complex comparisons of Storage Lens group data. Objects must match all of the listed filter conditions that are joined by the And logical operator. Only one of each filter condition is allowed.

            • MatchAnyPrefix — (Array<String>)

              Contains a list of prefixes. At least one prefix must be specified. Up to 10 prefixes are allowed.

            • MatchAnySuffix — (Array<String>)

              Contains a list of suffixes. At least one suffix must be specified. Up to 10 suffixes are allowed.

            • MatchAnyTag — (Array<map>)

              Contains the list of object tags. At least one object tag must be specified. Up to 10 object tags are allowed.

              • Keyrequired — (String)

                Key of the tag

              • Valuerequired — (String)

                Value of the tag

            • MatchObjectAge — (map)

              Contains DaysGreaterThan and DaysLessThan to define the object age range (minimum and maximum number of days).

              • DaysGreaterThan — (Integer)

                Specifies the maximum object age in days. Must be a positive whole number, greater than the minimum object age and less than or equal to 2,147,483,647.

              • DaysLessThan — (Integer)

                Specifies the minimum object age in days. The value must be a positive whole number, greater than 0 and less than or equal to 2,147,483,647.

            • MatchObjectSize — (map)

              Contains BytesGreaterThan and BytesLessThan to define the object size range (minimum and maximum number of Bytes).

              • BytesGreaterThan — (Integer)

                Specifies the minimum object size in Bytes. The value must be a positive number, greater than 0 and less than 5 TB.

              • BytesLessThan — (Integer)

                Specifies the maximum object size in Bytes. The value must be a positive number, greater than the minimum object size and less than 5 TB.

          • Or — (map)

            A single logical operator that allows multiple filter conditions to be joined. Objects can match any of the listed filter conditions, which are joined by the Or logical operator. Only one of each filter condition is allowed.

            • MatchAnyPrefix — (Array<String>)

              Filters objects that match any of the specified prefixes.

            • MatchAnySuffix — (Array<String>)

              Filters objects that match any of the specified suffixes.

            • MatchAnyTag — (Array<map>)

              Filters objects that match any of the specified S3 object tags.

              • Keyrequired — (String)

                Key of the tag

              • Valuerequired — (String)

                Value of the tag

            • MatchObjectAge — (map)

              Filters objects that match the specified object age range.

              • DaysGreaterThan — (Integer)

                Specifies the maximum object age in days. Must be a positive whole number, greater than the minimum object age and less than or equal to 2,147,483,647.

              • DaysLessThan — (Integer)

                Specifies the minimum object age in days. The value must be a positive whole number, greater than 0 and less than or equal to 2,147,483,647.

            • MatchObjectSize — (map)

              Filters objects that match the specified object size range.

              • BytesGreaterThan — (Integer)

                Specifies the minimum object size in Bytes. The value must be a positive number, greater than 0 and less than 5 TB.

              • BytesLessThan — (Integer)

                Specifies the maximum object size in Bytes. The value must be a positive number, greater than the minimum object size and less than 5 TB.

        • StorageLensGroupArn — (String)

          Contains the Amazon Resource Name (ARN) of the Storage Lens group. This property is read-only.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

listAccessGrants(params = {}, callback) ⇒ AWS.Request

Returns the list of access grants in your S3 Access Grants instance.

Permissions

You must have the s3:ListAccessGrants permission to use this operation.

Service Reference:

Examples:

Calling the listAccessGrants operation

var params = {
  AccountId: 'STRING_VALUE', /* required */
  ApplicationArn: 'STRING_VALUE',
  GrantScope: 'STRING_VALUE',
  GranteeIdentifier: 'STRING_VALUE',
  GranteeType: DIRECTORY_USER | DIRECTORY_GROUP | IAM,
  MaxResults: 'NUMBER_VALUE',
  NextToken: 'STRING_VALUE',
  Permission: READ | WRITE | READWRITE
};
s3control.listAccessGrants(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • AccountId — (String)

      The Amazon Web Services account ID of the S3 Access Grants instance.

    • NextToken — (String)

      A pagination token to request the next page of results. Pass this value into a subsequent List Access Grants request in order to retrieve the next page of results.

    • MaxResults — (Integer)

      The maximum number of access grants that you would like returned in the List Access Grants response. If the results include the pagination token NextToken, make another call using the NextToken to determine if there are more results.

    • GranteeType — (String)

      The type of the grantee to which access has been granted. It can be one of the following values:

      • IAM - An IAM user or role.

      • DIRECTORY_USER - Your corporate directory user. You can use this option if you have added your corporate identity directory to IAM Identity Center and associated the IAM Identity Center instance with your S3 Access Grants instance.

      • DIRECTORY_GROUP - Your corporate directory group. You can use this option if you have added your corporate identity directory to IAM Identity Center and associated the IAM Identity Center instance with your S3 Access Grants instance.

      Possible values include:
      • "DIRECTORY_USER"
      • "DIRECTORY_GROUP"
      • "IAM"
    • GranteeIdentifier — (String)

      The unique identifer of the Grantee. If the grantee type is IAM, the identifier is the IAM Amazon Resource Name (ARN) of the user or role. If the grantee type is a directory user or group, the identifier is 128-bit universally unique identifier (UUID) in the format a1b2c3d4-5678-90ab-cdef-EXAMPLE11111. You can obtain this UUID from your Amazon Web Services IAM Identity Center instance.

    • Permission — (String)

      The type of permission granted to your S3 data, which can be set to one of the following values:

      • READ – Grant read-only access to the S3 data.

      • WRITE – Grant write-only access to the S3 data.

      • READWRITE – Grant both read and write access to the S3 data.

      Possible values include:
      • "READ"
      • "WRITE"
      • "READWRITE"
    • GrantScope — (String)

      The S3 path of the data to which you are granting access. It is the result of appending the Subprefix to the location scope.

    • ApplicationArn — (String)

      The Amazon Resource Name (ARN) of an Amazon Web Services IAM Identity Center application associated with your Identity Center instance. If the grant includes an application ARN, the grantee can only access the S3 data through this application.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • NextToken — (String)

        A pagination token to request the next page of results. Pass this value into a subsequent List Access Grants request in order to retrieve the next page of results.

      • AccessGrantsList — (Array<map>)

        A container for a list of grants in an S3 Access Grants instance.

        • CreatedAt — (Date)

          The date and time when you created the S3 Access Grants instance.

        • AccessGrantId — (String)

          The ID of the access grant. S3 Access Grants auto-generates this ID when you create the access grant.

        • AccessGrantArn — (String)

          The Amazon Resource Name (ARN) of the access grant.

        • Grantee — (map)

          The user, group, or role to which you are granting access. You can grant access to an IAM user or role. If you have added your corporate directory to Amazon Web Services IAM Identity Center and associated your Identity Center instance with your S3 Access Grants instance, the grantee can also be a corporate directory user or group.

          • GranteeType — (String)

            The type of the grantee to which access has been granted. It can be one of the following values:

            • IAM - An IAM user or role.

            • DIRECTORY_USER - Your corporate directory user. You can use this option if you have added your corporate identity directory to IAM Identity Center and associated the IAM Identity Center instance with your S3 Access Grants instance.

            • DIRECTORY_GROUP - Your corporate directory group. You can use this option if you have added your corporate identity directory to IAM Identity Center and associated the IAM Identity Center instance with your S3 Access Grants instance.

            Possible values include:
            • "DIRECTORY_USER"
            • "DIRECTORY_GROUP"
            • "IAM"
          • GranteeIdentifier — (String)

            The unique identifier of the Grantee. If the grantee type is IAM, the identifier is the IAM Amazon Resource Name (ARN) of the user or role. If the grantee type is a directory user or group, the identifier is 128-bit universally unique identifier (UUID) in the format a1b2c3d4-5678-90ab-cdef-EXAMPLE11111. You can obtain this UUID from your Amazon Web Services IAM Identity Center instance.

        • Permission — (String)

          The type of access granted to your S3 data, which can be set to one of the following values:

          • READ – Grant read-only access to the S3 data.

          • WRITE – Grant write-only access to the S3 data.

          • READWRITE – Grant both read and write access to the S3 data.

          Possible values include:
          • "READ"
          • "WRITE"
          • "READWRITE"
        • AccessGrantsLocationId — (String)

          The ID of the registered location to which you are granting access. S3 Access Grants assigns this ID when you register the location. S3 Access Grants assigns the ID default to the default location s3:// and assigns an auto-generated ID to other locations that you register.

        • AccessGrantsLocationConfiguration — (map)

          The configuration options of the grant location. The grant location is the S3 path to the data to which you are granting access.

          • S3SubPrefix — (String)

            The S3SubPrefix is appended to the location scope creating the grant scope. Use this field to narrow the scope of the grant to a subset of the location scope. This field is required if the location scope is the default location s3:// because you cannot create a grant for all of your S3 data in the Region and must narrow the scope. For example, if the location scope is the default location s3://, the S3SubPrefx can be a <bucket-name>/*, so the full grant scope path would be s3://<bucket-name>/*. Or the S3SubPrefx can be <bucket-name>/<prefix-name>*, so the full grant scope path would be or s3://<bucket-name>/<prefix-name>*.

            If the S3SubPrefix includes a prefix, append the wildcard character * after the prefix to indicate that you want to include all object key names in the bucket that start with that prefix.

        • GrantScope — (String)

          The S3 path of the data to which you are granting access. It is the result of appending the Subprefix to the location scope.

        • ApplicationArn — (String)

          The Amazon Resource Name (ARN) of an Amazon Web Services IAM Identity Center application associated with your Identity Center instance. If the grant includes an application ARN, the grantee can only access the S3 data through this application.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

listAccessGrantsInstances(params = {}, callback) ⇒ AWS.Request

Returns a list of S3 Access Grants instances. An S3 Access Grants instance serves as a logical grouping for your individual access grants. You can only have one S3 Access Grants instance per Region per account.

Permissions

You must have the s3:ListAccessGrantsInstances permission to use this operation.

Service Reference:

Examples:

Calling the listAccessGrantsInstances operation

var params = {
  AccountId: 'STRING_VALUE', /* required */
  MaxResults: 'NUMBER_VALUE',
  NextToken: 'STRING_VALUE'
};
s3control.listAccessGrantsInstances(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • AccountId — (String)

      The Amazon Web Services account ID of the S3 Access Grants instance.

    • NextToken — (String)

      A pagination token to request the next page of results. Pass this value into a subsequent List Access Grants Instances request in order to retrieve the next page of results.

    • MaxResults — (Integer)

      The maximum number of access grants that you would like returned in the List Access Grants response. If the results include the pagination token NextToken, make another call using the NextToken to determine if there are more results.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • NextToken — (String)

        A pagination token to request the next page of results. Pass this value into a subsequent List Access Grants Instances request in order to retrieve the next page of results.

      • AccessGrantsInstancesList — (Array<map>)

        A container for a list of S3 Access Grants instances.

        • AccessGrantsInstanceId — (String)

          The ID of the S3 Access Grants instance. The ID is default. You can have one S3 Access Grants instance per Region per account.

        • AccessGrantsInstanceArn — (String)

          The Amazon Resource Name (ARN) of the S3 Access Grants instance.

        • CreatedAt — (Date)

          The date and time when you created the S3 Access Grants instance.

        • IdentityCenterArn — (String)

          If you associated your S3 Access Grants instance with an Amazon Web Services IAM Identity Center instance, this field returns the Amazon Resource Name (ARN) of the IAM Identity Center instance application; a subresource of the original Identity Center instance. S3 Access Grants creates this Identity Center application for the specific S3 Access Grants instance.

        • IdentityCenterInstanceArn — (String)

          The Amazon Resource Name (ARN) of the Amazon Web Services IAM Identity Center instance that you are associating with your S3 Access Grants instance. An IAM Identity Center instance is your corporate identity directory that you added to the IAM Identity Center. You can use the ListInstances API operation to retrieve a list of your Identity Center instances and their ARNs.

        • IdentityCenterApplicationArn — (String)

          If you associated your S3 Access Grants instance with an Amazon Web Services IAM Identity Center instance, this field returns the Amazon Resource Name (ARN) of the IAM Identity Center instance application; a subresource of the original Identity Center instance. S3 Access Grants creates this Identity Center application for the specific S3 Access Grants instance.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

listAccessGrantsLocations(params = {}, callback) ⇒ AWS.Request

Returns a list of the locations registered in your S3 Access Grants instance.

Permissions

You must have the s3:ListAccessGrantsLocations permission to use this operation.

Service Reference:

Examples:

Calling the listAccessGrantsLocations operation

var params = {
  AccountId: 'STRING_VALUE', /* required */
  LocationScope: 'STRING_VALUE',
  MaxResults: 'NUMBER_VALUE',
  NextToken: 'STRING_VALUE'
};
s3control.listAccessGrantsLocations(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • AccountId — (String)

      The Amazon Web Services account ID of the S3 Access Grants instance.

    • NextToken — (String)

      A pagination token to request the next page of results. Pass this value into a subsequent List Access Grants Locations request in order to retrieve the next page of results.

    • MaxResults — (Integer)

      The maximum number of access grants that you would like returned in the List Access Grants response. If the results include the pagination token NextToken, make another call using the NextToken to determine if there are more results.

