{"files":{"SKILL.md":"---\nname: aws-s3-control\ndescription: \"AWS S3 Control API skill. Use when working with AWS S3 Control for accessgrantsinstance, accesspoint, accesspointforobjectlambda. Covers 93 endpoints.\"\nversion: 1.0.0\ngenerator: lapsh\n---\n\n# AWS S3 Control\nAPI version: 2018-08-20\n\n## Auth\nAWS SigV4\n\n## Base URL\nNot specified.\n\n## Setup\n1. Configure auth: AWS SigV4\n2. GET /v20180820/accessgrantsinstance -- retrieves the s3 access grants instance for a region in your account.   permissions  you must have the s3:getaccessgrantsinstance permission to use this operation.      getaccessgrantsinstance is not supported for cross-account access. you can only call the api from the account that owns the s3 access grants instance.\n3. POST /v20180820/accessgrantsinstance/identitycenter -- create first identitycenter\n\n## Endpoints\n93 endpoints across 12 groups. See references/api-spec.lap for full details.\n\n### Accessgrantsinstance\n| Method | Path | Description |\n|--------|------|-------------|\n| POST | /v20180820/accessgrantsinstance/identitycenter | Associate your S3 Access Grants instance with an Amazon Web Services IAM Identity Center instance. Use this action if you want to create access grants for users or groups from your corporate identity directory. First, you must add your corporate identity directory to Amazon Web Services IAM Identity Center. Then, you can associate this IAM Identity Center instance with your S3 Access Grants instance.  Permissions  You must have the s3:AssociateAccessGrantsIdentityCenter permission to use this operation.   Additional Permissions  You must also have the following permissions: sso:CreateApplication, sso:PutApplicationGrant, and sso:PutApplicationAuthenticationMethod. |\n| POST | /v20180820/accessgrantsinstance/grant | Creates an access grant that gives a grantee access to your S3 data. The grantee can be an IAM user or role or a directory user, or group. Before you can create a grant, you must have an S3 Access Grants instance in the same Region as the S3 data. You can create an S3 Access Grants instance using the CreateAccessGrantsInstance. You must also have registered at least one S3 data location in your S3 Access Grants instance using CreateAccessGrantsLocation.   Permissions  You must have the s3:CreateAccessGrant permission to use this operation.   Additional Permissions  For any directory identity - sso:DescribeInstance and sso:DescribeApplication  For directory users - identitystore:DescribeUser  For directory groups - identitystore:DescribeGroup |\n| POST | /v20180820/accessgrantsinstance | Creates an S3 Access Grants instance, which serves as a logical grouping for access grants. You can create one S3 Access Grants instance per Region per account.   Permissions  You must have the s3:CreateAccessGrantsInstance permission to use this operation.   Additional Permissions  To associate an IAM Identity Center instance with your S3 Access Grants instance, you must also have the sso:DescribeInstance, sso:CreateApplication, sso:PutApplicationGrant, and sso:PutApplicationAuthenticationMethod permissions. |\n| POST | /v20180820/accessgrantsinstance/location | The S3 data location that you would like to register in your S3 Access Grants instance. Your S3 data must be in the same Region as your S3 Access Grants instance. The location can be one of the following:    The default S3 location s3://    A bucket - S3://    A bucket and prefix - S3:///    When you register a location, you must include the IAM role that has permission to manage the S3 location that you are registering. Give S3 Access Grants permission to assume this role using a policy. S3 Access Grants assumes this role to manage access to the location and to vend temporary credentials to grantees or client applications.   Permissions  You must have the s3:CreateAccessGrantsLocation permission to use this operation.   Additional Permissions  You must also have the following permission for the specified IAM role: iam:PassRole |\n| DELETE | /v20180820/accessgrantsinstance/grant/{id} | Deletes the access grant from the S3 Access Grants instance. You cannot undo an access grant deletion and the grantee will no longer have access to the S3 data.  Permissions  You must have the s3:DeleteAccessGrant permission to use this operation. |\n| DELETE | /v20180820/accessgrantsinstance | Deletes your S3 Access Grants instance. You must first delete the access grants and locations before S3 Access Grants can delete the instance. See DeleteAccessGrant and DeleteAccessGrantsLocation. If you have associated an IAM Identity Center instance with your S3 Access Grants instance, you must first dissassociate the Identity Center instance from the S3 Access Grants instance before you can delete the S3 Access Grants instance. See AssociateAccessGrantsIdentityCenter and DissociateAccessGrantsIdentityCenter.  Permissions  You must have the s3:DeleteAccessGrantsInstance permission to use this operation. |\n| DELETE | /v20180820/accessgrantsinstance/resourcepolicy | Deletes the resource policy of the S3 Access Grants instance. The resource policy is used to manage cross-account access to your S3 Access Grants instance. By deleting the resource policy, you delete any cross-account permissions to your S3 Access Grants instance.   Permissions  You must have the s3:DeleteAccessGrantsInstanceResourcePolicy permission to use this operation. |\n| DELETE | /v20180820/accessgrantsinstance/location/{id} | Deregisters a location from your S3 Access Grants instance. You can only delete a location registration from an S3 Access Grants instance if there are no grants associated with this location. See Delete a grant for information on how to delete grants. You need to have at least one registered location in your S3 Access Grants instance in order to create access grants.   Permissions  You must have the s3:DeleteAccessGrantsLocation permission to use this operation. |\n| DELETE | /v20180820/accessgrantsinstance/identitycenter | Dissociates the Amazon Web Services IAM Identity Center instance from the S3 Access Grants instance.   Permissions  You must have the s3:DissociateAccessGrantsIdentityCenter permission to use this operation.   Additional Permissions  You must have the sso:DeleteApplication permission to use this operation. |\n| GET | /v20180820/accessgrantsinstance/grant/{id} | Get the details of an access grant from your S3 Access Grants instance.  Permissions  You must have the s3:GetAccessGrant permission to use this operation. |\n| GET | /v20180820/accessgrantsinstance | Retrieves the S3 Access Grants instance for a Region in your account.   Permissions  You must have the s3:GetAccessGrantsInstance permission to use this operation.      GetAccessGrantsInstance is not supported for cross-account access. You can only call the API from the account that owns the S3 Access Grants instance. |\n| GET | /v20180820/accessgrantsinstance/prefix | Retrieve the S3 Access Grants instance that contains a particular prefix.   Permissions  You must have the s3:GetAccessGrantsInstanceForPrefix permission for the caller account to use this operation.   Additional Permissions  The prefix owner account must grant you the following permissions to their S3 Access Grants instance: s3:GetAccessGrantsInstanceForPrefix. |\n| GET | /v20180820/accessgrantsinstance/resourcepolicy | Returns the resource policy of the S3 Access Grants instance.   Permissions  You must have the s3:GetAccessGrantsInstanceResourcePolicy permission to use this operation. |\n| GET | /v20180820/accessgrantsinstance/location/{id} | Retrieves the details of a particular location registered in your S3 Access Grants instance.   Permissions  You must have the s3:GetAccessGrantsLocation permission to use this operation. |\n| GET | /v20180820/accessgrantsinstance/dataaccess | Returns a temporary access credential from S3 Access Grants to the grantee or client application. The temporary credential is an Amazon Web Services STS token that grants them access to the S3 data.   Permissions  You must have the s3:GetDataAccess permission to use this operation.   Additional Permissions  The IAM role that S3 Access Grants assumes must have the following permissions specified in the trust policy when registering the location: sts:AssumeRole, for directory users or groups sts:SetContext, and for IAM users or roles sts:SetSourceIdentity. |\n| GET | /v20180820/accessgrantsinstance/grants | Returns the list of access grants in your S3 Access Grants instance.  Permissions  You must have the s3:ListAccessGrants permission to use this operation. |\n| GET | /v20180820/accessgrantsinstance/locations | Returns a list of the locations registered in your S3 Access Grants instance.  Permissions  You must have the s3:ListAccessGrantsLocations permission to use this operation. |\n| GET | /v20180820/accessgrantsinstance/caller/grants | Returns a list of the access grants that were given to the caller using S3 Access Grants and that allow the caller to access the S3 data of the Amazon Web Services account specified in the request.  Permissions  You must have the s3:ListCallerAccessGrants permission to use this operation. |\n| PUT | /v20180820/accessgrantsinstance/resourcepolicy | Updates the resource policy of the S3 Access Grants instance.   Permissions  You must have the s3:PutAccessGrantsInstanceResourcePolicy permission to use this operation. |\n| PUT | /v20180820/accessgrantsinstance/location/{id} | Updates the IAM role of a registered location in your S3 Access Grants instance.  Permissions  You must have the s3:UpdateAccessGrantsLocation permission to use this operation.   Additional Permissions  You must also have the following permission: iam:PassRole |\n\n### Accesspoint\n| Method | Path | Description |\n|--------|------|-------------|\n| PUT | /v20180820/accesspoint/{name} | This operation is not supported by directory buckets.  Creates an access point and associates it with the specified bucket. For more information, see Managing Data Access with Amazon S3 Access Points in the Amazon S3 User Guide.   S3 on Outposts only supports VPC-style access points.  For more information, see  Accessing Amazon S3 on Outposts using virtual private cloud (VPC) only access points in the Amazon S3 User Guide.  All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.  The following actions are related to CreateAccessPoint:    GetAccessPoint     DeleteAccessPoint     ListAccessPoints |\n| DELETE | /v20180820/accesspoint/{name} | This operation is not supported by directory buckets.  Deletes the specified access point. All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section. The following actions are related to DeleteAccessPoint:    CreateAccessPoint     GetAccessPoint     ListAccessPoints |\n| DELETE | /v20180820/accesspoint/{name}/policy | This operation is not supported by directory buckets.  Deletes the access point policy for the specified access point.  All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section. The following actions are related to DeleteAccessPointPolicy:    PutAccessPointPolicy     GetAccessPointPolicy |\n| GET | /v20180820/accesspoint/{name} | This operation is not supported by directory buckets.  Returns configuration information about the specified access point.  All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section. The following actions are related to GetAccessPoint:    CreateAccessPoint     DeleteAccessPoint     ListAccessPoints |\n| GET | /v20180820/accesspoint/{name}/policy | This operation is not supported by directory buckets.  Returns the access point policy associated with the specified access point. The following actions are related to GetAccessPointPolicy:    PutAccessPointPolicy     DeleteAccessPointPolicy |\n| GET | /v20180820/accesspoint/{name}/policyStatus | This operation is not supported by directory buckets.  Indicates whether the specified access point currently has a policy that allows public access. For more information about public access through access points, see Managing Data Access with Amazon S3 access points in the Amazon S3 User Guide. |\n| GET | /v20180820/accesspoint | This operation is not supported by directory buckets.  Returns a list of the access points that are owned by the current account that's associated with the specified bucket. You can retrieve up to 1000 access points per call. If the specified bucket has more than 1,000 access points (or the number specified in maxResults, whichever is less), the response will include a continuation token that you can use to list the additional access points.  All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section. The following actions are related to ListAccessPoints:    CreateAccessPoint     DeleteAccessPoint     GetAccessPoint |\n| PUT | /v20180820/accesspoint/{name}/policy | This operation is not supported by directory buckets.  Associates an access policy with the specified access point. Each access point can have only one policy, so a request made to this API replaces any existing policy associated with the specified access point.  All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section. The following actions are related to PutAccessPointPolicy:    GetAccessPointPolicy     DeleteAccessPointPolicy |\n\n### Accesspointforobjectlambda\n| Method | Path | Description |\n|--------|------|-------------|\n| PUT | /v20180820/accesspointforobjectlambda/{name} | This operation is not supported by directory buckets.  Creates an Object Lambda Access Point. For more information, see Transforming objects with Object Lambda Access Points in the Amazon S3 User Guide. The following actions are related to CreateAccessPointForObjectLambda:    DeleteAccessPointForObjectLambda     GetAccessPointForObjectLambda     ListAccessPointsForObjectLambda |\n| DELETE | /v20180820/accesspointforobjectlambda/{name} | This operation is not supported by directory buckets.  Deletes the specified Object Lambda Access Point. The following actions are related to DeleteAccessPointForObjectLambda:    CreateAccessPointForObjectLambda     GetAccessPointForObjectLambda     ListAccessPointsForObjectLambda |\n| DELETE | /v20180820/accesspointforobjectlambda/{name}/policy | This operation is not supported by directory buckets.  Removes the resource policy for an Object Lambda Access Point. The following actions are related to DeleteAccessPointPolicyForObjectLambda:    GetAccessPointPolicyForObjectLambda     PutAccessPointPolicyForObjectLambda |\n| GET | /v20180820/accesspointforobjectlambda/{name}/configuration | This operation is not supported by directory buckets.  Returns configuration for an Object Lambda Access Point. The following actions are related to GetAccessPointConfigurationForObjectLambda:    PutAccessPointConfigurationForObjectLambda |\n| GET | /v20180820/accesspointforobjectlambda/{name} | This operation is not supported by directory buckets.  Returns configuration information about the specified Object Lambda Access Point The following actions are related to GetAccessPointForObjectLambda:    CreateAccessPointForObjectLambda     DeleteAccessPointForObjectLambda     ListAccessPointsForObjectLambda |\n| GET | /v20180820/accesspointforobjectlambda/{name}/policy | This operation is not supported by directory buckets.  Returns the resource policy for an Object Lambda Access Point. The following actions are related to GetAccessPointPolicyForObjectLambda:    DeleteAccessPointPolicyForObjectLambda     PutAccessPointPolicyForObjectLambda |\n| GET | /v20180820/accesspointforobjectlambda/{name}/policyStatus | This operation is not supported by directory buckets.  