awscc.s3_bucket¶
Filters¶
event
reduce
value
Actions¶
delete¶
Parent base class for filters and actions.
properties:
type:
enum:
- delete
required:
- type
Permissions - s3:DeleteBucket
update¶
Parent base class for filters and actions.
definitions:
AbortIncompleteMultipartUpload:
additionalProperties: false
description: Specifies the days since the initiation of an incomplete multipart
upload that Amazon S3 will wait before permanently removing all parts of the
upload.
properties:
DaysAfterInitiation:
description: Specifies the number of days after which Amazon S3 aborts an
incomplete multipart upload.
minimum: 0
type: integer
required:
- DaysAfterInitiation
type: object
AccelerateConfiguration:
additionalProperties: false
properties:
AccelerationStatus:
description: Configures the transfer acceleration state for an Amazon S3 bucket.
enum:
- Enabled
- Suspended
type: string
required:
- AccelerationStatus
type: object
AccessControlTranslation:
additionalProperties: false
description: Specify this only in a cross-account scenario (where source and destination
bucket owners are not the same), and you want to change replica ownership to
the AWS account that owns the destination bucket. If this is not specified in
the replication configuration, the replicas are owned by same AWS account that
owns the source object.
properties:
Owner:
const: Destination
type: string
required:
- Owner
type: object
AnalyticsConfiguration:
additionalProperties: false
description: Specifies the configuration and any analyses for the analytics filter
of an Amazon S3 bucket.
properties:
Id:
description: The ID that identifies the analytics configuration.
type: string
Prefix:
description: The prefix that an object must have to be included in the analytics
results.
type: string
StorageClassAnalysis:
additionalProperties: false
description: Specifies data related to access patterns to be collected and
made available to analyze the tradeoffs between different storage classes
for an Amazon S3 bucket.
properties:
DataExport:
additionalProperties: false
description: Specifies how data related to the storage class analysis
for an Amazon S3 bucket should be exported.
properties:
Destination:
additionalProperties: false
description: Specifies information about where to publish analysis
or configuration results for an Amazon S3 bucket and S3 Replication
Time Control (S3 RTC).
properties:
BucketAccountId:
description: 'The account ID that owns the destination S3 bucket. '
type: string
BucketArn:
description: The Amazon Resource Name (ARN) of the bucket to which
data is exported.
type: string
Format:
description: Specifies the file format used when exporting data
to Amazon S3.
enum:
- CSV
- ORC
- Parquet
type: string
Prefix:
description: The prefix to use when exporting data. The prefix
is prepended to all results.
type: string
required:
- BucketArn
- Format
type: object
OutputSchemaVersion:
const: V_1
description: The version of the output schema to use when exporting
data.
type: string
required:
- Destination
- OutputSchemaVersion
type: object
type: object
TagFilters:
insertionOrder: true
items:
additionalProperties: false
description: Tags to use to identify a subset of objects for an Amazon S3
bucket.
properties:
Key:
type: string
Value:
type: string
required:
- Value
- Key
type: object
type: array
uniqueItems: true
required:
- StorageClassAnalysis
- Id
type: object
Arn:
description: the Amazon Resource Name (ARN) of the specified bucket.
type: string
BucketEncryption:
additionalProperties: false
description: Specifies default encryption for a bucket using server-side encryption
with either Amazon S3-managed keys (SSE-S3) or AWS KMS-managed keys (SSE-KMS).
properties:
ServerSideEncryptionConfiguration:
description: Specifies the default server-side-encryption configuration.
insertionOrder: true
items:
additionalProperties: false
description: Specifies the default server-side encryption configuration.
properties:
BucketKeyEnabled:
description: Specifies whether Amazon S3 should use an S3 Bucket Key
with server-side encryption using KMS (SSE-KMS) for new objects in
the bucket. Existing objects are not affected. Setting the BucketKeyEnabled
element to true causes Amazon S3 to use an S3 Bucket Key. By default,
S3 Bucket Key is not enabled.
type: boolean
ServerSideEncryptionByDefault:
additionalProperties: false
description: Specifies the default server-side encryption to apply to
new objects in the bucket. If a PUT Object request doesn't specify
any server-side encryption, this default encryption will be applied.
properties:
KMSMasterKeyID:
description: '"KMSMasterKeyID" can only be used when you set the
value of SSEAlgorithm as aws:kms.'
type: string
SSEAlgorithm:
enum:
- aws:kms
- AES256
type: string
required:
- SSEAlgorithm
type: object
type: object
type: array
uniqueItems: true
required:
- ServerSideEncryptionConfiguration
type: object
CorsConfiguration:
additionalProperties: false
properties:
CorsRules:
insertionOrder: true
items:
additionalProperties: false
description: A set of origins and methods (cross-origin access that you
want to allow). You can add up to 100 rules to the configuration.
properties:
AllowedHeaders:
description: Headers that are specified in the Access-Control-Request-Headers
header.
insertionOrder: true
items:
type: string
type: array
uniqueItems: true
AllowedMethods:
description: An HTTP method that you allow the origin to execute.
insertionOrder: true
items:
enum:
- GET
- PUT
- HEAD
- POST
- DELETE
type: string
type: array
uniqueItems: true
AllowedOrigins:
description: One or more origins you want customers to be able to access
the bucket from.
insertionOrder: true
items:
type: string
type: array
uniqueItems: true
ExposedHeaders:
description: One or more headers in the response that you want customers
to be able to access from their applications (for example, from a
JavaScript XMLHttpRequest object).
insertionOrder: true
items:
type: string
type: array
uniqueItems: true
Id:
description: A unique identifier for this rule.
maxLength: 255
type: string
MaxAge:
description: The time in seconds that your browser is to cache the preflight
response for the specified resource.
minimum: 0
type: integer
required:
- AllowedMethods
- AllowedOrigins
type: object
type: array
uniqueItems: true
required:
- CorsRules
type: object
CorsRule:
additionalProperties: false
description: A set of origins and methods (cross-origin access that you want to
allow). You can add up to 100 rules to the configuration.
properties:
AllowedHeaders:
description: Headers that are specified in the Access-Control-Request-Headers
header.
insertionOrder: true
items:
type: string
type: array
uniqueItems: true
AllowedMethods:
description: An HTTP method that you allow the origin to execute.
insertionOrder: true
items:
enum:
- GET
- PUT
- HEAD
- POST
- DELETE
type: string
type: array
uniqueItems: true
AllowedOrigins:
description: One or more origins you want customers to be able to access the
bucket from.
insertionOrder: true
items:
type: string
type: array
uniqueItems: true
ExposedHeaders:
description: One or more headers in the response that you want customers to
be able to access from their applications (for example, from a JavaScript
XMLHttpRequest object).
insertionOrder: true
items:
type: string
type: array
uniqueItems: true
Id:
description: A unique identifier for this rule.
maxLength: 255
type: string
MaxAge:
description: The time in seconds that your browser is to cache the preflight
response for the specified resource.
minimum: 0
type: integer
required:
- AllowedMethods
- AllowedOrigins
type: object
DataExport:
additionalProperties: false
description: Specifies how data related to the storage class analysis for an Amazon
S3 bucket should be exported.
properties:
Destination:
additionalProperties: false
description: Specifies information about where to publish analysis or configuration
results for an Amazon S3 bucket and S3 Replication Time Control (S3 RTC).
properties:
BucketAccountId:
description: 'The account ID that owns the destination S3 bucket. '
type: string
BucketArn:
description: The Amazon Resource Name (ARN) of the bucket to which data
is exported.
type: string
Format:
description: Specifies the file format used when exporting data to Amazon
S3.
enum:
- CSV
- ORC
- Parquet
type: string
Prefix:
description: The prefix to use when exporting data. The prefix is prepended
to all results.
type: string
required:
- BucketArn
- Format
type: object
OutputSchemaVersion:
const: V_1
description: The version of the output schema to use when exporting data.
type: string
required:
- Destination
- OutputSchemaVersion
type: object
DefaultRetention:
additionalProperties: false
description: The default retention period that you want to apply to new objects
placed in the specified bucket.
properties:
Days:
type: integer
Mode:
enum:
- COMPLIANCE
- GOVERNANCE
type: string
Years:
type: integer
type: object
DeleteMarkerReplication:
additionalProperties: false
properties:
Status:
enum:
- Disabled
- Enabled
type: string
type: object
Destination:
additionalProperties: false
description: Specifies information about where to publish analysis or configuration
results for an Amazon S3 bucket and S3 Replication Time Control (S3 RTC).
properties:
BucketAccountId:
description: 'The account ID that owns the destination S3 bucket. '
type: string
BucketArn:
description: The Amazon Resource Name (ARN) of the bucket to which data is
exported.
type: string
Format:
description: Specifies the file format used when exporting data to Amazon
S3.
enum:
- CSV
- ORC
- Parquet
type: string
Prefix:
description: The prefix to use when exporting data. The prefix is prepended
to all results.
type: string
required:
- BucketArn
- Format
type: object
EncryptionConfiguration:
additionalProperties: false
description: Specifies encryption-related information for an Amazon S3 bucket
that is a destination for replicated objects.
properties:
ReplicaKmsKeyID:
description: Specifies the ID (Key ARN or Alias ARN) of the customer managed
customer master key (CMK) stored in AWS Key Management Service (KMS) for
the destination bucket.
type: string
required:
- ReplicaKmsKeyID
type: object
FilterRule:
additionalProperties: false
description: Specifies the Amazon S3 object key name to filter on and whether
to filter on the suffix or prefix of the key name.
properties:
Name:
maxLength: 1024
type: string
Value:
type: string
required:
- Value
- Name
type: object
IntelligentTieringConfiguration:
additionalProperties: false
properties:
Id:
description: The ID used to identify the S3 Intelligent-Tiering configuration.
type: string
Prefix:
description: An object key name prefix that identifies the subset of objects
to which the rule applies.
type: string
Status:
description: Specifies the status of the configuration.
enum:
- Disabled
- Enabled
type: string
TagFilters:
description: A container for a key-value pair.
insertionOrder: true
items:
additionalProperties: false
description: Tags to use to identify a subset of objects for an Amazon S3
bucket.
properties:
Key:
type: string
Value:
type: string
required:
- Value
- Key
type: object
type: array
uniqueItems: true
Tierings:
description: 'Specifies a list of S3 Intelligent-Tiering storage class tiers
in the configuration. At least one tier must be defined in the list. At
most, you can specify two tiers in the list, one for each available AccessTier:
ARCHIVE_ACCESS and DEEP_ARCHIVE_ACCESS.'
insertionOrder: true
items:
additionalProperties: false
properties:
AccessTier:
description: S3 Intelligent-Tiering access tier. See Storage class for
automatically optimizing frequently and infrequently accessed objects
for a list of access tiers in the S3 Intelligent-Tiering storage class.