    • LocationScope — (String)

      The S3 path to the location that you are registering. The location scope can be the default S3 location s3://, the S3 path to a bucket s3://<bucket>, or the S3 path to a bucket and prefix s3://<bucket>/<prefix>. A prefix in S3 is a string of characters at the beginning of an object key name used to organize the objects that you store in your S3 buckets. For example, object key names that start with the engineering/ prefix or object key names that start with the marketing/campaigns/ prefix.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • NextToken — (String)

        A pagination token to request the next page of results. Pass this value into a subsequent List Access Grants Locations request in order to retrieve the next page of results.

      • AccessGrantsLocationsList — (Array<map>)

        A container for a list of registered locations in an S3 Access Grants instance.

        • CreatedAt — (Date)

          The date and time when you registered the location.

        • AccessGrantsLocationId — (String)

          The ID of the registered location to which you are granting access. S3 Access Grants assigns this ID when you register the location. S3 Access Grants assigns the ID default to the default location s3:// and assigns an auto-generated ID to other locations that you register.

        • AccessGrantsLocationArn — (String)

          The Amazon Resource Name (ARN) of the registered location.

        • LocationScope — (String)

          The S3 path to the location that you are registering. The location scope can be the default S3 location s3://, the S3 path to a bucket s3://<bucket>, or the S3 path to a bucket and prefix s3://<bucket>/<prefix>. A prefix in S3 is a string of characters at the beginning of an object key name used to organize the objects that you store in your S3 buckets. For example, object key names that start with the engineering/ prefix or object key names that start with the marketing/campaigns/ prefix.

        • IAMRoleArn — (String)

          The Amazon Resource Name (ARN) of the IAM role for the registered location. S3 Access Grants assumes this role to manage access to the registered location.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

listAccessPoints(params = {}, callback) ⇒ AWS.Request

Note: This operation is not supported by directory buckets.

Returns a list of the access points that are owned by the current account that's associated with the specified bucket. You can retrieve up to 1000 access points per call. If the specified bucket has more than 1,000 access points (or the number specified in maxResults, whichever is less), the response will include a continuation token that you can use to list the additional access points.

All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.

The following actions are related to ListAccessPoints:

Service Reference:

Examples:

Calling the listAccessPoints operation

var params = {
  AccountId: 'STRING_VALUE', /* required */
  Bucket: 'STRING_VALUE',
  MaxResults: 'NUMBER_VALUE',
  NextToken: 'STRING_VALUE'
};
s3control.listAccessPoints(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • AccountId — (String)

      The Amazon Web Services account ID for the account that owns the specified access points.

    • Bucket — (String)

      The name of the bucket whose associated access points you want to list.

      For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.

      For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>. For example, to access the bucket reports through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports. The value must be URL encoded.

    • NextToken — (String)

      A continuation token. If a previous call to ListAccessPoints returned a continuation token in the NextToken field, then providing that value here causes Amazon S3 to retrieve the next page of results.

    • MaxResults — (Integer)

      The maximum number of access points that you want to include in the list. If the specified bucket has more than this number of access points, then the response will include a continuation token in the NextToken field that you can use to retrieve the next page of access points.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • AccessPointList — (Array<map>)

        Contains identification and configuration information for one or more access points associated with the specified bucket.

        • Namerequired — (String)

          The name of this access point.

        • NetworkOriginrequired — (String)

          Indicates whether this access point allows access from the public internet. If VpcConfiguration is specified for this access point, then NetworkOrigin is VPC, and the access point doesn't allow access from the public internet. Otherwise, NetworkOrigin is Internet, and the access point allows access from the public internet, subject to the access point and bucket access policies.

          Possible values include:
          • "Internet"
          • "VPC"
        • VpcConfiguration — (map)

          The virtual private cloud (VPC) configuration for this access point, if one exists.

          Note: This element is empty if this access point is an Amazon S3 on Outposts access point that is used by other Amazon Web Servicesservices.
          • VpcIdrequired — (String)

            If this field is specified, this access point will only allow connections from the specified VPC ID.

        • Bucketrequired — (String)

          The name of the bucket associated with this access point.

        • AccessPointArn — (String)

          The ARN for the access point.

        • Alias — (String)

          The name or alias of the access point.

        • BucketAccountId — (String)

          The Amazon Web Services account ID associated with the S3 bucket associated with this access point.

      • NextToken — (String)

        If the specified bucket has more access points than can be returned in one call to this API, this field contains a continuation token that you can provide in subsequent calls to this API to retrieve additional access points.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

listAccessPointsForObjectLambda(params = {}, callback) ⇒ AWS.Request

Note: This operation is not supported by directory buckets.

Returns some or all (up to 1,000) access points associated with the Object Lambda Access Point per call. If there are more access points than what can be returned in one call, the response will include a continuation token that you can use to list the additional access points.

The following actions are related to ListAccessPointsForObjectLambda:

Service Reference:

Examples:

Calling the listAccessPointsForObjectLambda operation

var params = {
  AccountId: 'STRING_VALUE', /* required */
  MaxResults: 'NUMBER_VALUE',
  NextToken: 'STRING_VALUE'
};
s3control.listAccessPointsForObjectLambda(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • AccountId — (String)

      The account ID for the account that owns the specified Object Lambda Access Point.

    • NextToken — (String)

      If the list has more access points than can be returned in one call to this API, this field contains a continuation token that you can provide in subsequent calls to this API to retrieve additional access points.

    • MaxResults — (Integer)

      The maximum number of access points that you want to include in the list. The response may contain fewer access points but will never contain more. If there are more than this number of access points, then the response will include a continuation token in the NextToken field that you can use to retrieve the next page of access points.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • ObjectLambdaAccessPointList — (Array<map>)

        Returns list of Object Lambda Access Points.

        • Namerequired — (String)

          The name of the Object Lambda Access Point.

        • ObjectLambdaAccessPointArn — (String)

          Specifies the ARN for the Object Lambda Access Point.

        • Alias — (map)

          The alias of the Object Lambda Access Point.

          • Value — (String)

            The alias value of the Object Lambda Access Point.

          • Status — (String)

            The status of the Object Lambda Access Point alias. If the status is PROVISIONING, the Object Lambda Access Point is provisioning the alias and the alias is not ready for use yet. If the status is READY, the Object Lambda Access Point alias is successfully provisioned and ready for use.

            Possible values include:
            • "PROVISIONING"
            • "READY"
      • NextToken — (String)

        If the list has more access points than can be returned in one call to this API, this field contains a continuation token that you can provide in subsequent calls to this API to retrieve additional access points.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

listCallerAccessGrants(params = {}, callback) ⇒ AWS.Request

Returns a list of the access grants that were given to the caller using S3 Access Grants and that allow the caller to access the S3 data of the Amazon Web Services account specified in the request.

Permissions

You must have the s3:ListCallerAccessGrants permission to use this operation.

Service Reference:

Examples:

Calling the listCallerAccessGrants operation

var params = {
  AccountId: 'STRING_VALUE', /* required */
  AllowedByApplication: true || false,
  GrantScope: 'STRING_VALUE',
  MaxResults: 'NUMBER_VALUE',
  NextToken: 'STRING_VALUE'
};
s3control.listCallerAccessGrants(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • AccountId — (String)

      The Amazon Web Services account ID of the S3 Access Grants instance.

    • GrantScope — (String)

      The S3 path of the data that you would like to access. Must start with s3://. You can optionally pass only the beginning characters of a path, and S3 Access Grants will search for all applicable grants for the path fragment.

    • NextToken — (String)

      A pagination token to request the next page of results. Pass this value into a subsequent List Caller Access Grants request in order to retrieve the next page of results.

    • MaxResults — (Integer)

      The maximum number of access grants that you would like returned in the List Caller Access Grants response. If the results include the pagination token NextToken, make another call using the NextToken to determine if there are more results.

    • AllowedByApplication — (Boolean)

      If this optional parameter is passed in the request, a filter is applied to the results. The results will include only the access grants for the caller's Identity Center application or for any other applications (ALL).

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • NextToken — (String)

        A pagination token that you can use to request the next page of results. Pass this value into a subsequent List Caller Access Grants request in order to retrieve the next page of results.

      • CallerAccessGrantsList — (Array<map>)

        A list of the caller's access grants that were created using S3 Access Grants and that grant the caller access to the S3 data of the Amazon Web Services account ID that was specified in the request.

        • Permission — (String)

          The type of permission granted, which can be one of the following values:

          • READ - Grants read-only access to the S3 data.

          • WRITE - Grants write-only access to the S3 data.

          • READWRITE - Grants both read and write access to the S3 data.

          Possible values include:
          • "READ"
          • "WRITE"
          • "READWRITE"
        • GrantScope — (String)

          The S3 path of the data to which you have been granted access.

        • ApplicationArn — (String)

          The Amazon Resource Name (ARN) of an Amazon Web Services IAM Identity Center application associated with your Identity Center instance. If the grant includes an application ARN, the grantee can only access the S3 data through this application.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

listJobs(params = {}, callback) ⇒ AWS.Request

Lists current S3 Batch Operations jobs as well as the jobs that have ended within the last 90 days for the Amazon Web Services account making the request. For more information, see S3 Batch Operations in the Amazon S3 User Guide.

Permissions

To use the ListJobs operation, you must have permission to perform the s3:ListJobs action.

Related actions include:

Service Reference:

Examples:

Calling the listJobs operation

var params = {
  AccountId: 'STRING_VALUE', /* required */
  JobStatuses: [
    Active | Cancelled | Cancelling | Complete | Completing | Failed | Failing | New | Paused | Pausing | Preparing | Ready | Suspended,
    /* more items */
  ],
  MaxResults: 'NUMBER_VALUE',
  NextToken: 'STRING_VALUE'
};
s3control.listJobs(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • AccountId — (String)

      The Amazon Web Services account ID associated with the S3 Batch Operations job.

    • JobStatuses — (Array<String>)

      The List Jobs request returns jobs that match the statuses listed in this element.

    • NextToken — (String)

      A pagination token to request the next page of results. Use the token that Amazon S3 returned in the NextToken element of the ListJobsResult from the previous List Jobs request.

    • MaxResults — (Integer)

      The maximum number of jobs that Amazon S3 will include in the List Jobs response. If there are more jobs than this number, the response will include a pagination token in the NextToken field to enable you to retrieve the next page of results.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • NextToken — (String)

        If the List Jobs request produced more than the maximum number of results, you can pass this value into a subsequent List Jobs request in order to retrieve the next page of results.

      • Jobs — (Array<map>)

        The list of current jobs and jobs that have ended within the last 30 days.

        • JobId — (String)

          The ID for the specified job.

        • Description — (String)

          The user-specified description that was included in the specified job's Create Job request.

        • Operation — (String)

          The operation that the specified job is configured to run on every object listed in the manifest.

          Possible values include:
          • "LambdaInvoke"
          • "S3PutObjectCopy"
          • "S3PutObjectAcl"
          • "S3PutObjectTagging"
          • "S3DeleteObjectTagging"
          • "S3InitiateRestoreObject"
          • "S3PutObjectLegalHold"
          • "S3PutObjectRetention"
          • "S3ReplicateObject"
        • Priority — (Integer)

          The current priority for the specified job.

        • Status — (String)

          The specified job's current status.

          Possible values include:
          • "Active"
          • "Cancelled"
          • "Cancelling"
          • "Complete"
          • "Completing"
          • "Failed"
          • "Failing"
          • "New"
          • "Paused"
          • "Pausing"
          • "Preparing"
          • "Ready"
          • "Suspended"
        • CreationTime — (Date)

          A timestamp indicating when the specified job was created.

        • TerminationDate — (Date)

          A timestamp indicating when the specified job terminated. A job's termination date is the date and time when it succeeded, failed, or was canceled.

        • ProgressSummary — (map)

          Describes the total number of tasks that the specified job has run, the number of tasks that succeeded, and the number of tasks that failed.

          • TotalNumberOfTasks — (Integer)

          • NumberOfTasksSucceeded — (Integer)

          • NumberOfTasksFailed — (Integer)

          • Timers — (map)

            The JobTimers attribute of a job's progress summary.

            • ElapsedTimeInActiveSeconds — (Integer)

              Indicates the elapsed time in seconds the job has been in the Active job state.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

listMultiRegionAccessPoints(params = {}, callback) ⇒ AWS.Request

Note: This operation is not supported by directory buckets.

Returns a list of the Multi-Region Access Points currently associated with the specified Amazon Web Services account. Each call can return up to 100 Multi-Region Access Points, the maximum number of Multi-Region Access Points that can be associated with a single account.

This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around working with Multi-Region Access Points, see Multi-Region Access Point restrictions and limitations in the Amazon S3 User Guide.

The following actions are related to ListMultiRegionAccessPoint:

Service Reference:

Examples:

Calling the listMultiRegionAccessPoints operation

var params = {
  AccountId: 'STRING_VALUE', /* required */
  MaxResults: 'NUMBER_VALUE',
  NextToken: 'STRING_VALUE'
};
s3control.listMultiRegionAccessPoints(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • AccountId — (String)

      The Amazon Web Services account ID for the owner of the Multi-Region Access Point.

    • NextToken — (String)

      Not currently used. Do not use this parameter.

    • MaxResults — (Integer)

      Not currently used. Do not use this parameter.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • AccessPoints — (Array<map>)

        The list of Multi-Region Access Points associated with the user.

        • Name — (String)

          The name of the Multi-Region Access Point.