Returns the status of the resource policy associated with an Object Lambda Access Point. |\n| GET | /v20180820/accesspointforobjectlambda | This operation is not supported by directory buckets.  Returns some or all (up to 1,000) access points associated with the Object Lambda Access Point per call. If there are more access points than what can be returned in one call, the response will include a continuation token that you can use to list the additional access points. The following actions are related to ListAccessPointsForObjectLambda:    CreateAccessPointForObjectLambda     DeleteAccessPointForObjectLambda     GetAccessPointForObjectLambda |\n| PUT | /v20180820/accesspointforobjectlambda/{name}/configuration | This operation is not supported by directory buckets.  Replaces configuration for an Object Lambda Access Point. The following actions are related to PutAccessPointConfigurationForObjectLambda:    GetAccessPointConfigurationForObjectLambda |\n| PUT | /v20180820/accesspointforobjectlambda/{name}/policy | This operation is not supported by directory buckets.  Creates or replaces resource policy for an Object Lambda Access Point. For an example policy, see Creating Object Lambda Access Points in the Amazon S3 User Guide. The following actions are related to PutAccessPointPolicyForObjectLambda:    DeleteAccessPointPolicyForObjectLambda     GetAccessPointPolicyForObjectLambda |\n\n### Bucket\n| Method | Path | Description |\n|--------|------|-------------|\n| PUT | /v20180820/bucket/{name} | This action creates an Amazon S3 on Outposts bucket. To create an S3 bucket, see Create Bucket in the Amazon S3 API Reference.   Creates a new Outposts bucket. By creating the bucket, you become the bucket owner. To create an Outposts bucket, you must have S3 on Outposts. For more information, see Using Amazon S3 on Outposts in Amazon S3 User Guide. Not every string is an acceptable bucket name. For information on bucket naming restrictions, see Working with Amazon S3 Buckets. S3 on Outposts buckets support:   Tags   LifecycleConfigurations for deleting expired objects   For a complete list of restrictions and Amazon S3 feature limitations on S3 on Outposts, see  Amazon S3 on Outposts Restrictions and Limitations. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and x-amz-outpost-id in your API request, see the Examples section. The following actions are related to CreateBucket for Amazon S3 on Outposts:    PutObject     GetBucket     DeleteBucket     CreateAccessPoint     PutAccessPointPolicy |\n| DELETE | /v20180820/bucket/{name} | This action deletes an Amazon S3 on Outposts bucket. To delete an S3 bucket, see DeleteBucket in the Amazon S3 API Reference.   Deletes the Amazon S3 on Outposts bucket. All objects (including all object versions and delete markers) in the bucket must be deleted before the bucket itself can be deleted. For more information, see Using Amazon S3 on Outposts in Amazon S3 User Guide. All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.  Related Resources     CreateBucket     GetBucket     DeleteObject |\n| DELETE | /v20180820/bucket/{name}/lifecycleconfiguration | This action deletes an Amazon S3 on Outposts bucket's lifecycle configuration. To delete an S3 bucket's lifecycle configuration, see DeleteBucketLifecycle in the Amazon S3 API Reference.   Deletes the lifecycle configuration from the specified Outposts bucket. Amazon S3 on Outposts removes all the lifecycle configuration rules in the lifecycle subresource associated with the bucket. Your objects never expire, and Amazon S3 on Outposts no longer automatically deletes any objects on the basis of rules contained in the deleted lifecycle configuration. For more information, see Using Amazon S3 on Outposts in Amazon S3 User Guide. To use this operation, you must have permission to perform the s3-outposts:PutLifecycleConfiguration action. By default, the bucket owner has this permission and the Outposts bucket owner can grant this permission to others. All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section. For more information about object expiration, see Elements to Describe Lifecycle Actions. Related actions include:    PutBucketLifecycleConfiguration     GetBucketLifecycleConfiguration |\n| DELETE | /v20180820/bucket/{name}/policy | This action deletes an Amazon S3 on Outposts bucket policy. To delete an S3 bucket policy, see DeleteBucketPolicy in the Amazon S3 API Reference.   This implementation of the DELETE action uses the policy subresource to delete the policy of a specified Amazon S3 on Outposts bucket. If you are using an identity other than the root user of the Amazon Web Services account that owns the bucket, the calling identity must have the s3-outposts:DeleteBucketPolicy permissions on the specified Outposts bucket and belong to the bucket owner's account to use this action. For more information, see Using Amazon S3 on Outposts in Amazon S3 User Guide. If you don't have DeleteBucketPolicy permissions, Amazon S3 returns a 403 Access Denied error. If you have the correct permissions, but you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 405 Method Not Allowed error.   As a security precaution, the root user of the Amazon Web Services account that owns a bucket can always use this action, even if the policy explicitly denies the root user the ability to perform this action.  For more information about bucket policies, see Using Bucket Policies and User Policies.  All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section. The following actions are related to DeleteBucketPolicy:    GetBucketPolicy     PutBucketPolicy |\n| DELETE | /v20180820/bucket/{name}/replication | This operation deletes an Amazon S3 on Outposts bucket's replication configuration. To delete an S3 bucket's replication configuration, see DeleteBucketReplication in the Amazon S3 API Reference.   Deletes the replication configuration from the specified S3 on Outposts bucket. To use this operation, you must have permissions to perform the s3-outposts:PutReplicationConfiguration action. The Outposts bucket owner has this permission by default and can grant it to others. For more information about permissions, see Setting up IAM with S3 on Outposts and Managing access to S3 on Outposts buckets in the Amazon S3 User Guide.  It can take a while to propagate PUT or DELETE requests for a replication configuration to all S3 on Outposts systems. Therefore, the replication configuration that's returned by a GET request soon after a PUT or DELETE request might return a more recent result than what's on the Outpost. If an Outpost is offline, the delay in updating the replication configuration on that Outpost can be significant.  All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section. For information about S3 replication on Outposts configuration, see Replicating objects for S3 on Outposts in the Amazon S3 User Guide. The following operations are related to DeleteBucketReplication:    PutBucketReplication     GetBucketReplication |\n| DELETE | /v20180820/bucket/{name}/tagging | This action deletes an Amazon S3 on Outposts bucket's tags. To delete an S3 bucket tags, see DeleteBucketTagging in the Amazon S3 API Reference.   Deletes the tags from the Outposts bucket. For more information, see Using Amazon S3 on Outposts in Amazon S3 User Guide. To use this action, you must have permission to perform the PutBucketTagging action. By default, the bucket owner has this permission and can grant this permission to others.  All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section. The following actions are related to DeleteBucketTagging:    GetBucketTagging     PutBucketTagging |\n| GET | /v20180820/bucket/{name} | Gets an Amazon S3 on Outposts bucket. For more information, see  Using Amazon S3 on Outposts in the Amazon S3 User Guide. If you are using an identity other than the root user of the Amazon Web Services account that owns the Outposts bucket, the calling identity must have the s3-outposts:GetBucket permissions on the specified Outposts bucket and belong to the Outposts bucket owner's account in order to use this action. Only users from Outposts bucket owner account with the right permissions can perform actions on an Outposts bucket.  If you don't have s3-outposts:GetBucket permissions or you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 403 Access Denied error. The following actions are related to GetBucket for Amazon S3 on Outposts: All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.    PutObject     CreateBucket     DeleteBucket |\n| GET | /v20180820/bucket/{name}/lifecycleconfiguration | This action gets an Amazon S3 on Outposts bucket's lifecycle configuration. To get an S3 bucket's lifecycle configuration, see GetBucketLifecycleConfiguration in the Amazon S3 API Reference.   Returns the lifecycle configuration information set on the Outposts bucket. For more information, see Using Amazon S3 on Outposts and for information about lifecycle configuration, see  Object Lifecycle Management in Amazon S3 User Guide. To use this action, you must have permission to perform the s3-outposts:GetLifecycleConfiguration action. The Outposts bucket owner has this permission, by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources. All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.  GetBucketLifecycleConfiguration has the following special error:   Error code: NoSuchLifecycleConfiguration    Description: The lifecycle configuration does not exist.   HTTP Status Code: 404 Not Found   SOAP Fault Code Prefix: Client     The following actions are related to GetBucketLifecycleConfiguration:    PutBucketLifecycleConfiguration     DeleteBucketLifecycleConfiguration |\n| GET | /v20180820/bucket/{name}/policy | This action gets a bucket policy for an Amazon S3 on Outposts bucket. To get a policy for an S3 bucket, see GetBucketPolicy in the Amazon S3 API Reference.   Returns the policy of a specified Outposts bucket. For more information, see Using Amazon S3 on Outposts in the Amazon S3 User Guide. If you are using an identity other than the root user of the Amazon Web Services account that owns the bucket, the calling identity must have the GetBucketPolicy permissions on the specified bucket and belong to the bucket owner's account in order to use this action. Only users from Outposts bucket owner account with the right permissions can perform actions on an Outposts bucket. If you don't have s3-outposts:GetBucketPolicy permissions or you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 403 Access Denied error.  As a security precaution, the root user of the Amazon Web Services account that owns a bucket can always use this action, even if the policy explicitly denies the root user the ability to perform this action.  For more information about bucket policies, see Using Bucket Policies and User Policies. All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section. The following actions are related to GetBucketPolicy:    GetObject     PutBucketPolicy     DeleteBucketPolicy |\n| GET | /v20180820/bucket/{name}/replication | This operation gets an Amazon S3 on Outposts bucket's replication configuration. To get an S3 bucket's replication configuration, see GetBucketReplication in the Amazon S3 API Reference.   Returns the replication configuration of an S3 on Outposts bucket. For more information about S3 on Outposts, see Using Amazon S3 on Outposts in the Amazon S3 User Guide. For information about S3 replication on Outposts configuration, see Replicating objects for S3 on Outposts in the Amazon S3 User Guide.  It can take a while to propagate PUT or DELETE requests for a replication configuration to all S3 on Outposts systems. Therefore, the replication configuration that's returned by a GET request soon after a PUT or DELETE request might return a more recent result than what's on the Outpost. If an Outpost is offline, the delay in updating the replication configuration on that Outpost can be significant.  This action requires permissions for the s3-outposts:GetReplicationConfiguration action. The Outposts bucket owner has this permission by default and can grant it to others. For more information about permissions, see Setting up IAM with S3 on Outposts and Managing access to S3 on Outposts bucket in the Amazon S3 User Guide. All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section. If you include the Filter element in a replication configuration, you must also include the DeleteMarkerReplication, Status, and Priority elements. The response also returns those elements. For information about S3 on Outposts replication failure reasons, see Replication failure reasons in the Amazon S3 User Guide. The following operations are related to GetBucketReplication:    PutBucketReplication     DeleteBucketReplication |\n| GET | /v20180820/bucket/{name}/tagging | This action gets an Amazon S3 on Outposts bucket's tags. To get an S3 bucket tags, see GetBucketTagging in the Amazon S3 API Reference.   Returns the tag set associated with the Outposts bucket. For more information, see Using Amazon S3 on Outposts in the Amazon S3 User Guide. To use this action, you must have permission to perform the GetBucketTagging action. By default, the bucket owner has this permission and can grant this permission to others.  GetBucketTagging has the following special error:   Error code: NoSuchTagSetError    Description: There is no tag set associated with the bucket.     All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section. The following actions are related to GetBucketTagging:    PutBucketTagging     DeleteBucketTagging |\n| GET | /v20180820/bucket/{name}/versioning | This operation returns the versioning state for S3 on Outposts buckets only. To return the versioning state for an S3 bucket, see GetBucketVersioning in the Amazon S3 API Reference.   Returns the versioning state for an S3 on Outposts bucket. With S3 Versioning, you can save multiple distinct copies of your objects and recover from unintended user actions and application failures. If you've never set versioning on your bucket, it has no versioning state. In that case, the GetBucketVersioning request does not return a versioning state value. For more information about versioning, see Versioning in the Amazon S3 User Guide. All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section. The following operations are related to GetBucketVersioning for S3 on Outposts.    PutBucketVersioning     PutBucketLifecycleConfiguration     GetBucketLifecycleConfiguration |\n| GET | /v20180820/bucket | This operation is not supported by directory buckets.  Returns a list of all Outposts buckets in an Outpost that are owned by the authenticated sender of the request. For more information, see Using Amazon S3 on Outposts in the Amazon S3 User Guide. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and x-amz-outpost-id in your request, see the Examples section. |\n| PUT | /v20180820/bucket/{name}/lifecycleconfiguration | This action puts a lifecycle configuration to an Amazon S3 on Outposts bucket. To put a lifecycle configuration to an S3 bucket, see PutBucketLifecycleConfiguration in the Amazon S3 API Reference.   Creates a new lifecycle configuration for the S3 on Outposts bucket or replaces an existing lifecycle configuration. Outposts buckets only support lifecycle configurations that delete/expire objects after a certain period of time and abort incomplete multipart uploads.  