enum:
- ARCHIVE_ACCESS
- DEEP_ARCHIVE_ACCESS
type: string
Days:
description: The number of consecutive days of no access after which
an object will be eligible to be transitioned to the corresponding
tier. The minimum number of days specified for Archive Access tier
must be at least 90 days and Deep Archive Access tier must be at least
180 days. The maximum can be up to 2 years (730 days).
type: integer
required:
- AccessTier
- Days
type: object
type: array
uniqueItems: true
required:
- Id
- Status
- Tierings
type: object
InventoryConfiguration:
additionalProperties: false
properties:
Destination:
additionalProperties: false
description: Specifies information about where to publish analysis or configuration
results for an Amazon S3 bucket and S3 Replication Time Control (S3 RTC).
properties:
BucketAccountId:
description: 'The account ID that owns the destination S3 bucket. '
type: string
BucketArn:
description: The Amazon Resource Name (ARN) of the bucket to which data
is exported.
type: string
Format:
description: Specifies the file format used when exporting data to Amazon
S3.
enum:
- CSV
- ORC
- Parquet
type: string
Prefix:
description: The prefix to use when exporting data. The prefix is prepended
to all results.
type: string
required:
- BucketArn
- Format
type: object
Enabled:
description: Specifies whether the inventory is enabled or disabled.
type: boolean
Id:
description: The ID used to identify the inventory configuration.
type: string
IncludedObjectVersions:
description: Object versions to include in the inventory list.
enum:
- All
- Current
type: string
OptionalFields:
description: Contains the optional fields that are included in the inventory
results.
insertionOrder: true
items:
enum:
- Size
- LastModifiedDate
- StorageClass
- ETag
- IsMultipartUploaded
- ReplicationStatus
- EncryptionStatus
- ObjectLockRetainUntilDate
- ObjectLockMode
- ObjectLockLegalHoldStatus
- IntelligentTieringAccessTier
- BucketKeyStatus
type: string
type: array
uniqueItems: true
Prefix:
description: The prefix that is prepended to all inventory results.
type: string
ScheduleFrequency:
description: Specifies the schedule for generating inventory results.
enum:
- Daily
- Weekly
type: string
required:
- Destination
- Enabled
- Id
- IncludedObjectVersions
- ScheduleFrequency
type: object
LambdaConfiguration:
additionalProperties: false
description: Describes the AWS Lambda functions to invoke and the events for which
to invoke them.
properties:
Event:
description: The Amazon S3 bucket event for which to invoke the AWS Lambda
function.
type: string
Filter:
additionalProperties: false
description: Specifies object key name filtering rules.
properties:
S3Key:
additionalProperties: false
description: A container for object key name prefix and suffix filtering
rules.
properties:
Rules:
insertionOrder: true
items:
additionalProperties: false
description: Specifies the Amazon S3 object key name to filter on
and whether to filter on the suffix or prefix of the key name.
properties:
Name:
maxLength: 1024
type: string
Value:
type: string
required:
- Value
- Name
type: object
type: array
uniqueItems: true
required:
- Rules
type: object
required:
- S3Key
type: object
Function:
description: The Amazon Resource Name (ARN) of the AWS Lambda function that
Amazon S3 invokes when the specified event type occurs.
type: string
required:
- Function
- Event
type: object
LifecycleConfiguration:
additionalProperties: false
properties:
Rules:
description: A lifecycle rule for individual objects in an Amazon S3 bucket.
insertionOrder: true
items:
additionalProperties: false
description: 'You must specify at least one of the following properties:
AbortIncompleteMultipartUpload, ExpirationDate, ExpirationInDays, NoncurrentVersionExpirationInDays,
NoncurrentVersionTransition, NoncurrentVersionTransitions, Transition,
or Transitions.'
properties:
AbortIncompleteMultipartUpload:
additionalProperties: false
description: Specifies the days since the initiation of an incomplete
multipart upload that Amazon S3 will wait before permanently removing
all parts of the upload.
properties:
DaysAfterInitiation:
description: Specifies the number of days after which Amazon S3
aborts an incomplete multipart upload.
minimum: 0
type: integer
required:
- DaysAfterInitiation
type: object
ExpirationDate:
description: The date value in ISO 8601 format. The timezone is always
UTC. (YYYY-MM-DDThh:mm:ssZ)
pattern: ^([0-2]\d{3})-(0[0-9]|1[0-2])-([0-2]\d|3[01])T([01]\d|2[0-4]):([0-5]\d):([0-6]\d)((\.\d{3})?)Z$
type: string
ExpirationInDays:
type: integer
ExpiredObjectDeleteMarker:
type: boolean
Id:
maxLength: 255
type: string
NoncurrentVersionExpirationInDays:
type: integer
NoncurrentVersionTransition:
additionalProperties: false
description: Container for the transition rule that describes when noncurrent
objects transition to the STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING,
GLACIER_IR, GLACIER, or DEEP_ARCHIVE storage class. If your bucket
is versioning-enabled (or versioning is suspended), you can set this
action to request that Amazon S3 transition noncurrent object versions
to the STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER_IR, GLACIER,
or DEEP_ARCHIVE storage class at a specific period in the object's
lifetime.
properties:
StorageClass:
description: The class of storage used to store the object.
enum:
- DEEP_ARCHIVE
- GLACIER
- Glacier
- GLACIER_IR
- INTELLIGENT_TIERING
- ONEZONE_IA
- STANDARD_IA
type: string
TransitionInDays:
description: Specifies the number of days an object is noncurrent
before Amazon S3 can perform the associated action.
type: integer
required:
- StorageClass
- TransitionInDays
type: object
NoncurrentVersionTransitions:
insertionOrder: true
items:
additionalProperties: false
description: Container for the transition rule that describes when
noncurrent objects transition to the STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING,
GLACIER_IR, GLACIER, or DEEP_ARCHIVE storage class. If your bucket
is versioning-enabled (or versioning is suspended), you can set
this action to request that Amazon S3 transition noncurrent object
versions to the STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER_IR,
GLACIER, or DEEP_ARCHIVE storage class at a specific period in the
object's lifetime.
properties:
StorageClass:
description: The class of storage used to store the object.
enum:
- DEEP_ARCHIVE
- GLACIER
- Glacier
- GLACIER_IR
- INTELLIGENT_TIERING
- ONEZONE_IA
- STANDARD_IA
type: string
TransitionInDays:
description: Specifies the number of days an object is noncurrent
before Amazon S3 can perform the associated action.
type: integer
required:
- StorageClass
- TransitionInDays
type: object
type: array
uniqueItems: true
Prefix:
type: string
Status:
enum:
- Enabled
- Disabled
type: string
TagFilters:
insertionOrder: true
items:
additionalProperties: false
description: Tags to use to identify a subset of objects for an Amazon
S3 bucket.
properties:
Key:
type: string
Value:
type: string
required:
- Value
- Key
type: object
type: array
uniqueItems: true
Transition:
additionalProperties: false
description: You must specify at least one of "TransitionDate" and "TransitionInDays"
properties:
StorageClass:
enum:
- DEEP_ARCHIVE
- GLACIER
- Glacier
- GLACIER_IR
- INTELLIGENT_TIERING
- ONEZONE_IA
- STANDARD_IA
type: string
TransitionDate:
description: The date value in ISO 8601 format. The timezone is
always UTC. (YYYY-MM-DDThh:mm:ssZ)
pattern: ^([0-2]\d{3})-(0[0-9]|1[0-2])-([0-2]\d|3[01])T([01]\d|2[0-4]):([0-5]\d):([0-6]\d)((\.\d{3})?)Z$
type: string
TransitionInDays:
type: integer
required:
- StorageClass
type: object
Transitions:
insertionOrder: true
items:
additionalProperties: false
description: You must specify at least one of "TransitionDate" and
"TransitionInDays"
properties:
StorageClass:
enum:
- DEEP_ARCHIVE
- GLACIER
- Glacier
- GLACIER_IR
- INTELLIGENT_TIERING
- ONEZONE_IA
- STANDARD_IA
type: string
TransitionDate:
description: The date value in ISO 8601 format. The timezone is
always UTC. (YYYY-MM-DDThh:mm:ssZ)
pattern: ^([0-2]\d{3})-(0[0-9]|1[0-2])-([0-2]\d|3[01])T([01]\d|2[0-4]):([0-5]\d):([0-6]\d)((\.\d{3})?)Z$
type: string
TransitionInDays:
type: integer
required:
- StorageClass
type: object
type: array
uniqueItems: true
required:
- Status
type: object
type: array
uniqueItems: true
required:
- Rules
type: object
LoggingConfiguration:
additionalProperties: false
properties:
DestinationBucketName:
description: The name of an Amazon S3 bucket where Amazon S3 store server
access log files. You can store log files in any bucket that you own. By
default, logs are stored in the bucket where the LoggingConfiguration property
is defined.
type: string
LogFilePrefix:
type: string
type: object
Metrics:
additionalProperties: false
properties:
EventThreshold:
additionalProperties: false
properties:
Minutes:
type: integer
required:
- Minutes
type: object
Status:
enum:
- Disabled
- Enabled
type: string
required:
- Status
type: object
MetricsConfiguration:
additionalProperties: false
properties:
AccessPointArn:
type: string
Id:
type: string
Prefix:
type: string
TagFilters:
insertionOrder: true
items:
additionalProperties: false
description: Tags to use to identify a subset of objects for an Amazon S3
bucket.
properties:
Key:
type: string
Value:
type: string
required:
- Value
- Key
type: object
type: array
uniqueItems: true
required:
- Id
type: object
NoncurrentVersionTransition:
additionalProperties: false
description: Container for the transition rule that describes when noncurrent
objects transition to the STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER_IR,
GLACIER, or DEEP_ARCHIVE storage class. If your bucket is versioning-enabled
(or versioning is suspended), you can set this action to request that Amazon
S3 transition noncurrent object versions to the STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING,
GLACIER_IR, GLACIER, or DEEP_ARCHIVE storage class at a specific period in the
object's lifetime.
properties:
StorageClass:
description: The class of storage used to store the object.
enum:
- DEEP_ARCHIVE
- GLACIER
- Glacier
- GLACIER_IR
- INTELLIGENT_TIERING
- ONEZONE_IA
- STANDARD_IA
type: string
TransitionInDays:
description: Specifies the number of days an object is noncurrent before Amazon
S3 can perform the associated action.
type: integer
required:
- StorageClass
- TransitionInDays
type: object
NotificationConfiguration:
additionalProperties: false
description: Describes the notification configuration for an Amazon S3 bucket.
properties:
LambdaConfigurations:
insertionOrder: true
items:
additionalProperties: false
description: Describes the AWS Lambda functions to invoke and the events
for which to invoke them.
properties:
Event:
description: The Amazon S3 bucket event for which to invoke the AWS
Lambda function.
type: string
Filter:
additionalProperties: false
description: Specifies object key name filtering rules.
