2017/11/07 - Amazon Simple Storage Service - 3 new 6 updated api methods
Changes This releases adds support for 4 features: 1. Default encryption for S3 Bucket, 2. Encryption status in inventory and Encryption support for inventory. 3. Cross region replication of KMS-encrypted objects, and 4. ownership overwrite for CRR.
Returns the server-side encryption configuration of a bucket.
See also: AWS API Documentation
Request Syntax
client.get_bucket_encryption( Bucket='string' )
string
[REQUIRED] The name of the bucket from which the server-side encryption configuration is retrieved.
dict
Response Syntax
{ 'ServerSideEncryptionConfiguration': { 'Rules': [ { 'ApplyServerSideEncryptionByDefault': { 'SSEAlgorithm': 'AES256'|'aws:kms', 'KMSMasterKeyID': 'string' } }, ] } }
Response Structure
(dict) --
ServerSideEncryptionConfiguration (dict) -- Container for server-side encryption configuration rules. Currently S3 supports one rule only.
Rules (list) -- Container for information about a particular server-side encryption configuration rule.
(dict) -- Container for information about a particular server-side encryption configuration rule.
ApplyServerSideEncryptionByDefault (dict) -- Describes the default server-side encryption to apply to new objects in the bucket. If Put Object request does not specify any server-side encryption, this default encryption will be applied.
SSEAlgorithm (string) -- Server-side encryption algorithm to use for the default encryption.
KMSMasterKeyID (string) -- KMS master key ID to use for the default encryption. This parameter is allowed if SSEAlgorithm is aws:kms.
Creates a new server-side encryption configuration (or replaces an existing one, if present).
See also: AWS API Documentation
Request Syntax
client.put_bucket_encryption( Bucket='string', ContentMD5='string', ServerSideEncryptionConfiguration={ 'Rules': [ { 'ApplyServerSideEncryptionByDefault': { 'SSEAlgorithm': 'AES256'|'aws:kms', 'KMSMasterKeyID': 'string' } }, ] } )
string
[REQUIRED] The name of the bucket for which the server-side encryption configuration is set.
string
The base64-encoded 128-bit MD5 digest of the server-side encryption configuration.
dict
[REQUIRED] Container for server-side encryption configuration rules. Currently S3 supports one rule only.
Rules (list) -- [REQUIRED] Container for information about a particular server-side encryption configuration rule.
(dict) -- Container for information about a particular server-side encryption configuration rule.
ApplyServerSideEncryptionByDefault (dict) -- Describes the default server-side encryption to apply to new objects in the bucket. If Put Object request does not specify any server-side encryption, this default encryption will be applied.
SSEAlgorithm (string) -- [REQUIRED] Server-side encryption algorithm to use for the default encryption.
KMSMasterKeyID (string) -- KMS master key ID to use for the default encryption. This parameter is allowed if SSEAlgorithm is aws:kms.
None
Deletes the server-side encryption configuration from the bucket.
See also: AWS API Documentation
Request Syntax
client.delete_bucket_encryption( Bucket='string' )
string
[REQUIRED] The name of the bucket containing the server-side encryption configuration to delete.
None
{'InventoryConfiguration': {'Destination': {'S3BucketDestination': {'Encryption': {'SSEKMS': {'KeyId': 'string'}, 'SSES3': {}}}}, 'OptionalFields': ['EncryptionStatus']}}
Returns an inventory configuration (identified by the inventory ID) from the bucket.
