Amazon Simple Storage Service

2017/11/07 - Amazon Simple Storage Service - 3 new 6 updated api methods

Changes  This releases adds support for 4 features: 1. Default encryption for S3 Bucket, 2. Encryption status in inventory and Encryption support for inventory. 3. Cross region replication of KMS-encrypted objects, and 4. ownership overwrite for CRR.

GetBucketEncryption (new) Link ¶

Returns the server-side encryption configuration of a bucket.

See also: AWS API Documentation

Request Syntax

client.get_bucket_encryption(
    Bucket='string'
)
type Bucket

string

param Bucket

[REQUIRED] The name of the bucket from which the server-side encryption configuration is retrieved.

rtype

dict

returns

Response Syntax

{
    'ServerSideEncryptionConfiguration': {
        'Rules': [
            {
                'ApplyServerSideEncryptionByDefault': {
                    'SSEAlgorithm': 'AES256'|'aws:kms',
                    'KMSMasterKeyID': 'string'
                }
            },
        ]
    }
}

Response Structure

  • (dict) --

    • ServerSideEncryptionConfiguration (dict) -- Container for server-side encryption configuration rules. Currently S3 supports one rule only.

      • Rules (list) -- Container for information about a particular server-side encryption configuration rule.

        • (dict) -- Container for information about a particular server-side encryption configuration rule.

          • ApplyServerSideEncryptionByDefault (dict) -- Describes the default server-side encryption to apply to new objects in the bucket. If Put Object request does not specify any server-side encryption, this default encryption will be applied.

            • SSEAlgorithm (string) -- Server-side encryption algorithm to use for the default encryption.

            • KMSMasterKeyID (string) -- KMS master key ID to use for the default encryption. This parameter is allowed if SSEAlgorithm is aws:kms.

PutBucketEncryption (new) Link ¶

Creates a new server-side encryption configuration (or replaces an existing one, if present).

See also: AWS API Documentation

Request Syntax

client.put_bucket_encryption(
    Bucket='string',
    ContentMD5='string',
    ServerSideEncryptionConfiguration={
        'Rules': [
            {
                'ApplyServerSideEncryptionByDefault': {
                    'SSEAlgorithm': 'AES256'|'aws:kms',
                    'KMSMasterKeyID': 'string'
                }
            },
        ]
    }
)
type Bucket

string

param Bucket

[REQUIRED] The name of the bucket for which the server-side encryption configuration is set.

type ContentMD5

string

param ContentMD5

The base64-encoded 128-bit MD5 digest of the server-side encryption configuration.

type ServerSideEncryptionConfiguration

dict

param ServerSideEncryptionConfiguration

[REQUIRED] Container for server-side encryption configuration rules. Currently S3 supports one rule only.

  • Rules (list) -- [REQUIRED] Container for information about a particular server-side encryption configuration rule.

    • (dict) -- Container for information about a particular server-side encryption configuration rule.

      • ApplyServerSideEncryptionByDefault (dict) -- Describes the default server-side encryption to apply to new objects in the bucket. If Put Object request does not specify any server-side encryption, this default encryption will be applied.

        • SSEAlgorithm (string) -- [REQUIRED] Server-side encryption algorithm to use for the default encryption.

        • KMSMasterKeyID (string) -- KMS master key ID to use for the default encryption. This parameter is allowed if SSEAlgorithm is aws:kms.

returns

None

DeleteBucketEncryption (new) Link ¶

Deletes the server-side encryption configuration from the bucket.

See also: AWS API Documentation

Request Syntax

client.delete_bucket_encryption(
    Bucket='string'
)
type Bucket

string

param Bucket

[REQUIRED] The name of the bucket containing the server-side encryption configuration to delete.

returns

None

GetBucketInventoryConfiguration (updated) Link ¶
Changes (response)
{'InventoryConfiguration': {'Destination': {'S3BucketDestination': {'Encryption': {'SSEKMS': {'KeyId': 'string'},
                                                                                   'SSES3': {}}}},
                            'OptionalFields': ['EncryptionStatus']}}

Returns an inventory configuration (identified by the inventory ID) from the bucket.