properties:
S3Key:
additionalProperties: false
description: A container for object key name prefix and suffix filtering
rules.
properties:
Rules:
insertionOrder: true
items:
additionalProperties: false
description: Specifies the Amazon S3 object key name to filter
on and whether to filter on the suffix or prefix of the
key name.
properties:
Name:
maxLength: 1024
type: string
Value:
type: string
required:
- Value
- Name
type: object
type: array
uniqueItems: true
required:
- Rules
type: object
required:
- S3Key
type: object
Function:
description: The Amazon Resource Name (ARN) of the AWS Lambda function
that Amazon S3 invokes when the specified event type occurs.
type: string
required:
- Function
- Event
type: object
type: array
uniqueItems: true
QueueConfigurations:
insertionOrder: true
items:
additionalProperties: false
description: The Amazon Simple Queue Service queues to publish messages
to and the events for which to publish messages.
properties:
Event:
description: The Amazon S3 bucket event about which you want to publish
messages to Amazon SQS.
type: string
Filter:
additionalProperties: false
description: Specifies object key name filtering rules.
properties:
S3Key:
additionalProperties: false
description: A container for object key name prefix and suffix filtering
rules.
properties:
Rules:
insertionOrder: true
items:
additionalProperties: false
description: Specifies the Amazon S3 object key name to filter
on and whether to filter on the suffix or prefix of the
key name.
properties:
Name:
maxLength: 1024
type: string
Value:
type: string
required:
- Value
- Name
type: object
type: array
uniqueItems: true
required:
- Rules
type: object
required:
- S3Key
type: object
Queue:
description: The Amazon Resource Name (ARN) of the Amazon SQS queue
to which Amazon S3 publishes a message when it detects events of the
specified type.
type: string
required:
- Event
- Queue
type: object
type: array
uniqueItems: true
TopicConfigurations:
insertionOrder: true
items:
additionalProperties: false
description: The topic to which notifications are sent and the events for
which notifications are generated.
properties:
Event:
description: The Amazon S3 bucket event about which to send notifications.
type: string
Filter:
additionalProperties: false
description: Specifies object key name filtering rules.
properties:
S3Key:
additionalProperties: false
description: A container for object key name prefix and suffix filtering
rules.
properties:
Rules:
insertionOrder: true
items:
additionalProperties: false
description: Specifies the Amazon S3 object key name to filter
on and whether to filter on the suffix or prefix of the
key name.
properties:
Name:
maxLength: 1024
type: string
Value:
type: string
required:
- Value
- Name
type: object
type: array
uniqueItems: true
required:
- Rules
type: object
required:
- S3Key
type: object
Topic:
description: The Amazon Resource Name (ARN) of the Amazon SNS topic
to which Amazon S3 publishes a message when it detects events of the
specified type.
type: string
required:
- Event
- Topic
type: object
type: array
uniqueItems: true
type: object
NotificationFilter:
additionalProperties: false
description: Specifies object key name filtering rules.
properties:
S3Key:
additionalProperties: false
description: A container for object key name prefix and suffix filtering rules.
properties:
Rules:
insertionOrder: true
items:
additionalProperties: false
description: Specifies the Amazon S3 object key name to filter on and
whether to filter on the suffix or prefix of the key name.
properties:
Name:
maxLength: 1024
type: string
Value:
type: string
required:
- Value
- Name
type: object
type: array
uniqueItems: true
required:
- Rules
type: object
required:
- S3Key
type: object
ObjectLockConfiguration:
additionalProperties: false
properties:
ObjectLockEnabled:
const: Enabled
type: string
Rule:
additionalProperties: false
description: The Object Lock rule in place for the specified object.
properties:
DefaultRetention:
additionalProperties: false
description: The default retention period that you want to apply to new
objects placed in the specified bucket.
properties:
Days:
type: integer
Mode:
enum:
- COMPLIANCE
- GOVERNANCE
type: string
Years:
type: integer
type: object
type: object
type: object
ObjectLockRule:
additionalProperties: false
description: The Object Lock rule in place for the specified object.
properties:
DefaultRetention:
additionalProperties: false
description: The default retention period that you want to apply to new objects
placed in the specified bucket.
properties:
Days:
type: integer
Mode:
enum:
- COMPLIANCE
- GOVERNANCE
type: string
Years:
type: integer
type: object
type: object
OwnershipControls:
additionalProperties: false
properties:
Rules:
insertionOrder: true
items:
additionalProperties: false
properties:
ObjectOwnership:
description: Specifies an object ownership rule.
enum:
- ObjectWriter
- BucketOwnerPreferred
type: string
type: object
type: array
uniqueItems: true
required:
- Rules
type: object
OwnershipControlsRule:
additionalProperties: false
properties:
ObjectOwnership:
description: Specifies an object ownership rule.
enum:
- ObjectWriter
- BucketOwnerPreferred
type: string
type: object
PublicAccessBlockConfiguration:
additionalProperties: false
description: Configuration that defines how Amazon S3 handles public access.
properties:
BlockPublicAcls:
description: "Specifies whether Amazon S3 should block public access control\
\ lists (ACLs) for this bucket and objects in this bucket. Setting this\
\ element to TRUE causes the following behavior:\n- PUT Bucket acl and PUT\
\ Object acl calls fail if the specified ACL is public.\n - PUT Object calls\
\ fail if the request includes a public ACL.\nEnabling this setting doesn't\
\ affect existing policies or ACLs."
type: boolean
BlockPublicPolicy:
description: 'Specifies whether Amazon S3 should block public bucket policies
for this bucket. Setting this element to TRUE causes Amazon S3 to reject
calls to PUT Bucket policy if the specified bucket policy allows public
access.
Enabling this setting doesn''t affect existing bucket policies.'
type: boolean
IgnorePublicAcls:
description: 'Specifies whether Amazon S3 should ignore public ACLs for this
bucket and objects in this bucket. Setting this element to TRUE causes Amazon
S3 to ignore all public ACLs on this bucket and objects in this bucket.
Enabling this setting doesn''t affect the persistence of any existing ACLs
and doesn''t prevent new public ACLs from being set.'
type: boolean
RestrictPublicBuckets:
description: 'Specifies whether Amazon S3 should restrict public bucket policies
for this bucket. Setting this element to TRUE restricts access to this bucket
to only AWS services and authorized users within this account if the bucket
has a public policy.
Enabling this setting doesn''t affect previously stored bucket policies,
except that public and cross-account access within any public bucket policy,
including non-public delegation to specific accounts, is blocked.'
type: boolean
type: object
QueueConfiguration:
additionalProperties: false
description: The Amazon Simple Queue Service queues to publish messages to and
the events for which to publish messages.
properties:
Event:
description: The Amazon S3 bucket event about which you want to publish messages
to Amazon SQS.
type: string
Filter:
additionalProperties: false
description: Specifies object key name filtering rules.
properties:
S3Key:
additionalProperties: false
description: A container for object key name prefix and suffix filtering
rules.
properties:
Rules:
insertionOrder: true
items:
additionalProperties: false
description: Specifies the Amazon S3 object key name to filter on
and whether to filter on the suffix or prefix of the key name.
properties:
Name:
maxLength: 1024
type: string
Value:
type: string
required:
- Value
- Name
type: object
type: array
uniqueItems: true
required:
- Rules
type: object
required:
- S3Key
type: object
Queue:
description: The Amazon Resource Name (ARN) of the Amazon SQS queue to which
Amazon S3 publishes a message when it detects events of the specified type.
type: string
required:
- Event
- Queue
type: object
RedirectAllRequestsTo:
additionalProperties: false
description: Specifies the redirect behavior of all requests to a website endpoint
of an Amazon S3 bucket.
properties:
HostName:
description: Name of the host where requests are redirected.
type: string
Protocol:
description: Protocol to use when redirecting requests. The default is the
protocol that is used in the original request.
enum:
- http
- https
type: string
required:
- HostName
type: object
RedirectRule:
additionalProperties: false
description: Specifies how requests are redirected. In the event of an error,
you can specify a different error code to return.
properties:
HostName:
description: The host name to use in the redirect request.
type: string
HttpRedirectCode:
description: The HTTP redirect code to use on the response. Not required if
one of the siblings is present.
type: string
Protocol:
description: Protocol to use when redirecting requests. The default is the
protocol that is used in the original request.
enum:
- http
- https
type: string
ReplaceKeyPrefixWith:
description: The object key prefix to use in the redirect request.
type: string
ReplaceKeyWith:
description: The specific object key to use in the redirect request.d
type: string
type: object
ReplicaModifications:
additionalProperties: false
properties:
Status:
description: Specifies whether Amazon S3 replicates modifications on replicas.
enum:
- Enabled
- Disabled
type: string
required:
- Status
type: object
ReplicationConfiguration:
additionalProperties: false
description: A container for replication rules. You can add up to 1,000 rules.
The maximum size of a replication configuration is 2 MB.
properties:
Role:
description: The Amazon Resource Name (ARN) of the AWS Identity and Access
Management (IAM) role that Amazon S3 assumes when replicating objects.
type: string
Rules:
description: A container for one or more replication rules.
insertionOrder: true
items:
additionalProperties: false
description: Specifies which Amazon S3 objects to replicate and where to
store the replicas.
properties:
DeleteMarkerReplication:
additionalProperties: false
properties:
Status:
enum:
- Disabled
- Enabled
type: string
type: object
Destination:
additionalProperties: false
description: Specifies which Amazon S3 bucket to store replicated objects
in and their storage class.
properties:
AccessControlTranslation:
additionalProperties: false
description: Specify this only in a cross-account scenario (where
source and destination bucket owners are not the same), and you
want to change replica ownership to the AWS account that owns
the destination bucket. If this is not specified in the replication
configuration, the replicas are owned by same AWS account that
owns the source object.
properties:
Owner:
const: Destination
type: string
required:
- Owner
type: object
Account:
type: string
Bucket:
type: string
EncryptionConfiguration:
additionalProperties: false
description: Specifies encryption-related information for an Amazon
S3 bucket that is a destination for replicated objects.
properties:
ReplicaKmsKeyID:
description: Specifies the ID (Key ARN or Alias ARN) of the
customer managed customer master key (CMK) stored in AWS Key
Management Service (KMS) for the destination bucket.
type: string
required:
- ReplicaKmsKeyID
type: object
Metrics:
additionalProperties: false
properties:
EventThreshold:
additionalProperties: false
properties:
Minutes:
type: integer
required:
- Minutes
type: object
Status:
enum:
- Disabled
- Enabled
type: string
required:
- Status
type: object
ReplicationTime:
additionalProperties: false
properties:
Status:
enum:
- Disabled
- Enabled
type: string
Time:
additionalProperties: false
properties:
Minutes:
type: integer
required:
- Minutes
type: object
required:
- Status
- Time
type: object
StorageClass:
description: The storage class to use when replicating objects,
such as S3 Standard or reduced redundancy.