See also: AWS API Documentation
Request Syntax
client.get_bucket_inventory_configuration( Bucket='string', Id='string' )
string
[REQUIRED] The name of the bucket containing the inventory configuration to retrieve.
string
[REQUIRED] The ID used to identify the inventory configuration.
dict
Response Syntax
{ 'InventoryConfiguration': { 'Destination': { 'S3BucketDestination': { 'AccountId': 'string', 'Bucket': 'string', 'Format': 'CSV', 'Prefix': 'string', 'Encryption': { 'SSES3': {}, 'SSEKMS': { 'KeyId': 'string' } } } }, 'IsEnabled': True|False, 'Filter': { 'Prefix': 'string' }, 'Id': 'string', 'IncludedObjectVersions': 'All'|'Current', 'OptionalFields': [ 'Size'|'LastModifiedDate'|'StorageClass'|'ETag'|'IsMultipartUploaded'|'ReplicationStatus'|'EncryptionStatus', ], 'Schedule': { 'Frequency': 'Daily'|'Weekly' } } }
Response Structure
(dict) --
InventoryConfiguration (dict) -- Specifies the inventory configuration.
Destination (dict) -- Contains information about where to publish the inventory results.
S3BucketDestination (dict) -- Contains the bucket name, file format, bucket owner (optional), and prefix (optional) where inventory results are published.
AccountId (string) -- The ID of the account that owns the destination bucket.
Bucket (string) -- The Amazon resource name (ARN) of the bucket where inventory results will be published.
Format (string) -- Specifies the output format of the inventory results.
Prefix (string) -- The prefix that is prepended to all inventory results.
Encryption (dict) -- Contains the type of server-side encryption used to encrypt the inventory results.
SSES3 (dict) -- Specifies the use of SSE-S3 to encrypt delievered Inventory reports.
SSEKMS (dict) -- Specifies the use of SSE-KMS to encrypt delievered Inventory reports.
KeyId (string) -- Specifies the ID of the AWS Key Management Service (KMS) master encryption key to use for encrypting Inventory reports.
IsEnabled (boolean) -- Specifies whether the inventory is enabled or disabled.
Filter (dict) -- Specifies an inventory filter. The inventory only includes objects that meet the filter's criteria.
Prefix (string) -- The prefix that an object must have to be included in the inventory results.
Id (string) -- The ID used to identify the inventory configuration.
IncludedObjectVersions (string) -- Specifies which object version(s) to included in the inventory results.
OptionalFields (list) -- Contains the optional fields that are included in the inventory results.
(string) --
Schedule (dict) -- Specifies the schedule for generating inventory results.
Frequency (string) -- Specifies how frequently inventory results are produced.
{'ReplicationConfiguration': {'Rules': {'Destination': {'AccessControlTranslation': {'Owner': 'Destination'}, 'Account': 'string', 'EncryptionConfiguration': {'ReplicaKmsKeyID': 'string'}}, 'SourceSelectionCriteria': {'SseKmsEncryptedObjects': {'Status': 'Enabled ' '| ' 'Disabled'}}}}}
Returns the replication configuration of a bucket.
See also: AWS API Documentation
Request Syntax
client.get_bucket_replication( Bucket='string' )
string
[REQUIRED]
dict
Response Syntax
{ 'ReplicationConfiguration': { 'Role': 'string', 'Rules': [ { 'ID': 'string', 'Prefix': 'string', 'Status': 'Enabled'|'Disabled', 'SourceSelectionCriteria': { 'SseKmsEncryptedObjects': { 'Status': 'Enabled'|'Disabled' } }, 'Destination': { 'Bucket': 'string', 'Account': 'string', 'StorageClass': 'STANDARD'|'REDUCED_REDUNDANCY'|'STANDARD_IA', 'AccessControlTranslation': { 'Owner': 'Destination' }, 'EncryptionConfiguration': { 'ReplicaKmsKeyID': 'string' } } }, ] } }
Response Structure
(dict) --
ReplicationConfiguration (dict) -- Container for replication rules. You can add as many as 1,000 rules. Total replication configuration size can be up to 2 MB.
Role (string) -- Amazon Resource Name (ARN) of an IAM role for Amazon S3 to assume when replicating the objects.
Rules (list) -- Container for information about a particular replication rule. Replication configuration must have at least one rule and can contain up to 1,000 rules.
(dict) -- Container for information about a particular replication rule.