See also: AWS API Documentation

Request Syntax

client.get_bucket_inventory_configuration(
    Bucket='string',
    Id='string'
)
type Bucket

string

param Bucket

[REQUIRED] The name of the bucket containing the inventory configuration to retrieve.

type Id

string

param Id

[REQUIRED] The ID used to identify the inventory configuration.

rtype

dict

returns

Response Syntax

{
    'InventoryConfiguration': {
        'Destination': {
            'S3BucketDestination': {
                'AccountId': 'string',
                'Bucket': 'string',
                'Format': 'CSV',
                'Prefix': 'string',
                'Encryption': {
                    'SSES3': {},
                    'SSEKMS': {
                        'KeyId': 'string'
                    }
                }
            }
        },
        'IsEnabled': True|False,
        'Filter': {
            'Prefix': 'string'
        },
        'Id': 'string',
        'IncludedObjectVersions': 'All'|'Current',
        'OptionalFields': [
            'Size'|'LastModifiedDate'|'StorageClass'|'ETag'|'IsMultipartUploaded'|'ReplicationStatus'|'EncryptionStatus',
        ],
        'Schedule': {
            'Frequency': 'Daily'|'Weekly'
        }
    }
}

Response Structure

  • (dict) --

    • InventoryConfiguration (dict) -- Specifies the inventory configuration.

      • Destination (dict) -- Contains information about where to publish the inventory results.

        • S3BucketDestination (dict) -- Contains the bucket name, file format, bucket owner (optional), and prefix (optional) where inventory results are published.

          • AccountId (string) -- The ID of the account that owns the destination bucket.

          • Bucket (string) -- The Amazon resource name (ARN) of the bucket where inventory results will be published.

          • Format (string) -- Specifies the output format of the inventory results.

          • Prefix (string) -- The prefix that is prepended to all inventory results.

          • Encryption (dict) -- Contains the type of server-side encryption used to encrypt the inventory results.

            • SSES3 (dict) -- Specifies the use of SSE-S3 to encrypt delievered Inventory reports.

            • SSEKMS (dict) -- Specifies the use of SSE-KMS to encrypt delievered Inventory reports.

              • KeyId (string) -- Specifies the ID of the AWS Key Management Service (KMS) master encryption key to use for encrypting Inventory reports.

      • IsEnabled (boolean) -- Specifies whether the inventory is enabled or disabled.

      • Filter (dict) -- Specifies an inventory filter. The inventory only includes objects that meet the filter's criteria.

        • Prefix (string) -- The prefix that an object must have to be included in the inventory results.

      • Id (string) -- The ID used to identify the inventory configuration.

      • IncludedObjectVersions (string) -- Specifies which object version(s) to included in the inventory results.

      • OptionalFields (list) -- Contains the optional fields that are included in the inventory results.

        • (string) --

      • Schedule (dict) -- Specifies the schedule for generating inventory results.

        • Frequency (string) -- Specifies how frequently inventory results are produced.

GetBucketReplication (updated) Link ¶
Changes (response)
{'ReplicationConfiguration': {'Rules': {'Destination': {'AccessControlTranslation': {'Owner': 'Destination'},
                                                        'Account': 'string',
                                                        'EncryptionConfiguration': {'ReplicaKmsKeyID': 'string'}},
                                        'SourceSelectionCriteria': {'SseKmsEncryptedObjects': {'Status': 'Enabled '
                                                                                                         '| '
                                                                                                         'Disabled'}}}}}

Returns the replication configuration of a bucket.

See also: AWS API Documentation

Request Syntax

client.get_bucket_replication(
    Bucket='string'
)
type Bucket

string

param Bucket

[REQUIRED]

rtype

dict

returns

Response Syntax

{
    'ReplicationConfiguration': {
        'Role': 'string',
        'Rules': [
            {
                'ID': 'string',
                'Prefix': 'string',
                'Status': 'Enabled'|'Disabled',
                'SourceSelectionCriteria': {
                    'SseKmsEncryptedObjects': {
                        'Status': 'Enabled'|'Disabled'
                    }
                },
                'Destination': {
                    'Bucket': 'string',
                    'Account': 'string',
                    'StorageClass': 'STANDARD'|'REDUCED_REDUNDANCY'|'STANDARD_IA',
                    'AccessControlTranslation': {
                        'Owner': 'Destination'
                    },
                    'EncryptionConfiguration': {
                        'ReplicaKmsKeyID': 'string'
                    }
                }
            },
        ]
    }
}

Response Structure

  • (dict) --

    • ReplicationConfiguration (dict) -- Container for replication rules. You can add as many as 1,000 rules. Total replication configuration size can be up to 2 MB.

      • Role (string) -- Amazon Resource Name (ARN) of an IAM role for Amazon S3 to assume when replicating the objects.

      • Rules (list) -- Container for information about a particular replication rule. Replication configuration must have at least one rule and can contain up to 1,000 rules.