enum:
- DEEP_ARCHIVE
- GLACIER
- GLACIER_IR
- INTELLIGENT_TIERING
- ONEZONE_IA
- REDUCED_REDUNDANCY
- STANDARD
- STANDARD_IA
type: string
required:
- Bucket
type: object
Filter:
additionalProperties: false
properties:
And:
additionalProperties: false
properties:
Prefix:
type: string
TagFilters:
insertionOrder: true
items:
additionalProperties: false
description: Tags to use to identify a subset of objects for
an Amazon S3 bucket.
properties:
Key:
type: string
Value:
type: string
required:
- Value
- Key
type: object
type: array
uniqueItems: true
type: object
Prefix:
type: string
TagFilter:
additionalProperties: false
description: Tags to use to identify a subset of objects for an
Amazon S3 bucket.
properties:
Key:
type: string
Value:
type: string
required:
- Value
- Key
type: object
type: object
Id:
description: A unique identifier for the rule.
maxLength: 255
type: string
Prefix:
description: An object key name prefix that identifies the object or
objects to which the rule applies.
maxLength: 1024
type: string
Priority:
type: integer
SourceSelectionCriteria:
additionalProperties: false
description: A container that describes additional filters for identifying
the source objects that you want to replicate.
properties:
ReplicaModifications:
additionalProperties: false
properties:
Status:
description: Specifies whether Amazon S3 replicates modifications
on replicas.
enum:
- Enabled
- Disabled
type: string
required:
- Status
type: object
SseKmsEncryptedObjects:
additionalProperties: false
description: A container for filter information for the selection
of S3 objects encrypted with AWS KMS.
properties:
Status:
description: Specifies whether Amazon S3 replicates objects
created with server-side encryption using a customer master
key (CMK) stored in AWS Key Management Service.
enum:
- Disabled
- Enabled
type: string
required:
- Status
type: object
type: object
Status:
description: Specifies whether the rule is enabled.
enum:
- Disabled
- Enabled
type: string
required:
- Destination
- Status
type: object
type: array
uniqueItems: true
required:
- Role
- Rules
type: object
ReplicationDestination:
additionalProperties: false
description: Specifies which Amazon S3 bucket to store replicated objects in and
their storage class.
properties:
AccessControlTranslation:
additionalProperties: false
description: Specify this only in a cross-account scenario (where source and
destination bucket owners are not the same), and you want to change replica
ownership to the AWS account that owns the destination bucket. If this is
not specified in the replication configuration, the replicas are owned by
same AWS account that owns the source object.
properties:
Owner:
const: Destination
type: string
required:
- Owner
type: object
Account:
type: string
Bucket:
type: string
EncryptionConfiguration:
additionalProperties: false
description: Specifies encryption-related information for an Amazon S3 bucket
that is a destination for replicated objects.
properties:
ReplicaKmsKeyID:
description: Specifies the ID (Key ARN or Alias ARN) of the customer managed
customer master key (CMK) stored in AWS Key Management Service (KMS)
for the destination bucket.
type: string
required:
- ReplicaKmsKeyID
type: object
Metrics:
additionalProperties: false
properties:
EventThreshold:
additionalProperties: false
properties:
Minutes:
type: integer
required:
- Minutes
type: object
Status:
enum:
- Disabled
- Enabled
type: string
required:
- Status
type: object
ReplicationTime:
additionalProperties: false
properties:
Status:
enum:
- Disabled
- Enabled
type: string
Time:
additionalProperties: false
properties:
Minutes:
type: integer
required:
- Minutes
type: object
required:
- Status
- Time
type: object
StorageClass:
description: The storage class to use when replicating objects, such as S3
Standard or reduced redundancy.
enum:
- DEEP_ARCHIVE
- GLACIER
- GLACIER_IR
- INTELLIGENT_TIERING
- ONEZONE_IA
- REDUCED_REDUNDANCY
- STANDARD
- STANDARD_IA
type: string
required:
- Bucket
type: object
ReplicationRule:
additionalProperties: false
description: Specifies which Amazon S3 objects to replicate and where to store
the replicas.
properties:
DeleteMarkerReplication:
additionalProperties: false
properties:
Status:
enum:
- Disabled
- Enabled
type: string
type: object
Destination:
additionalProperties: false
description: Specifies which Amazon S3 bucket to store replicated objects
in and their storage class.
properties:
AccessControlTranslation:
additionalProperties: false
description: Specify this only in a cross-account scenario (where source
and destination bucket owners are not the same), and you want to change
replica ownership to the AWS account that owns the destination bucket.
If this is not specified in the replication configuration, the replicas
are owned by same AWS account that owns the source object.
properties:
Owner:
const: Destination
type: string
required:
- Owner
type: object
Account:
type: string
Bucket:
type: string
EncryptionConfiguration:
additionalProperties: false
description: Specifies encryption-related information for an Amazon S3
bucket that is a destination for replicated objects.
properties:
ReplicaKmsKeyID:
description: Specifies the ID (Key ARN or Alias ARN) of the customer
managed customer master key (CMK) stored in AWS Key Management Service
(KMS) for the destination bucket.
type: string
required:
- ReplicaKmsKeyID
type: object
Metrics:
additionalProperties: false
properties:
EventThreshold:
additionalProperties: false
properties:
Minutes:
type: integer
required:
- Minutes
type: object
Status:
enum:
- Disabled
- Enabled
type: string
required:
- Status
type: object
ReplicationTime:
additionalProperties: false
properties:
Status:
enum:
- Disabled
- Enabled
type: string
Time:
additionalProperties: false
properties:
Minutes:
type: integer
required:
- Minutes
type: object
required:
- Status
- Time
type: object
StorageClass:
description: The storage class to use when replicating objects, such as
S3 Standard or reduced redundancy.
enum:
- DEEP_ARCHIVE
- GLACIER
- GLACIER_IR
- INTELLIGENT_TIERING
- ONEZONE_IA
- REDUCED_REDUNDANCY
- STANDARD
- STANDARD_IA
type: string
required:
- Bucket
type: object
Filter:
additionalProperties: false
properties:
And:
additionalProperties: false
properties:
Prefix:
type: string
TagFilters:
insertionOrder: true
items:
additionalProperties: false
description: Tags to use to identify a subset of objects for an
Amazon S3 bucket.
properties:
Key:
type: string
Value:
type: string
required:
- Value
- Key
type: object
type: array
uniqueItems: true
type: object
Prefix:
type: string
TagFilter:
additionalProperties: false
description: Tags to use to identify a subset of objects for an Amazon
S3 bucket.
properties:
Key:
type: string
Value:
type: string
required:
- Value
- Key
type: object
type: object
Id:
description: A unique identifier for the rule.
maxLength: 255
type: string
Prefix:
description: An object key name prefix that identifies the object or objects
to which the rule applies.
maxLength: 1024
type: string
Priority:
type: integer
SourceSelectionCriteria:
additionalProperties: false
description: A container that describes additional filters for identifying
the source objects that you want to replicate.
properties:
ReplicaModifications:
additionalProperties: false
properties:
Status:
description: Specifies whether Amazon S3 replicates modifications
on replicas.
enum:
- Enabled
- Disabled
type: string
required:
- Status
type: object
SseKmsEncryptedObjects:
additionalProperties: false
description: A container for filter information for the selection of S3
objects encrypted with AWS KMS.
properties:
Status:
description: Specifies whether Amazon S3 replicates objects created
with server-side encryption using a customer master key (CMK) stored
in AWS Key Management Service.
enum:
- Disabled
- Enabled
type: string
required:
- Status
type: object
type: object
Status:
description: Specifies whether the rule is enabled.
enum:
- Disabled
- Enabled
type: string
required:
- Destination
- Status
type: object
ReplicationRuleAndOperator:
additionalProperties: false
properties:
Prefix:
type: string
TagFilters:
insertionOrder: true
items:
additionalProperties: false
description: Tags to use to identify a subset of objects for an Amazon S3
bucket.
properties:
Key:
type: string
Value:
type: string
required:
- Value
- Key
type: object
type: array
uniqueItems: true
type: object
ReplicationRuleFilter:
additionalProperties: false
properties:
And:
additionalProperties: false
properties:
Prefix:
type: string
TagFilters:
insertionOrder: true
items:
additionalProperties: false
description: Tags to use to identify a subset of objects for an Amazon
S3 bucket.
properties:
Key:
type: string
Value:
type: string
required:
- Value
- Key
type: object
type: array
uniqueItems: true
type: object
Prefix:
type: string
TagFilter:
additionalProperties: false
description: Tags to use to identify a subset of objects for an Amazon S3
bucket.
properties:
Key:
type: string
Value:
type: string
required:
- Value
- Key
type: object
type: object
ReplicationTime:
additionalProperties: false
properties:
Status:
enum:
- Disabled
- Enabled
type: string
Time:
additionalProperties: false
properties:
Minutes:
type: integer
required:
- Minutes
type: object
required:
- Status
- Time
type: object
ReplicationTimeValue:
additionalProperties: false
properties:
Minutes:
type: integer
required:
- Minutes
type: object
RoutingRule:
additionalProperties: false
description: Specifies the redirect behavior and when a redirect is applied.
properties:
RedirectRule:
additionalProperties: false
description: Specifies how requests are redirected. In the event of an error,
you can specify a different error code to return.
properties:
HostName:
description: The host name to use in the redirect request.
type: string
HttpRedirectCode:
description: The HTTP redirect code to use on the response. Not required
if one of the siblings is present.
type: string
Protocol:
description: Protocol to use when redirecting requests. The default is
the protocol that is used in the original request.
enum:
- http
- https
type: string
ReplaceKeyPrefixWith:
description: The object key prefix to use in the redirect request.
type: string
ReplaceKeyWith:
description: The specific object key to use in the redirect request.d
type: string
type: object
RoutingRuleCondition:
additionalProperties: false
description: A container for describing a condition that must be met for the
specified redirect to apply.You must specify at least one of HttpErrorCodeReturnedEquals
and KeyPrefixEquals
properties:
HttpErrorCodeReturnedEquals:
description: 'The HTTP error code when the redirect is applied. '
type: string
KeyPrefixEquals:
description: The object key name prefix when the redirect is applied.
type: string
type: object
required:
- RedirectRule
type: object
RoutingRuleCondition:
additionalProperties: false
description: A container for describing a condition that must be met for the specified
redirect to apply.You must specify at least one of HttpErrorCodeReturnedEquals
and KeyPrefixEquals
properties:
HttpErrorCodeReturnedEquals:
description: 'The HTTP error code when the redirect is applied. '
type: string
KeyPrefixEquals:
description: The object key name prefix when the redirect is applied.
type: string
type: object
Rule:
additionalProperties: false
description: 'You must specify at least one of the following properties: AbortIncompleteMultipartUpload,
ExpirationDate, ExpirationInDays, NoncurrentVersionExpirationInDays, NoncurrentVersionTransition,
NoncurrentVersionTransitions, Transition, or Transitions.'
properties:
AbortIncompleteMultipartUpload:
additionalProperties: false
description: Specifies the days since the initiation of an incomplete multipart
upload that Amazon S3 will wait before permanently removing all parts of
the upload.
properties:
DaysAfterInitiation:
description: Specifies the number of days after which Amazon S3 aborts
an incomplete multipart upload.
minimum: 0
type: integer
required:
- DaysAfterInitiation
type: object
ExpirationDate:
description: The date value in ISO 8601 format. The timezone is always UTC.