        • Alias — (String)

          The alias for the Multi-Region Access Point. For more information about the distinction between the name and the alias of an Multi-Region Access Point, see Rules for naming Amazon S3 Multi-Region Access Points.

        • CreatedAt — (Date)

          When the Multi-Region Access Point create request was received.

        • PublicAccessBlock — (map)

          The PublicAccessBlock configuration that you want to apply to this Amazon S3 account. You can enable the configuration options in any combination. For more information about when Amazon S3 considers a bucket or object public, see The Meaning of "Public" in the Amazon S3 User Guide.

          This data type is not supported for Amazon S3 on Outposts.

          • BlockPublicAcls — (Boolean)

            Specifies whether Amazon S3 should block public access control lists (ACLs) for buckets in this account. Setting this element to TRUE causes the following behavior:

            • PutBucketAcl and PutObjectAcl calls fail if the specified ACL is public.

            • PUT Object calls fail if the request includes a public ACL.

            • PUT Bucket calls fail if the request includes a public ACL.

            Enabling this setting doesn't affect existing policies or ACLs.

            This property is not supported for Amazon S3 on Outposts.

          • IgnorePublicAcls — (Boolean)

            Specifies whether Amazon S3 should ignore public ACLs for buckets in this account. Setting this element to TRUE causes Amazon S3 to ignore all public ACLs on buckets in this account and any objects that they contain.

            Enabling this setting doesn't affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set.

            This property is not supported for Amazon S3 on Outposts.

          • BlockPublicPolicy — (Boolean)

            Specifies whether Amazon S3 should block public bucket policies for buckets in this account. Setting this element to TRUE causes Amazon S3 to reject calls to PUT Bucket policy if the specified bucket policy allows public access.

            Enabling this setting doesn't affect existing bucket policies.

            This property is not supported for Amazon S3 on Outposts.

          • RestrictPublicBuckets — (Boolean)

            Specifies whether Amazon S3 should restrict public bucket policies for buckets in this account. Setting this element to TRUE restricts access to buckets with public policies to only Amazon Web Servicesservice principals and authorized users within this account.

            Enabling this setting doesn't affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked.

            This property is not supported for Amazon S3 on Outposts.

        • Status — (String)

          The current status of the Multi-Region Access Point.

          CREATING and DELETING are temporary states that exist while the request is propagating and being completed. If a Multi-Region Access Point has a status of PARTIALLY_CREATED, you can retry creation or send a request to delete the Multi-Region Access Point. If a Multi-Region Access Point has a status of PARTIALLY_DELETED, you can retry a delete request to finish the deletion of the Multi-Region Access Point.

          Possible values include:
          • "READY"
          • "INCONSISTENT_ACROSS_REGIONS"
          • "CREATING"
          • "PARTIALLY_CREATED"
          • "PARTIALLY_DELETED"
          • "DELETING"
        • Regions — (Array<map>)

          A collection of the Regions and buckets associated with the Multi-Region Access Point.

          • Bucket — (String)

            The name of the bucket.

          • Region — (String)

            The name of the Region.

          • BucketAccountId — (String)

            The Amazon Web Services account ID that owns the Amazon S3 bucket that's associated with this Multi-Region Access Point.

      • NextToken — (String)

        If the specified bucket has more Multi-Region Access Points than can be returned in one call to this action, this field contains a continuation token. You can use this token tin subsequent calls to this action to retrieve additional Multi-Region Access Points.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

listRegionalBuckets(params = {}, callback) ⇒ AWS.Request

Note: This operation is not supported by directory buckets.

Returns a list of all Outposts buckets in an Outpost that are owned by the authenticated sender of the request. For more information, see Using Amazon S3 on Outposts in the Amazon S3 User Guide.

For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and x-amz-outpost-id in your request, see the Examples section.

Service Reference:

Examples:

Calling the listRegionalBuckets operation

var params = {
  AccountId: 'STRING_VALUE', /* required */
  MaxResults: 'NUMBER_VALUE',
  NextToken: 'STRING_VALUE',
  OutpostId: 'STRING_VALUE'
};
s3control.listRegionalBuckets(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • AccountId — (String)

      The Amazon Web Services account ID of the Outposts bucket.

    • NextToken — (String)

    • MaxResults — (Integer)

    • OutpostId — (String)

      The ID of the Outposts resource.

      Note: This ID is required by Amazon S3 on Outposts buckets.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • RegionalBucketList — (Array<map>)

        • Bucketrequired — (String)

        • BucketArn — (String)

          The Amazon Resource Name (ARN) for the regional bucket.

        • PublicAccessBlockEnabledrequired — (Boolean)

        • CreationDaterequired — (Date)

          The creation date of the regional bucket

        • OutpostId — (String)

          The Outposts ID of the regional bucket.

      • NextToken — (String)

        NextToken is sent when isTruncated is true, which means there are more buckets that can be listed. The next list requests to Amazon S3 can be continued with this NextToken. NextToken is obfuscated and is not a real key.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

listStorageLensConfigurations(params = {}, callback) ⇒ AWS.Request

Note: This operation is not supported by directory buckets.

Gets a list of Amazon S3 Storage Lens configurations. For more information about S3 Storage Lens, see Assessing your storage activity and usage with Amazon S3 Storage Lens in the Amazon S3 User Guide.

Note: To use this action, you must have permission to perform the s3:ListStorageLensConfigurations action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon S3 User Guide.

Service Reference:

Examples:

Calling the listStorageLensConfigurations operation

var params = {
  AccountId: 'STRING_VALUE', /* required */
  NextToken: 'STRING_VALUE'
};
s3control.listStorageLensConfigurations(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • AccountId — (String)

      The account ID of the requester.

    • NextToken — (String)

      A pagination token to request the next page of results.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • NextToken — (String)

        If the request produced more than the maximum number of S3 Storage Lens configuration results, you can pass this value into a subsequent request to retrieve the next page of results.

      • StorageLensConfigurationList — (Array<map>)

        A list of S3 Storage Lens configurations.

        • Idrequired — (String)

          A container for the S3 Storage Lens configuration ID.

        • StorageLensArnrequired — (String)

          The ARN of the S3 Storage Lens configuration. This property is read-only.

        • HomeRegionrequired — (String)

          A container for the S3 Storage Lens home Region. Your metrics data is stored and retained in your designated S3 Storage Lens home Region.

        • IsEnabled — (Boolean)

          A container for whether the S3 Storage Lens configuration is enabled. This property is required.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

listStorageLensGroups(params = {}, callback) ⇒ AWS.Request

Lists all the Storage Lens groups in the specified home Region.

To use this operation, you must have the permission to perform the s3:ListStorageLensGroups action. For more information about the required Storage Lens Groups permissions, see Setting account permissions to use S3 Storage Lens groups.

For information about Storage Lens groups errors, see List of Amazon S3 Storage Lens error codes.

Service Reference:

Examples:

Calling the listStorageLensGroups operation

var params = {
  AccountId: 'STRING_VALUE', /* required */
  NextToken: 'STRING_VALUE'
};
s3control.listStorageLensGroups(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • AccountId — (String)

      The Amazon Web Services account ID that owns the Storage Lens groups.

    • NextToken — (String)

      The token for the next set of results, or null if there are no more results.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • NextToken — (String)

        If NextToken is returned, there are more Storage Lens groups results available. The value of NextToken is a unique pagination token for each page. Make the call again using the returned token to retrieve the next page. Keep all other arguments unchanged. Each pagination token expires after 24 hours.

      • StorageLensGroupList — (Array<map>)

        The list of Storage Lens groups that exist in the specified home Region.

        • Namerequired — (String)

          Contains the name of the Storage Lens group that exists in the specified home Region.

        • StorageLensGroupArnrequired — (String)

          Contains the Amazon Resource Name (ARN) of the Storage Lens group. This property is read-only.

        • HomeRegionrequired — (String)

          Contains the Amazon Web Services Region where the Storage Lens group was created.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

listTagsForResource(params = {}, callback) ⇒ AWS.Request

This operation allows you to list all the Amazon Web Services resource tags for a specified resource. Each tag is a label consisting of a user-defined key and value. Tags can help you manage, identify, organize, search for, and filter resources.

Permissions

You must have the s3:ListTagsForResource permission to use this operation.

Note: This operation is only supported for S3 Storage Lens groups and for S3 Access Grants. The tagged resource can be an S3 Storage Lens group or S3 Access Grants instance, registered location, or grant.

For more information about the required Storage Lens Groups permissions, see Setting account permissions to use S3 Storage Lens groups.

For information about S3 Tagging errors, see List of Amazon S3 Tagging error codes.

Service Reference:

Examples:

Calling the listTagsForResource operation

var params = {
  AccountId: 'STRING_VALUE', /* required */
  ResourceArn: 'STRING_VALUE' /* required */
};
s3control.listTagsForResource(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • AccountId — (String)

      The Amazon Web Services account ID of the resource owner.

    • ResourceArn — (String)

      The Amazon Resource Name (ARN) of the S3 resource that you want to list the tags for. The tagged resource can be an S3 Storage Lens group or S3 Access Grants instance, registered location, or grant.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • Tags — (Array<map>)

        The Amazon Web Services resource tags that are associated with the resource.

        • Keyrequired — (String)

          The key of the key-value pair of a tag added to your Amazon Web Services resource. A tag key can be up to 128 Unicode characters in length and is case-sensitive. System created tags that begin with aws: aren’t supported.

        • Valuerequired — (String)

          The value of the key-value pair of a tag added to your Amazon Web Services resource. A tag value can be up to 256 Unicode characters in length and is case-sensitive.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

populateUriFromArn(req) ⇒ void

Populate URI according to the ARN

putAccessGrantsInstanceResourcePolicy(params = {}, callback) ⇒ AWS.Request

Updates the resource policy of the S3 Access Grants instance.

Permissions

You must have the s3:PutAccessGrantsInstanceResourcePolicy permission to use this operation.

Examples:

Calling the putAccessGrantsInstanceResourcePolicy operation

var params = {
  AccountId: 'STRING_VALUE', /* required */
  Policy: 'STRING_VALUE', /* required */
  Organization: 'STRING_VALUE'
};
s3control.putAccessGrantsInstanceResourcePolicy(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • AccountId — (String)

      The Amazon Web Services account ID of the S3 Access Grants instance.

    • Policy — (String)

      The resource policy of the S3 Access Grants instance that you are updating.

    • Organization — (String)

      The Organization of the resource policy of the S3 Access Grants instance.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • Policy — (String)

        The updated resource policy of the S3 Access Grants instance.

      • Organization — (String)

        The Organization of the resource policy of the S3 Access Grants instance.

      • CreatedAt — (Date)

        The date and time when you created the S3 Access Grants instance resource policy.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

putAccessPointConfigurationForObjectLambda(params = {}, callback) ⇒ AWS.Request

Note: This operation is not supported by directory buckets.

Replaces configuration for an Object Lambda Access Point.

The following actions are related to PutAccessPointConfigurationForObjectLambda:

Examples:

Calling the putAccessPointConfigurationForObjectLambda operation

var params = {
  AccountId: 'STRING_VALUE', /* required */
  Configuration: { /* required */
    SupportingAccessPoint: 'STRING_VALUE', /* required */
    TransformationConfigurations: [ /* required */
      {
        Actions: [ /* required */
          GetObject | HeadObject | ListObjects | ListObjectsV2,
          /* more items */
        ],
        ContentTransformation: { /* required */
          AwsLambda: {
            FunctionArn: 'STRING_VALUE', /* required */
            FunctionPayload: 'STRING_VALUE'
          }
        }
      },
      /* more items */
    ],
    AllowedFeatures: [
      GetObject-Range | GetObject-PartNumber | HeadObject-Range | HeadObject-PartNumber,
      /* more items */
    ],
    CloudWatchMetricsEnabled: true || false
  },
  Name: 'STRING_VALUE' /* required */
};
s3control.putAccessPointConfigurationForObjectLambda(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • AccountId — (String)

      The account ID for the account that owns the specified Object Lambda Access Point.

    • Name — (String)

      The name of the Object Lambda Access Point.

    • Configuration — (map)

      Object Lambda Access Point configuration document.

      • SupportingAccessPointrequired — (String)

        Standard access point associated with the Object Lambda Access Point.

      • CloudWatchMetricsEnabled — (Boolean)

        A container for whether the CloudWatch metrics configuration is enabled.

      • AllowedFeatures — (Array<String>)

        A container for allowed features. Valid inputs are GetObject-Range, GetObject-PartNumber, HeadObject-Range, and HeadObject-PartNumber.

      • TransformationConfigurationsrequired — (Array<map>)

        A container for transformation configurations for an Object Lambda Access Point.

        • Actionsrequired — (Array<String>)

          A container for the action of an Object Lambda Access Point configuration. Valid inputs are GetObject, ListObjects, HeadObject, and ListObjectsV2.

        • ContentTransformationrequired — (map)

          A container for the content transformation of an Object Lambda Access Point configuration.

          • AwsLambda — (map)

            A container for an Lambda function.

            • FunctionArnrequired — (String)

              The Amazon Resource Name (ARN) of the Lambda function.

            • FunctionPayload — (String)

              Additional JSON that provides supplemental data to the Lambda function used to transform objects.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

putAccessPointPolicy(params = {}, callback) ⇒ AWS.Request

Note: This operation is not supported by directory buckets.