        • (dict) -- Container for information about a particular replication rule.

          • ID (string) -- Unique identifier for the rule. The value cannot be longer than 255 characters.

          • Prefix (string) -- Object keyname prefix identifying one or more objects to which the rule applies. Maximum prefix length can be up to 1,024 characters. Overlapping prefixes are not supported.

          • Status (string) -- The rule is ignored if status is not Enabled.

          • SourceSelectionCriteria (dict) -- Container for filters that define which source objects should be replicated.

            • SseKmsEncryptedObjects (dict) -- Container for filter information of selection of KMS Encrypted S3 objects.

              • Status (string) -- The replication for KMS encrypted S3 objects is disabled if status is not Enabled.

          • Destination (dict) -- Container for replication destination information.

            • Bucket (string) -- Amazon resource name (ARN) of the bucket where you want Amazon S3 to store replicas of the object identified by the rule.

            • Account (string) -- Account ID of the destination bucket. Currently this is only being verified if Access Control Translation is enabled

            • StorageClass (string) -- The class of storage used to store the object.

            • AccessControlTranslation (dict) -- Container for information regarding the access control for replicas.

              • Owner (string) -- The override value for the owner of the replica object.

            • EncryptionConfiguration (dict) -- Container for information regarding encryption based configuration for replicas.

              • ReplicaKmsKeyID (string) -- The id of the KMS key used to encrypt the replica object.

ListBucketInventoryConfigurations (updated) Link ¶
Changes (response)
{'InventoryConfigurationList': {'Destination': {'S3BucketDestination': {'Encryption': {'SSEKMS': {'KeyId': 'string'},
                                                                                       'SSES3': {}}}},
                                'OptionalFields': ['EncryptionStatus']}}

Returns a list of inventory configurations for the bucket.

See also: AWS API Documentation

Request Syntax

client.list_bucket_inventory_configurations(
    Bucket='string',
    ContinuationToken='string'
)
type Bucket

string

param Bucket

[REQUIRED] The name of the bucket containing the inventory configurations to retrieve.

type ContinuationToken

string

param ContinuationToken

The marker used to continue an inventory configuration listing that has been truncated. Use the NextContinuationToken from a previously truncated list response to continue the listing. The continuation token is an opaque value that Amazon S3 understands.

rtype

dict

returns

Response Syntax

{
    'ContinuationToken': 'string',
    'InventoryConfigurationList': [
        {
            'Destination': {
                'S3BucketDestination': {
                    'AccountId': 'string',
                    'Bucket': 'string',
                    'Format': 'CSV',
                    'Prefix': 'string',
                    'Encryption': {
                        'SSES3': {},
                        'SSEKMS': {
                            'KeyId': 'string'
                        }
                    }
                }
            },
            'IsEnabled': True|False,
            'Filter': {
                'Prefix': 'string'
            },
            'Id': 'string',
            'IncludedObjectVersions': 'All'|'Current',
            'OptionalFields': [
                'Size'|'LastModifiedDate'|'StorageClass'|'ETag'|'IsMultipartUploaded'|'ReplicationStatus'|'EncryptionStatus',
            ],
            'Schedule': {
                'Frequency': 'Daily'|'Weekly'
            }
        },
    ],
    'IsTruncated': True|False,
    'NextContinuationToken': 'string'
}

Response Structure

  • (dict) --

    • ContinuationToken (string) -- If sent in the request, the marker that is used as a starting point for this inventory configuration list response.

    • InventoryConfigurationList (list) -- The list of inventory configurations for a bucket.

      • (dict) --

        • Destination (dict) -- Contains information about where to publish the inventory results.

          • S3BucketDestination (dict) -- Contains the bucket name, file format, bucket owner (optional), and prefix (optional) where inventory results are published.

            • AccountId (string) -- The ID of the account that owns the destination bucket.

            • Bucket (string) -- The Amazon resource name (ARN) of the bucket where inventory results will be published.

            • Format (string) -- Specifies the output format of the inventory results.

            • Prefix (string) -- The prefix that is prepended to all inventory results.

            • Encryption (dict) -- Contains the type of server-side encryption used to encrypt the inventory results.

              • SSES3 (dict) -- Specifies the use of SSE-S3 to encrypt delievered Inventory reports.

              • SSEKMS (dict) -- Specifies the use of SSE-KMS to encrypt delievered Inventory reports.

                • KeyId (string) -- Specifies the ID of the AWS Key Management Service (KMS) master encryption key to use for encrypting Inventory reports.