(YYYY-MM-DDThh:mm:ssZ)
pattern: ^([0-2]\d{3})-(0[0-9]|1[0-2])-([0-2]\d|3[01])T([01]\d|2[0-4]):([0-5]\d):([0-6]\d)((\.\d{3})?)Z$
type: string
ExpirationInDays:
type: integer
ExpiredObjectDeleteMarker:
type: boolean
Id:
maxLength: 255
type: string
NoncurrentVersionExpirationInDays:
type: integer
NoncurrentVersionTransition:
additionalProperties: false
description: Container for the transition rule that describes when noncurrent
objects transition to the STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING,
GLACIER_IR, GLACIER, or DEEP_ARCHIVE storage class. If your bucket is versioning-enabled
(or versioning is suspended), you can set this action to request that Amazon
S3 transition noncurrent object versions to the STANDARD_IA, ONEZONE_IA,
INTELLIGENT_TIERING, GLACIER_IR, GLACIER, or DEEP_ARCHIVE storage class
at a specific period in the object's lifetime.
properties:
StorageClass:
description: The class of storage used to store the object.
enum:
- DEEP_ARCHIVE
- GLACIER
- Glacier
- GLACIER_IR
- INTELLIGENT_TIERING
- ONEZONE_IA
- STANDARD_IA
type: string
TransitionInDays:
description: Specifies the number of days an object is noncurrent before
Amazon S3 can perform the associated action.
type: integer
required:
- StorageClass
- TransitionInDays
type: object
NoncurrentVersionTransitions:
insertionOrder: true
items:
additionalProperties: false
description: Container for the transition rule that describes when noncurrent
objects transition to the STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING,
GLACIER_IR, GLACIER, or DEEP_ARCHIVE storage class. If your bucket is
versioning-enabled (or versioning is suspended), you can set this action
to request that Amazon S3 transition noncurrent object versions to the
STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER_IR, GLACIER, or
DEEP_ARCHIVE storage class at a specific period in the object's lifetime.
properties:
StorageClass:
description: The class of storage used to store the object.
enum:
- DEEP_ARCHIVE
- GLACIER
- Glacier
- GLACIER_IR
- INTELLIGENT_TIERING
- ONEZONE_IA
- STANDARD_IA
type: string
TransitionInDays:
description: Specifies the number of days an object is noncurrent before
Amazon S3 can perform the associated action.
type: integer
required:
- StorageClass
- TransitionInDays
type: object
type: array
uniqueItems: true
Prefix:
type: string
Status:
enum:
- Enabled
- Disabled
type: string
TagFilters:
insertionOrder: true
items:
additionalProperties: false
description: Tags to use to identify a subset of objects for an Amazon S3
bucket.
properties:
Key:
type: string
Value:
type: string
required:
- Value
- Key
type: object
type: array
uniqueItems: true
Transition:
additionalProperties: false
description: You must specify at least one of "TransitionDate" and "TransitionInDays"
properties:
StorageClass:
enum:
- DEEP_ARCHIVE
- GLACIER
- Glacier
- GLACIER_IR
- INTELLIGENT_TIERING
- ONEZONE_IA
- STANDARD_IA
type: string
TransitionDate:
description: The date value in ISO 8601 format. The timezone is always
UTC. (YYYY-MM-DDThh:mm:ssZ)
pattern: ^([0-2]\d{3})-(0[0-9]|1[0-2])-([0-2]\d|3[01])T([01]\d|2[0-4]):([0-5]\d):([0-6]\d)((\.\d{3})?)Z$
type: string
TransitionInDays:
type: integer
required:
- StorageClass
type: object
Transitions:
insertionOrder: true
items:
additionalProperties: false
description: You must specify at least one of "TransitionDate" and "TransitionInDays"
properties:
StorageClass:
enum:
- DEEP_ARCHIVE
- GLACIER
- Glacier
- GLACIER_IR
- INTELLIGENT_TIERING
- ONEZONE_IA
- STANDARD_IA
type: string
TransitionDate:
description: The date value in ISO 8601 format. The timezone is always
UTC. (YYYY-MM-DDThh:mm:ssZ)
pattern: ^([0-2]\d{3})-(0[0-9]|1[0-2])-([0-2]\d|3[01])T([01]\d|2[0-4]):([0-5]\d):([0-6]\d)((\.\d{3})?)Z$
type: string
TransitionInDays:
type: integer
required:
- StorageClass
type: object
type: array
uniqueItems: true
required:
- Status
type: object
S3KeyFilter:
additionalProperties: false
description: A container for object key name prefix and suffix filtering rules.
properties:
Rules:
insertionOrder: true
items:
additionalProperties: false
description: Specifies the Amazon S3 object key name to filter on and whether
to filter on the suffix or prefix of the key name.
properties:
Name:
maxLength: 1024
type: string
Value:
type: string
required:
- Value
- Name
type: object
type: array
uniqueItems: true
required:
- Rules
type: object
ServerSideEncryptionByDefault:
additionalProperties: false
description: Specifies the default server-side encryption to apply to new objects
in the bucket. If a PUT Object request doesn't specify any server-side encryption,
this default encryption will be applied.
properties:
KMSMasterKeyID:
description: '"KMSMasterKeyID" can only be used when you set the value of
SSEAlgorithm as aws:kms.'
type: string
SSEAlgorithm:
enum:
- aws:kms
- AES256
type: string
required:
- SSEAlgorithm
type: object
ServerSideEncryptionRule:
additionalProperties: false
description: Specifies the default server-side encryption configuration.
properties:
BucketKeyEnabled:
description: Specifies whether Amazon S3 should use an S3 Bucket Key with
server-side encryption using KMS (SSE-KMS) for new objects in the bucket.
Existing objects are not affected. Setting the BucketKeyEnabled element
to true causes Amazon S3 to use an S3 Bucket Key. By default, S3 Bucket
Key is not enabled.
type: boolean
ServerSideEncryptionByDefault:
additionalProperties: false
description: Specifies the default server-side encryption to apply to new
objects in the bucket. If a PUT Object request doesn't specify any server-side
encryption, this default encryption will be applied.
properties:
KMSMasterKeyID:
description: '"KMSMasterKeyID" can only be used when you set the value
of SSEAlgorithm as aws:kms.'
type: string
SSEAlgorithm:
enum:
- aws:kms
- AES256
type: string
required:
- SSEAlgorithm
type: object
type: object
SourceSelectionCriteria:
additionalProperties: false
description: A container that describes additional filters for identifying the
source objects that you want to replicate.
properties:
ReplicaModifications:
additionalProperties: false
properties:
Status:
description: Specifies whether Amazon S3 replicates modifications on replicas.
enum:
- Enabled
- Disabled
type: string
required:
- Status
type: object
SseKmsEncryptedObjects:
additionalProperties: false
description: A container for filter information for the selection of S3 objects
encrypted with AWS KMS.
properties:
Status:
description: Specifies whether Amazon S3 replicates objects created with
server-side encryption using a customer master key (CMK) stored in AWS
Key Management Service.
enum:
- Disabled
- Enabled
type: string
required:
- Status
type: object
type: object
SseKmsEncryptedObjects:
additionalProperties: false
description: A container for filter information for the selection of S3 objects
encrypted with AWS KMS.
properties:
Status:
description: Specifies whether Amazon S3 replicates objects created with server-side
encryption using a customer master key (CMK) stored in AWS Key Management
Service.
enum:
- Disabled
- Enabled
type: string
required:
- Status
type: object
StorageClassAnalysis:
additionalProperties: false
description: Specifies data related to access patterns to be collected and made
available to analyze the tradeoffs between different storage classes for an
Amazon S3 bucket.
properties:
DataExport:
additionalProperties: false
description: Specifies how data related to the storage class analysis for
an Amazon S3 bucket should be exported.
properties:
Destination:
additionalProperties: false
description: Specifies information about where to publish analysis or
configuration results for an Amazon S3 bucket and S3 Replication Time
Control (S3 RTC).
properties:
BucketAccountId:
description: 'The account ID that owns the destination S3 bucket. '
type: string
BucketArn:
description: The Amazon Resource Name (ARN) of the bucket to which
data is exported.
type: string
Format:
description: Specifies the file format used when exporting data to
Amazon S3.
enum:
- CSV
- ORC
- Parquet
type: string
Prefix:
description: The prefix to use when exporting data. The prefix is
prepended to all results.
type: string
required:
- BucketArn
- Format
type: object
OutputSchemaVersion:
const: V_1
description: The version of the output schema to use when exporting data.
type: string
required:
- Destination
- OutputSchemaVersion
type: object
type: object
Tag:
additionalProperties: false
properties:
Key:
maxLength: 127
minLength: 1
pattern: ^(?!aws:.*)[a-zA-Z0-9\s\_\.\/\=\+\-]+$
type: string
Value:
maxLength: 255
minLength: 1
pattern: ^(?!aws:.*)[a-zA-Z0-9\s\_\.\/\=\+\-]+$
type: string
required:
- Value
- Key
type: object
TagFilter:
additionalProperties: false
description: Tags to use to identify a subset of objects for an Amazon S3 bucket.
properties:
Key:
type: string
Value:
type: string
required:
- Value
- Key
type: object
Tiering:
additionalProperties: false
properties:
AccessTier:
description: S3 Intelligent-Tiering access tier. See Storage class for automatically
optimizing frequently and infrequently accessed objects for a list of access
tiers in the S3 Intelligent-Tiering storage class.
enum:
- ARCHIVE_ACCESS
- DEEP_ARCHIVE_ACCESS
type: string
Days:
description: The number of consecutive days of no access after which an object
will be eligible to be transitioned to the corresponding tier. The minimum
number of days specified for Archive Access tier must be at least 90 days
and Deep Archive Access tier must be at least 180 days. The maximum can
be up to 2 years (730 days).
type: integer
required:
- AccessTier
- Days
type: object
TopicConfiguration:
additionalProperties: false
description: The topic to which notifications are sent and the events for which
notifications are generated.
properties:
Event:
description: The Amazon S3 bucket event about which to send notifications.
type: string
Filter:
additionalProperties: false
description: Specifies object key name filtering rules.
properties:
S3Key:
additionalProperties: false
description: A container for object key name prefix and suffix filtering
rules.
properties:
Rules:
insertionOrder: true
items:
additionalProperties: false
description: Specifies the Amazon S3 object key name to filter on
and whether to filter on the suffix or prefix of the key name.
properties:
Name:
maxLength: 1024
type: string
Value:
type: string
required:
- Value
- Name
type: object
type: array
uniqueItems: true
required:
- Rules
type: object
required:
- S3Key
type: object
Topic:
description: The Amazon Resource Name (ARN) of the Amazon SNS topic to which
Amazon S3 publishes a message when it detects events of the specified type.
type: string
required:
- Event
- Topic
type: object
Transition:
additionalProperties: false
description: You must specify at least one of "TransitionDate" and "TransitionInDays"
properties:
StorageClass:
enum:
- DEEP_ARCHIVE
- GLACIER
- Glacier
- GLACIER_IR
- INTELLIGENT_TIERING
- ONEZONE_IA
- STANDARD_IA
type: string
TransitionDate:
description: The date value in ISO 8601 format. The timezone is always UTC.