ID (string) -- Unique identifier for the rule. The value cannot be longer than 255 characters.
Prefix (string) -- Object keyname prefix identifying one or more objects to which the rule applies. Maximum prefix length can be up to 1,024 characters. Overlapping prefixes are not supported.
Status (string) -- The rule is ignored if status is not Enabled.
SourceSelectionCriteria (dict) -- Container for filters that define which source objects should be replicated.
SseKmsEncryptedObjects (dict) -- Container for filter information of selection of KMS Encrypted S3 objects.
Status (string) -- The replication for KMS encrypted S3 objects is disabled if status is not Enabled.
Destination (dict) -- Container for replication destination information.
Bucket (string) -- Amazon resource name (ARN) of the bucket where you want Amazon S3 to store replicas of the object identified by the rule.
Account (string) -- Account ID of the destination bucket. Currently this is only being verified if Access Control Translation is enabled
StorageClass (string) -- The class of storage used to store the object.
AccessControlTranslation (dict) -- Container for information regarding the access control for replicas.
Owner (string) -- The override value for the owner of the replica object.
EncryptionConfiguration (dict) -- Container for information regarding encryption based configuration for replicas.
ReplicaKmsKeyID (string) -- The id of the KMS key used to encrypt the replica object.
{'InventoryConfigurationList': {'Destination': {'S3BucketDestination': {'Encryption': {'SSEKMS': {'KeyId': 'string'}, 'SSES3': {}}}}, 'OptionalFields': ['EncryptionStatus']}}
Returns a list of inventory configurations for the bucket.
See also: AWS API Documentation
Request Syntax
client.list_bucket_inventory_configurations( Bucket='string', ContinuationToken='string' )
string
[REQUIRED] The name of the bucket containing the inventory configurations to retrieve.
string
The marker used to continue an inventory configuration listing that has been truncated. Use the NextContinuationToken from a previously truncated list response to continue the listing. The continuation token is an opaque value that Amazon S3 understands.
dict
Response Syntax
{ 'ContinuationToken': 'string', 'InventoryConfigurationList': [ { 'Destination': { 'S3BucketDestination': { 'AccountId': 'string', 'Bucket': 'string', 'Format': 'CSV', 'Prefix': 'string', 'Encryption': { 'SSES3': {}, 'SSEKMS': { 'KeyId': 'string' } } } }, 'IsEnabled': True|False, 'Filter': { 'Prefix': 'string' }, 'Id': 'string', 'IncludedObjectVersions': 'All'|'Current', 'OptionalFields': [ 'Size'|'LastModifiedDate'|'StorageClass'|'ETag'|'IsMultipartUploaded'|'ReplicationStatus'|'EncryptionStatus', ], 'Schedule': { 'Frequency': 'Daily'|'Weekly' } }, ], 'IsTruncated': True|False, 'NextContinuationToken': 'string' }
Response Structure
(dict) --
ContinuationToken (string) -- If sent in the request, the marker that is used as a starting point for this inventory configuration list response.
InventoryConfigurationList (list) -- The list of inventory configurations for a bucket.
(dict) --
Destination (dict) -- Contains information about where to publish the inventory results.
S3BucketDestination (dict) -- Contains the bucket name, file format, bucket owner (optional), and prefix (optional) where inventory results are published.
AccountId (string) -- The ID of the account that owns the destination bucket.
Bucket (string) -- The Amazon resource name (ARN) of the bucket where inventory results will be published.
Format (string) -- Specifies the output format of the inventory results.
Prefix (string) -- The prefix that is prepended to all inventory results.
Encryption (dict) -- Contains the type of server-side encryption used to encrypt the inventory results.
SSES3 (dict) -- Specifies the use of SSE-S3 to encrypt delievered Inventory reports.
SSEKMS (dict) -- Specifies the use of SSE-KMS to encrypt delievered Inventory reports.