Associates an access policy with the specified access point. Each access point can have only one policy, so a request made to this API replaces any existing policy associated with the specified access point.

All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.

The following actions are related to PutAccessPointPolicy:

Service Reference:

Examples:

Calling the putAccessPointPolicy operation

var params = {
  AccountId: 'STRING_VALUE', /* required */
  Name: 'STRING_VALUE', /* required */
  Policy: 'STRING_VALUE' /* required */
};
s3control.putAccessPointPolicy(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • AccountId — (String)

      The Amazon Web Services account ID for owner of the bucket associated with the specified access point.

    • Name — (String)

      The name of the access point that you want to associate with the specified policy.

      For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.

      For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the access point accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/accesspoint/<my-accesspoint-name>. For example, to access the access point reports-ap through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/accesspoint/reports-ap. The value must be URL encoded.

    • Policy — (String)

      The policy that you want to apply to the specified access point. For more information about access point policies, see Managing data access with Amazon S3 access points in the Amazon S3 User Guide.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

putAccessPointPolicyForObjectLambda(params = {}, callback) ⇒ AWS.Request

Note: This operation is not supported by directory buckets.

Creates or replaces resource policy for an Object Lambda Access Point. For an example policy, see Creating Object Lambda Access Points in the Amazon S3 User Guide.

The following actions are related to PutAccessPointPolicyForObjectLambda:

Examples:

Calling the putAccessPointPolicyForObjectLambda operation

var params = {
  AccountId: 'STRING_VALUE', /* required */
  Name: 'STRING_VALUE', /* required */
  Policy: 'STRING_VALUE' /* required */
};
s3control.putAccessPointPolicyForObjectLambda(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • AccountId — (String)

      The account ID for the account that owns the specified Object Lambda Access Point.

    • Name — (String)

      The name of the Object Lambda Access Point.

    • Policy — (String)

      Object Lambda Access Point resource policy document.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

putBucketLifecycleConfiguration(params = {}, callback) ⇒ AWS.Request

Note: This action puts a lifecycle configuration to an Amazon S3 on Outposts bucket. To put a lifecycle configuration to an S3 bucket, see PutBucketLifecycleConfiguration in the Amazon S3 API Reference.

Creates a new lifecycle configuration for the S3 on Outposts bucket or replaces an existing lifecycle configuration. Outposts buckets only support lifecycle configurations that delete/expire objects after a certain period of time and abort incomplete multipart uploads.

All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.

The following actions are related to PutBucketLifecycleConfiguration:

Service Reference:

Examples:

Calling the putBucketLifecycleConfiguration operation

var params = {
  AccountId: 'STRING_VALUE', /* required */
  Bucket: 'STRING_VALUE', /* required */
  LifecycleConfiguration: {
    Rules: [
      {
        Status: Enabled | Disabled, /* required */
        AbortIncompleteMultipartUpload: {
          DaysAfterInitiation: 'NUMBER_VALUE'
        },
        Expiration: {
          Date: new Date || 'Wed Dec 31 1969 16:00:00 GMT-0800 (PST)' || 123456789,
          Days: 'NUMBER_VALUE',
          ExpiredObjectDeleteMarker: true || false
        },
        Filter: {
          And: {
            ObjectSizeGreaterThan: 'NUMBER_VALUE',
            ObjectSizeLessThan: 'NUMBER_VALUE',
            Prefix: 'STRING_VALUE',
            Tags: [
              {
                Key: 'STRING_VALUE', /* required */
                Value: 'STRING_VALUE' /* required */
              },
              /* more items */
            ]
          },
          ObjectSizeGreaterThan: 'NUMBER_VALUE',
          ObjectSizeLessThan: 'NUMBER_VALUE',
          Prefix: 'STRING_VALUE',
          Tag: {
            Key: 'STRING_VALUE', /* required */
            Value: 'STRING_VALUE' /* required */
          }
        },
        ID: 'STRING_VALUE',
        NoncurrentVersionExpiration: {
          NewerNoncurrentVersions: 'NUMBER_VALUE',
          NoncurrentDays: 'NUMBER_VALUE'
        },
        NoncurrentVersionTransitions: [
          {
            NoncurrentDays: 'NUMBER_VALUE',
            StorageClass: GLACIER | STANDARD_IA | ONEZONE_IA | INTELLIGENT_TIERING | DEEP_ARCHIVE
          },
          /* more items */
        ],
        Transitions: [
          {
            Date: new Date || 'Wed Dec 31 1969 16:00:00 GMT-0800 (PST)' || 123456789,
            Days: 'NUMBER_VALUE',
            StorageClass: GLACIER | STANDARD_IA | ONEZONE_IA | INTELLIGENT_TIERING | DEEP_ARCHIVE
          },
          /* more items */
        ]
      },
      /* more items */
    ]
  }
};
s3control.putBucketLifecycleConfiguration(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • AccountId — (String)

      The Amazon Web Services account ID of the Outposts bucket.

    • Bucket — (String)

      The name of the bucket for which to set the configuration.

    • LifecycleConfiguration — (map)

      Container for lifecycle rules. You can add as many as 1,000 rules.

      • Rules — (Array<map>)

        A lifecycle rule for individual objects in an Outposts bucket.

        • Expiration — (map)

          Specifies the expiration for the lifecycle of the object in the form of date, days and, whether the object has a delete marker.

          • Date — (Date)

            Indicates at what date the object is to be deleted. Should be in GMT ISO 8601 format.

          • Days — (Integer)

            Indicates the lifetime, in days, of the objects that are subject to the rule. The value must be a non-zero positive integer.

          • ExpiredObjectDeleteMarker — (Boolean)

            Indicates whether Amazon S3 will remove a delete marker with no noncurrent versions. If set to true, the delete marker will be expired. If set to false, the policy takes no action. This cannot be specified with Days or Date in a Lifecycle Expiration Policy.

        • ID — (String)

          Unique identifier for the rule. The value cannot be longer than 255 characters.

        • Filter — (map)

          The container for the filter of lifecycle rule.

          • Prefix — (String)

            Prefix identifying one or more objects to which the rule applies.

            When you're using XML requests, you must replace special characters (such as carriage returns) in object keys with their equivalent XML entity codes. For more information, see XML-related object key constraints in the Amazon S3 User Guide.

          • Tag — (map)

            A container for a key-value name pair.

            • Keyrequired — (String)

              Key of the tag

            • Valuerequired — (String)

              Value of the tag

          • And — (map)

            The container for the AND condition for the lifecycle rule.

            • Prefix — (String)

              Prefix identifying one or more objects to which the rule applies.

            • Tags — (Array<map>)

              All of these tags must exist in the object's tag set in order for the rule to apply.

              • Keyrequired — (String)

                Key of the tag

              • Valuerequired — (String)

                Value of the tag

            • ObjectSizeGreaterThan — (Integer)

              The non-inclusive minimum object size for the lifecycle rule. Setting this property to 7 means the rule applies to objects with a size that is greater than 7.

            • ObjectSizeLessThan — (Integer)

              The non-inclusive maximum object size for the lifecycle rule. Setting this property to 77 means the rule applies to objects with a size that is less than 77.

          • ObjectSizeGreaterThan — (Integer)

            Minimum object size to which the rule applies.

          • ObjectSizeLessThan — (Integer)

            Maximum object size to which the rule applies.

        • Statusrequired — (String)

          If 'Enabled', the rule is currently being applied. If 'Disabled', the rule is not currently being applied.

          Possible values include:
          • "Enabled"
          • "Disabled"
        • Transitions — (Array<map>)

          Specifies when an Amazon S3 object transitions to a specified storage class.

          Note: This is not supported by Amazon S3 on Outposts buckets.
          • Date — (Date)

            Indicates when objects are transitioned to the specified storage class. The date value must be in ISO 8601 format. The time is always midnight UTC.

          • Days — (Integer)

            Indicates the number of days after creation when objects are transitioned to the specified storage class. The value must be a positive integer.

          • StorageClass — (String)

            The storage class to which you want the object to transition.

            Possible values include:
            • "GLACIER"
            • "STANDARD_IA"
            • "ONEZONE_IA"
            • "INTELLIGENT_TIERING"
            • "DEEP_ARCHIVE"
        • NoncurrentVersionTransitions — (Array<map>)

          Specifies the transition rule for the lifecycle rule that describes when noncurrent objects transition to a specific storage class. If your bucket is versioning-enabled (or versioning is suspended), you can set this action to request that Amazon S3 transition noncurrent object versions to a specific storage class at a set period in the object's lifetime.

          Note: This is not supported by Amazon S3 on Outposts buckets.
          • NoncurrentDays — (Integer)

            Specifies the number of days an object is noncurrent before Amazon S3 can perform the associated action. For information about the noncurrent days calculations, see How Amazon S3 Calculates How Long an Object Has Been Noncurrent in the Amazon S3 User Guide.

          • StorageClass — (String)

            The class of storage used to store the object.

            Possible values include:
            • "GLACIER"
            • "STANDARD_IA"
            • "ONEZONE_IA"
            • "INTELLIGENT_TIERING"
            • "DEEP_ARCHIVE"
        • NoncurrentVersionExpiration — (map)

          The noncurrent version expiration of the lifecycle rule.

          • NoncurrentDays — (Integer)

            Specifies the number of days an object is noncurrent before Amazon S3 can perform the associated action. For information about the noncurrent days calculations, see How Amazon S3 Calculates When an Object Became Noncurrent in the Amazon S3 User Guide.

          • NewerNoncurrentVersions — (Integer)

            Specifies how many noncurrent versions S3 on Outposts will retain. If there are this many more recent noncurrent versions, S3 on Outposts will take the associated action. For more information about noncurrent versions, see Lifecycle configuration elements in the Amazon S3 User Guide.

        • AbortIncompleteMultipartUpload — (map)

          Specifies the days since the initiation of an incomplete multipart upload that Amazon S3 waits before permanently removing all parts of the upload. For more information, see Aborting Incomplete Multipart Uploads Using a Bucket Lifecycle Configuration in the Amazon S3 User Guide.

          • DaysAfterInitiation — (Integer)

            Specifies the number of days after which Amazon S3 aborts an incomplete multipart upload to the Outposts bucket.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

putBucketPolicy(params = {}, callback) ⇒ AWS.Request

Note: This action puts a bucket policy to an Amazon S3 on Outposts bucket. To put a policy on an S3 bucket, see PutBucketPolicy in the Amazon S3 API Reference.

Applies an Amazon S3 bucket policy to an Outposts bucket. For more information, see Using Amazon S3 on Outposts in the Amazon S3 User Guide.

If you are using an identity other than the root user of the Amazon Web Services account that owns the Outposts bucket, the calling identity must have the PutBucketPolicy permissions on the specified Outposts bucket and belong to the bucket owner's account in order to use this action.

If you don't have PutBucketPolicy permissions, Amazon S3 returns a 403 Access Denied error. If you have the correct permissions, but you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 405 Method Not Allowed error.

As a security precaution, the root user of the Amazon Web Services account that owns a bucket can always use this action, even if the policy explicitly denies the root user the ability to perform this action.

For more information about bucket policies, see Using Bucket Policies and User Policies.

All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.

The following actions are related to PutBucketPolicy:

Service Reference:

Examples:

Calling the putBucketPolicy operation

var params = {
  AccountId: 'STRING_VALUE', /* required */
  Bucket: 'STRING_VALUE', /* required */
  Policy: 'STRING_VALUE', /* required */
  ConfirmRemoveSelfBucketAccess: true || false
};
s3control.putBucketPolicy(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • AccountId — (String)

      The Amazon Web Services account ID of the Outposts bucket.

    • Bucket — (String)

      Specifies the bucket.

      For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.

      For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>. For example, to access the bucket reports through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports. The value must be URL encoded.

    • ConfirmRemoveSelfBucketAccess — (Boolean)

      Set this parameter to true to confirm that you want to remove your permissions to change this bucket policy in the future.

      Note: This is not supported by Amazon S3 on Outposts buckets.
    • Policy — (String)

      The bucket policy as a JSON document.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

putBucketReplication(params = {}, callback) ⇒ AWS.Request

Note: This action creates an Amazon S3 on Outposts bucket's replication configuration. To create an S3 bucket's replication configuration, see PutBucketReplication in the Amazon S3 API Reference.

Creates a replication configuration or replaces an existing one. For information about S3 replication on Outposts configuration, see Replicating objects for S3 on Outposts in the Amazon S3 User Guide.

Note: It can take a while to propagate PUT or DELETE requests for a replication configuration to all S3 on Outposts systems. Therefore, the replication configuration that's returned by a GET request soon after a PUT or DELETE request might return a more recent result than what's on the Outpost. If an Outpost is offline, the delay in updating the replication configuration on that Outpost can be significant.

Specify the replication configuration in the request body. In the replication configuration, you provide the following information:

  • The name of the destination bucket or buckets where you want S3 on Outposts to replicate objects

  • The Identity and Access Management (IAM) role that S3 on Outposts can assume to replicate objects on your behalf

  • Other relevant information, such as replication rules

A replication configuration must include at least one rule and can contain a maximum of 100. Each rule identifies a subset of objects to replicate by filtering the objects in the source Outposts bucket. To choose additional subsets of objects to replicate, add a rule for each subset.