All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section. The following actions are related to PutBucketLifecycleConfiguration:    GetBucketLifecycleConfiguration     DeleteBucketLifecycleConfiguration |\n| PUT | /v20180820/bucket/{name}/policy | This action puts a bucket policy to an Amazon S3 on Outposts bucket. To put a policy on an S3 bucket, see PutBucketPolicy in the Amazon S3 API Reference.   Applies an Amazon S3 bucket policy to an Outposts bucket. For more information, see Using Amazon S3 on Outposts in the Amazon S3 User Guide. If you are using an identity other than the root user of the Amazon Web Services account that owns the Outposts bucket, the calling identity must have the PutBucketPolicy permissions on the specified Outposts bucket and belong to the bucket owner's account in order to use this action. If you don't have PutBucketPolicy permissions, Amazon S3 returns a 403 Access Denied error. If you have the correct permissions, but you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 405 Method Not Allowed error.   As a security precaution, the root user of the Amazon Web Services account that owns a bucket can always use this action, even if the policy explicitly denies the root user the ability to perform this action.   For more information about bucket policies, see Using Bucket Policies and User Policies. All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section. The following actions are related to PutBucketPolicy:    GetBucketPolicy     DeleteBucketPolicy |\n| PUT | /v20180820/bucket/{name}/replication | This action creates an Amazon S3 on Outposts bucket's replication configuration. To create an S3 bucket's replication configuration, see PutBucketReplication in the Amazon S3 API Reference.   Creates a replication configuration or replaces an existing one. For information about S3 replication on Outposts configuration, see Replicating objects for S3 on Outposts in the Amazon S3 User Guide.  It can take a while to propagate PUT or DELETE requests for a replication configuration to all S3 on Outposts systems. Therefore, the replication configuration that's returned by a GET request soon after a PUT or DELETE request might return a more recent result than what's on the Outpost. If an Outpost is offline, the delay in updating the replication configuration on that Outpost can be significant.  Specify the replication configuration in the request body. In the replication configuration, you provide the following information:   The name of the destination bucket or buckets where you want S3 on Outposts to replicate objects   The Identity and Access Management (IAM) role that S3 on Outposts can assume to replicate objects on your behalf   Other relevant information, such as replication rules   A replication configuration must include at least one rule and can contain a maximum of 100. Each rule identifies a subset of objects to replicate by filtering the objects in the source Outposts bucket. To choose additional subsets of objects to replicate, add a rule for each subset. To specify a subset of the objects in the source Outposts bucket to apply a replication rule to, add the Filter element as a child of the Rule element. You can filter objects based on an object key prefix, one or more object tags, or both. When you add the Filter element in the configuration, you must also add the following elements: DeleteMarkerReplication, Status, and Priority. Using PutBucketReplication on Outposts requires that both the source and destination buckets must have versioning enabled. For information about enabling versioning on a bucket, see Managing S3 Versioning for your S3 on Outposts bucket. For information about S3 on Outposts replication failure reasons, see Replication failure reasons in the Amazon S3 User Guide.  Handling Replication of Encrypted Objects  Outposts buckets are encrypted at all times. All the objects in the source Outposts bucket are encrypted and can be replicated. Also, all the replicas in the destination Outposts bucket are encrypted with the same encryption key as the objects in the source Outposts bucket.  Permissions  To create a PutBucketReplication request, you must have s3-outposts:PutReplicationConfiguration permissions for the bucket. The Outposts bucket owner has this permission by default and can grant it to others. For more information about permissions, see Setting up IAM with S3 on Outposts and Managing access to S3 on Outposts buckets.   To perform this operation, the user or role must also have the iam:CreateRole and iam:PassRole permissions. For more information, see Granting a user permissions to pass a role to an Amazon Web Services service.  All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section. The following operations are related to PutBucketReplication:    GetBucketReplication     DeleteBucketReplication |\n| PUT | /v20180820/bucket/{name}/tagging | This action puts tags on an Amazon S3 on Outposts bucket. To put tags on an S3 bucket, see PutBucketTagging in the Amazon S3 API Reference.   Sets the tags for an S3 on Outposts bucket. For more information, see Using Amazon S3 on Outposts in the Amazon S3 User Guide. Use tags to organize your Amazon Web Services bill to reflect your own cost structure. To do this, sign up to get your Amazon Web Services account bill with tag key values included. Then, to see the cost of combined resources, organize your billing information according to resources with the same tag key values. For example, you can tag several resources with a specific application name, and then organize your billing information to see the total cost of that application across several services. For more information, see Cost allocation and tagging.  Within a bucket, if you add a tag that has the same key as an existing tag, the new value overwrites the old value. For more information, see  Using cost allocation in Amazon S3 bucket tags.  To use this action, you must have permissions to perform the s3-outposts:PutBucketTagging action. The Outposts bucket owner has this permission by default and can grant this permission to others. For more information about permissions, see  Permissions Related to Bucket Subresource Operations and Managing access permissions to your Amazon S3 resources.  PutBucketTagging has the following special errors:   Error code: InvalidTagError    Description: The tag provided was not a valid tag. This error can occur if the tag did not pass input validation. For information about tag restrictions, see  User-Defined Tag Restrictions and  Amazon Web Services-Generated Cost Allocation Tag Restrictions.     Error code: MalformedXMLError    Description: The XML provided does not match the schema.     Error code: OperationAbortedError     Description: A conflicting conditional action is currently in progress against this resource. Try again.     Error code: InternalError    Description: The service was unable to apply the provided tag to the bucket.     All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section. The following actions are related to PutBucketTagging:    GetBucketTagging     DeleteBucketTagging |\n| PUT | /v20180820/bucket/{name}/versioning | This operation sets the versioning state for S3 on Outposts buckets only. To set the versioning state for an S3 bucket, see PutBucketVersioning in the Amazon S3 API Reference.   Sets the versioning state for an S3 on Outposts bucket. With S3 Versioning, you can save multiple distinct copies of your objects and recover from unintended user actions and application failures. You can set the versioning state to one of the following:    Enabled - Enables versioning for the objects in the bucket. All objects added to the bucket receive a unique version ID.    Suspended - Suspends versioning for the objects in the bucket. All objects added to the bucket receive the version ID null.   If you've never set versioning on your bucket, it has no versioning state. In that case, a  GetBucketVersioning request does not return a versioning state value. When you enable S3 Versioning, for each object in your bucket, you have a current version and zero or more noncurrent versions. You can configure your bucket S3 Lifecycle rules to expire noncurrent versions after a specified time period. For more information, see  Creating and managing a lifecycle configuration for your S3 on Outposts bucket in the Amazon S3 User Guide. If you have an object expiration lifecycle configuration in your non-versioned bucket and you want to maintain the same permanent delete behavior when you enable versioning, you must add a noncurrent expiration policy. The noncurrent expiration lifecycle configuration will manage the deletes of the noncurrent object versions in the version-enabled bucket. For more information, see Versioning in the Amazon S3 User Guide. All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section. The following operations are related to PutBucketVersioning for S3 on Outposts.    GetBucketVersioning     PutBucketLifecycleConfiguration     GetBucketLifecycleConfiguration |\n\n### Jobs\n| Method | Path | Description |\n|--------|------|-------------|\n| POST | /v20180820/jobs | This operation creates an S3 Batch Operations job. You can use S3 Batch Operations to perform large-scale batch actions on Amazon S3 objects. Batch Operations can run a single action on lists of Amazon S3 objects that you specify. For more information, see S3 Batch Operations in the Amazon S3 User Guide.  Permissions  For information about permissions required to use the Batch Operations, see Granting permissions for S3 Batch Operations in the Amazon S3 User Guide.    Related actions include:    DescribeJob     ListJobs     UpdateJobPriority     UpdateJobStatus     JobOperation |\n| DELETE | /v20180820/jobs/{id}/tagging | Removes the entire tag set from the specified S3 Batch Operations job.  Permissions  To use the DeleteJobTagging operation, you must have permission to perform the s3:DeleteJobTagging action. For more information, see Controlling access and labeling jobs using tags in the Amazon S3 User Guide.   Related actions include:    CreateJob     GetJobTagging     PutJobTagging |\n| GET | /v20180820/jobs/{id} | Retrieves the configuration parameters and status for a Batch Operations job. For more information, see S3 Batch Operations in the Amazon S3 User Guide.  Permissions  To use the DescribeJob operation, you must have permission to perform the s3:DescribeJob action.   Related actions include:    CreateJob     ListJobs     UpdateJobPriority     UpdateJobStatus |\n| GET | /v20180820/jobs/{id}/tagging | Returns the tags on an S3 Batch Operations job.   Permissions  To use the GetJobTagging operation, you must have permission to perform the s3:GetJobTagging action. For more information, see Controlling access and labeling jobs using tags in the Amazon S3 User Guide.   Related actions include:    CreateJob     PutJobTagging     DeleteJobTagging |\n| GET | /v20180820/jobs | Lists current S3 Batch Operations jobs as well as the jobs that have ended within the last 90 days for the Amazon Web Services account making the request. For more information, see S3 Batch Operations in the Amazon S3 User Guide.  Permissions  To use the ListJobs operation, you must have permission to perform the s3:ListJobs action.   Related actions include:     CreateJob     DescribeJob     UpdateJobPriority     UpdateJobStatus |\n| PUT | /v20180820/jobs/{id}/tagging | Sets the supplied tag-set on an S3 Batch Operations job. A tag is a key-value pair. You can associate S3 Batch Operations tags with any job by sending a PUT request against the tagging subresource that is associated with the job. To modify the existing tag set, you can either replace the existing tag set entirely, or make changes within the existing tag set by retrieving the existing tag set using GetJobTagging, modify that tag set, and use this operation to replace the tag set with the one you modified. For more information, see Controlling access and labeling jobs using tags in the Amazon S3 User Guide.     If you send this request with an empty tag set, Amazon S3 deletes the existing tag set on the Batch Operations job. If you use this method, you are charged for a Tier 1 Request (PUT). For more information, see Amazon S3 pricing.   For deleting existing tags for your Batch Operations job, a DeleteJobTagging request is preferred because it achieves the same result without incurring charges.   A few things to consider about using tags:   Amazon S3 limits the maximum number of tags to 50 tags per job.   You can associate up to 50 tags with a job as long as they have unique tag keys.   A tag key can be up to 128 Unicode characters in length, and tag values can be up to 256 Unicode characters in length.   The key and values are case sensitive.   For tagging-related restrictions related to characters and encodings, see User-Defined Tag Restrictions in the Billing and Cost Management User Guide.       Permissions  To use the PutJobTagging operation, you must have permission to perform the s3:PutJobTagging action.   Related actions include:    CreateJob     GetJobTagging     DeleteJobTagging |\n| POST | /v20180820/jobs/{id}/priority | Updates an existing S3 Batch Operations job's priority. For more information, see S3 Batch Operations in the Amazon S3 User Guide.  Permissions  To use the UpdateJobPriority operation, you must have permission to perform the s3:UpdateJobPriority action.   Related actions include:    CreateJob     ListJobs     DescribeJob     UpdateJobStatus |\n| POST | /v20180820/jobs/{id}/status | Updates the status for the specified job. Use this operation to confirm that you want to run a job or to cancel an existing job. For more information, see S3 Batch Operations in the Amazon S3 User Guide.  Permissions  To use the UpdateJobStatus operation, you must have permission to perform the s3:UpdateJobStatus action.   Related actions include:    CreateJob     ListJobs     DescribeJob     UpdateJobStatus |\n\n### Async-requests\n| Method | Path | Description |\n|--------|------|-------------|\n| POST | /v20180820/async-requests/mrap/create | This operation is not supported by directory buckets.  Creates a Multi-Region Access Point and associates it with the specified buckets. For more information about creating Multi-Region Access Points, see Creating Multi-Region Access Points in the Amazon S3 User Guide. This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around working with Multi-Region Access Points, see Multi-Region Access Point restrictions and limitations in the Amazon S3 User Guide. This request is asynchronous, meaning that you might receive a response before the command has completed. When this request provides a response, it provides a token that you can use to monitor the status of the request with DescribeMultiRegionAccessPointOperation. The following actions are related to CreateMultiRegionAccessPoint:    DeleteMultiRegionAccessPoint     DescribeMultiRegionAccessPointOperation     GetMultiRegionAccessPoint     ListMultiRegionAccessPoints |\n| POST | /v20180820/async-requests/mrap/delete | This operation is not supported by directory buckets.  Deletes a Multi-Region Access Point. This action does not delete the buckets associated with the Multi-Region Access Point, only the Multi-Region Access Point itself. This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around working with Multi-Region Access Points, see Multi-Region Access Point restrictions and limitations in the Amazon S3 User Guide. This request is asynchronous, meaning that you might receive a response before the command has completed. When this request provides a response, it provides a token that you can use to monitor the status of the request with DescribeMultiRegionAccessPointOperation. The following actions are related to DeleteMultiRegionAccessPoint:    CreateMultiRegionAccessPoint     DescribeMultiRegionAccessPointOperation     GetMultiRegionAccessPoint     ListMultiRegionAccessPoints |\n| GET | /v20180820/async-requests/mrap/{request_token+} | This operation is not supported by directory buckets.  