KeyId (string) -- Specifies the ID of the AWS Key Management Service (KMS) master encryption key to use for encrypting Inventory reports.
IsEnabled (boolean) -- Specifies whether the inventory is enabled or disabled.
Filter (dict) -- Specifies an inventory filter. The inventory only includes objects that meet the filter's criteria.
Prefix (string) -- The prefix that an object must have to be included in the inventory results.
Id (string) -- The ID used to identify the inventory configuration.
IncludedObjectVersions (string) -- Specifies which object version(s) to included in the inventory results.
OptionalFields (list) -- Contains the optional fields that are included in the inventory results.
(string) --
Schedule (dict) -- Specifies the schedule for generating inventory results.
Frequency (string) -- Specifies how frequently inventory results are produced.
IsTruncated (boolean) -- Indicates whether the returned list of inventory configurations is truncated in this response. A value of true indicates that the list is truncated.
NextContinuationToken (string) -- The marker used to continue this inventory configuration listing. Use the NextContinuationToken from this response to continue the listing in a subsequent request. The continuation token is an opaque value that Amazon S3 understands.
{'InventoryConfiguration': {'Destination': {'S3BucketDestination': {'Encryption': {'SSEKMS': {'KeyId': 'string'}, 'SSES3': {}}}}, 'OptionalFields': ['EncryptionStatus']}}
Adds an inventory configuration (identified by the inventory ID) from the bucket.
See also: AWS API Documentation
Request Syntax
client.put_bucket_inventory_configuration( Bucket='string', Id='string', InventoryConfiguration={ 'Destination': { 'S3BucketDestination': { 'AccountId': 'string', 'Bucket': 'string', 'Format': 'CSV', 'Prefix': 'string', 'Encryption': { 'SSES3': {} , 'SSEKMS': { 'KeyId': 'string' } } } }, 'IsEnabled': True|False, 'Filter': { 'Prefix': 'string' }, 'Id': 'string', 'IncludedObjectVersions': 'All'|'Current', 'OptionalFields': [ 'Size'|'LastModifiedDate'|'StorageClass'|'ETag'|'IsMultipartUploaded'|'ReplicationStatus'|'EncryptionStatus', ], 'Schedule': { 'Frequency': 'Daily'|'Weekly' } } )
string
[REQUIRED] The name of the bucket where the inventory configuration will be stored.
string
[REQUIRED] The ID used to identify the inventory configuration.
dict
[REQUIRED] Specifies the inventory configuration.
Destination (dict) -- [REQUIRED] Contains information about where to publish the inventory results.
S3BucketDestination (dict) -- [REQUIRED] Contains the bucket name, file format, bucket owner (optional), and prefix (optional) where inventory results are published.
AccountId (string) -- The ID of the account that owns the destination bucket.
Bucket (string) -- [REQUIRED] The Amazon resource name (ARN) of the bucket where inventory results will be published.
Format (string) -- [REQUIRED] Specifies the output format of the inventory results.
Prefix (string) -- The prefix that is prepended to all inventory results.
Encryption (dict) -- Contains the type of server-side encryption used to encrypt the inventory results.
SSES3 (dict) -- Specifies the use of SSE-S3 to encrypt delievered Inventory reports.
SSEKMS (dict) -- Specifies the use of SSE-KMS to encrypt delievered Inventory reports.
KeyId (string) -- [REQUIRED] Specifies the ID of the AWS Key Management Service (KMS) master encryption key to use for encrypting Inventory reports.
IsEnabled (boolean) -- [REQUIRED] Specifies whether the inventory is enabled or disabled.
Filter (dict) -- Specifies an inventory filter. The inventory only includes objects that meet the filter's criteria.
Prefix (string) -- [REQUIRED] The prefix that an object must have to be included in the inventory results.
Id (string) -- [REQUIRED] The ID used to identify the inventory configuration.
IncludedObjectVersions (string) -- [REQUIRED] Specifies which object version(s) to included in the inventory results.