        • IsEnabled (boolean) -- Specifies whether the inventory is enabled or disabled.

        • Filter (dict) -- Specifies an inventory filter. The inventory only includes objects that meet the filter's criteria.

          • Prefix (string) -- The prefix that an object must have to be included in the inventory results.

        • Id (string) -- The ID used to identify the inventory configuration.

        • IncludedObjectVersions (string) -- Specifies which object version(s) to included in the inventory results.

        • OptionalFields (list) -- Contains the optional fields that are included in the inventory results.

          • (string) --

        • Schedule (dict) -- Specifies the schedule for generating inventory results.

          • Frequency (string) -- Specifies how frequently inventory results are produced.

    • IsTruncated (boolean) -- Indicates whether the returned list of inventory configurations is truncated in this response. A value of true indicates that the list is truncated.

    • NextContinuationToken (string) -- The marker used to continue this inventory configuration listing. Use the NextContinuationToken from this response to continue the listing in a subsequent request. The continuation token is an opaque value that Amazon S3 understands.

PutBucketInventoryConfiguration (updated) Link ¶
Changes (request)
{'InventoryConfiguration': {'Destination': {'S3BucketDestination': {'Encryption': {'SSEKMS': {'KeyId': 'string'},
                                                                                   'SSES3': {}}}},
                            'OptionalFields': ['EncryptionStatus']}}

Adds an inventory configuration (identified by the inventory ID) from the bucket.

See also: AWS API Documentation

Request Syntax

client.put_bucket_inventory_configuration(
    Bucket='string',
    Id='string',
    InventoryConfiguration={
        'Destination': {
            'S3BucketDestination': {
                'AccountId': 'string',
                'Bucket': 'string',
                'Format': 'CSV',
                'Prefix': 'string',
                'Encryption': {
                    'SSES3': {}
                    ,
                    'SSEKMS': {
                        'KeyId': 'string'
                    }
                }
            }
        },
        'IsEnabled': True|False,
        'Filter': {
            'Prefix': 'string'
        },
        'Id': 'string',
        'IncludedObjectVersions': 'All'|'Current',
        'OptionalFields': [
            'Size'|'LastModifiedDate'|'StorageClass'|'ETag'|'IsMultipartUploaded'|'ReplicationStatus'|'EncryptionStatus',
        ],
        'Schedule': {
            'Frequency': 'Daily'|'Weekly'
        }
    }
)
type Bucket

string

param Bucket

[REQUIRED] The name of the bucket where the inventory configuration will be stored.

type Id

string

param Id

[REQUIRED] The ID used to identify the inventory configuration.

type InventoryConfiguration

dict

param InventoryConfiguration

[REQUIRED] Specifies the inventory configuration.

  • Destination (dict) -- [REQUIRED] Contains information about where to publish the inventory results.

    • S3BucketDestination (dict) -- [REQUIRED] Contains the bucket name, file format, bucket owner (optional), and prefix (optional) where inventory results are published.

      • AccountId (string) -- The ID of the account that owns the destination bucket.

      • Bucket (string) -- [REQUIRED] The Amazon resource name (ARN) of the bucket where inventory results will be published.

      • Format (string) -- [REQUIRED] Specifies the output format of the inventory results.

      • Prefix (string) -- The prefix that is prepended to all inventory results.

      • Encryption (dict) -- Contains the type of server-side encryption used to encrypt the inventory results.

        • SSES3 (dict) -- Specifies the use of SSE-S3 to encrypt delievered Inventory reports.

        • SSEKMS (dict) -- Specifies the use of SSE-KMS to encrypt delievered Inventory reports.

          • KeyId (string) -- [REQUIRED] Specifies the ID of the AWS Key Management Service (KMS) master encryption key to use for encrypting Inventory reports.

  • IsEnabled (boolean) -- [REQUIRED] Specifies whether the inventory is enabled or disabled.

  • Filter (dict) -- Specifies an inventory filter. The inventory only includes objects that meet the filter's criteria.

    • Prefix (string) -- [REQUIRED] The prefix that an object must have to be included in the inventory results.

  • Id (string) -- [REQUIRED] The ID used to identify the inventory configuration.

  • IncludedObjectVersions (string) -- [REQUIRED] Specifies which object version(s) to included in the inventory results.

  • OptionalFields (list) -- Contains the optional fields that are included in the inventory results.

    • (string) --

  • Schedule (dict) -- [REQUIRED] Specifies the schedule for generating inventory results.