Retrieves the status of an asynchronous request to manage a Multi-Region Access Point. For more information about managing Multi-Region Access Points and how asynchronous requests work, see Using Multi-Region Access Points in the Amazon S3 User Guide. The following actions are related to GetMultiRegionAccessPoint:    CreateMultiRegionAccessPoint     DeleteMultiRegionAccessPoint     GetMultiRegionAccessPoint     ListMultiRegionAccessPoints |\n| POST | /v20180820/async-requests/mrap/put-policy | This operation is not supported by directory buckets.  Associates an access control policy with the specified Multi-Region Access Point. Each Multi-Region Access Point can have only one policy, so a request made to this action replaces any existing policy that is associated with the specified Multi-Region Access Point. This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around working with Multi-Region Access Points, see Multi-Region Access Point restrictions and limitations in the Amazon S3 User Guide. The following actions are related to PutMultiRegionAccessPointPolicy:    GetMultiRegionAccessPointPolicy     GetMultiRegionAccessPointPolicyStatus |\n\n### Storagelensgroup\n| Method | Path | Description |\n|--------|------|-------------|\n| POST | /v20180820/storagelensgroup | Creates a new S3 Storage Lens group and associates it with the specified Amazon Web Services account ID. An S3 Storage Lens group is a custom grouping of objects based on prefix, suffix, object tags, object size, object age, or a combination of these filters. For each Storage Lens group that you’ve created, you can also optionally add Amazon Web Services resource tags. For more information about S3 Storage Lens groups, see Working with S3 Storage Lens groups. To use this operation, you must have the permission to perform the s3:CreateStorageLensGroup action. If you’re trying to create a Storage Lens group with Amazon Web Services resource tags, you must also have permission to perform the s3:TagResource action. For more information about the required Storage Lens Groups permissions, see Setting account permissions to use S3 Storage Lens groups. For information about Storage Lens groups errors, see List of Amazon S3 Storage Lens error codes. |\n| DELETE | /v20180820/storagelensgroup/{name} | Deletes an existing S3 Storage Lens group. To use this operation, you must have the permission to perform the s3:DeleteStorageLensGroup action. For more information about the required Storage Lens Groups permissions, see Setting account permissions to use S3 Storage Lens groups. For information about Storage Lens groups errors, see List of Amazon S3 Storage Lens error codes. |\n| GET | /v20180820/storagelensgroup/{name} | Retrieves the Storage Lens group configuration details. To use this operation, you must have the permission to perform the s3:GetStorageLensGroup action. For more information about the required Storage Lens Groups permissions, see Setting account permissions to use S3 Storage Lens groups. For information about Storage Lens groups errors, see List of Amazon S3 Storage Lens error codes. |\n| GET | /v20180820/storagelensgroup | Lists all the Storage Lens groups in the specified home Region.  To use this operation, you must have the permission to perform the s3:ListStorageLensGroups action. For more information about the required Storage Lens Groups permissions, see Setting account permissions to use S3 Storage Lens groups. For information about Storage Lens groups errors, see List of Amazon S3 Storage Lens error codes. |\n| PUT | /v20180820/storagelensgroup/{name} | Updates the existing Storage Lens group. To use this operation, you must have the permission to perform the s3:UpdateStorageLensGroup action. For more information about the required Storage Lens Groups permissions, see Setting account permissions to use S3 Storage Lens groups. For information about Storage Lens groups errors, see List of Amazon S3 Storage Lens error codes. |\n\n### Configuration\n| Method | Path | Description |\n|--------|------|-------------|\n| DELETE | /v20180820/configuration/publicAccessBlock | This operation is not supported by directory buckets.  Removes the PublicAccessBlock configuration for an Amazon Web Services account. For more information, see  Using Amazon S3 block public access. Related actions include:    GetPublicAccessBlock     PutPublicAccessBlock |\n| GET | /v20180820/configuration/publicAccessBlock | This operation is not supported by directory buckets.  Retrieves the PublicAccessBlock configuration for an Amazon Web Services account. For more information, see  Using Amazon S3 block public access. Related actions include:    DeletePublicAccessBlock     PutPublicAccessBlock |\n| PUT | /v20180820/configuration/publicAccessBlock | This operation is not supported by directory buckets.  Creates or modifies the PublicAccessBlock configuration for an Amazon Web Services account. For this operation, users must have the s3:PutAccountPublicAccessBlock permission. For more information, see  Using Amazon S3 block public access. Related actions include:    GetPublicAccessBlock     DeletePublicAccessBlock |\n\n### Storagelens\n| Method | Path | Description |\n|--------|------|-------------|\n| DELETE | /v20180820/storagelens/{storagelensid} | This operation is not supported by directory buckets.  Deletes the Amazon S3 Storage Lens configuration. For more information about S3 Storage Lens, see Assessing your storage activity and usage with Amazon S3 Storage Lens  in the Amazon S3 User Guide.  To use this action, you must have permission to perform the s3:DeleteStorageLensConfiguration action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon S3 User Guide. |\n| DELETE | /v20180820/storagelens/{storagelensid}/tagging | This operation is not supported by directory buckets.  Deletes the Amazon S3 Storage Lens configuration tags. For more information about S3 Storage Lens, see Assessing your storage activity and usage with Amazon S3 Storage Lens  in the Amazon S3 User Guide.  To use this action, you must have permission to perform the s3:DeleteStorageLensConfigurationTagging action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon S3 User Guide. |\n| GET | /v20180820/storagelens/{storagelensid} | This operation is not supported by directory buckets.  Gets the Amazon S3 Storage Lens configuration. For more information, see Assessing your storage activity and usage with Amazon S3 Storage Lens  in the Amazon S3 User Guide. For a complete list of S3 Storage Lens metrics, see S3 Storage Lens metrics glossary in the Amazon S3 User Guide.  To use this action, you must have permission to perform the s3:GetStorageLensConfiguration action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon S3 User Guide. |\n| GET | /v20180820/storagelens/{storagelensid}/tagging | This operation is not supported by directory buckets.  Gets the tags of Amazon S3 Storage Lens configuration. For more information about S3 Storage Lens, see Assessing your storage activity and usage with Amazon S3 Storage Lens  in the Amazon S3 User Guide.  To use this action, you must have permission to perform the s3:GetStorageLensConfigurationTagging action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon S3 User Guide. |\n| GET | /v20180820/storagelens | This operation is not supported by directory buckets.  Gets a list of Amazon S3 Storage Lens configurations. For more information about S3 Storage Lens, see Assessing your storage activity and usage with Amazon S3 Storage Lens  in the Amazon S3 User Guide.  To use this action, you must have permission to perform the s3:ListStorageLensConfigurations action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon S3 User Guide. |\n| PUT | /v20180820/storagelens/{storagelensid} | This operation is not supported by directory buckets.  Puts an Amazon S3 Storage Lens configuration. For more information about S3 Storage Lens, see Working with Amazon S3 Storage Lens in the Amazon S3 User Guide. For a complete list of S3 Storage Lens metrics, see S3 Storage Lens metrics glossary in the Amazon S3 User Guide.  To use this action, you must have permission to perform the s3:PutStorageLensConfiguration action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon S3 User Guide. |\n| PUT | /v20180820/storagelens/{storagelensid}/tagging | This operation is not supported by directory buckets.  Put or replace tags on an existing Amazon S3 Storage Lens configuration. For more information about S3 Storage Lens, see Assessing your storage activity and usage with Amazon S3 Storage Lens  in the Amazon S3 User Guide.  To use this action, you must have permission to perform the s3:PutStorageLensConfigurationTagging action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon S3 User Guide. |\n\n### Mrap\n| Method | Path | Description |\n|--------|------|-------------|\n| GET | /v20180820/mrap/instances/{name+} | This operation is not supported by directory buckets.  Returns configuration information about the specified Multi-Region Access Point. This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around working with Multi-Region Access Points, see Multi-Region Access Point restrictions and limitations in the Amazon S3 User Guide. The following actions are related to GetMultiRegionAccessPoint:    CreateMultiRegionAccessPoint     DeleteMultiRegionAccessPoint     DescribeMultiRegionAccessPointOperation     ListMultiRegionAccessPoints |\n| GET | /v20180820/mrap/instances/{name+}/policy | This operation is not supported by directory buckets.  Returns the access control policy of the specified Multi-Region Access Point. This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around working with Multi-Region Access Points, see Multi-Region Access Point restrictions and limitations in the Amazon S3 User Guide. The following actions are related to GetMultiRegionAccessPointPolicy:    GetMultiRegionAccessPointPolicyStatus     PutMultiRegionAccessPointPolicy |\n| GET | /v20180820/mrap/instances/{name+}/policystatus | This operation is not supported by directory buckets.  Indicates whether the specified Multi-Region Access Point has an access control policy that allows public access. This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around working with Multi-Region Access Points, see Multi-Region Access Point restrictions and limitations in the Amazon S3 User Guide. The following actions are related to GetMultiRegionAccessPointPolicyStatus:    GetMultiRegionAccessPointPolicy     PutMultiRegionAccessPointPolicy |\n| GET | /v20180820/mrap/instances/{mrap+}/routes | This operation is not supported by directory buckets.  Returns the routing configuration for a Multi-Region Access Point, indicating which Regions are active or passive. To obtain routing control changes and failover requests, use the Amazon S3 failover control infrastructure endpoints in these five Amazon Web Services Regions:    us-east-1     us-west-2     ap-southeast-2     ap-northeast-1     eu-west-1 |\n| GET | /v20180820/mrap/instances | This operation is not supported by directory buckets.  Returns a list of the Multi-Region Access Points currently associated with the specified Amazon Web Services account. Each call can return up to 100 Multi-Region Access Points, the maximum number of Multi-Region Access Points that can be associated with a single account. This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around working with Multi-Region Access Points, see Multi-Region Access Point restrictions and limitations in the Amazon S3 User Guide. The following actions are related to ListMultiRegionAccessPoint:    CreateMultiRegionAccessPoint     DeleteMultiRegionAccessPoint     DescribeMultiRegionAccessPointOperation     GetMultiRegionAccessPoint |\n| PATCH | /v20180820/mrap/instances/{mrap+}/routes | This operation is not supported by directory buckets.  Submits an updated route configuration for a Multi-Region Access Point. This API operation updates the routing status for the specified Regions from active to passive, or from passive to active. A value of 0 indicates a passive status, which means that traffic won't be routed to the specified Region. A value of 100 indicates an active status, which means that traffic will be routed to the specified Region. At least one Region must be active at all times. When the routing configuration is changed, any in-progress operations (uploads, copies, deletes, and so on) to formerly active Regions will continue to run to their final completion state (success or failure). The routing configurations of any Regions that aren’t specified remain unchanged.  Updated routing configurations might not be immediately applied. It can take up to 2 minutes for your changes to take effect.  To submit routing control changes and failover requests, use the Amazon S3 failover control infrastructure endpoints in these five Amazon Web Services Regions:    us-east-1     us-west-2     ap-southeast-2     ap-northeast-1     eu-west-1 |\n\n### Accessgrantsinstances\n| Method | Path | Description |\n|--------|------|-------------|\n| GET | /v20180820/accessgrantsinstances | Returns a list of S3 Access Grants instances. An S3 Access Grants instance serves as a logical grouping for your individual access grants. You can only have one S3 Access Grants instance per Region per account.  Permissions  You must have the s3:ListAccessGrantsInstances permission to use this operation. |\n\n### Tags\n| Method | Path | Description |\n|--------|------|-------------|\n| GET | /v20180820/tags/{resourceArn+} | This operation allows you to list all the Amazon Web Services resource tags for a specified resource. Each tag is a label consisting of a user-defined key and value. Tags can help you manage, identify, organize, search for, and filter resources.   Permissions  You must have the s3:ListTagsForResource permission to use this operation.     This operation is only supported for S3 Storage Lens groups and for S3 Access Grants. The tagged resource can be an S3 Storage Lens group or S3 Access Grants instance, registered location, or grant.   For more information about the required Storage Lens Groups permissions, see Setting account permissions to use S3 Storage Lens groups. For information about S3 Tagging errors, see List of Amazon S3 Tagging error codes. |\n| POST | /v20180820/tags/{resourceArn+} | Creates a new Amazon Web Services resource tag or updates an existing resource tag. Each tag is a label consisting of a user-defined key and value. Tags can help you manage, identify, organize, search for, and filter resources. You can add up to 50 Amazon Web Services resource tags for each S3 resource.   This operation is only supported for S3 Storage Lens groups and for S3 Access Grants. The tagged resource can be an S3 Storage Lens group or S3 Access Grants instance, registered location, or grant.    Permissions  You must have the s3:TagResource permission to use this operation.    For more information about the required Storage Lens Groups permissions, see Setting account permissions to use S3 Storage Lens groups. For information about S3 Tagging errors, see List of Amazon S3 Tagging error codes. |\n| DELETE | /v20180820/tags/{resourceArn+} | This operation removes the specified Amazon Web Services resource tags from an S3 resource. Each tag is a label consisting of a user-defined key and value. Tags can help you manage, identify, organize, search for, and filter resources.   