(YYYY-MM-DDThh:mm:ssZ)
pattern: ^([0-2]\d{3})-(0[0-9]|1[0-2])-([0-2]\d|3[01])T([01]\d|2[0-4]):([0-5]\d):([0-6]\d)((\.\d{3})?)Z$
type: string
TransitionInDays:
type: integer
required:
- StorageClass
type: object
VersioningConfiguration:
additionalProperties: false
description: Describes the versioning state of an Amazon S3 bucket.
properties:
Status:
default: Suspended
description: The versioning state of the bucket.
enum:
- Enabled
- Suspended
type: string
required:
- Status
type: object
WebsiteConfiguration:
additionalProperties: false
description: Specifies website configuration parameters for an Amazon S3 bucket.
properties:
ErrorDocument:
description: The name of the error document for the website.
type: string
IndexDocument:
description: The name of the index document for the website.
type: string
RedirectAllRequestsTo:
additionalProperties: false
description: Specifies the redirect behavior of all requests to a website
endpoint of an Amazon S3 bucket.
properties:
HostName:
description: Name of the host where requests are redirected.
type: string
Protocol:
description: Protocol to use when redirecting requests. The default is
the protocol that is used in the original request.
enum:
- http
- https
type: string
required:
- HostName
type: object
RoutingRules:
insertionOrder: true
items:
additionalProperties: false
description: Specifies the redirect behavior and when a redirect is applied.
properties:
RedirectRule:
additionalProperties: false
description: Specifies how requests are redirected. In the event of
an error, you can specify a different error code to return.
properties:
HostName:
description: The host name to use in the redirect request.
type: string
HttpRedirectCode:
description: The HTTP redirect code to use on the response. Not
required if one of the siblings is present.
type: string
Protocol:
description: Protocol to use when redirecting requests. The default
is the protocol that is used in the original request.
enum:
- http
- https
type: string
ReplaceKeyPrefixWith:
description: The object key prefix to use in the redirect request.
type: string
ReplaceKeyWith:
description: The specific object key to use in the redirect request.d
type: string
type: object
RoutingRuleCondition:
additionalProperties: false
description: A container for describing a condition that must be met
for the specified redirect to apply.You must specify at least one
of HttpErrorCodeReturnedEquals and KeyPrefixEquals
properties:
HttpErrorCodeReturnedEquals:
description: 'The HTTP error code when the redirect is applied. '
type: string
KeyPrefixEquals:
description: The object key name prefix when the redirect is applied.
type: string
type: object
required:
- RedirectRule
type: object
type: array
type: object
iso8601UTC:
description: The date value in ISO 8601 format. The timezone is always UTC. (YYYY-MM-DDThh:mm:ssZ)
pattern: ^([0-2]\d{3})-(0[0-9]|1[0-2])-([0-2]\d|3[01])T([01]\d|2[0-4]):([0-5]\d):([0-6]\d)((\.\d{3})?)Z$
type: string
properties:
AccelerateConfiguration:
additionalProperties: false
properties:
AccelerationStatus:
description: Configures the transfer acceleration state for an Amazon S3 bucket.
enum:
- Enabled
- Suspended
type: string
required:
- AccelerationStatus
type: object
AccessControl:
description: A canned access control list (ACL) that grants predefined permissions
to the bucket.
enum:
- AuthenticatedRead
- AwsExecRead
- BucketOwnerFullControl
- BucketOwnerRead
- LogDeliveryWrite
- Private
- PublicRead
- PublicReadWrite
type: string
AnalyticsConfigurations:
description: The configuration and any analyses for the analytics filter of an
Amazon S3 bucket.
insertionOrder: true
items:
additionalProperties: false
description: Specifies the configuration and any analyses for the analytics
filter of an Amazon S3 bucket.
properties:
Id:
description: The ID that identifies the analytics configuration.
type: string
Prefix:
description: The prefix that an object must have to be included in the analytics
results.
type: string
StorageClassAnalysis:
additionalProperties: false
description: Specifies data related to access patterns to be collected and
made available to analyze the tradeoffs between different storage classes
for an Amazon S3 bucket.
properties:
DataExport:
additionalProperties: false
description: Specifies how data related to the storage class analysis
for an Amazon S3 bucket should be exported.
properties:
Destination:
additionalProperties: false
description: Specifies information about where to publish analysis
or configuration results for an Amazon S3 bucket and S3 Replication
Time Control (S3 RTC).
properties:
BucketAccountId:
description: 'The account ID that owns the destination S3 bucket. '
type: string
BucketArn:
description: The Amazon Resource Name (ARN) of the bucket to
which data is exported.
type: string
Format:
description: Specifies the file format used when exporting data
to Amazon S3.
enum:
- CSV
- ORC
- Parquet
type: string
Prefix:
description: The prefix to use when exporting data. The prefix
is prepended to all results.
type: string
required:
- BucketArn
- Format
type: object
OutputSchemaVersion:
const: V_1
description: The version of the output schema to use when exporting
data.
type: string
required:
- Destination
- OutputSchemaVersion
type: object
type: object
TagFilters:
insertionOrder: true
items:
additionalProperties: false
description: Tags to use to identify a subset of objects for an Amazon
S3 bucket.
properties:
Key:
type: string
Value:
type: string
required:
- Value
- Key
type: object
type: array
uniqueItems: true
required:
- StorageClassAnalysis
- Id
type: object
type: array
uniqueItems: true
BucketEncryption:
additionalProperties: false
description: Specifies default encryption for a bucket using server-side encryption
with either Amazon S3-managed keys (SSE-S3) or AWS KMS-managed keys (SSE-KMS).
properties:
ServerSideEncryptionConfiguration:
description: Specifies the default server-side-encryption configuration.
insertionOrder: true
items:
additionalProperties: false
description: Specifies the default server-side encryption configuration.
properties:
BucketKeyEnabled:
description: Specifies whether Amazon S3 should use an S3 Bucket Key
with server-side encryption using KMS (SSE-KMS) for new objects in
the bucket. Existing objects are not affected. Setting the BucketKeyEnabled
element to true causes Amazon S3 to use an S3 Bucket Key. By default,
S3 Bucket Key is not enabled.
type: boolean
ServerSideEncryptionByDefault:
additionalProperties: false
description: Specifies the default server-side encryption to apply to
new objects in the bucket. If a PUT Object request doesn't specify
any server-side encryption, this default encryption will be applied.
properties:
KMSMasterKeyID:
description: '"KMSMasterKeyID" can only be used when you set the
value of SSEAlgorithm as aws:kms.'
type: string
SSEAlgorithm:
enum:
- aws:kms
- AES256
type: string
required:
- SSEAlgorithm
type: object
type: object
type: array
uniqueItems: true
required:
- ServerSideEncryptionConfiguration
type: object
CorsConfiguration:
additionalProperties: false
properties:
CorsRules:
insertionOrder: true
items:
additionalProperties: false
description: A set of origins and methods (cross-origin access that you
want to allow). You can add up to 100 rules to the configuration.
properties:
AllowedHeaders:
description: Headers that are specified in the Access-Control-Request-Headers
header.
insertionOrder: true
items:
type: string
type: array
uniqueItems: true
AllowedMethods:
description: An HTTP method that you allow the origin to execute.
insertionOrder: true
items:
enum:
- GET
- PUT
- HEAD
- POST
- DELETE
type: string
type: array
uniqueItems: true
AllowedOrigins:
description: One or more origins you want customers to be able to access
the bucket from.
insertionOrder: true
items:
type: string
type: array
uniqueItems: true
ExposedHeaders:
description: One or more headers in the response that you want customers
to be able to access from their applications (for example, from a
JavaScript XMLHttpRequest object).
insertionOrder: true
items:
type: string
type: array
uniqueItems: true
Id:
description: A unique identifier for this rule.
maxLength: 255
type: string
MaxAge:
description: The time in seconds that your browser is to cache the preflight
response for the specified resource.
minimum: 0
type: integer
required:
- AllowedMethods
- AllowedOrigins
type: object
type: array
uniqueItems: true
required:
- CorsRules
type: object
IntelligentTieringConfigurations:
description: Specifies the S3 Intelligent-Tiering configuration for an Amazon
S3 bucket.
insertionOrder: true
items:
additionalProperties: false
properties:
Id:
description: The ID used to identify the S3 Intelligent-Tiering configuration.
type: string
Prefix:
description: An object key name prefix that identifies the subset of objects
to which the rule applies.
type: string
Status:
description: Specifies the status of the configuration.
enum:
- Disabled
- Enabled
type: string
TagFilters:
description: A container for a key-value pair.
insertionOrder: true
items:
additionalProperties: false
description: Tags to use to identify a subset of objects for an Amazon
S3 bucket.
properties:
Key:
type: string
Value:
type: string
required:
- Value
- Key
type: object
type: array
uniqueItems: true
Tierings:
description: 'Specifies a list of S3 Intelligent-Tiering storage class tiers
in the configuration. At least one tier must be defined in the list. At
most, you can specify two tiers in the list, one for each available AccessTier:
ARCHIVE_ACCESS and DEEP_ARCHIVE_ACCESS.'
insertionOrder: true
items:
additionalProperties: false
properties:
AccessTier:
description: S3 Intelligent-Tiering access tier. See Storage class
for automatically optimizing frequently and infrequently accessed
objects for a list of access tiers in the S3 Intelligent-Tiering
storage class.
enum:
- ARCHIVE_ACCESS
- DEEP_ARCHIVE_ACCESS
type: string
Days:
description: The number of consecutive days of no access after which
an object will be eligible to be transitioned to the corresponding
tier. The minimum number of days specified for Archive Access tier
must be at least 90 days and Deep Archive Access tier must be at
least 180 days. The maximum can be up to 2 years (730 days).
type: integer
required:
- AccessTier
- Days
type: object
type: array
uniqueItems: true
required:
- Id
- Status
- Tierings
type: object
type: array
uniqueItems: true
InventoryConfigurations:
description: The inventory configuration for an Amazon S3 bucket.