To specify a subset of the objects in the source Outposts bucket to apply a replication rule to, add the Filter element as a child of the Rule element. You can filter objects based on an object key prefix, one or more object tags, or both. When you add the Filter element in the configuration, you must also add the following elements: DeleteMarkerReplication, Status, and Priority.

Using PutBucketReplication on Outposts requires that both the source and destination buckets must have versioning enabled. For information about enabling versioning on a bucket, see Managing S3 Versioning for your S3 on Outposts bucket.

For information about S3 on Outposts replication failure reasons, see Replication failure reasons in the Amazon S3 User Guide.

Handling Replication of Encrypted Objects

Outposts buckets are encrypted at all times. All the objects in the source Outposts bucket are encrypted and can be replicated. Also, all the replicas in the destination Outposts bucket are encrypted with the same encryption key as the objects in the source Outposts bucket.

Permissions

To create a PutBucketReplication request, you must have s3-outposts:PutReplicationConfiguration permissions for the bucket. The Outposts bucket owner has this permission by default and can grant it to others. For more information about permissions, see Setting up IAM with S3 on Outposts and Managing access to S3 on Outposts buckets.

Note: To perform this operation, the user or role must also have the iam:CreateRole and iam:PassRole permissions. For more information, see Granting a user permissions to pass a role to an Amazon Web Services service.

All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.

The following operations are related to PutBucketReplication:

Service Reference:

Examples:

Calling the putBucketReplication operation

var params = {
  AccountId: 'STRING_VALUE', /* required */
  Bucket: 'STRING_VALUE', /* required */
  ReplicationConfiguration: { /* required */
    Role: 'STRING_VALUE', /* required */
    Rules: [ /* required */
      {
        Bucket: 'STRING_VALUE', /* required */
        Destination: { /* required */
          Bucket: 'STRING_VALUE', /* required */
          AccessControlTranslation: {
            Owner: Destination /* required */
          },
          Account: 'STRING_VALUE',
          EncryptionConfiguration: {
            ReplicaKmsKeyID: 'STRING_VALUE'
          },
          Metrics: {
            Status: Enabled | Disabled, /* required */
            EventThreshold: {
              Minutes: 'NUMBER_VALUE'
            }
          },
          ReplicationTime: {
            Status: Enabled | Disabled, /* required */
            Time: { /* required */
              Minutes: 'NUMBER_VALUE'
            }
          },
          StorageClass: STANDARD | REDUCED_REDUNDANCY | STANDARD_IA | ONEZONE_IA | INTELLIGENT_TIERING | GLACIER | DEEP_ARCHIVE | OUTPOSTS | GLACIER_IR
        },
        Status: Enabled | Disabled, /* required */
        DeleteMarkerReplication: {
          Status: Enabled | Disabled /* required */
        },
        ExistingObjectReplication: {
          Status: Enabled | Disabled /* required */
        },
        Filter: {
          And: {
            Prefix: 'STRING_VALUE',
            Tags: [
              {
                Key: 'STRING_VALUE', /* required */
                Value: 'STRING_VALUE' /* required */
              },
              /* more items */
            ]
          },
          Prefix: 'STRING_VALUE',
          Tag: {
            Key: 'STRING_VALUE', /* required */
            Value: 'STRING_VALUE' /* required */
          }
        },
        ID: 'STRING_VALUE',
        Prefix: 'STRING_VALUE',
        Priority: 'NUMBER_VALUE',
        SourceSelectionCriteria: {
          ReplicaModifications: {
            Status: Enabled | Disabled /* required */
          },
          SseKmsEncryptedObjects: {
            Status: Enabled | Disabled /* required */
          }
        }
      },
      /* more items */
    ]
  }
};
s3control.putBucketReplication(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • AccountId — (String)

      The Amazon Web Services account ID of the Outposts bucket.

    • Bucket — (String)

      Specifies the S3 on Outposts bucket to set the configuration for.

      For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.

      For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>. For example, to access the bucket reports through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports. The value must be URL encoded.

    • ReplicationConfiguration — (map)

      • Rolerequired — (String)

        The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role that S3 on Outposts assumes when replicating objects. For information about S3 replication on Outposts configuration, see Setting up replication in the Amazon S3 User Guide.

      • Rulesrequired — (Array<map>)

        A container for one or more replication rules. A replication configuration must have at least one rule and can contain an array of 100 rules at the most.

        • ID — (String)

          A unique identifier for the rule. The maximum value is 255 characters.

        • Priority — (Integer)

          The priority indicates which rule has precedence whenever two or more replication rules conflict. S3 on Outposts attempts to replicate objects according to all replication rules. However, if there are two or more rules with the same destination Outposts bucket, then objects will be replicated according to the rule with the highest priority. The higher the number, the higher the priority.

          For more information, see Creating replication rules on Outposts in the Amazon S3 User Guide.

        • Prefix — (String)

          An object key name prefix that identifies the object or objects to which the rule applies. The maximum prefix length is 1,024 characters. To include all objects in an Outposts bucket, specify an empty string.

          When you're using XML requests, you must replace special characters (such as carriage returns) in object keys with their equivalent XML entity codes. For more information, see XML-related object key constraints in the Amazon S3 User Guide.

        • Filter — (map)

          A filter that identifies the subset of objects to which the replication rule applies. A Filter element must specify exactly one Prefix, Tag, or And child element.

          • Prefix — (String)

            An object key name prefix that identifies the subset of objects that the rule applies to.

            When you're using XML requests, you must replace special characters (such as carriage returns) in object keys with their equivalent XML entity codes. For more information, see XML-related object key constraints in the Amazon S3 User Guide.

          • Tag — (map)

            A container for a key-value name pair.

            • Keyrequired — (String)

              Key of the tag

            • Valuerequired — (String)

              Value of the tag

          • And — (map)

            A container for specifying rule filters. The filters determine the subset of objects that the rule applies to. This element is required only if you specify more than one filter. For example:

            • If you specify both a Prefix and a Tag filter, wrap these filters in an And element.

            • If you specify a filter based on multiple tags, wrap the Tag elements in an And element.

            • Prefix — (String)

              An object key name prefix that identifies the subset of objects that the rule applies to.

            • Tags — (Array<map>)

              An array of tags that contain key and value pairs.

              • Keyrequired — (String)

                Key of the tag

              • Valuerequired — (String)

                Value of the tag

        • Statusrequired — (String)

          Specifies whether the rule is enabled.

          Possible values include:
          • "Enabled"
          • "Disabled"
        • SourceSelectionCriteria — (map)

          A container that describes additional filters for identifying the source Outposts objects that you want to replicate. You can choose to enable or disable the replication of these objects.

          • SseKmsEncryptedObjects — (map)

            A filter that you can use to select Amazon S3 objects that are encrypted with server-side encryption by using Key Management Service (KMS) keys. If you include SourceSelectionCriteria in the replication configuration, this element is required.

            Note: This is not supported by Amazon S3 on Outposts buckets.
            • Statusrequired — (String)

              Specifies whether Amazon S3 replicates objects that are created with server-side encryption by using an KMS key stored in Key Management Service.

              Possible values include:
              • "Enabled"
              • "Disabled"
          • ReplicaModifications — (map)

            A filter that you can use to specify whether replica modification sync is enabled. S3 on Outposts replica modification sync can help you keep object metadata synchronized between replicas and source objects. By default, S3 on Outposts replicates metadata from the source objects to the replicas only. When replica modification sync is enabled, S3 on Outposts replicates metadata changes made to the replica copies back to the source object, making the replication bidirectional.

            To replicate object metadata modifications on replicas, you can specify this element and set the Status of this element to Enabled.

            Note: You must enable replica modification sync on the source and destination buckets to replicate replica metadata changes between the source and the replicas.
            • Statusrequired — (String)

              Specifies whether S3 on Outposts replicates modifications to object metadata on replicas.

              Possible values include:
              • "Enabled"
              • "Disabled"
        • ExistingObjectReplication — (map)

          An optional configuration to replicate existing source bucket objects.

          Note: This is not supported by Amazon S3 on Outposts buckets.
          • Statusrequired — (String)

            Specifies whether Amazon S3 replicates existing source bucket objects.

            Possible values include:
            • "Enabled"
            • "Disabled"
        • Destinationrequired — (map)

          A container for information about the replication destination and its configurations.

          • Account — (String)

            The destination bucket owner's account ID.

          • Bucketrequired — (String)

            The Amazon Resource Name (ARN) of the access point for the destination bucket where you want S3 on Outposts to store the replication results.

          • ReplicationTime — (map)

            A container that specifies S3 Replication Time Control (S3 RTC) settings, including whether S3 RTC is enabled and the time when all objects and operations on objects must be replicated. Must be specified together with a Metrics block.

            Note: This is not supported by Amazon S3 on Outposts buckets.
            • Statusrequired — (String)

              Specifies whether S3 Replication Time Control (S3 RTC) is enabled.

              Possible values include:
              • "Enabled"
              • "Disabled"
            • Timerequired — (map)

              A container that specifies the time by which replication should be complete for all objects and operations on objects.

              • Minutes — (Integer)

                Contains an integer that specifies the time period in minutes.

                Valid value: 15

          • AccessControlTranslation — (map)

            Specify this property only in a cross-account scenario (where the source and destination bucket owners are not the same), and you want to change replica ownership to the Amazon Web Services account that owns the destination bucket. If this property is not specified in the replication configuration, the replicas are owned by same Amazon Web Services account that owns the source object.

            Note: This is not supported by Amazon S3 on Outposts buckets.
            • Ownerrequired — (String)

              Specifies the replica ownership.

              Possible values include:
              • "Destination"
          • EncryptionConfiguration — (map)

            A container that provides information about encryption. If SourceSelectionCriteria is specified, you must specify this element.

            Note: This is not supported by Amazon S3 on Outposts buckets.
            • ReplicaKmsKeyID — (String)

              Specifies the ID of the customer managed KMS key that's stored in Key Management Service (KMS) for the destination bucket. This ID is either the Amazon Resource Name (ARN) for the KMS key or the alias ARN for the KMS key. Amazon S3 uses this KMS key to encrypt replica objects. Amazon S3 supports only symmetric encryption KMS keys. For more information, see Symmetric encryption KMS keys in the Amazon Web Services Key Management Service Developer Guide.

          • Metrics — (map)

            A container that specifies replication metrics-related settings.

            • Statusrequired — (String)

              Specifies whether replication metrics are enabled.

              Possible values include:
              • "Enabled"
              • "Disabled"
            • EventThreshold — (map)

              A container that specifies the time threshold for emitting the s3:Replication:OperationMissedThreshold event.

              Note: This is not supported by Amazon S3 on Outposts buckets.
              • Minutes — (Integer)

                Contains an integer that specifies the time period in minutes.

                Valid value: 15

          • StorageClass — (String)

            The storage class to use when replicating objects. All objects stored on S3 on Outposts are stored in the OUTPOSTS storage class. S3 on Outposts uses the OUTPOSTS storage class to create the object replicas.

            Note: Values other than OUTPOSTS aren't supported by Amazon S3 on Outposts.
            Possible values include:
            • "STANDARD"
            • "REDUCED_REDUNDANCY"
            • "STANDARD_IA"
            • "ONEZONE_IA"
            • "INTELLIGENT_TIERING"
            • "GLACIER"
            • "DEEP_ARCHIVE"
            • "OUTPOSTS"
            • "GLACIER_IR"
        • DeleteMarkerReplication — (map)

          Specifies whether S3 on Outposts replicates delete markers. If you specify a Filter element in your replication configuration, you must also include a DeleteMarkerReplication element. If your Filter includes a Tag element, the DeleteMarkerReplication element's Status child element must be set to Disabled, because S3 on Outposts doesn't support replicating delete markers for tag-based rules.

          For more information about delete marker replication, see How delete operations affect replication in the Amazon S3 User Guide.

          • Statusrequired — (String)

            Indicates whether to replicate delete markers.

            Possible values include:
            • "Enabled"
            • "Disabled"
        • Bucketrequired — (String)

          The Amazon Resource Name (ARN) of the access point for the source Outposts bucket that you want S3 on Outposts to replicate the objects from.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

putBucketTagging(params = {}, callback) ⇒ AWS.Request

Note: This action puts tags on an Amazon S3 on Outposts bucket. To put tags on an S3 bucket, see PutBucketTagging in the Amazon S3 API Reference.

Sets the tags for an S3 on Outposts bucket. For more information, see Using Amazon S3 on Outposts in the Amazon S3 User Guide.

Use tags to organize your Amazon Web Services bill to reflect your own cost structure. To do this, sign up to get your Amazon Web Services account bill with tag key values included. Then, to see the cost of combined resources, organize your billing information according to resources with the same tag key values. For example, you can tag several resources with a specific application name, and then organize your billing information to see the total cost of that application across several services. For more information, see Cost allocation and tagging.

Note: Within a bucket, if you add a tag that has the same key as an existing tag, the new value overwrites the old value. For more information, see Using cost allocation in Amazon S3 bucket tags.

To use this action, you must have permissions to perform the s3-outposts:PutBucketTagging action. The Outposts bucket owner has this permission by default and can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing access permissions to your Amazon S3 resources.

PutBucketTagging has the following special errors:

  • Error code: InvalidTagError

  • Error code: MalformedXMLError

    • Description: The XML provided does not match the schema.