This operation is only supported for S3 Storage Lens groups and for S3 Access Grants. The tagged resource can be an S3 Storage Lens group or S3 Access Grants instance, registered location, or grant.    Permissions  You must have the s3:UntagResource permission to use this operation.    For more information about the required Storage Lens Groups permissions, see Setting account permissions to use S3 Storage Lens groups. For information about S3 Tagging errors, see List of Amazon S3 Tagging error codes. |\n\n## Common Questions\nMatch user requests to endpoints in references/api-spec.lap. Key patterns:\n- \"Create a identitycenter?\" -> POST /v20180820/accessgrantsinstance/identitycenter\n- \"Create a grant?\" -> POST /v20180820/accessgrantsinstance/grant\n- \"Create a accessgrantsinstance?\" -> POST /v20180820/accessgrantsinstance\n- \"Create a location?\" -> POST /v20180820/accessgrantsinstance/location\n- \"Update a accesspoint?\" -> PUT /v20180820/accesspoint/{name}\n- \"Update a accesspointforobjectlambda?\" -> PUT /v20180820/accesspointforobjectlambda/{name}\n- \"Update a bucket?\" -> PUT /v20180820/bucket/{name}\n- \"Create a job?\" -> POST /v20180820/jobs\n- \"Create a create?\" -> POST /v20180820/async-requests/mrap/create\n- \"Create a storagelensgroup?\" -> POST /v20180820/storagelensgroup\n- \"Delete a grant?\" -> DELETE /v20180820/accessgrantsinstance/grant/{id}\n- \"Delete a location?\" -> DELETE /v20180820/accessgrantsinstance/location/{id}\n- \"Delete a accesspoint?\" -> DELETE /v20180820/accesspoint/{name}\n- \"Delete a accesspointforobjectlambda?\" -> DELETE /v20180820/accesspointforobjectlambda/{name}\n- \"Delete a bucket?\" -> DELETE /v20180820/bucket/{name}\n- \"Create a delete?\" -> POST /v20180820/async-requests/mrap/delete\n- \"Delete a storagelen?\" -> DELETE /v20180820/storagelens/{storagelensid}\n- \"Delete a storagelensgroup?\" -> DELETE /v20180820/storagelensgroup/{name}\n- \"Get job details?\" -> GET /v20180820/jobs/{id}\n- \"Get mrap details?\" -> GET /v20180820/async-requests/mrap/{request_token+}\n- \"Get grant details?\" -> GET /v20180820/accessgrantsinstance/grant/{id}\n- \"List all accessgrantsinstance?\" -> GET /v20180820/accessgrantsinstance\n- \"List all prefix?\" -> GET /v20180820/accessgrantsinstance/prefix\n- \"List all resourcepolicy?\" -> GET /v20180820/accessgrantsinstance/resourcepolicy\n- \"Get location details?\" -> GET /v20180820/accessgrantsinstance/location/{id}\n- \"Get accesspoint details?\" -> GET /v20180820/accesspoint/{name}\n- \"List all configuration?\" -> GET /v20180820/accesspointforobjectlambda/{name}/configuration\n- \"Get accesspointforobjectlambda details?\" -> GET /v20180820/accesspointforobjectlambda/{name}\n- \"List all policy?\" -> GET /v20180820/accesspoint/{name}/policy\n- \"List all policyStatus?\" -> GET /v20180820/accesspoint/{name}/policyStatus\n- \"Get bucket details?\" -> GET /v20180820/bucket/{name}\n- \"List all lifecycleconfiguration?\" -> GET /v20180820/bucket/{name}/lifecycleconfiguration\n- \"List all replication?\" -> GET /v20180820/bucket/{name}/replication\n- \"List all tagging?\" -> GET /v20180820/bucket/{name}/tagging\n- \"List all versioning?\" -> GET /v20180820/bucket/{name}/versioning\n- \"List all dataaccess?\" -> GET /v20180820/accessgrantsinstance/dataaccess\n- \"Get instance details?\" -> GET /v20180820/mrap/instances/{name+}\n- \"List all policystatus?\" -> GET /v20180820/mrap/instances/{name+}/policystatus\n- \"List all routes?\" -> GET /v20180820/mrap/instances/{mrap+}/routes\n- \"List all publicAccessBlock?\" -> GET /v20180820/configuration/publicAccessBlock\n- \"Get storagelen details?\" -> GET /v20180820/storagelens/{storagelensid}\n- \"Get storagelensgroup details?\" -> GET /v20180820/storagelensgroup/{name}\n- \"List all grants?\" -> GET /v20180820/accessgrantsinstance/grants\n- \"List all accessgrantsinstances?\" -> GET /v20180820/accessgrantsinstances\n- \"List all locations?\" -> GET /v20180820/accessgrantsinstance/locations\n- \"List all accesspoint?\" -> GET /v20180820/accesspoint\n- \"List all accesspointforobjectlambda?\" -> GET /v20180820/accesspointforobjectlambda\n- \"List all jobs?\" -> GET /v20180820/jobs\n- \"List all instances?\" -> GET /v20180820/mrap/instances\n- \"List all bucket?\" -> GET /v20180820/bucket\n- \"List all storagelens?\" -> GET /v20180820/storagelens\n- \"List all storagelensgroup?\" -> GET /v20180820/storagelensgroup\n- \"Get tag details?\" -> GET /v20180820/tags/{resourceArn+}\n- \"Create a put-policy?\" -> POST /v20180820/async-requests/mrap/put-policy\n- \"Update a storagelen?\" -> PUT /v20180820/storagelens/{storagelensid}\n- \"Delete a tag?\" -> DELETE /v20180820/tags/{resourceArn+}\n- \"Update a location?\" -> PUT /v20180820/accessgrantsinstance/location/{id}\n- \"Create a priority?\" -> POST /v20180820/jobs/{id}/priority\n- \"Create a status?\" -> POST /v20180820/jobs/{id}/status\n- \"Update a storagelensgroup?\" -> PUT /v20180820/storagelensgroup/{name}\n- \"How to authenticate?\" -> See Auth section above\n\n## Response Tips\n- Check response schemas in references/api-spec.lap for field details\n- Create/update endpoints return the modified resource on success\n\n## References\n- Full spec: See references/api-spec.lap for complete endpoint details, parameter tables, and response schemas\n\n> Generated from the official API spec by [LAP](https://lap.sh)\n","references/api-spec.lap":"@lap v0.3\n# Machine-readable API spec. Each @endpoint block is one API call.\n@api AWS S3 Control\n@version 2018-08-20\n@auth AWS SigV4\n@endpoints 93\n@hint download_for_search\n@toc accessgrantsinstance(20), accesspoint(8), accesspointforobjectlambda(10), bucket(18), jobs(8), async-requests(4), storagelensgroup(5), configuration(3), storagelens(7), mrap(6), accessgrantsinstances(1), tags(3)\n\n@group accessgrantsinstance\n@endpoint POST /v20180820/accessgrantsinstance/identitycenter\n@desc Associate your S3 Access Grants instance with an Amazon Web Services IAM Identity Center instance. Use this action if you want to create access grants for users or groups from your corporate identity directory. First, you must add your corporate identity directory to Amazon Web Services IAM Identity Center. Then, you can associate this IAM Identity Center instance with your S3 Access Grants instance.  Permissions  You must have the s3:AssociateAccessGrantsIdentityCenter permission to use this operation.   Additional Permissions  You must also have the following permissions: sso:CreateApplication, sso:PutApplicationGrant, and sso:PutApplicationAuthenticationMethod.\n@required {x-amz-account-id: str, IdentityCenterArn: str}\n\n@endpoint POST /v20180820/accessgrantsinstance/grant\n@desc Creates an access grant that gives a grantee access to your S3 data. The grantee can be an IAM user or role or a directory user, or group. Before you can create a grant, you must have an S3 Access Grants instance in the same Region as the S3 data. You can create an S3 Access Grants instance using the CreateAccessGrantsInstance. You must also have registered at least one S3 data location in your S3 Access Grants instance using CreateAccessGrantsLocation.   Permissions  You must have the s3:CreateAccessGrant permission to use this operation.   Additional Permissions  For any directory identity - sso:DescribeInstance and sso:DescribeApplication  For directory users - identitystore:DescribeUser  For directory groups - identitystore:DescribeGroup\n@required {x-amz-account-id: str, AccessGrantsLocationId: str, Grantee: Grantee, Permission: str}\n@optional {AccessGrantsLocationConfiguration: AccessGrantsLocationConfiguration, ApplicationArn: str, S3PrefixType: str, Tags: [Tag]}\n@returns(200) {CreatedAt: str(timestamp)?, AccessGrantId: str?, AccessGrantArn: str?, Grantee: Grantee?{GranteeType: str?, GranteeIdentifier: str?}, AccessGrantsLocationId: str?, AccessGrantsLocationConfiguration: AccessGrantsLocationConfiguration?{S3SubPrefix: str?}, Permission: str?, ApplicationArn: str?, GrantScope: str?}\n\n@endpoint POST /v20180820/accessgrantsinstance\n@desc Creates an S3 Access Grants instance, which serves as a logical grouping for access grants. You can create one S3 Access Grants instance per Region per account.   Permissions  You must have the s3:CreateAccessGrantsInstance permission to use this operation.   Additional Permissions  To associate an IAM Identity Center instance with your S3 Access Grants instance, you must also have the sso:DescribeInstance, sso:CreateApplication, sso:PutApplicationGrant, and sso:PutApplicationAuthenticationMethod permissions.\n@required {x-amz-account-id: str}\n@optional {IdentityCenterArn: str, Tags: [Tag]}\n@returns(200) {CreatedAt: str(timestamp)?, AccessGrantsInstanceId: str?, AccessGrantsInstanceArn: str?, IdentityCenterArn: str?, IdentityCenterInstanceArn: str?, IdentityCenterApplicationArn: str?}\n\n@endpoint POST /v20180820/accessgrantsinstance/location\n@desc The S3 data location that you would like to register in your S3 Access Grants instance. Your S3 data must be in the same Region as your S3 Access Grants instance. The location can be one of the following:    The default S3 location s3://    A bucket - S3://    A bucket and prefix - S3:///    When you register a location, you must include the IAM role that has permission to manage the S3 location that you are registering. Give S3 Access Grants permission to assume this role using a policy. S3 Access Grants assumes this role to manage access to the location and to vend temporary credentials to grantees or client applications.   Permissions  You must have the s3:CreateAccessGrantsLocation permission to use this operation.   Additional Permissions  You must also have the following permission for the specified IAM role: iam:PassRole\n@required {x-amz-account-id: str, LocationScope: str, IAMRoleArn: str}\n@optional {Tags: [Tag]}\n@returns(200) {CreatedAt: str(timestamp)?, AccessGrantsLocationId: str?, AccessGrantsLocationArn: str?, LocationScope: str?, IAMRoleArn: str?}\n\n@endgroup\n\n@group accesspoint\n@endpoint PUT /v20180820/accesspoint/{name}\n@desc This operation is not supported by directory buckets.  Creates an access point and associates it with the specified bucket. For more information, see Managing Data Access with Amazon S3 Access Points in the Amazon S3 User Guide.   S3 on Outposts only supports VPC-style access points.  For more information, see  Accessing Amazon S3 on Outposts using virtual private cloud (VPC) only access points in the Amazon S3 User Guide.  All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.  The following actions are related to CreateAccessPoint:    GetAccessPoint     DeleteAccessPoint     ListAccessPoints\n@required {x-amz-account-id: str, Name: str, Bucket: str}\n@optional {VpcConfiguration: VpcConfiguration, PublicAccessBlockConfiguration: PublicAccessBlockConfiguration, BucketAccountId: str}\n@returns(200) {AccessPointArn: str?, Alias: str?}\n\n@endgroup\n\n@group accesspointforobjectlambda\n@endpoint PUT /v20180820/accesspointforobjectlambda/{name}\n@desc This operation is not supported by directory buckets.  Creates an Object Lambda Access Point. For more information, see Transforming objects with Object Lambda Access Points in the Amazon S3 User Guide. The following actions are related to CreateAccessPointForObjectLambda:    DeleteAccessPointForObjectLambda     GetAccessPointForObjectLambda     ListAccessPointsForObjectLambda\n@required {x-amz-account-id: str, Name: str, Configuration: ObjectLambdaConfiguration}\n@returns(200) {ObjectLambdaAccessPointArn: str?, Alias: ObjectLambdaAccessPointAlias?{Value: str?, Status: str?}}\n\n@endgroup\n\n@group bucket\n@endpoint PUT /v20180820/bucket/{name}\n@desc This action creates an Amazon S3 on Outposts bucket. To create an S3 bucket, see Create Bucket in the Amazon S3 API Reference.   Creates a new Outposts bucket. By creating the bucket, you become the bucket owner. To create an Outposts bucket, you must have S3 on Outposts. For more information, see Using Amazon S3 on Outposts in Amazon S3 User Guide. Not every string is an acceptable bucket name. For information on bucket naming restrictions, see Working with Amazon S3 Buckets. S3 on Outposts buckets support:   Tags   LifecycleConfigurations for deleting expired objects   For a complete list of restrictions and Amazon S3 feature limitations on S3 on Outposts, see  Amazon S3 on Outposts Restrictions and Limitations. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and x-amz-outpost-id in your API request, see the Examples section. The following actions are related to CreateBucket for Amazon S3 on Outposts:    PutObject     GetBucket     DeleteBucket     CreateAccessPoint     PutAccessPointPolicy\n@required {Bucket: str}\n@optional {x-amz-acl: str, x-amz-grant-full-control: str, x-amz-grant-read: str, x-amz-grant-read-acp: str, x-amz-grant-write: str, x-amz-grant-write-acp: str, x-amz-bucket-object-lock-enabled: bool, x-amz-outpost-id: str, CreateBucketConfiguration: CreateBucketConfiguration}\n@returns(200) {Location: str?, BucketArn: str?}\n\n@endgroup\n\n@group jobs\n@endpoint POST /v20180820/jobs\n@desc This operation creates an S3 Batch Operations job. You can use S3 Batch Operations to perform large-scale batch actions on Amazon S3 objects. Batch Operations can run a single action on lists of Amazon S3 objects that you specify. For more information, see S3 Batch Operations in the Amazon S3 User Guide.  Permissions  For information about permissions required to use the Batch Operations, see Granting permissions for S3 Batch Operations in the Amazon S3 User Guide.    Related actions include:    DescribeJob     ListJobs     UpdateJobPriority     UpdateJobStatus     JobOperation\n@required {x-amz-account-id: str, Operation: JobOperation, Report: JobReport, ClientRequestToken: str, Priority: int, RoleArn: str}\n@optional {ConfirmationRequired: bool, Manifest: JobManifest, Description: str, Tags: [S3Tag], ManifestGenerator: JobManifestGenerator}\n@returns(200) {JobId: str?}\n\n@endgroup\n\n@group async-requests\n@endpoint POST /v20180820/async-requests/mrap/create\n@desc This operation is not supported by directory buckets.  Creates a Multi-Region Access Point and associates it with the specified buckets. For more information about creating Multi-Region Access Points, see Creating Multi-Region Access Points in the Amazon S3 User Guide. This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around working with Multi-Region Access Points, see Multi-Region Access Point restrictions and limitations in the Amazon S3 User Guide. This request is asynchronous, meaning that you might receive a response before the command has completed. When this request provides a response, it provides a token that you can use to monitor the status of the request with DescribeMultiRegionAccessPointOperation. The following actions are related to CreateMultiRegionAccessPoint:    DeleteMultiRegionAccessPoint     DescribeMultiRegionAccessPointOperation     GetMultiRegionAccessPoint     ListMultiRegionAccessPoints\n@required {x-amz-account-id: str, ClientToken: str, Details: CreateMultiRegionAccessPointInput}\n@returns(200) {RequestTokenARN: str?