insertionOrder: true
items:
additionalProperties: false
properties:
Destination:
additionalProperties: false
description: Specifies information about where to publish analysis or configuration
results for an Amazon S3 bucket and S3 Replication Time Control (S3 RTC).
properties:
BucketAccountId:
description: 'The account ID that owns the destination S3 bucket. '
type: string
BucketArn:
description: The Amazon Resource Name (ARN) of the bucket to which data
is exported.
type: string
Format:
description: Specifies the file format used when exporting data to Amazon
S3.
enum:
- CSV
- ORC
- Parquet
type: string
Prefix:
description: The prefix to use when exporting data. The prefix is prepended
to all results.
type: string
required:
- BucketArn
- Format
type: object
Enabled:
description: Specifies whether the inventory is enabled or disabled.
type: boolean
Id:
description: The ID used to identify the inventory configuration.
type: string
IncludedObjectVersions:
description: Object versions to include in the inventory list.
enum:
- All
- Current
type: string
OptionalFields:
description: Contains the optional fields that are included in the inventory
results.
insertionOrder: true
items:
enum:
- Size
- LastModifiedDate
- StorageClass
- ETag
- IsMultipartUploaded
- ReplicationStatus
- EncryptionStatus
- ObjectLockRetainUntilDate
- ObjectLockMode
- ObjectLockLegalHoldStatus
- IntelligentTieringAccessTier
- BucketKeyStatus
type: string
type: array
uniqueItems: true
Prefix:
description: The prefix that is prepended to all inventory results.
type: string
ScheduleFrequency:
description: Specifies the schedule for generating inventory results.
enum:
- Daily
- Weekly
type: string
required:
- Destination
- Enabled
- Id
- IncludedObjectVersions
- ScheduleFrequency
type: object
type: array
uniqueItems: true
LifecycleConfiguration:
additionalProperties: false
properties:
Rules:
description: A lifecycle rule for individual objects in an Amazon S3 bucket.
insertionOrder: true
items:
additionalProperties: false
description: 'You must specify at least one of the following properties:
AbortIncompleteMultipartUpload, ExpirationDate, ExpirationInDays, NoncurrentVersionExpirationInDays,
NoncurrentVersionTransition, NoncurrentVersionTransitions, Transition,
or Transitions.'
properties:
AbortIncompleteMultipartUpload:
additionalProperties: false
description: Specifies the days since the initiation of an incomplete
multipart upload that Amazon S3 will wait before permanently removing
all parts of the upload.
properties:
DaysAfterInitiation:
description: Specifies the number of days after which Amazon S3
aborts an incomplete multipart upload.
minimum: 0
type: integer
required:
- DaysAfterInitiation
type: object
ExpirationDate:
description: The date value in ISO 8601 format. The timezone is always
UTC. (YYYY-MM-DDThh:mm:ssZ)
pattern: ^([0-2]\d{3})-(0[0-9]|1[0-2])-([0-2]\d|3[01])T([01]\d|2[0-4]):([0-5]\d):([0-6]\d)((\.\d{3})?)Z$
type: string
ExpirationInDays:
type: integer
ExpiredObjectDeleteMarker:
type: boolean
Id:
maxLength: 255
type: string
NoncurrentVersionExpirationInDays:
type: integer
NoncurrentVersionTransition:
additionalProperties: false
description: Container for the transition rule that describes when noncurrent
objects transition to the STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING,
GLACIER_IR, GLACIER, or DEEP_ARCHIVE storage class. If your bucket
is versioning-enabled (or versioning is suspended), you can set this
action to request that Amazon S3 transition noncurrent object versions
to the STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER_IR, GLACIER,
or DEEP_ARCHIVE storage class at a specific period in the object's
lifetime.
properties:
StorageClass:
description: The class of storage used to store the object.
enum:
- DEEP_ARCHIVE
- GLACIER
- Glacier
- GLACIER_IR
- INTELLIGENT_TIERING
- ONEZONE_IA
- STANDARD_IA
type: string
TransitionInDays:
description: Specifies the number of days an object is noncurrent
before Amazon S3 can perform the associated action.
type: integer
required:
- StorageClass
- TransitionInDays
type: object
NoncurrentVersionTransitions:
insertionOrder: true
items:
additionalProperties: false
description: Container for the transition rule that describes when
noncurrent objects transition to the STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING,
GLACIER_IR, GLACIER, or DEEP_ARCHIVE storage class. If your bucket
is versioning-enabled (or versioning is suspended), you can set
this action to request that Amazon S3 transition noncurrent object
versions to the STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER_IR,
GLACIER, or DEEP_ARCHIVE storage class at a specific period in the
object's lifetime.
properties:
StorageClass:
description: The class of storage used to store the object.
enum:
- DEEP_ARCHIVE
- GLACIER
- Glacier
- GLACIER_IR
- INTELLIGENT_TIERING
- ONEZONE_IA
- STANDARD_IA
type: string
TransitionInDays:
description: Specifies the number of days an object is noncurrent
before Amazon S3 can perform the associated action.
type: integer
required:
- StorageClass
- TransitionInDays
type: object
type: array
uniqueItems: true
Prefix:
type: string
Status:
enum:
- Enabled
- Disabled
type: string
TagFilters:
insertionOrder: true
items:
additionalProperties: false
description: Tags to use to identify a subset of objects for an Amazon
S3 bucket.
properties:
Key:
type: string
Value:
type: string
required:
- Value
- Key
type: object
type: array
uniqueItems: true
Transition:
additionalProperties: false
description: You must specify at least one of "TransitionDate" and "TransitionInDays"
properties:
StorageClass:
enum:
- DEEP_ARCHIVE
- GLACIER
- Glacier
- GLACIER_IR
- INTELLIGENT_TIERING
- ONEZONE_IA
- STANDARD_IA
type: string
TransitionDate:
description: The date value in ISO 8601 format. The timezone is
always UTC. (YYYY-MM-DDThh:mm:ssZ)
pattern: ^([0-2]\d{3})-(0[0-9]|1[0-2])-([0-2]\d|3[01])T([01]\d|2[0-4]):([0-5]\d):([0-6]\d)((\.\d{3})?)Z$
type: string
TransitionInDays:
type: integer
required:
- StorageClass
type: object
Transitions:
insertionOrder: true
items:
additionalProperties: false
description: You must specify at least one of "TransitionDate" and
"TransitionInDays"
properties:
StorageClass:
enum:
- DEEP_ARCHIVE
- GLACIER
- Glacier
- GLACIER_IR
- INTELLIGENT_TIERING
- ONEZONE_IA
- STANDARD_IA
type: string
TransitionDate:
description: The date value in ISO 8601 format. The timezone is
always UTC. (YYYY-MM-DDThh:mm:ssZ)
pattern: ^([0-2]\d{3})-(0[0-9]|1[0-2])-([0-2]\d|3[01])T([01]\d|2[0-4]):([0-5]\d):([0-6]\d)((\.\d{3})?)Z$
type: string
TransitionInDays:
type: integer
required:
- StorageClass
type: object
type: array
uniqueItems: true
required:
- Status
type: object
type: array
uniqueItems: true
required:
- Rules
type: object
LoggingConfiguration:
additionalProperties: false
properties:
DestinationBucketName:
description: The name of an Amazon S3 bucket where Amazon S3 store server
access log files. You can store log files in any bucket that you own. By
default, logs are stored in the bucket where the LoggingConfiguration property
is defined.
type: string
LogFilePrefix:
type: string
type: object
MetricsConfigurations:
description: Settings that define a metrics configuration for the CloudWatch request
metrics from the bucket.
insertionOrder: true
items:
additionalProperties: false
properties:
AccessPointArn:
type: string
Id:
type: string
Prefix:
type: string
TagFilters:
insertionOrder: true
items:
additionalProperties: false
description: Tags to use to identify a subset of objects for an Amazon
S3 bucket.
properties:
Key:
type: string
Value:
type: string
required:
- Value
- Key
type: object
type: array
uniqueItems: true
required:
- Id
type: object
type: array
uniqueItems: true
NotificationConfiguration:
additionalProperties: false
description: Describes the notification configuration for an Amazon S3 bucket.
properties:
LambdaConfigurations:
insertionOrder: true
items:
additionalProperties: false
description: Describes the AWS Lambda functions to invoke and the events
for which to invoke them.
properties:
Event:
description: The Amazon S3 bucket event for which to invoke the AWS
Lambda function.
type: string
Filter:
additionalProperties: false
description: Specifies object key name filtering rules.
properties:
S3Key:
additionalProperties: false
description: A container for object key name prefix and suffix filtering
rules.
properties:
Rules:
insertionOrder: true
items:
additionalProperties: false
description: Specifies the Amazon S3 object key name to filter
on and whether to filter on the suffix or prefix of the
key name.
properties:
Name:
maxLength: 1024
type: string
Value:
type: string
required:
- Value
- Name
type: object
type: array
uniqueItems: true
required:
- Rules
type: object
required:
- S3Key
type: object
Function:
description: The Amazon Resource Name (ARN) of the AWS Lambda function
that Amazon S3 invokes when the specified event type occurs.
type: string
required:
- Function
- Event
type: object
type: array
uniqueItems: true
QueueConfigurations:
insertionOrder: true
items:
additionalProperties: false
description: The Amazon Simple Queue Service queues to publish messages
to and the events for which to publish messages.
properties:
Event:
description: The Amazon S3 bucket event about which you want to publish
messages to Amazon SQS.
type: string
Filter:
additionalProperties: false
description: Specifies object key name filtering rules.
properties:
S3Key:
additionalProperties: false
description: A container for object key name prefix and suffix filtering
rules.
properties:
Rules:
insertionOrder: true
items:
additionalProperties: false
description: Specifies the Amazon S3 object key name to filter
on and whether to filter on the suffix or prefix of the
key name.
properties:
Name:
maxLength: 1024
type: string
Value:
type: string
required:
- Value
- Name
type: object
type: array
uniqueItems: true
required:
- Rules
type: object
required:
- S3Key
type: object
Queue:
description: The Amazon Resource Name (ARN) of the Amazon SQS queue
to which Amazon S3 publishes a message when it detects events of the
specified type.
type: string
required:
- Event
- Queue
type: object
type: array
uniqueItems: true
TopicConfigurations:
insertionOrder: true
items:
additionalProperties: false
description: The topic to which notifications are sent and the events for
which notifications are generated.
properties:
Event:
description: The Amazon S3 bucket event about which to send notifications.
type: string
Filter:
additionalProperties: false
description: Specifies object key name filtering rules.
properties:
S3Key:
additionalProperties: false
description: A container for object key name prefix and suffix filtering
rules.
properties:
Rules:
insertionOrder: true
items:
additionalProperties: false
description: Specifies the Amazon S3 object key name to filter
on and whether to filter on the suffix or prefix of the
key name.