  • Error code: OperationAbortedError

    • Description: A conflicting conditional action is currently in progress against this resource. Try again.

  • Error code: InternalError

    • Description: The service was unable to apply the provided tag to the bucket.

All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.

The following actions are related to PutBucketTagging:

Service Reference:

Examples:

Calling the putBucketTagging operation

var params = {
  AccountId: 'STRING_VALUE', /* required */
  Bucket: 'STRING_VALUE', /* required */
  Tagging: { /* required */
    TagSet: [ /* required */
      {
        Key: 'STRING_VALUE', /* required */
        Value: 'STRING_VALUE' /* required */
      },
      /* more items */
    ]
  }
};
s3control.putBucketTagging(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • AccountId — (String)

      The Amazon Web Services account ID of the Outposts bucket.

    • Bucket — (String)

      The Amazon Resource Name (ARN) of the bucket.

      For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.

      For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>. For example, to access the bucket reports through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports. The value must be URL encoded.

    • Tagging — (map)

      • TagSetrequired — (Array<map>)

        A collection for a set of tags.

        • Keyrequired — (String)

          Key of the tag

        • Valuerequired — (String)

          Value of the tag

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

putBucketVersioning(params = {}, callback) ⇒ AWS.Request

Note: This operation sets the versioning state for S3 on Outposts buckets only. To set the versioning state for an S3 bucket, see PutBucketVersioning in the Amazon S3 API Reference.

Sets the versioning state for an S3 on Outposts bucket. With S3 Versioning, you can save multiple distinct copies of your objects and recover from unintended user actions and application failures.

You can set the versioning state to one of the following:

  • Enabled - Enables versioning for the objects in the bucket. All objects added to the bucket receive a unique version ID.

  • Suspended - Suspends versioning for the objects in the bucket. All objects added to the bucket receive the version ID null.

If you've never set versioning on your bucket, it has no versioning state. In that case, a GetBucketVersioning request does not return a versioning state value.

When you enable S3 Versioning, for each object in your bucket, you have a current version and zero or more noncurrent versions. You can configure your bucket S3 Lifecycle rules to expire noncurrent versions after a specified time period. For more information, see Creating and managing a lifecycle configuration for your S3 on Outposts bucket in the Amazon S3 User Guide.

If you have an object expiration lifecycle configuration in your non-versioned bucket and you want to maintain the same permanent delete behavior when you enable versioning, you must add a noncurrent expiration policy. The noncurrent expiration lifecycle configuration will manage the deletes of the noncurrent object versions in the version-enabled bucket. For more information, see Versioning in the Amazon S3 User Guide.

All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.

The following operations are related to PutBucketVersioning for S3 on Outposts.

Service Reference:

Examples:

Calling the putBucketVersioning operation

var params = {
  AccountId: 'STRING_VALUE', /* required */
  Bucket: 'STRING_VALUE', /* required */
  VersioningConfiguration: { /* required */
    MFADelete: Enabled | Disabled,
    Status: Enabled | Suspended
  },
  MFA: 'STRING_VALUE'
};
s3control.putBucketVersioning(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • AccountId — (String)

      The Amazon Web Services account ID of the S3 on Outposts bucket.

    • Bucket — (String)

      The S3 on Outposts bucket to set the versioning state for.

    • MFA — (String)

      The concatenation of the authentication device's serial number, a space, and the value that is displayed on your authentication device.

    • VersioningConfiguration — (map)

      The root-level tag for the VersioningConfiguration parameters.

      • MFADelete — (String)

        Specifies whether MFA delete is enabled or disabled in the bucket versioning configuration for the S3 on Outposts bucket.

        Possible values include:
        • "Enabled"
        • "Disabled"
      • Status — (String)

        Sets the versioning state of the S3 on Outposts bucket.

        Possible values include:
        • "Enabled"
        • "Suspended"

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

putJobTagging(params = {}, callback) ⇒ AWS.Request

Sets the supplied tag-set on an S3 Batch Operations job.

A tag is a key-value pair. You can associate S3 Batch Operations tags with any job by sending a PUT request against the tagging subresource that is associated with the job. To modify the existing tag set, you can either replace the existing tag set entirely, or make changes within the existing tag set by retrieving the existing tag set using GetJobTagging, modify that tag set, and use this operation to replace the tag set with the one you modified. For more information, see Controlling access and labeling jobs using tags in the Amazon S3 User Guide.

Note:
  • If you send this request with an empty tag set, Amazon S3 deletes the existing tag set on the Batch Operations job. If you use this method, you are charged for a Tier 1 Request (PUT). For more information, see Amazon S3 pricing.
  • For deleting existing tags for your Batch Operations job, a DeleteJobTagging request is preferred because it achieves the same result without incurring charges.
  • A few things to consider about using tags:
    • Amazon S3 limits the maximum number of tags to 50 tags per job.
    • You can associate up to 50 tags with a job as long as they have unique tag keys.
    • A tag key can be up to 128 Unicode characters in length, and tag values can be up to 256 Unicode characters in length.
    • The key and values are case sensitive.
    • For tagging-related restrictions related to characters and encodings, see User-Defined Tag Restrictions in the Billing and Cost Management User Guide.
Permissions

To use the PutJobTagging operation, you must have permission to perform the s3:PutJobTagging action.

Related actions include:

Service Reference:

Examples:

Calling the putJobTagging operation

var params = {
  AccountId: 'STRING_VALUE', /* required */
  JobId: 'STRING_VALUE', /* required */
  Tags: [ /* required */
    {
      Key: 'STRING_VALUE', /* required */
      Value: 'STRING_VALUE' /* required */
    },
    /* more items */
  ]
};
s3control.putJobTagging(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • AccountId — (String)

      The Amazon Web Services account ID associated with the S3 Batch Operations job.

    • JobId — (String)

      The ID for the S3 Batch Operations job whose tags you want to replace.

    • Tags — (Array<map>)

      The set of tags to associate with the S3 Batch Operations job.

      • Keyrequired — (String)

        Key of the tag

      • Valuerequired — (String)

        Value of the tag

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

putMultiRegionAccessPointPolicy(params = {}, callback) ⇒ AWS.Request

Note: This operation is not supported by directory buckets.

Associates an access control policy with the specified Multi-Region Access Point. Each Multi-Region Access Point can have only one policy, so a request made to this action replaces any existing policy that is associated with the specified Multi-Region Access Point.

This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around working with Multi-Region Access Points, see Multi-Region Access Point restrictions and limitations in the Amazon S3 User Guide.

The following actions are related to PutMultiRegionAccessPointPolicy:

Service Reference:

Examples:

Calling the putMultiRegionAccessPointPolicy operation

var params = {
  AccountId: 'STRING_VALUE', /* required */
  ClientToken: 'STRING_VALUE', /* required */
  Details: { /* required */
    Name: 'STRING_VALUE', /* required */
    Policy: 'STRING_VALUE' /* required */
  }
};
s3control.putMultiRegionAccessPointPolicy(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • AccountId — (String)

      The Amazon Web Services account ID for the owner of the Multi-Region Access Point.

    • ClientToken — (String)

      An idempotency token used to identify the request and guarantee that requests are unique.

      If a token is not provided, the SDK will use a version 4 UUID.
    • Details — (map)

      A container element containing the details of the policy for the Multi-Region Access Point.

      • Namerequired — (String)

        The name of the Multi-Region Access Point associated with the request.

      • Policyrequired — (String)

        The policy details for the PutMultiRegionAccessPoint request.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • RequestTokenARN — (String)

        The request token associated with the request. You can use this token with DescribeMultiRegionAccessPointOperation to determine the status of asynchronous requests.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

putPublicAccessBlock(params = {}, callback) ⇒ AWS.Request

Note: This operation is not supported by directory buckets.

Creates or modifies the PublicAccessBlock configuration for an Amazon Web Services account. For this operation, users must have the s3:PutAccountPublicAccessBlock permission. For more information, see Using Amazon S3 block public access.

Related actions include:

Service Reference:

Examples:

Calling the putPublicAccessBlock operation

var params = {
  AccountId: 'STRING_VALUE', /* required */
  PublicAccessBlockConfiguration: { /* required */
    BlockPublicAcls: true || false,
    BlockPublicPolicy: true || false,
    IgnorePublicAcls: true || false,
    RestrictPublicBuckets: true || false
  }
};
s3control.putPublicAccessBlock(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • PublicAccessBlockConfiguration — (map)

      The PublicAccessBlock configuration that you want to apply to the specified Amazon Web Services account.

      • BlockPublicAcls — (Boolean)

        Specifies whether Amazon S3 should block public access control lists (ACLs) for buckets in this account. Setting this element to TRUE causes the following behavior:

        • PutBucketAcl and PutObjectAcl calls fail if the specified ACL is public.

        • PUT Object calls fail if the request includes a public ACL.

        • PUT Bucket calls fail if the request includes a public ACL.

        Enabling this setting doesn't affect existing policies or ACLs.

        This property is not supported for Amazon S3 on Outposts.

      • IgnorePublicAcls — (Boolean)

        Specifies whether Amazon S3 should ignore public ACLs for buckets in this account. Setting this element to TRUE causes Amazon S3 to ignore all public ACLs on buckets in this account and any objects that they contain.

        Enabling this setting doesn't affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set.

        This property is not supported for Amazon S3 on Outposts.

      • BlockPublicPolicy — (Boolean)

        Specifies whether Amazon S3 should block public bucket policies for buckets in this account. Setting this element to TRUE causes Amazon S3 to reject calls to PUT Bucket policy if the specified bucket policy allows public access.

        Enabling this setting doesn't affect existing bucket policies.

        This property is not supported for Amazon S3 on Outposts.

      • RestrictPublicBuckets — (Boolean)

        Specifies whether Amazon S3 should restrict public bucket policies for buckets in this account. Setting this element to TRUE restricts access to buckets with public policies to only Amazon Web Servicesservice principals and authorized users within this account.

        Enabling this setting doesn't affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked.

        This property is not supported for Amazon S3 on Outposts.

    • AccountId — (String)

      The account ID for the Amazon Web Services account whose PublicAccessBlock configuration you want to set.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

putStorageLensConfiguration(params = {}, callback) ⇒ AWS.Request

Note: This operation is not supported by directory buckets.

Puts an Amazon S3 Storage Lens configuration. For more information about S3 Storage Lens, see Working with Amazon S3 Storage Lens in the Amazon S3 User Guide. For a complete list of S3 Storage Lens metrics, see S3 Storage Lens metrics glossary in the Amazon S3 User Guide.

Note: To use this action, you must have permission to perform the s3:PutStorageLensConfiguration action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon S3 User Guide.

Service Reference:

Examples:

Calling the putStorageLensConfiguration operation

var params = {
  AccountId: 'STRING_VALUE', /* required */
  ConfigId: 'STRING_VALUE', /* required */
  StorageLensConfiguration: { /* required */
    AccountLevel: { /* required */
      BucketLevel: { /* required */
        ActivityMetrics: {
          IsEnabled: true || false
        },
        AdvancedCostOptimizationMetrics: {
          IsEnabled: true || false
        },
        AdvancedDataProtectionMetrics: {
          IsEnabled: true || false
        },
        DetailedStatusCodesMetrics: {
          IsEnabled: true || false
        },
        PrefixLevel: {
          StorageMetrics: { /* required */
            IsEnabled: true || false,
            SelectionCriteria: {
              Delimiter: 'STRING_VALUE',
              MaxDepth: 'NUMBER_VALUE',
              MinStorageBytesPercentage: 'NUMBER_VALUE'
            }
          }
        }
      },
      ActivityMetrics: {
        IsEnabled: true || false
      },
      AdvancedCostOptimizationMetrics: {
        IsEnabled: true || false
      },
      AdvancedDataProtectionMetrics: {
        IsEnabled: true || false
      },
      DetailedStatusCodesMetrics: {
        IsEnabled: true || false
      },
      StorageLensGroupLevel: {
        SelectionCriteria: {
          Exclude: [
            'STRING_VALUE',
            /* more items */
          ],
          Include: [
            'STRING_VALUE',
            /* more items */
          ]
        }
      }
    },
    Id: 'STRING_VALUE', /* required */
    IsEnabled: true || false, /* required */
    AwsOrg: {
      Arn: 'STRING_VALUE' /* required */
    },
    DataExport: {
      CloudWatchMetrics: {
        IsEnabled: true || false /* required */
      },
      S3BucketDestination: {
        AccountId: 'STRING_VALUE', /* required */
        Arn: 'STRING_VALUE', /* required */
        Format: CSV | Parquet, /* required */
        OutputSchemaVersion: V_1, /* required */
        Encryption: {
          SSEKMS: {
            KeyId: 'STRING_VALUE' /* required */
          },
          SSES3: {
          }
        },
        Prefix: 'STRING_VALUE'
      }
    },
    Exclude: {
      Buckets: [
        'STRING_VALUE',
        /* more items */
      ],
      Regions: [
        'STRING_VALUE',
        /* more items */
      ]
    },
    Include: {
      Buckets: [
        'STRING_VALUE',
        /* more items */
      ],
      Regions: [
        'STRING_VALUE',
        /* more items */
      ]
    },
    StorageLensArn: 'STRING_VALUE'
  },
  Tags: [
    {
      Key: 'STRING_VALUE', /* required */
      Value: 'STRING_VALUE' /* required */
    },
    /* more items */
  ]
};
s3control.putStorageLensConfiguration(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • ConfigId — (String)

      The ID of the S3 Storage Lens configuration.