}\n\n@endgroup\n\n@group storagelensgroup\n@endpoint POST /v20180820/storagelensgroup\n@desc Creates a new S3 Storage Lens group and associates it with the specified Amazon Web Services account ID. An S3 Storage Lens group is a custom grouping of objects based on prefix, suffix, object tags, object size, object age, or a combination of these filters. For each Storage Lens group that you’ve created, you can also optionally add Amazon Web Services resource tags. For more information about S3 Storage Lens groups, see Working with S3 Storage Lens groups. To use this operation, you must have the permission to perform the s3:CreateStorageLensGroup action. If you’re trying to create a Storage Lens group with Amazon Web Services resource tags, you must also have permission to perform the s3:TagResource action. For more information about the required Storage Lens Groups permissions, see Setting account permissions to use S3 Storage Lens groups. For information about Storage Lens groups errors, see List of Amazon S3 Storage Lens error codes.\n@required {x-amz-account-id: str, StorageLensGroup: StorageLensGroup}\n@optional {Tags: [Tag]}\n\n@endgroup\n\n@group accessgrantsinstance\n@endpoint DELETE /v20180820/accessgrantsinstance/grant/{id}\n@desc Deletes the access grant from the S3 Access Grants instance. You cannot undo an access grant deletion and the grantee will no longer have access to the S3 data.  Permissions  You must have the s3:DeleteAccessGrant permission to use this operation.\n@required {x-amz-account-id: str, AccessGrantId: str}\n\n@endpoint DELETE /v20180820/accessgrantsinstance\n@desc Deletes your S3 Access Grants instance. You must first delete the access grants and locations before S3 Access Grants can delete the instance. See DeleteAccessGrant and DeleteAccessGrantsLocation. If you have associated an IAM Identity Center instance with your S3 Access Grants instance, you must first dissassociate the Identity Center instance from the S3 Access Grants instance before you can delete the S3 Access Grants instance. See AssociateAccessGrantsIdentityCenter and DissociateAccessGrantsIdentityCenter.  Permissions  You must have the s3:DeleteAccessGrantsInstance permission to use this operation.\n@required {x-amz-account-id: str}\n\n@endpoint DELETE /v20180820/accessgrantsinstance/resourcepolicy\n@desc Deletes the resource policy of the S3 Access Grants instance. The resource policy is used to manage cross-account access to your S3 Access Grants instance. By deleting the resource policy, you delete any cross-account permissions to your S3 Access Grants instance.   Permissions  You must have the s3:DeleteAccessGrantsInstanceResourcePolicy permission to use this operation.\n@required {x-amz-account-id: str}\n\n@endpoint DELETE /v20180820/accessgrantsinstance/location/{id}\n@desc Deregisters a location from your S3 Access Grants instance. You can only delete a location registration from an S3 Access Grants instance if there are no grants associated with this location. See Delete a grant for information on how to delete grants. You need to have at least one registered location in your S3 Access Grants instance in order to create access grants.   Permissions  You must have the s3:DeleteAccessGrantsLocation permission to use this operation.\n@required {x-amz-account-id: str, AccessGrantsLocationId: str}\n\n@endgroup\n\n@group accesspoint\n@endpoint DELETE /v20180820/accesspoint/{name}\n@desc This operation is not supported by directory buckets.  Deletes the specified access point. All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section. The following actions are related to DeleteAccessPoint:    CreateAccessPoint     GetAccessPoint     ListAccessPoints\n@required {x-amz-account-id: str, Name: str}\n\n@endgroup\n\n@group accesspointforobjectlambda\n@endpoint DELETE /v20180820/accesspointforobjectlambda/{name}\n@desc This operation is not supported by directory buckets.  Deletes the specified Object Lambda Access Point. The following actions are related to DeleteAccessPointForObjectLambda:    CreateAccessPointForObjectLambda     GetAccessPointForObjectLambda     ListAccessPointsForObjectLambda\n@required {x-amz-account-id: str, Name: str}\n\n@endgroup\n\n@group accesspoint\n@endpoint DELETE /v20180820/accesspoint/{name}/policy\n@desc This operation is not supported by directory buckets.  Deletes the access point policy for the specified access point.  All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section. The following actions are related to DeleteAccessPointPolicy:    PutAccessPointPolicy     GetAccessPointPolicy\n@required {x-amz-account-id: str, Name: str}\n\n@endgroup\n\n@group accesspointforobjectlambda\n@endpoint DELETE /v20180820/accesspointforobjectlambda/{name}/policy\n@desc This operation is not supported by directory buckets.  Removes the resource policy for an Object Lambda Access Point. The following actions are related to DeleteAccessPointPolicyForObjectLambda:    GetAccessPointPolicyForObjectLambda     PutAccessPointPolicyForObjectLambda\n@required {x-amz-account-id: str, Name: str}\n\n@endgroup\n\n@group bucket\n@endpoint DELETE /v20180820/bucket/{name}\n@desc This action deletes an Amazon S3 on Outposts bucket. To delete an S3 bucket, see DeleteBucket in the Amazon S3 API Reference.   Deletes the Amazon S3 on Outposts bucket. All objects (including all object versions and delete markers) in the bucket must be deleted before the bucket itself can be deleted. For more information, see Using Amazon S3 on Outposts in Amazon S3 User Guide. All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.  Related Resources     CreateBucket     GetBucket     DeleteObject\n@required {x-amz-account-id: str, Bucket: str}\n\n@endpoint DELETE /v20180820/bucket/{name}/lifecycleconfiguration\n@desc This action deletes an Amazon S3 on Outposts bucket's lifecycle configuration. To delete an S3 bucket's lifecycle configuration, see DeleteBucketLifecycle in the Amazon S3 API Reference.   Deletes the lifecycle configuration from the specified Outposts bucket. Amazon S3 on Outposts removes all the lifecycle configuration rules in the lifecycle subresource associated with the bucket. Your objects never expire, and Amazon S3 on Outposts no longer automatically deletes any objects on the basis of rules contained in the deleted lifecycle configuration. For more information, see Using Amazon S3 on Outposts in Amazon S3 User Guide. To use this operation, you must have permission to perform the s3-outposts:PutLifecycleConfiguration action. By default, the bucket owner has this permission and the Outposts bucket owner can grant this permission to others. All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section. For more information about object expiration, see Elements to Describe Lifecycle Actions. Related actions include:    PutBucketLifecycleConfiguration     GetBucketLifecycleConfiguration\n@required {x-amz-account-id: str, Bucket: str}\n\n@endpoint DELETE /v20180820/bucket/{name}/policy\n@desc This action deletes an Amazon S3 on Outposts bucket policy. To delete an S3 bucket policy, see DeleteBucketPolicy in the Amazon S3 API Reference.   This implementation of the DELETE action uses the policy subresource to delete the policy of a specified Amazon S3 on Outposts bucket. If you are using an identity other than the root user of the Amazon Web Services account that owns the bucket, the calling identity must have the s3-outposts:DeleteBucketPolicy permissions on the specified Outposts bucket and belong to the bucket owner's account to use this action. For more information, see Using Amazon S3 on Outposts in Amazon S3 User Guide. If you don't have DeleteBucketPolicy permissions, Amazon S3 returns a 403 Access Denied error. If you have the correct permissions, but you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 405 Method Not Allowed error.   As a security precaution, the root user of the Amazon Web Services account that owns a bucket can always use this action, even if the policy explicitly denies the root user the ability to perform this action.  For more information about bucket policies, see Using Bucket Policies and User Policies.  All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section. The following actions are related to DeleteBucketPolicy:    GetBucketPolicy     PutBucketPolicy\n@required {x-amz-account-id: str, Bucket: str}\n\n@endpoint DELETE /v20180820/bucket/{name}/replication\n@desc This operation deletes an Amazon S3 on Outposts bucket's replication configuration. To delete an S3 bucket's replication configuration, see DeleteBucketReplication in the Amazon S3 API Reference.   Deletes the replication configuration from the specified S3 on Outposts bucket. To use this operation, you must have permissions to perform the s3-outposts:PutReplicationConfiguration action. The Outposts bucket owner has this permission by default and can grant it to others. For more information about permissions, see Setting up IAM with S3 on Outposts and Managing access to S3 on Outposts buckets in the Amazon S3 User Guide.  It can take a while to propagate PUT or DELETE requests for a replication configuration to all S3 on Outposts systems. Therefore, the replication configuration that's returned by a GET request soon after a PUT or DELETE request might return a more recent result than what's on the Outpost. If an Outpost is offline, the delay in updating the replication configuration on that Outpost can be significant.  All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section. For information about S3 replication on Outposts configuration, see Replicating objects for S3 on Outposts in the Amazon S3 User Guide. The following operations are related to DeleteBucketReplication:    PutBucketReplication     GetBucketReplication\n@required {x-amz-account-id: str, Bucket: str}\n\n@endpoint DELETE /v20180820/bucket/{name}/tagging\n@desc This action deletes an Amazon S3 on Outposts bucket's tags. To delete an S3 bucket tags, see DeleteBucketTagging in the Amazon S3 API Reference.   Deletes the tags from the Outposts bucket. For more information, see Using Amazon S3 on Outposts in Amazon S3 User Guide. To use this action, you must have permission to perform the PutBucketTagging action. By default, the bucket owner has this permission and can grant this permission to others.  All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section. The following actions are related to DeleteBucketTagging:    GetBucketTagging     PutBucketTagging\n@required {x-amz-account-id: str, Bucket: str}\n\n@endgroup\n\n@group jobs\n@endpoint DELETE /v20180820/jobs/{id}/tagging\n@desc Removes the entire tag set from the specified S3 Batch Operations job.  Permissions  To use the DeleteJobTagging operation, you must have permission to perform the s3:DeleteJobTagging action. For more information, see Controlling access and labeling jobs using tags in the Amazon S3 User Guide.   Related actions include:    CreateJob     GetJobTagging     PutJobTagging\n@required {x-amz-account-id: str, JobId: str}\n\n@endgroup\n\n@group async-requests\n@endpoint POST /v20180820/async-requests/mrap/delete\n@desc This operation is not supported by directory buckets.  Deletes a Multi-Region Access Point. This action does not delete the buckets associated with the Multi-Region Access Point, only the Multi-Region Access Point itself. This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around working with Multi-Region Access Points, see Multi-Region Access Point restrictions and limitations in the Amazon S3 User Guide. This request is asynchronous, meaning that you might receive a response before the command has completed. When this request provides a response, it provides a token that you can use to monitor the status of the request with DescribeMultiRegionAccessPointOperation. The following actions are related to DeleteMultiRegionAccessPoint:    CreateMultiRegionAccessPoint     DescribeMultiRegionAccessPointOperation     GetMultiRegionAccessPoint     ListMultiRegionAccessPoints\n@required {x-amz-account-id: str, ClientToken: str, Details: DeleteMultiRegionAccessPointInput}\n@returns(200) {RequestTokenARN: str?}\n\n@endgroup\n\n@group configuration\n@endpoint DELETE /v20180820/configuration/publicAccessBlock\n@desc This operation is not supported by directory buckets.  Removes the PublicAccessBlock configuration for an Amazon Web Services account. For more information, see  Using Amazon S3 block public access. Related actions include:    GetPublicAccessBlock     PutPublicAccessBlock\n@required {x-amz-account-id: str}\n\n@endgroup\n\n@group storagelens\n@endpoint DELETE /v20180820/storagelens/{storagelensid}\n@desc This operation is not supported by directory buckets.  Deletes the Amazon S3 Storage Lens configuration. For more information about S3 Storage Lens, see Assessing your storage activity and usage with Amazon S3 Storage Lens  in the Amazon S3 User Guide.  To use this action, you must have permission to perform the s3:DeleteStorageLensConfiguration action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon S3 User Guide.\n@required {ConfigId: str, x-amz-account-id: str}\n\n@endpoint DELETE /v20180820/storagelens/{storagelensid}/tagging\n@desc This operation is not supported by directory buckets.  Deletes the Amazon S3 Storage Lens configuration tags. For more information about S3 Storage Lens, see Assessing your storage activity and usage with Amazon S3 Storage Lens  in the Amazon S3 User Guide.  To use this action, you must have permission to perform the s3:DeleteStorageLensConfigurationTagging action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon S3 User Guide.\n@required {ConfigId: str, x-amz-account-id: str}\n\n@endgroup\n\n@group storagelensgroup\n@endpoint DELETE /v20180820/storagelensgroup/{name}\n@desc Deletes an existing S3 Storage Lens group. To use this operation, you must have the permission to perform the s3:DeleteStorageLensGroup action. For more information about the required Storage Lens Groups permissions, see Setting account permissions to use S3 Storage Lens groups. For information about Storage Lens groups errors, see List of Amazon S3 Storage Lens error codes.\n@required {Name: str, x-amz-account-id: str}\n\n@endgroup\n\n@group jobs\n@endpoint GET /v20180820/jobs/{id}\n@desc Retrieves the configuration parameters and status for a Batch Operations job. For more information, see S3 Batch Operations in the Amazon S3 User Guide.  Permissions  To use the DescribeJob operation, you must have permission to perform the s3:DescribeJob action.   Related actions include:    CreateJob     ListJobs     UpdateJobPriority     UpdateJobStatus\n@required {x-amz-account-id: str, JobId: str}\n@returns(200) {Job: JobDescriptor?{JobId: str?, ConfirmationRequired: bool?, Description: str?, JobArn: str?, Status: str?, Manifest: JobManifest?{Spec: JobManifestSpec{Format: str, Fields: [str]?}, Location: JobManifestLocation{ObjectArn: str, ObjectVersionId: str?, ETag: str}}, Operation: JobOperation?{LambdaInvoke: LambdaInvokeOperation?{FunctionArn: str?, InvocationSchemaVersion: str?, UserArguments: map<str, str>?: any}, S3PutObjectCopy: S3CopyObjectOperation?{TargetResource: str?, CannedAccessControlList: str?, AccessControlGrants: [S3Grant]?, MetadataDirective: str?, ModifiedSinceConstraint: str(timestamp)?, NewObjectMetadata: S3ObjectMetadata?, NewObjectTagging: [S3Tag]?, RedirectLocation: str?, RequesterPays: bool?, StorageClass: str?, UnModifiedSinceConstraint: str(timestamp)?, SSEAwsKmsKeyId: str?, TargetKeyPrefix: str?, ObjectLockLegalHoldStatus: str?, ObjectLockMode: str?, ObjectLockRetainUntilDate: str(timestamp)?, BucketKeyEnabled: bool?, ChecksumAlgorithm: str?}, S3PutObjectAcl: S3SetObjectAclOperation?{AccessControlPolicy: S3AccessControlPolicy?}, S3PutObjectTagging: S3SetObjectTaggingOperation?{TagSet: [S3Tag]?}, S3DeleteObjectTagging: S3DeleteObjectTaggingOperation?, S3InitiateRestoreObject: S3InitiateRestoreObjectOperation?{ExpirationInDays: int?, GlacierJobTier: str?}, S3PutObjectLegalHold: S3SetObjectLegalHoldOperation?