    • Frequency (string) -- [REQUIRED] Specifies how frequently inventory results are produced.

returns

None

PutBucketPolicy (updated) Link ¶
Changes (request)
{'ConfirmRemoveSelfBucketAccess': 'boolean'}

Replaces a policy on a bucket. If the bucket already has a policy, the one in this request completely replaces it.

See also: AWS API Documentation

Request Syntax

client.put_bucket_policy(
    Bucket='string',
    ContentMD5='string',
    ConfirmRemoveSelfBucketAccess=True|False,
    Policy='string'
)
type Bucket

string

param Bucket

[REQUIRED]

type ContentMD5

string

param ContentMD5

type ConfirmRemoveSelfBucketAccess

boolean

param ConfirmRemoveSelfBucketAccess

Set this parameter to true to confirm that you want to remove your permissions to change this bucket policy in the future.

type Policy

string

param Policy

[REQUIRED] The bucket policy as a JSON document.

returns

None

PutBucketReplication (updated) Link ¶
Changes (request)
{'ReplicationConfiguration': {'Rules': {'Destination': {'AccessControlTranslation': {'Owner': 'Destination'},
                                                        'Account': 'string',
                                                        'EncryptionConfiguration': {'ReplicaKmsKeyID': 'string'}},
                                        'SourceSelectionCriteria': {'SseKmsEncryptedObjects': {'Status': 'Enabled '
                                                                                                         '| '
                                                                                                         'Disabled'}}}}}

Creates a new replication configuration (or replaces an existing one, if present).

See also: AWS API Documentation

Request Syntax

client.put_bucket_replication(
    Bucket='string',
    ContentMD5='string',
    ReplicationConfiguration={
        'Role': 'string',
        'Rules': [
            {
                'ID': 'string',
                'Prefix': 'string',
                'Status': 'Enabled'|'Disabled',
                'SourceSelectionCriteria': {
                    'SseKmsEncryptedObjects': {
                        'Status': 'Enabled'|'Disabled'
                    }
                },
                'Destination': {
                    'Bucket': 'string',
                    'Account': 'string',
                    'StorageClass': 'STANDARD'|'REDUCED_REDUNDANCY'|'STANDARD_IA',
                    'AccessControlTranslation': {
                        'Owner': 'Destination'
                    },
                    'EncryptionConfiguration': {
                        'ReplicaKmsKeyID': 'string'
                    }
                }
            },
        ]
    }
)
type Bucket

string

param Bucket

[REQUIRED]

type ContentMD5

string

param ContentMD5

type ReplicationConfiguration

dict

param ReplicationConfiguration

[REQUIRED] Container for replication rules. You can add as many as 1,000 rules. Total replication configuration size can be up to 2 MB.

  • Role (string) -- [REQUIRED] Amazon Resource Name (ARN) of an IAM role for Amazon S3 to assume when replicating the objects.

  • Rules (list) -- [REQUIRED] Container for information about a particular replication rule. Replication configuration must have at least one rule and can contain up to 1,000 rules.

    • (dict) -- Container for information about a particular replication rule.

      • ID (string) -- Unique identifier for the rule. The value cannot be longer than 255 characters.

      • Prefix (string) -- [REQUIRED] Object keyname prefix identifying one or more objects to which the rule applies. Maximum prefix length can be up to 1,024 characters. Overlapping prefixes are not supported.

      • Status (string) -- [REQUIRED] The rule is ignored if status is not Enabled.

      • SourceSelectionCriteria (dict) -- Container for filters that define which source objects should be replicated.

        • SseKmsEncryptedObjects (dict) -- Container for filter information of selection of KMS Encrypted S3 objects.

          • Status (string) -- [REQUIRED] The replication for KMS encrypted S3 objects is disabled if status is not Enabled.

      • Destination (dict) -- [REQUIRED] Container for replication destination information.

        • Bucket (string) -- [REQUIRED] Amazon resource name (ARN) of the bucket where you want Amazon S3 to store replicas of the object identified by the rule.

        • Account (string) -- Account ID of the destination bucket. Currently this is only being verified if Access Control Translation is enabled

        • StorageClass (string) -- The class of storage used to store the object.

        • AccessControlTranslation (dict) -- Container for information regarding the access control for replicas.

          • Owner (string) -- [REQUIRED] The override value for the owner of the replica object.

        • EncryptionConfiguration (dict) -- Container for information regarding encryption based configuration for replicas.

          • ReplicaKmsKeyID (string) -- The id of the KMS key used to encrypt the replica object.

returns

None