    • AccountId — (String)

      The account ID of the requester.

    • StorageLensConfiguration — (map)

      The S3 Storage Lens configuration.

      • Idrequired — (String)

        A container for the Amazon S3 Storage Lens configuration ID.

      • AccountLevelrequired — (map)

        A container for all the account-level configurations of your S3 Storage Lens configuration.

        • ActivityMetrics — (map)

          A container element for S3 Storage Lens activity metrics.

          • IsEnabled — (Boolean)

            A container that indicates whether activity metrics are enabled.

        • BucketLevelrequired — (map)

          A container element for the S3 Storage Lens bucket-level configuration.

          • ActivityMetrics — (map)

            A container for the bucket-level activity metrics for S3 Storage Lens.

            • IsEnabled — (Boolean)

              A container that indicates whether activity metrics are enabled.

          • PrefixLevel — (map)

            A container for the prefix-level metrics for S3 Storage Lens.

            • StorageMetricsrequired — (map)

              A container for the prefix-level storage metrics for S3 Storage Lens.

              • IsEnabled — (Boolean)

                A container for whether prefix-level storage metrics are enabled.

              • SelectionCriteria — (map)

                • Delimiter — (String)

                  A container for the delimiter of the selection criteria being used.

                • MaxDepth — (Integer)

                  The max depth of the selection criteria

                • MinStorageBytesPercentage — (Float)

                  The minimum number of storage bytes percentage whose metrics will be selected.

                  Note: You must choose a value greater than or equal to 1.0.
          • AdvancedCostOptimizationMetrics — (map)

            A container for bucket-level advanced cost-optimization metrics for S3 Storage Lens.

            • IsEnabled — (Boolean)

              A container that indicates whether advanced cost-optimization metrics are enabled.

          • AdvancedDataProtectionMetrics — (map)

            A container for bucket-level advanced data-protection metrics for S3 Storage Lens.

            • IsEnabled — (Boolean)

              A container that indicates whether advanced data-protection metrics are enabled.

          • DetailedStatusCodesMetrics — (map)

            A container for bucket-level detailed status code metrics for S3 Storage Lens.

            • IsEnabled — (Boolean)

              A container that indicates whether detailed status code metrics are enabled.

        • AdvancedCostOptimizationMetrics — (map)

          A container element for S3 Storage Lens advanced cost-optimization metrics.

          • IsEnabled — (Boolean)

            A container that indicates whether advanced cost-optimization metrics are enabled.

        • AdvancedDataProtectionMetrics — (map)

          A container element for S3 Storage Lens advanced data-protection metrics.

          • IsEnabled — (Boolean)

            A container that indicates whether advanced data-protection metrics are enabled.

        • DetailedStatusCodesMetrics — (map)

          A container element for detailed status code metrics.

          • IsEnabled — (Boolean)

            A container that indicates whether detailed status code metrics are enabled.

        • StorageLensGroupLevel — (map)

          A container element for S3 Storage Lens groups metrics.

          • SelectionCriteria — (map)

            Indicates which Storage Lens group ARNs to include or exclude in the Storage Lens group aggregation. If this value is left null, then all Storage Lens groups are selected.

            • Include — (Array<String>)

              Indicates which Storage Lens group ARNs to include in the Storage Lens group aggregation.

            • Exclude — (Array<String>)

              Indicates which Storage Lens group ARNs to exclude from the Storage Lens group aggregation.

      • Include — (map)

        A container for what is included in this configuration. This container can only be valid if there is no Exclude container submitted, and it's not empty.

        • Buckets — (Array<String>)

          A container for the S3 Storage Lens bucket includes.

        • Regions — (Array<String>)

          A container for the S3 Storage Lens Region includes.

      • Exclude — (map)

        A container for what is excluded in this configuration. This container can only be valid if there is no Include container submitted, and it's not empty.

        • Buckets — (Array<String>)

          A container for the S3 Storage Lens bucket excludes.

        • Regions — (Array<String>)

          A container for the S3 Storage Lens Region excludes.

      • DataExport — (map)

        A container to specify the properties of your S3 Storage Lens metrics export including, the destination, schema and format.

        • S3BucketDestination — (map)

          A container for the bucket where the S3 Storage Lens metrics export will be located.

          Note: This bucket must be located in the same Region as the storage lens configuration.
          • Formatrequired — (String)

            Possible values include:

            • "CSV"
            • "Parquet"
          • OutputSchemaVersionrequired — (String)

            The schema version of the export file.

            Possible values include:
            • "V_1"
          • AccountIdrequired — (String)

            The account ID of the owner of the S3 Storage Lens metrics export bucket.

          • Arnrequired — (String)

            The Amazon Resource Name (ARN) of the bucket. This property is read-only and follows the following format: arn:aws:s3:us-east-1:example-account-id:bucket/your-destination-bucket-name

          • Prefix — (String)

            The prefix of the destination bucket where the metrics export will be delivered.

          • Encryption — (map)

            The container for the type encryption of the metrics exports in this bucket.

            • SSES3 — (map)

            • SSEKMS — (map)

              • KeyIdrequired — (String)

                A container for the ARN of the SSE-KMS encryption. This property is read-only and follows the following format: arn:aws:kms:us-east-1:example-account-id:key/example-9a73-4afc-8d29-8f5900cef44e

        • CloudWatchMetrics — (map)

          A container for enabling Amazon CloudWatch publishing for S3 Storage Lens metrics.

          • IsEnabledrequired — (Boolean)

            A container that indicates whether CloudWatch publishing for S3 Storage Lens metrics is enabled. A value of true indicates that CloudWatch publishing for S3 Storage Lens metrics is enabled.

      • IsEnabledrequired — (Boolean)

        A container for whether the S3 Storage Lens configuration is enabled.

      • AwsOrg — (map)

        A container for the Amazon Web Services organization for this S3 Storage Lens configuration.

        • Arnrequired — (String)

          A container for the Amazon Resource Name (ARN) of the Amazon Web Services organization. This property is read-only and follows the following format: arn:aws:organizations:us-east-1:example-account-id:organization/o-ex2l495dck

      • StorageLensArn — (String)

        The Amazon Resource Name (ARN) of the S3 Storage Lens configuration. This property is read-only and follows the following format: arn:aws:s3:us-east-1:example-account-id:storage-lens/your-dashboard-name

    • Tags — (Array<map>)

      The tag set of the S3 Storage Lens configuration.

      Note: You can set up to a maximum of 50 tags.
      • Keyrequired — (String)

      • Valuerequired — (String)

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

putStorageLensConfigurationTagging(params = {}, callback) ⇒ AWS.Request

Note: This operation is not supported by directory buckets.

Put or replace tags on an existing Amazon S3 Storage Lens configuration. For more information about S3 Storage Lens, see Assessing your storage activity and usage with Amazon S3 Storage Lens in the Amazon S3 User Guide.

Note: To use this action, you must have permission to perform the s3:PutStorageLensConfigurationTagging action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon S3 User Guide.

Examples:

Calling the putStorageLensConfigurationTagging operation

var params = {
  AccountId: 'STRING_VALUE', /* required */
  ConfigId: 'STRING_VALUE', /* required */
  Tags: [ /* required */
    {
      Key: 'STRING_VALUE', /* required */
      Value: 'STRING_VALUE' /* required */
    },
    /* more items */
  ]
};
s3control.putStorageLensConfigurationTagging(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • ConfigId — (String)

      The ID of the S3 Storage Lens configuration.

    • AccountId — (String)

      The account ID of the requester.

    • Tags — (Array<map>)

      The tag set of the S3 Storage Lens configuration.

      Note: You can set up to a maximum of 50 tags.
      • Keyrequired — (String)

      • Valuerequired — (String)

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

submitMultiRegionAccessPointRoutes(params = {}, callback) ⇒ AWS.Request

Note: This operation is not supported by directory buckets.

Submits an updated route configuration for a Multi-Region Access Point. This API operation updates the routing status for the specified Regions from active to passive, or from passive to active. A value of 0 indicates a passive status, which means that traffic won't be routed to the specified Region. A value of 100 indicates an active status, which means that traffic will be routed to the specified Region. At least one Region must be active at all times.

When the routing configuration is changed, any in-progress operations (uploads, copies, deletes, and so on) to formerly active Regions will continue to run to their final completion state (success or failure). The routing configurations of any Regions that aren’t specified remain unchanged.

Note: Updated routing configurations might not be immediately applied. It can take up to 2 minutes for your changes to take effect.

To submit routing control changes and failover requests, use the Amazon S3 failover control infrastructure endpoints in these five Amazon Web Services Regions:

  • us-east-1

  • us-west-2

  • ap-southeast-2

  • ap-northeast-1

  • eu-west-1

Examples:

Calling the submitMultiRegionAccessPointRoutes operation

var params = {
  AccountId: 'STRING_VALUE', /* required */
  Mrap: 'STRING_VALUE', /* required */
  RouteUpdates: [ /* required */
    {
      TrafficDialPercentage: 'NUMBER_VALUE', /* required */
      Bucket: 'STRING_VALUE',
      Region: 'STRING_VALUE'
    },
    /* more items */
  ]
};
s3control.submitMultiRegionAccessPointRoutes(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • AccountId — (String)

      The Amazon Web Services account ID for the owner of the Multi-Region Access Point.

    • Mrap — (String)

      The Multi-Region Access Point ARN.

    • RouteUpdates — (Array<map>)

      The different routes that make up the new route configuration. Active routes return a value of 100, and passive routes return a value of 0.

      • Bucket — (String)

        The name of the Amazon S3 bucket for which you'll submit a routing configuration change. Either the Bucket or the Region value must be provided. If both are provided, the bucket must be in the specified Region.

      • Region — (String)

        The Amazon Web Services Region to which you'll be submitting a routing configuration change. Either the Bucket or the Region value must be provided. If both are provided, the bucket must be in the specified Region.

      • TrafficDialPercentagerequired — (Integer)

        The traffic state for the specified bucket or Amazon Web Services Region.

        A value of 0 indicates a passive state, which means that no new traffic will be routed to the Region.

        A value of 100 indicates an active state, which means that traffic will be routed to the specified Region.

        When the routing configuration for a Region is changed from active to passive, any in-progress operations (uploads, copies, deletes, and so on) to the formerly active Region will continue to run to until a final success or failure status is reached.

        If all Regions in the routing configuration are designated as passive, you'll receive an InvalidRequest error.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

tagResource(params = {}, callback) ⇒ AWS.Request

Creates a new Amazon Web Services resource tag or updates an existing resource tag. Each tag is a label consisting of a user-defined key and value. Tags can help you manage, identify, organize, search for, and filter resources. You can add up to 50 Amazon Web Services resource tags for each S3 resource.

Note: This operation is only supported for S3 Storage Lens groups and for S3 Access Grants. The tagged resource can be an S3 Storage Lens group or S3 Access Grants instance, registered location, or grant.
Permissions

You must have the s3:TagResource permission to use this operation.

For more information about the required Storage Lens Groups permissions, see Setting account permissions to use S3 Storage Lens groups.

For information about S3 Tagging errors, see List of Amazon S3 Tagging error codes.

Service Reference:

Examples:

Calling the tagResource operation

var params = {
  AccountId: 'STRING_VALUE', /* required */
  ResourceArn: 'STRING_VALUE', /* required */
  Tags: [ /* required */
    {
      Key: 'STRING_VALUE', /* required */
      Value: 'STRING_VALUE' /* required */
    },
    /* more items */
  ]
};
s3control.tagResource(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • AccountId — (String)

      The Amazon Web Services account ID that created the S3 resource that you're trying to add tags to or the requester's account ID.

    • ResourceArn — (String)

      The Amazon Resource Name (ARN) of the S3 resource that you're trying to add tags to. The tagged resource can be an S3 Storage Lens group or S3 Access Grants instance, registered location, or grant.

    • Tags — (Array<map>)

      The Amazon Web Services resource tags that you want to add to the specified S3 resource.

      • Keyrequired — (String)

        The key of the key-value pair of a tag added to your Amazon Web Services resource. A tag key can be up to 128 Unicode characters in length and is case-sensitive. System created tags that begin with aws: aren’t supported.

      • Valuerequired — (String)

        The value of the key-value pair of a tag added to your Amazon Web Services resource. A tag value can be up to 256 Unicode characters in length and is case-sensitive.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

untagResource(params = {}, callback) ⇒ AWS.Request

This operation removes the specified Amazon Web Services resource tags from an S3 resource. Each tag is a label consisting of a user-defined key and value. Tags can help you manage, identify, organize, search for, and filter resources.

Note: This operation is only supported for S3 Storage Lens groups and for S3 Access Grants. The tagged resource can be an S3 Storage Lens group or S3 Access Grants instance, registered location, or grant.
Permissions

You must have the s3:UntagResource permission to use this operation.

For more information about the required Storage Lens Groups permissions, see Setting account permissions to use S3 Storage Lens groups.

For information about S3 Tagging errors, see List of Amazon S3 Tagging error codes.