{LegalHold: S3ObjectLockLegalHold}, S3PutObjectRetention: S3SetObjectRetentionOperation?{BypassGovernanceRetention: bool?, Retention: S3Retention}, S3ReplicateObject: S3ReplicateObjectOperation?}, Priority: int?, ProgressSummary: JobProgressSummary?{TotalNumberOfTasks: int(i64)?, NumberOfTasksSucceeded: int(i64)?, NumberOfTasksFailed: int(i64)?, Timers: JobTimers?{ElapsedTimeInActiveSeconds: int(i64)?}}, StatusUpdateReason: str?, FailureReasons: [JobFailure]?, Report: JobReport?{Bucket: str?, Format: str?, Enabled: bool, Prefix: str?, ReportScope: str?}, CreationTime: str(timestamp)?, TerminationDate: str(timestamp)?, RoleArn: str?, SuspendedDate: str(timestamp)?, SuspendedCause: str?, ManifestGenerator: JobManifestGenerator?{S3JobManifestGenerator: S3JobManifestGenerator?{ExpectedBucketOwner: str?, SourceBucket: str, ManifestOutputLocation: S3ManifestOutputLocation?, Filter: JobManifestGeneratorFilter?, EnableManifestOutput: bool}}, GeneratedManifestDescriptor: S3GeneratedManifestDescriptor?{Format: str?, Location: JobManifestLocation?{ObjectArn: str, ObjectVersionId: str?, ETag: str}}}}\n\n@endgroup\n\n@group async-requests\n@endpoint GET /v20180820/async-requests/mrap/{request_token+}\n@desc This operation is not supported by directory buckets.  Retrieves the status of an asynchronous request to manage a Multi-Region Access Point. For more information about managing Multi-Region Access Points and how asynchronous requests work, see Using Multi-Region Access Points in the Amazon S3 User Guide. The following actions are related to GetMultiRegionAccessPoint:    CreateMultiRegionAccessPoint     DeleteMultiRegionAccessPoint     GetMultiRegionAccessPoint     ListMultiRegionAccessPoints\n@required {x-amz-account-id: str, RequestTokenARN: str}\n@returns(200) {AsyncOperation: AsyncOperation?{CreationTime: str(timestamp)?, Operation: str?, RequestTokenARN: str?, RequestParameters: AsyncRequestParameters?{CreateMultiRegionAccessPointRequest: CreateMultiRegionAccessPointInput?{Name: str, PublicAccessBlock: PublicAccessBlockConfiguration?, Regions: [Region]}, DeleteMultiRegionAccessPointRequest: DeleteMultiRegionAccessPointInput?{Name: str}, PutMultiRegionAccessPointPolicyRequest: PutMultiRegionAccessPointPolicyInput?{Name: str, Policy: str}}, RequestStatus: str?, ResponseDetails: AsyncResponseDetails?{MultiRegionAccessPointDetails: MultiRegionAccessPointsAsyncResponse?{Regions: [MultiRegionAccessPointRegionalResponse]?}, ErrorDetails: AsyncErrorDetails?{Code: str?, Message: str?, Resource: str?, RequestId: str?}}}}\n\n@endgroup\n\n@group accessgrantsinstance\n@endpoint DELETE /v20180820/accessgrantsinstance/identitycenter\n@desc Dissociates the Amazon Web Services IAM Identity Center instance from the S3 Access Grants instance.   Permissions  You must have the s3:DissociateAccessGrantsIdentityCenter permission to use this operation.   Additional Permissions  You must have the sso:DeleteApplication permission to use this operation.\n@required {x-amz-account-id: str}\n\n@endpoint GET /v20180820/accessgrantsinstance/grant/{id}\n@desc Get the details of an access grant from your S3 Access Grants instance.  Permissions  You must have the s3:GetAccessGrant permission to use this operation.\n@required {x-amz-account-id: str, AccessGrantId: str}\n@returns(200) {CreatedAt: str(timestamp)?, AccessGrantId: str?, AccessGrantArn: str?, Grantee: Grantee?{GranteeType: str?, GranteeIdentifier: str?}, Permission: str?, AccessGrantsLocationId: str?, AccessGrantsLocationConfiguration: AccessGrantsLocationConfiguration?{S3SubPrefix: str?}, GrantScope: str?, ApplicationArn: str?}\n\n@endpoint GET /v20180820/accessgrantsinstance\n@desc Retrieves the S3 Access Grants instance for a Region in your account.   Permissions  You must have the s3:GetAccessGrantsInstance permission to use this operation.      GetAccessGrantsInstance is not supported for cross-account access. You can only call the API from the account that owns the S3 Access Grants instance.\n@required {x-amz-account-id: str}\n@returns(200) {AccessGrantsInstanceArn: str?, AccessGrantsInstanceId: str?, IdentityCenterArn: str?, IdentityCenterInstanceArn: str?, IdentityCenterApplicationArn: str?, CreatedAt: str(timestamp)?}\n\n@endpoint GET /v20180820/accessgrantsinstance/prefix\n@desc Retrieve the S3 Access Grants instance that contains a particular prefix.   Permissions  You must have the s3:GetAccessGrantsInstanceForPrefix permission for the caller account to use this operation.   Additional Permissions  The prefix owner account must grant you the following permissions to their S3 Access Grants instance: s3:GetAccessGrantsInstanceForPrefix.\n@required {x-amz-account-id: str, s3prefix: str}\n@returns(200) {AccessGrantsInstanceArn: str?, AccessGrantsInstanceId: str?}\n\n@endpoint GET /v20180820/accessgrantsinstance/resourcepolicy\n@desc Returns the resource policy of the S3 Access Grants instance.   Permissions  You must have the s3:GetAccessGrantsInstanceResourcePolicy permission to use this operation.\n@required {x-amz-account-id: str}\n@returns(200) {Policy: str?, Organization: str?, CreatedAt: str(timestamp)?}\n\n@endpoint GET /v20180820/accessgrantsinstance/location/{id}\n@desc Retrieves the details of a particular location registered in your S3 Access Grants instance.   Permissions  You must have the s3:GetAccessGrantsLocation permission to use this operation.\n@required {x-amz-account-id: str, AccessGrantsLocationId: str}\n@returns(200) {CreatedAt: str(timestamp)?, AccessGrantsLocationId: str?, AccessGrantsLocationArn: str?, LocationScope: str?, IAMRoleArn: str?}\n\n@endgroup\n\n@group accesspoint\n@endpoint GET /v20180820/accesspoint/{name}\n@desc This operation is not supported by directory buckets.  Returns configuration information about the specified access point.  All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section. The following actions are related to GetAccessPoint:    CreateAccessPoint     DeleteAccessPoint     ListAccessPoints\n@required {x-amz-account-id: str, Name: str}\n@returns(200) {Name: str?, Bucket: str?, NetworkOrigin: str?, VpcConfiguration: VpcConfiguration?{VpcId: str}, PublicAccessBlockConfiguration: PublicAccessBlockConfiguration?{BlockPublicAcls: bool?, IgnorePublicAcls: bool?, BlockPublicPolicy: bool?, RestrictPublicBuckets: bool?}, CreationDate: str(timestamp)?, Alias: str?, AccessPointArn: str?, Endpoints: map<str,str>?, BucketAccountId: str?}\n\n@endgroup\n\n@group accesspointforobjectlambda\n@endpoint GET /v20180820/accesspointforobjectlambda/{name}/configuration\n@desc This operation is not supported by directory buckets.  Returns configuration for an Object Lambda Access Point. The following actions are related to GetAccessPointConfigurationForObjectLambda:    PutAccessPointConfigurationForObjectLambda\n@required {x-amz-account-id: str, Name: str}\n@returns(200) {Configuration: ObjectLambdaConfiguration?{SupportingAccessPoint: str, CloudWatchMetricsEnabled: bool?, AllowedFeatures: [str]?, TransformationConfigurations: [ObjectLambdaTransformationConfiguration]}}\n\n@endpoint GET /v20180820/accesspointforobjectlambda/{name}\n@desc This operation is not supported by directory buckets.  Returns configuration information about the specified Object Lambda Access Point The following actions are related to GetAccessPointForObjectLambda:    CreateAccessPointForObjectLambda     DeleteAccessPointForObjectLambda     ListAccessPointsForObjectLambda\n@required {x-amz-account-id: str, Name: str}\n@returns(200) {Name: str?, PublicAccessBlockConfiguration: PublicAccessBlockConfiguration?{BlockPublicAcls: bool?, IgnorePublicAcls: bool?, BlockPublicPolicy: bool?, RestrictPublicBuckets: bool?}, CreationDate: str(timestamp)?, Alias: ObjectLambdaAccessPointAlias?{Value: str?, Status: str?}}\n\n@endgroup\n\n@group accesspoint\n@endpoint GET /v20180820/accesspoint/{name}/policy\n@desc This operation is not supported by directory buckets.  Returns the access point policy associated with the specified access point. The following actions are related to GetAccessPointPolicy:    PutAccessPointPolicy     DeleteAccessPointPolicy\n@required {x-amz-account-id: str, Name: str}\n@returns(200) {Policy: str?}\n\n@endgroup\n\n@group accesspointforobjectlambda\n@endpoint GET /v20180820/accesspointforobjectlambda/{name}/policy\n@desc This operation is not supported by directory buckets.  Returns the resource policy for an Object Lambda Access Point. The following actions are related to GetAccessPointPolicyForObjectLambda:    DeleteAccessPointPolicyForObjectLambda     PutAccessPointPolicyForObjectLambda\n@required {x-amz-account-id: str, Name: str}\n@returns(200) {Policy: str?}\n\n@endgroup\n\n@group accesspoint\n@endpoint GET /v20180820/accesspoint/{name}/policyStatus\n@desc This operation is not supported by directory buckets.  Indicates whether the specified access point currently has a policy that allows public access. For more information about public access through access points, see Managing Data Access with Amazon S3 access points in the Amazon S3 User Guide.\n@required {x-amz-account-id: str, Name: str}\n@returns(200) {PolicyStatus: PolicyStatus?{IsPublic: bool?}}\n\n@endgroup\n\n@group accesspointforobjectlambda\n@endpoint GET /v20180820/accesspointforobjectlambda/{name}/policyStatus\n@desc This operation is not supported by directory buckets.  Returns the status of the resource policy associated with an Object Lambda Access Point.\n@required {x-amz-account-id: str, Name: str}\n@returns(200) {PolicyStatus: PolicyStatus?{IsPublic: bool?}}\n\n@endgroup\n\n@group bucket\n@endpoint GET /v20180820/bucket/{name}\n@desc Gets an Amazon S3 on Outposts bucket. For more information, see  Using Amazon S3 on Outposts in the Amazon S3 User Guide. If you are using an identity other than the root user of the Amazon Web Services account that owns the Outposts bucket, the calling identity must have the s3-outposts:GetBucket permissions on the specified Outposts bucket and belong to the Outposts bucket owner's account in order to use this action. Only users from Outposts bucket owner account with the right permissions can perform actions on an Outposts bucket.  If you don't have s3-outposts:GetBucket permissions or you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 403 Access Denied error. The following actions are related to GetBucket for Amazon S3 on Outposts: All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.    PutObject     CreateBucket     DeleteBucket\n@required {x-amz-account-id: str, Bucket: str}\n@returns(200) {Bucket: str?, PublicAccessBlockEnabled: bool?, CreationDate: str(timestamp)?}\n\n@endpoint GET /v20180820/bucket/{name}/lifecycleconfiguration\n@desc This action gets an Amazon S3 on Outposts bucket's lifecycle configuration. To get an S3 bucket's lifecycle configuration, see GetBucketLifecycleConfiguration in the Amazon S3 API Reference.   Returns the lifecycle configuration information set on the Outposts bucket. For more information, see Using Amazon S3 on Outposts and for information about lifecycle configuration, see  Object Lifecycle Management in Amazon S3 User Guide. To use this action, you must have permission to perform the s3-outposts:GetLifecycleConfiguration action. The Outposts bucket owner has this permission, by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources. All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.  GetBucketLifecycleConfiguration has the following special error:   Error code: NoSuchLifecycleConfiguration    Description: The lifecycle configuration does not exist.   HTTP Status Code: 404 Not Found   SOAP Fault Code Prefix: Client     The following actions are related to GetBucketLifecycleConfiguration:    PutBucketLifecycleConfiguration     DeleteBucketLifecycleConfiguration\n@required {x-amz-account-id: str, Bucket: str}\n@returns(200) {Rules: [LifecycleRule]?}\n\n@endpoint GET /v20180820/bucket/{name}/policy\n@desc This action gets a bucket policy for an Amazon S3 on Outposts bucket. To get a policy for an S3 bucket, see GetBucketPolicy in the Amazon S3 API Reference.   Returns the policy of a specified Outposts bucket. For more information, see Using Amazon S3 on Outposts in the Amazon S3 User Guide. If you are using an identity other than the root user of the Amazon Web Services account that owns the bucket, the calling identity must have the GetBucketPolicy permissions on the specified bucket and belong to the bucket owner's account in order to use this action. Only users from Outposts bucket owner account with the right permissions can perform actions on an Outposts bucket. If you don't have s3-outposts:GetBucketPolicy permissions or you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 403 Access Denied error.  As a security precaution, the root user of the Amazon Web Services account that owns a bucket can always use this action, even if the policy explicitly denies the root user the ability to perform this action.  For more information about bucket policies, see Using Bucket Policies and User Policies. All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section. The following actions are related to GetBucketPolicy:    GetObject     PutBucketPolicy     DeleteBucketPolicy\n@required {x-amz-account-id: str, Bucket: str}\n@returns(200) {Policy: str?}\n\n@endpoint GET /v20180820/bucket/{name}/replication\n@desc This operation gets an Amazon S3 on Outposts bucket's replication configuration. To get an S3 bucket's replication configuration, see GetBucketReplication in the Amazon S3 API Reference.   Returns the replication configuration of an S3 on Outposts bucket. For more information about S3 on Outposts, see Using Amazon S3 on Outposts in the Amazon S3 User Guide. For information about S3 replication on Outposts configuration, see Replicating objects for S3 on Outposts in the Amazon S3 User Guide.  It can take a while to propagate PUT or DELETE requests for a replication configuration to all S3 on Outposts systems. Therefore, the replication configuration that's returned by a GET request soon after a PUT or DELETE request might return a more recent result than what's on the Outpost. If an Outpost is offline, the delay in updating the replication configuration on that Outpost can be significant.  This action requires permissions for the s3-outposts:GetReplicationConfiguration action. The Outposts bucket owner has this permission by default and can grant it to others. For more information about permissions, see Setting up IAM with S3 on Outposts and Managing access to S3 on Outposts bucket in the Amazon S3 User Guide. All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section. If you include the Filter element in a replication configuration, you must also include the DeleteMarkerReplication, Status, and Priority elements. The response also returns those elements. For information about S3 on Outposts replication failure reasons, see Replication failure reasons in the Amazon S3 User Guide. The following operations are related to GetBucketReplication:    PutBucketReplication     DeleteBucketReplication\n@required {x-amz-account-id: str, Bucket: str}\n@returns(200) {ReplicationConfiguration: ReplicationConfiguration?{Role: str, Rules: [ReplicationRule]}}\n\n@endpoint GET /v20180820/bucket/{name}/tagging\n@desc This action gets an Amazon S3 on Outposts bucket's tags. To get an S3 bucket tags, see GetBucketTagging in the Amazon S3 API Reference.   Returns the tag set associated with the Outposts bucket. For more information, see Using Amazon S3 on Outposts in the Amazon S3 User Guide. To use this action, you must have permission to perform the GetBucketTagging action. By default, the bucket owner has this permission and can grant this permission to others.  