AWS::S3::AccessGrant Grantee

The user, group, or role to which you are granting access. You can grant access to an IAM user or role. If you have added your corporate directory to AWS IAM Identity Center and associated your Identity Center instance with your S3 Access Grants instance, the grantee can also be a corporate directory user or group.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON


{
  "GranteeIdentifier" : String,
  "GranteeType" : String
}

YAML


  GranteeIdentifier: String
  GranteeType: String

Properties

GranteeIdentifier

The unique identifier of the Grantee. If the grantee type is IAM, the identifier is the IAM Amazon Resource Name (ARN) of the user or role. If the grantee type is a directory user or group, the identifier is 128-bit universally unique identifier (UUID) in the format a1b2c3d4-5678-90ab-cdef-EXAMPLE11111. You can obtain this UUID from your AWS IAM Identity Center instance.

Required: Yes

Type: String

Update requires: No interruption

GranteeType

The type of the grantee to which access has been granted. It can be one of the following values:

IAM - An IAM user or role.
DIRECTORY_USER - Your corporate directory user. You can use this option if you have added your corporate identity directory to IAM Identity Center and associated the IAM Identity Center instance with your S3 Access Grants instance.
DIRECTORY_GROUP - Your corporate directory group. You can use this option if you have added your corporate identity directory to IAM Identity Center and associated the IAM Identity Center instance with your S3 Access Grants instance.

Required: Yes

Type: String

Allowed values: IAM | DIRECTORY_USER | DIRECTORY_GROUP

Update requires: No interruption

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

AccessGrantsLocationConfiguration

Tag