Service Reference:

Examples:

Calling the untagResource operation

var params = {
  AccountId: 'STRING_VALUE', /* required */
  ResourceArn: 'STRING_VALUE', /* required */
  TagKeys: [ /* required */
    'STRING_VALUE',
    /* more items */
  ]
};
s3control.untagResource(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • AccountId — (String)

      The Amazon Web Services account ID that owns the resource that you're trying to remove the tags from.

    • ResourceArn — (String)

      The Amazon Resource Name (ARN) of the S3 resource that you're trying to remove the tags from.

    • TagKeys — (Array<String>)

      The array of tag key-value pairs that you're trying to remove from of the S3 resource.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

updateAccessGrantsLocation(params = {}, callback) ⇒ AWS.Request

Updates the IAM role of a registered location in your S3 Access Grants instance.

Permissions

You must have the s3:UpdateAccessGrantsLocation permission to use this operation.

Additional Permissions

You must also have the following permission: iam:PassRole

Service Reference:

Examples:

Calling the updateAccessGrantsLocation operation

var params = {
  AccessGrantsLocationId: 'STRING_VALUE', /* required */
  AccountId: 'STRING_VALUE', /* required */
  IAMRoleArn: 'STRING_VALUE' /* required */
};
s3control.updateAccessGrantsLocation(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • AccountId — (String)

      The Amazon Web Services account ID of the S3 Access Grants instance.

    • AccessGrantsLocationId — (String)

      The ID of the registered location that you are updating. S3 Access Grants assigns this ID when you register the location. S3 Access Grants assigns the ID default to the default location s3:// and assigns an auto-generated ID to other locations that you register.

      The ID of the registered location to which you are granting access. S3 Access Grants assigned this ID when you registered the location. S3 Access Grants assigns the ID default to the default location s3:// and assigns an auto-generated ID to other locations that you register.

      If you are passing the default location, you cannot create an access grant for the entire default location. You must also specify a bucket or a bucket and prefix in the Subprefix field.

    • IAMRoleArn — (String)

      The Amazon Resource Name (ARN) of the IAM role for the registered location. S3 Access Grants assumes this role to manage access to the registered location.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • CreatedAt — (Date)

        The date and time when you registered the location.

      • AccessGrantsLocationId — (String)

        The ID of the registered location to which you are granting access. S3 Access Grants assigned this ID when you registered the location. S3 Access Grants assigns the ID default to the default location s3:// and assigns an auto-generated ID to other locations that you register.

      • AccessGrantsLocationArn — (String)

        The Amazon Resource Name (ARN) of the registered location that you are updating.

      • LocationScope — (String)

        The S3 URI path of the location that you are updating. You cannot update the scope of the registered location. The location scope can be the default S3 location s3://, the S3 path to a bucket s3://<bucket>, or the S3 path to a bucket and prefix s3://<bucket>/<prefix>.

      • IAMRoleArn — (String)

        The Amazon Resource Name (ARN) of the IAM role of the registered location. S3 Access Grants assumes this role to manage access to the registered location.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

updateJobPriority(params = {}, callback) ⇒ AWS.Request

Updates an existing S3 Batch Operations job's priority. For more information, see S3 Batch Operations in the Amazon S3 User Guide.

Permissions

To use the UpdateJobPriority operation, you must have permission to perform the s3:UpdateJobPriority action.

Related actions include:

Service Reference:

Examples:

Calling the updateJobPriority operation

var params = {
  AccountId: 'STRING_VALUE', /* required */
  JobId: 'STRING_VALUE', /* required */
  Priority: 'NUMBER_VALUE' /* required */
};
s3control.updateJobPriority(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • AccountId — (String)

      The Amazon Web Services account ID associated with the S3 Batch Operations job.

    • JobId — (String)

      The ID for the job whose priority you want to update.

    • Priority — (Integer)

      The priority you want to assign to this job.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • JobId — (String)

        The ID for the job whose priority Amazon S3 updated.

      • Priority — (Integer)

        The new priority assigned to the specified job.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

updateJobStatus(params = {}, callback) ⇒ AWS.Request

Updates the status for the specified job. Use this operation to confirm that you want to run a job or to cancel an existing job. For more information, see S3 Batch Operations in the Amazon S3 User Guide.

Permissions

To use the UpdateJobStatus operation, you must have permission to perform the s3:UpdateJobStatus action.

Related actions include:

Service Reference:

Examples:

Calling the updateJobStatus operation

var params = {
  AccountId: 'STRING_VALUE', /* required */
  JobId: 'STRING_VALUE', /* required */
  RequestedJobStatus: Cancelled | Ready, /* required */
  StatusUpdateReason: 'STRING_VALUE'
};
s3control.updateJobStatus(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • AccountId — (String)

      The Amazon Web Services account ID associated with the S3 Batch Operations job.

    • JobId — (String)

      The ID of the job whose status you want to update.

    • RequestedJobStatus — (String)

      The status that you want to move the specified job to.

      Possible values include:
      • "Cancelled"
      • "Ready"
    • StatusUpdateReason — (String)

      A description of the reason why you want to change the specified job's status. This field can be any string up to the maximum length.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • JobId — (String)

        The ID for the job whose status was updated.

      • Status — (String)

        The current status for the specified job.

        Possible values include:
        • "Active"
        • "Cancelled"
        • "Cancelling"
        • "Complete"
        • "Completing"
        • "Failed"
        • "Failing"
        • "New"
        • "Paused"
        • "Pausing"
        • "Preparing"
        • "Ready"
        • "Suspended"
      • StatusUpdateReason — (String)

        The reason that the specified job's status was updated.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

updateStorageLensGroup(params = {}, callback) ⇒ AWS.Request

Updates the existing Storage Lens group.

To use this operation, you must have the permission to perform the s3:UpdateStorageLensGroup action. For more information about the required Storage Lens Groups permissions, see Setting account permissions to use S3 Storage Lens groups.

For information about Storage Lens groups errors, see List of Amazon S3 Storage Lens error codes.

Service Reference:

Examples:

Calling the updateStorageLensGroup operation

var params = {
  AccountId: 'STRING_VALUE', /* required */
  Name: 'STRING_VALUE', /* required */
  StorageLensGroup: { /* required */
    Filter: { /* required */
      And: {
        MatchAnyPrefix: [
          'STRING_VALUE',
          /* more items */
        ],
        MatchAnySuffix: [
          'STRING_VALUE',
          /* more items */
        ],
        MatchAnyTag: [
          {
            Key: 'STRING_VALUE', /* required */
            Value: 'STRING_VALUE' /* required */
          },
          /* more items */
        ],
        MatchObjectAge: {
          DaysGreaterThan: 'NUMBER_VALUE',
          DaysLessThan: 'NUMBER_VALUE'
        },
        MatchObjectSize: {
          BytesGreaterThan: 'NUMBER_VALUE',
          BytesLessThan: 'NUMBER_VALUE'
        }
      },
      MatchAnyPrefix: [
        'STRING_VALUE',
        /* more items */
      ],
      MatchAnySuffix: [
        'STRING_VALUE',
        /* more items */
      ],
      MatchAnyTag: [
        {
          Key: 'STRING_VALUE', /* required */
          Value: 'STRING_VALUE' /* required */
        },
        /* more items */
      ],
      MatchObjectAge: {
        DaysGreaterThan: 'NUMBER_VALUE',
        DaysLessThan: 'NUMBER_VALUE'
      },
      MatchObjectSize: {
        BytesGreaterThan: 'NUMBER_VALUE',
        BytesLessThan: 'NUMBER_VALUE'
      },
      Or: {
        MatchAnyPrefix: [
          'STRING_VALUE',
          /* more items */
        ],
        MatchAnySuffix: [
          'STRING_VALUE',
          /* more items */
        ],
        MatchAnyTag: [
          {
            Key: 'STRING_VALUE', /* required */
            Value: 'STRING_VALUE' /* required */
          },
          /* more items */
        ],
        MatchObjectAge: {
          DaysGreaterThan: 'NUMBER_VALUE',
          DaysLessThan: 'NUMBER_VALUE'
        },
        MatchObjectSize: {
          BytesGreaterThan: 'NUMBER_VALUE',
          BytesLessThan: 'NUMBER_VALUE'
        }
      }
    },
    Name: 'STRING_VALUE', /* required */
    StorageLensGroupArn: 'STRING_VALUE'
  }
};
s3control.updateStorageLensGroup(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • Name — (String)

      The name of the Storage Lens group that you want to update.

    • AccountId — (String)

      The Amazon Web Services account ID of the Storage Lens group owner.

    • StorageLensGroup — (map)

      The JSON file that contains the Storage Lens group configuration.

      • Namerequired — (String)

        Contains the name of the Storage Lens group.

      • Filterrequired — (map)

        Sets the criteria for the Storage Lens group data that is displayed. For multiple filter conditions, the AND or OR logical operator is used.

        • MatchAnyPrefix — (Array<String>)

          Contains a list of prefixes. At least one prefix must be specified. Up to 10 prefixes are allowed.

        • MatchAnySuffix — (Array<String>)

          Contains a list of suffixes. At least one suffix must be specified. Up to 10 suffixes are allowed.

        • MatchAnyTag — (Array<map>)

          Contains the list of S3 object tags. At least one object tag must be specified. Up to 10 object tags are allowed.

          • Keyrequired — (String)

            Key of the tag

          • Valuerequired — (String)

            Value of the tag

        • MatchObjectAge — (map)

          Contains DaysGreaterThan and DaysLessThan to define the object age range (minimum and maximum number of days).

          • DaysGreaterThan — (Integer)

            Specifies the maximum object age in days. Must be a positive whole number, greater than the minimum object age and less than or equal to 2,147,483,647.

          • DaysLessThan — (Integer)

            Specifies the minimum object age in days. The value must be a positive whole number, greater than 0 and less than or equal to 2,147,483,647.

        • MatchObjectSize — (map)

          Contains BytesGreaterThan and BytesLessThan to define the object size range (minimum and maximum number of Bytes).

          • BytesGreaterThan — (Integer)

            Specifies the minimum object size in Bytes. The value must be a positive number, greater than 0 and less than 5 TB.

          • BytesLessThan — (Integer)

            Specifies the maximum object size in Bytes. The value must be a positive number, greater than the minimum object size and less than 5 TB.

        • And — (map)

          A logical operator that allows multiple filter conditions to be joined for more complex comparisons of Storage Lens group data. Objects must match all of the listed filter conditions that are joined by the And logical operator. Only one of each filter condition is allowed.

          • MatchAnyPrefix — (Array<String>)

            Contains a list of prefixes. At least one prefix must be specified. Up to 10 prefixes are allowed.

          • MatchAnySuffix — (Array<String>)

            Contains a list of suffixes. At least one suffix must be specified. Up to 10 suffixes are allowed.

          • MatchAnyTag — (Array<map>)

            Contains the list of object tags. At least one object tag must be specified. Up to 10 object tags are allowed.

            • Keyrequired — (String)

              Key of the tag

            • Valuerequired — (String)

              Value of the tag

          • MatchObjectAge — (map)

            Contains DaysGreaterThan and DaysLessThan to define the object age range (minimum and maximum number of days).

            • DaysGreaterThan — (Integer)

              Specifies the maximum object age in days. Must be a positive whole number, greater than the minimum object age and less than or equal to 2,147,483,647.

            • DaysLessThan — (Integer)

              Specifies the minimum object age in days. The value must be a positive whole number, greater than 0 and less than or equal to 2,147,483,647.

          • MatchObjectSize — (map)

            Contains BytesGreaterThan and BytesLessThan to define the object size range (minimum and maximum number of Bytes).

            • BytesGreaterThan — (Integer)

              Specifies the minimum object size in Bytes. The value must be a positive number, greater than 0 and less than 5 TB.

            • BytesLessThan — (Integer)

              Specifies the maximum object size in Bytes. The value must be a positive number, greater than the minimum object size and less than 5 TB.

        • Or — (map)

          A single logical operator that allows multiple filter conditions to be joined. Objects can match any of the listed filter conditions, which are joined by the Or logical operator. Only one of each filter condition is allowed.

          • MatchAnyPrefix — (Array<String>)

            Filters objects that match any of the specified prefixes.

          • MatchAnySuffix — (Array<String>)

            Filters objects that match any of the specified suffixes.

          • MatchAnyTag — (Array<map>)

            Filters objects that match any of the specified S3 object tags.

            • Keyrequired — (String)

              Key of the tag

            • Valuerequired — (String)

              Value of the tag

          • MatchObjectAge — (map)

            Filters objects that match the specified object age range.

            • DaysGreaterThan — (Integer)

              Specifies the maximum object age in days. Must be a positive whole number, greater than the minimum object age and less than or equal to 2,147,483,647.

            • DaysLessThan — (Integer)

              Specifies the minimum object age in days. The value must be a positive whole number, greater than 0 and less than or equal to 2,147,483,647.

          • MatchObjectSize — (map)

            Filters objects that match the specified object size range.

            • BytesGreaterThan — (Integer)

              Specifies the minimum object size in Bytes. The value must be a positive number, greater than 0 and less than 5 TB.

            • BytesLessThan — (Integer)

              Specifies the maximum object size in Bytes. The value must be a positive number, greater than the minimum object size and less than 5 TB.

      • StorageLensGroupArn — (String)

        Contains the Amazon Resource Name (ARN) of the Storage Lens group. This property is read-only.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

validateOutpostsBucketArn(req) ⇒ void

Validate Outposts ARN supplied in Bucket parameter is a valid bucket name