Amazon Simple Storage Service

2025/11/20 - Amazon Simple Storage Service - 2 new api methods

Changes  Enable / Disable ABAC on a general purpose bucket.

GetBucketAbac (new) Link ¶

Returns the attribute-based access control (ABAC) property of the general purpose bucket. If the bucket ABAC is enabled, you can use tags for bucket access control. For more information, see Enabling ABAC in general purpose buckets. Whether ABAC is enabled or disabled, you can use tags for cost tracking. For more information, see Using tags with S3 general purpose buckets.

See also: AWS API Documentation

Request Syntax

client.get_bucket_abac(
    Bucket='string',
    ExpectedBucketOwner='string'
)
type Bucket:

string

param Bucket:

[REQUIRED]

The name of the general purpose bucket.

type ExpectedBucketOwner:

string

param ExpectedBucketOwner:

The Amazon Web Services account ID of the general purpose bucket's owner.

rtype:

dict

returns:

Response Syntax

{
    'AbacStatus': {
        'Status': 'Enabled'|'Disabled'
    }
}

Response Structure

  • (dict) --

    • AbacStatus (dict) --

      The ABAC status of the general purpose bucket.

      • Status (string) --

        The ABAC status of the general purpose bucket.

PutBucketAbac (new) Link ¶

Sets the attribute-based access control (ABAC) property of the general purpose bucket. When you enable ABAC, you can use tags for bucket access control. Additionally, when ABAC is enabled, you must use the TagResource, UntagResource, and ListTagsForResource actions to manage bucket tags, and you can nolonger use the PutBucketTagging and DeleteBucketTagging actions to tag the bucket. You must also have the correct permissions for these actions. For more information, see Enabling ABAC in general purpose buckets.

See also: AWS API Documentation

Request Syntax

client.put_bucket_abac(
    Bucket='string',
    ContentMD5='string',
    ChecksumAlgorithm='CRC32'|'CRC32C'|'SHA1'|'SHA256'|'CRC64NVME',
    ExpectedBucketOwner='string',
    AbacStatus={
        'Status': 'Enabled'|'Disabled'
    }
)
type Bucket:

string

param Bucket:

[REQUIRED]

The name of the general purpose bucket.

type ContentMD5:

string

param ContentMD5:

The MD5 hash of the PutBucketAbac request body.

For requests made using the Amazon Web Services Command Line Interface (CLI) or Amazon Web Services SDKs, this field is calculated automatically.

type ChecksumAlgorithm:

string

param ChecksumAlgorithm:

Indicates the algorithm that you want Amazon S3 to use to create the checksum. For more information, see Checking object integrity in the Amazon S3 User Guide.

type ExpectedBucketOwner:

string

param ExpectedBucketOwner:

The Amazon Web Services account ID of the general purpose bucket's owner.

type AbacStatus:

dict

param AbacStatus:

[REQUIRED]

The ABAC status of the general purpose bucket. When ABAC is enabled for the general purpose bucket, you can use tags to manage access to the general purpose buckets as well as for cost tracking purposes. When ABAC is disabled for the general purpose buckets, you can only use tags for cost tracking purposes. For more information, see Using tags with S3 general purpose buckets.

  • Status (string) --

    The ABAC status of the general purpose bucket.

returns:

None