OptionalFields (list) -- Contains the optional fields that are included in the inventory results.
(string) --
Schedule (dict) -- [REQUIRED] Specifies the schedule for generating inventory results.
Frequency (string) -- [REQUIRED] Specifies how frequently inventory results are produced.
None
{'ConfirmRemoveSelfBucketAccess': 'boolean'}
Replaces a policy on a bucket. If the bucket already has a policy, the one in this request completely replaces it.
See also: AWS API Documentation
Request Syntax
client.put_bucket_policy( Bucket='string', ContentMD5='string', ConfirmRemoveSelfBucketAccess=True|False, Policy='string' )
string
[REQUIRED]
string
boolean
Set this parameter to true to confirm that you want to remove your permissions to change this bucket policy in the future.
string
[REQUIRED] The bucket policy as a JSON document.
None
{'ReplicationConfiguration': {'Rules': {'Destination': {'AccessControlTranslation': {'Owner': 'Destination'}, 'Account': 'string', 'EncryptionConfiguration': {'ReplicaKmsKeyID': 'string'}}, 'SourceSelectionCriteria': {'SseKmsEncryptedObjects': {'Status': 'Enabled ' '| ' 'Disabled'}}}}}
Creates a new replication configuration (or replaces an existing one, if present).
See also: AWS API Documentation
Request Syntax
client.put_bucket_replication( Bucket='string', ContentMD5='string', ReplicationConfiguration={ 'Role': 'string', 'Rules': [ { 'ID': 'string', 'Prefix': 'string', 'Status': 'Enabled'|'Disabled', 'SourceSelectionCriteria': { 'SseKmsEncryptedObjects': { 'Status': 'Enabled'|'Disabled' } }, 'Destination': { 'Bucket': 'string', 'Account': 'string', 'StorageClass': 'STANDARD'|'REDUCED_REDUNDANCY'|'STANDARD_IA', 'AccessControlTranslation': { 'Owner': 'Destination' }, 'EncryptionConfiguration': { 'ReplicaKmsKeyID': 'string' } } }, ] } )
string
[REQUIRED]
string
dict
[REQUIRED] Container for replication rules. You can add as many as 1,000 rules. Total replication configuration size can be up to 2 MB.
Role (string) -- [REQUIRED] Amazon Resource Name (ARN) of an IAM role for Amazon S3 to assume when replicating the objects.
Rules (list) -- [REQUIRED] Container for information about a particular replication rule. Replication configuration must have at least one rule and can contain up to 1,000 rules.
(dict) -- Container for information about a particular replication rule.
ID (string) -- Unique identifier for the rule. The value cannot be longer than 255 characters.
Prefix (string) -- [REQUIRED] Object keyname prefix identifying one or more objects to which the rule applies. Maximum prefix length can be up to 1,024 characters. Overlapping prefixes are not supported.
Status (string) -- [REQUIRED] The rule is ignored if status is not Enabled.
SourceSelectionCriteria (dict) -- Container for filters that define which source objects should be replicated.
SseKmsEncryptedObjects (dict) -- Container for filter information of selection of KMS Encrypted S3 objects.
Status (string) -- [REQUIRED] The replication for KMS encrypted S3 objects is disabled if status is not Enabled.
Destination (dict) -- [REQUIRED] Container for replication destination information.
Bucket (string) -- [REQUIRED] Amazon resource name (ARN) of the bucket where you want Amazon S3 to store replicas of the object identified by the rule.
Account (string) -- Account ID of the destination bucket. Currently this is only being verified if Access Control Translation is enabled
StorageClass (string) -- The class of storage used to store the object.
AccessControlTranslation (dict) -- Container for information regarding the access control for replicas.
Owner (string) -- [REQUIRED] The override value for the owner of the replica object.
EncryptionConfiguration (dict) -- Container for information regarding encryption based configuration for replicas.
ReplicaKmsKeyID (string) -- The id of the KMS key used to encrypt the replica object.
None