properties:
Name:
maxLength: 1024
type: string
Value:
type: string
required:
- Value
- Name
type: object
type: array
uniqueItems: true
required:
- Rules
type: object
required:
- S3Key
type: object
Topic:
description: The Amazon Resource Name (ARN) of the Amazon SNS topic
to which Amazon S3 publishes a message when it detects events of the
specified type.
type: string
required:
- Event
- Topic
type: object
type: array
uniqueItems: true
type: object
ObjectLockConfiguration:
additionalProperties: false
properties:
ObjectLockEnabled:
const: Enabled
type: string
Rule:
additionalProperties: false
description: The Object Lock rule in place for the specified object.
properties:
DefaultRetention:
additionalProperties: false
description: The default retention period that you want to apply to new
objects placed in the specified bucket.
properties:
Days:
type: integer
Mode:
enum:
- COMPLIANCE
- GOVERNANCE
type: string
Years:
type: integer
type: object
type: object
type: object
OwnershipControls:
additionalProperties: false
properties:
Rules:
insertionOrder: true
items:
additionalProperties: false
properties:
ObjectOwnership:
description: Specifies an object ownership rule.
enum:
- ObjectWriter
- BucketOwnerPreferred
type: string
type: object
type: array
uniqueItems: true
required:
- Rules
type: object
PublicAccessBlockConfiguration:
additionalProperties: false
description: Configuration that defines how Amazon S3 handles public access.
properties:
BlockPublicAcls:
description: "Specifies whether Amazon S3 should block public access control\
\ lists (ACLs) for this bucket and objects in this bucket. Setting this\
\ element to TRUE causes the following behavior:\n- PUT Bucket acl and PUT\
\ Object acl calls fail if the specified ACL is public.\n - PUT Object calls\
\ fail if the request includes a public ACL.\nEnabling this setting doesn't\
\ affect existing policies or ACLs."
type: boolean
BlockPublicPolicy:
description: 'Specifies whether Amazon S3 should block public bucket policies
for this bucket. Setting this element to TRUE causes Amazon S3 to reject
calls to PUT Bucket policy if the specified bucket policy allows public
access.
Enabling this setting doesn''t affect existing bucket policies.'
type: boolean
IgnorePublicAcls:
description: 'Specifies whether Amazon S3 should ignore public ACLs for this
bucket and objects in this bucket. Setting this element to TRUE causes Amazon
S3 to ignore all public ACLs on this bucket and objects in this bucket.
Enabling this setting doesn''t affect the persistence of any existing ACLs
and doesn''t prevent new public ACLs from being set.'
type: boolean
RestrictPublicBuckets:
description: 'Specifies whether Amazon S3 should restrict public bucket policies
for this bucket. Setting this element to TRUE restricts access to this bucket
to only AWS services and authorized users within this account if the bucket
has a public policy.
Enabling this setting doesn''t affect previously stored bucket policies,
except that public and cross-account access within any public bucket policy,
including non-public delegation to specific accounts, is blocked.'
type: boolean
type: object
ReplicationConfiguration:
additionalProperties: false
description: A container for replication rules. You can add up to 1,000 rules.
The maximum size of a replication configuration is 2 MB.
properties:
Role:
description: The Amazon Resource Name (ARN) of the AWS Identity and Access
Management (IAM) role that Amazon S3 assumes when replicating objects.
type: string
Rules:
description: A container for one or more replication rules.
insertionOrder: true
items:
additionalProperties: false
description: Specifies which Amazon S3 objects to replicate and where to
store the replicas.
properties:
DeleteMarkerReplication:
additionalProperties: false
properties:
Status:
enum:
- Disabled
- Enabled
type: string
type: object
Destination:
additionalProperties: false
description: Specifies which Amazon S3 bucket to store replicated objects
in and their storage class.
properties:
AccessControlTranslation:
additionalProperties: false
description: Specify this only in a cross-account scenario (where
source and destination bucket owners are not the same), and you
want to change replica ownership to the AWS account that owns
the destination bucket. If this is not specified in the replication
configuration, the replicas are owned by same AWS account that
owns the source object.
properties:
Owner:
const: Destination
type: string
required:
- Owner
type: object
Account:
type: string
Bucket:
type: string
EncryptionConfiguration:
additionalProperties: false
description: Specifies encryption-related information for an Amazon
S3 bucket that is a destination for replicated objects.
properties:
ReplicaKmsKeyID:
description: Specifies the ID (Key ARN or Alias ARN) of the
customer managed customer master key (CMK) stored in AWS Key
Management Service (KMS) for the destination bucket.
type: string
required:
- ReplicaKmsKeyID
type: object
Metrics:
additionalProperties: false
properties:
EventThreshold:
additionalProperties: false
properties:
Minutes:
type: integer
required:
- Minutes
type: object
Status:
enum:
- Disabled
- Enabled
type: string
required:
- Status
type: object
ReplicationTime:
additionalProperties: false
properties:
Status:
enum:
- Disabled
- Enabled
type: string
Time:
additionalProperties: false
properties:
Minutes:
type: integer
required:
- Minutes
type: object
required:
- Status
- Time
type: object
StorageClass:
description: The storage class to use when replicating objects,
such as S3 Standard or reduced redundancy.
enum:
- DEEP_ARCHIVE
- GLACIER
- GLACIER_IR
- INTELLIGENT_TIERING
- ONEZONE_IA
- REDUCED_REDUNDANCY
- STANDARD
- STANDARD_IA
type: string
required:
- Bucket
type: object
Filter:
additionalProperties: false
properties:
And:
additionalProperties: false
properties:
Prefix:
type: string
TagFilters:
insertionOrder: true
items:
additionalProperties: false
description: Tags to use to identify a subset of objects for
an Amazon S3 bucket.
properties:
Key:
type: string
Value:
type: string
required:
- Value
- Key
type: object
type: array
uniqueItems: true
type: object
Prefix:
type: string
TagFilter:
additionalProperties: false
description: Tags to use to identify a subset of objects for an
Amazon S3 bucket.
properties:
Key:
type: string
Value:
type: string
required:
- Value
- Key
type: object
type: object
Id:
description: A unique identifier for the rule.
maxLength: 255
type: string
Prefix:
description: An object key name prefix that identifies the object or
objects to which the rule applies.
maxLength: 1024
type: string
Priority:
type: integer
SourceSelectionCriteria:
additionalProperties: false
description: A container that describes additional filters for identifying
the source objects that you want to replicate.
properties:
ReplicaModifications:
additionalProperties: false
properties:
Status:
description: Specifies whether Amazon S3 replicates modifications
on replicas.
enum:
- Enabled
- Disabled
type: string
required:
- Status
type: object
SseKmsEncryptedObjects:
additionalProperties: false
description: A container for filter information for the selection
of S3 objects encrypted with AWS KMS.
properties:
Status:
description: Specifies whether Amazon S3 replicates objects
created with server-side encryption using a customer master
key (CMK) stored in AWS Key Management Service.
enum:
- Disabled
- Enabled
type: string
required:
- Status
type: object
type: object
Status:
description: Specifies whether the rule is enabled.
enum:
- Disabled
- Enabled
type: string
required:
- Destination
- Status
type: object
type: array
uniqueItems: true
required:
- Role
- Rules
type: object
Tags:
description: An arbitrary set of tags (key-value pairs) for this S3 bucket.
insertionOrder: false
items:
additionalProperties: false
properties:
Key:
maxLength: 127
minLength: 1
pattern: ^(?!aws:.*)[a-zA-Z0-9\s\_\.\/\=\+\-]+$
type: string
Value:
maxLength: 255
minLength: 1
pattern: ^(?!aws:.*)[a-zA-Z0-9\s\_\.\/\=\+\-]+$
type: string
required:
- Value
- Key
type: object
type: array
VersioningConfiguration:
additionalProperties: false
description: Describes the versioning state of an Amazon S3 bucket.
properties:
Status:
default: Suspended
description: The versioning state of the bucket.
enum:
- Enabled
- Suspended
type: string
required:
- Status
type: object
WebsiteConfiguration:
additionalProperties: false
description: Specifies website configuration parameters for an Amazon S3 bucket.
properties:
ErrorDocument:
description: The name of the error document for the website.
type: string
IndexDocument:
description: The name of the index document for the website.
type: string
RedirectAllRequestsTo:
additionalProperties: false
description: Specifies the redirect behavior of all requests to a website
endpoint of an Amazon S3 bucket.
properties:
HostName:
description: Name of the host where requests are redirected.
type: string
Protocol:
description: Protocol to use when redirecting requests. The default is
the protocol that is used in the original request.
enum:
- http
- https
type: string
required:
- HostName
type: object
RoutingRules:
insertionOrder: true
items:
additionalProperties: false
description: Specifies the redirect behavior and when a redirect is applied.
properties:
RedirectRule:
additionalProperties: false
description: Specifies how requests are redirected. In the event of
an error, you can specify a different error code to return.
properties:
HostName:
description: The host name to use in the redirect request.
type: string
HttpRedirectCode:
description: The HTTP redirect code to use on the response. Not
required if one of the siblings is present.
type: string
Protocol:
description: Protocol to use when redirecting requests. The default
is the protocol that is used in the original request.
enum:
- http
- https
type: string
ReplaceKeyPrefixWith:
description: The object key prefix to use in the redirect request.
type: string
ReplaceKeyWith:
description: The specific object key to use in the redirect request.d
type: string
type: object
RoutingRuleCondition:
additionalProperties: false
description: A container for describing a condition that must be met
for the specified redirect to apply.You must specify at least one
of HttpErrorCodeReturnedEquals and KeyPrefixEquals
properties:
HttpErrorCodeReturnedEquals:
description: 'The HTTP error code when the redirect is applied. '
type: string
KeyPrefixEquals:
description: The object key name prefix when the redirect is applied.
type: string
type: object
required:
- RedirectRule
type: object
type: array
type: object
type:
enum:
- update
Permissions - s3:PutBucketAcl, s3:PutBucketTagging, s3:PutAnalyticsConfiguration, s3:PutEncryptionConfiguration, s3:PutBucketCORS, s3:PutInventoryConfiguration, s3:PutLifecycleConfiguration, s3:PutMetricsConfiguration, s3:PutBucketNotification, s3:PutBucketReplication, s3:PutBucketWebsite, s3:PutAccelerateConfiguration, s3:PutBucketPublicAccessBlock, s3:PutReplicationConfiguration, s3:PutBucketOwnershipControls, s3:PutBucketIntelligentTieringConfiguration, s3:DeleteBucketWebsite, s3:PutBucketLogging, s3:PutBucketVersioning, s3:PutObjectLockConfiguration, s3:DeleteBucketAnalyticsConfiguration, s3:DeleteBucketCors, s3:DeleteBucketMetricsConfiguration, s3:DeleteBucketEncryption, s3:DeleteBucketLifecycle, s3:DeleteBucketReplication, iam:PassRole