GetBucketTagging has the following special error:   Error code: NoSuchTagSetError    Description: There is no tag set associated with the bucket.     All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section. The following actions are related to GetBucketTagging:    PutBucketTagging     DeleteBucketTagging\n@required {x-amz-account-id: str, Bucket: str}\n@returns(200) {TagSet: [S3Tag]}\n\n@endpoint GET /v20180820/bucket/{name}/versioning\n@desc This operation returns the versioning state for S3 on Outposts buckets only. To return the versioning state for an S3 bucket, see GetBucketVersioning in the Amazon S3 API Reference.   Returns the versioning state for an S3 on Outposts bucket. With S3 Versioning, you can save multiple distinct copies of your objects and recover from unintended user actions and application failures. If you've never set versioning on your bucket, it has no versioning state. In that case, the GetBucketVersioning request does not return a versioning state value. For more information about versioning, see Versioning in the Amazon S3 User Guide. All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section. The following operations are related to GetBucketVersioning for S3 on Outposts.    PutBucketVersioning     PutBucketLifecycleConfiguration     GetBucketLifecycleConfiguration\n@required {x-amz-account-id: str, Bucket: str}\n@returns(200) {Status: str?, MFADelete: str?}\n\n@endgroup\n\n@group accessgrantsinstance\n@endpoint GET /v20180820/accessgrantsinstance/dataaccess\n@desc Returns a temporary access credential from S3 Access Grants to the grantee or client application. The temporary credential is an Amazon Web Services STS token that grants them access to the S3 data.   Permissions  You must have the s3:GetDataAccess permission to use this operation.   Additional Permissions  The IAM role that S3 Access Grants assumes must have the following permissions specified in the trust policy when registering the location: sts:AssumeRole, for directory users or groups sts:SetContext, and for IAM users or roles sts:SetSourceIdentity.\n@required {x-amz-account-id: str, target: str, permission: str}\n@optional {durationSeconds: int, privilege: str, targetType: str}\n@returns(200) {Credentials: Credentials?{AccessKeyId: str?, SecretAccessKey: str?, SessionToken: str?, Expiration: str(timestamp)?}, MatchedGrantTarget: str?}\n\n@endgroup\n\n@group jobs\n@endpoint GET /v20180820/jobs/{id}/tagging\n@desc Returns the tags on an S3 Batch Operations job.   Permissions  To use the GetJobTagging operation, you must have permission to perform the s3:GetJobTagging action. For more information, see Controlling access and labeling jobs using tags in the Amazon S3 User Guide.   Related actions include:    CreateJob     PutJobTagging     DeleteJobTagging\n@required {x-amz-account-id: str, JobId: str}\n@returns(200) {Tags: [S3Tag]?}\n\n@endgroup\n\n@group mrap\n@endpoint GET /v20180820/mrap/instances/{name+}\n@desc This operation is not supported by directory buckets.  Returns configuration information about the specified Multi-Region Access Point. This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around working with Multi-Region Access Points, see Multi-Region Access Point restrictions and limitations in the Amazon S3 User Guide. The following actions are related to GetMultiRegionAccessPoint:    CreateMultiRegionAccessPoint     DeleteMultiRegionAccessPoint     DescribeMultiRegionAccessPointOperation     ListMultiRegionAccessPoints\n@required {x-amz-account-id: str, Name: str}\n@returns(200) {AccessPoint: MultiRegionAccessPointReport?{Name: str?, Alias: str?, CreatedAt: str(timestamp)?, PublicAccessBlock: PublicAccessBlockConfiguration?{BlockPublicAcls: bool?, IgnorePublicAcls: bool?, BlockPublicPolicy: bool?, RestrictPublicBuckets: bool?}, Status: str?, Regions: [RegionReport]?}}\n\n@endpoint GET /v20180820/mrap/instances/{name+}/policy\n@desc This operation is not supported by directory buckets.  Returns the access control policy of the specified Multi-Region Access Point. This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around working with Multi-Region Access Points, see Multi-Region Access Point restrictions and limitations in the Amazon S3 User Guide. The following actions are related to GetMultiRegionAccessPointPolicy:    GetMultiRegionAccessPointPolicyStatus     PutMultiRegionAccessPointPolicy\n@required {x-amz-account-id: str, Name: str}\n@returns(200) {Policy: MultiRegionAccessPointPolicyDocument?{Established: EstablishedMultiRegionAccessPointPolicy?{Policy: str?}, Proposed: ProposedMultiRegionAccessPointPolicy?{Policy: str?}}}\n\n@endpoint GET /v20180820/mrap/instances/{name+}/policystatus\n@desc This operation is not supported by directory buckets.  Indicates whether the specified Multi-Region Access Point has an access control policy that allows public access. This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around working with Multi-Region Access Points, see Multi-Region Access Point restrictions and limitations in the Amazon S3 User Guide. The following actions are related to GetMultiRegionAccessPointPolicyStatus:    GetMultiRegionAccessPointPolicy     PutMultiRegionAccessPointPolicy\n@required {x-amz-account-id: str, Name: str}\n@returns(200) {Established: PolicyStatus?{IsPublic: bool?}}\n\n@endpoint GET /v20180820/mrap/instances/{mrap+}/routes\n@desc This operation is not supported by directory buckets.  Returns the routing configuration for a Multi-Region Access Point, indicating which Regions are active or passive. To obtain routing control changes and failover requests, use the Amazon S3 failover control infrastructure endpoints in these five Amazon Web Services Regions:    us-east-1     us-west-2     ap-southeast-2     ap-northeast-1     eu-west-1\n@required {x-amz-account-id: str, Mrap: str}\n@returns(200) {Mrap: str?, Routes: [MultiRegionAccessPointRoute]?}\n\n@endgroup\n\n@group configuration\n@endpoint GET /v20180820/configuration/publicAccessBlock\n@desc This operation is not supported by directory buckets.  Retrieves the PublicAccessBlock configuration for an Amazon Web Services account. For more information, see  Using Amazon S3 block public access. Related actions include:    DeletePublicAccessBlock     PutPublicAccessBlock\n@required {x-amz-account-id: str}\n@returns(200) {PublicAccessBlockConfiguration: PublicAccessBlockConfiguration?{BlockPublicAcls: bool?, IgnorePublicAcls: bool?, BlockPublicPolicy: bool?, RestrictPublicBuckets: bool?}}\n\n@endgroup\n\n@group storagelens\n@endpoint GET /v20180820/storagelens/{storagelensid}\n@desc This operation is not supported by directory buckets.  Gets the Amazon S3 Storage Lens configuration. For more information, see Assessing your storage activity and usage with Amazon S3 Storage Lens  in the Amazon S3 User Guide. For a complete list of S3 Storage Lens metrics, see S3 Storage Lens metrics glossary in the Amazon S3 User Guide.  To use this action, you must have permission to perform the s3:GetStorageLensConfiguration action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon S3 User Guide.\n@required {ConfigId: str, x-amz-account-id: str}\n@returns(200) {StorageLensConfiguration: StorageLensConfiguration?{Id: str, AccountLevel: AccountLevel{ActivityMetrics: ActivityMetrics?{IsEnabled: bool?}, BucketLevel: BucketLevel{ActivityMetrics: ActivityMetrics?, PrefixLevel: PrefixLevel?, AdvancedCostOptimizationMetrics: AdvancedCostOptimizationMetrics?, AdvancedDataProtectionMetrics: AdvancedDataProtectionMetrics?, DetailedStatusCodesMetrics: DetailedStatusCodesMetrics?}, AdvancedCostOptimizationMetrics: AdvancedCostOptimizationMetrics?{IsEnabled: bool?}, AdvancedDataProtectionMetrics: AdvancedDataProtectionMetrics?{IsEnabled: bool?}, DetailedStatusCodesMetrics: DetailedStatusCodesMetrics?{IsEnabled: bool?}, StorageLensGroupLevel: StorageLensGroupLevel?{SelectionCriteria: StorageLensGroupLevelSelectionCriteria?}}, Include: Include?{Buckets: [str]?, Regions: [str]?}, Exclude: Exclude?{Buckets: [str]?, Regions: [str]?}, DataExport: StorageLensDataExport?{S3BucketDestination: S3BucketDestination?{Format: str, OutputSchemaVersion: str, AccountId: str, Arn: str, Prefix: str?, Encryption: StorageLensDataExportEncryption?}, CloudWatchMetrics: CloudWatchMetrics?{IsEnabled: bool}}, IsEnabled: bool, AwsOrg: StorageLensAwsOrg?{Arn: str}, StorageLensArn: str?}}\n\n@endpoint GET /v20180820/storagelens/{storagelensid}/tagging\n@desc This operation is not supported by directory buckets.  Gets the tags of Amazon S3 Storage Lens configuration. For more information about S3 Storage Lens, see Assessing your storage activity and usage with Amazon S3 Storage Lens  in the Amazon S3 User Guide.  To use this action, you must have permission to perform the s3:GetStorageLensConfigurationTagging action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon S3 User Guide.\n@required {ConfigId: str, x-amz-account-id: str}\n@returns(200) {Tags: [StorageLensTag]?}\n\n@endgroup\n\n@group storagelensgroup\n@endpoint GET /v20180820/storagelensgroup/{name}\n@desc Retrieves the Storage Lens group configuration details. To use this operation, you must have the permission to perform the s3:GetStorageLensGroup action. For more information about the required Storage Lens Groups permissions, see Setting account permissions to use S3 Storage Lens groups. For information about Storage Lens groups errors, see List of Amazon S3 Storage Lens error codes.\n@required {Name: str, x-amz-account-id: str}\n@returns(200) {StorageLensGroup: StorageLensGroup?{Name: str, Filter: StorageLensGroupFilter{MatchAnyPrefix: [str]?, MatchAnySuffix: [str]?, MatchAnyTag: [S3Tag]?, MatchObjectAge: MatchObjectAge?{DaysGreaterThan: int?, DaysLessThan: int?}, MatchObjectSize: MatchObjectSize?{BytesGreaterThan: int(i64)?, BytesLessThan: int(i64)?}, And: StorageLensGroupAndOperator?{MatchAnyPrefix: [str]?, MatchAnySuffix: [str]?, MatchAnyTag: [S3Tag]?, MatchObjectAge: MatchObjectAge?, MatchObjectSize: MatchObjectSize?}, Or: StorageLensGroupOrOperator?{MatchAnyPrefix: [str]?, MatchAnySuffix: [str]?, MatchAnyTag: [S3Tag]?, MatchObjectAge: MatchObjectAge?, MatchObjectSize: MatchObjectSize?}}, StorageLensGroupArn: str?}}\n\n@endgroup\n\n@group accessgrantsinstance\n@endpoint GET /v20180820/accessgrantsinstance/grants\n@desc Returns the list of access grants in your S3 Access Grants instance.  Permissions  You must have the s3:ListAccessGrants permission to use this operation.\n@required {x-amz-account-id: str}\n@optional {nextToken: str, maxResults: int, granteetype: str, granteeidentifier: str, permission: str, grantscope: str, application_arn: str}\n@returns(200) {NextToken: str?, AccessGrantsList: [ListAccessGrantEntry]?}\n\n@endgroup\n\n@group accessgrantsinstances\n@endpoint GET /v20180820/accessgrantsinstances\n@desc Returns a list of S3 Access Grants instances. An S3 Access Grants instance serves as a logical grouping for your individual access grants. You can only have one S3 Access Grants instance per Region per account.  Permissions  You must have the s3:ListAccessGrantsInstances permission to use this operation.\n@required {x-amz-account-id: str}\n@optional {nextToken: str, maxResults: int}\n@returns(200) {NextToken: str?, AccessGrantsInstancesList: [ListAccessGrantsInstanceEntry]?}\n\n@endgroup\n\n@group accessgrantsinstance\n@endpoint GET /v20180820/accessgrantsinstance/locations\n@desc Returns a list of the locations registered in your S3 Access Grants instance.  Permissions  You must have the s3:ListAccessGrantsLocations permission to use this operation.\n@required {x-amz-account-id: str}\n@optional {nextToken: str, maxResults: int, locationscope: str}\n@returns(200) {NextToken: str?, AccessGrantsLocationsList: [ListAccessGrantsLocationsEntry]?}\n\n@endgroup\n\n@group accesspoint\n@endpoint GET /v20180820/accesspoint\n@desc This operation is not supported by directory buckets.  Returns a list of the access points that are owned by the current account that's associated with the specified bucket. You can retrieve up to 1000 access points per call. If the specified bucket has more than 1,000 access points (or the number specified in maxResults, whichever is less), the response will include a continuation token that you can use to list the additional access points.  All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section. The following actions are related to ListAccessPoints:    CreateAccessPoint     DeleteAccessPoint     GetAccessPoint\n@required {x-amz-account-id: str}\n@optional {bucket: str, nextToken: str, maxResults: int}\n@returns(200) {AccessPointList: [AccessPoint]?, NextToken: str?}\n\n@endgroup\n\n@group accesspointforobjectlambda\n@endpoint GET /v20180820/accesspointforobjectlambda\n@desc This operation is not supported by directory buckets.  Returns some or all (up to 1,000) access points associated with the Object Lambda Access Point per call. If there are more access points than what can be returned in one call, the response will include a continuation token that you can use to list the additional access points. The following actions are related to ListAccessPointsForObjectLambda:    CreateAccessPointForObjectLambda     DeleteAccessPointForObjectLambda     GetAccessPointForObjectLambda\n@required {x-amz-account-id: str}\n@optional {nextToken: str, maxResults: int}\n@returns(200) {ObjectLambdaAccessPointList: [ObjectLambdaAccessPoint]?, NextToken: str?}\n\n@endgroup\n\n@group accessgrantsinstance\n@endpoint GET /v20180820/accessgrantsinstance/caller/grants\n@desc Returns a list of the access grants that were given to the caller using S3 Access Grants and that allow the caller to access the S3 data of the Amazon Web Services account specified in the request.  Permissions  You must have the s3:ListCallerAccessGrants permission to use this operation.\n@required {x-amz-account-id: str}\n@optional {grantscope: str, nextToken: str, maxResults: int, allowedByApplication: bool}\n@returns(200) {NextToken: str?, CallerAccessGrantsList: [ListCallerAccessGrantsEntry]?}\n\n@endgroup\n\n@group jobs\n@endpoint GET /v20180820/jobs\n@desc Lists current S3 Batch Operations jobs as well as the jobs that have ended within the last 90 days for the Amazon Web Services account making the request. For more information, see S3 Batch Operations in the Amazon S3 User Guide.  Permissions  To use the ListJobs operation, you must have permission to perform the s3:ListJobs action.   Related actions include:     CreateJob     DescribeJob     UpdateJobPriority     UpdateJobStatus\n@required {x-amz-account-id: str}\n@optional {jobStatuses: [str], nextToken: str, maxResults: int}\n@returns(200) {NextToken: str?, Jobs: [JobListDescriptor]?}\n\n@endgroup\n\n@group mrap\n@endpoint GET /v20180820/mrap/instances\n@desc This operation is not supported by directory buckets.  Returns a list of the Multi-Region Access Points currently associated with the specified Amazon Web Services account. Each call can return up to 100 Multi-Region Access Points, the maximum number of Multi-Region Access Points that can be associated with a single account. This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around working with Multi-Region Access Points, see Multi-Region Access Point restrictions and limitations in the Amazon S3 User Guide. The following actions are related to ListMultiRegionAccessPoint:    CreateMultiRegionAccessPoint     DeleteMultiRegionAccessPoint     DescribeMultiRegionAccessPointOperation     GetMultiRegionAccessPoint\n@required {x-amz-account-id: str}\n@optional {nextToken: str, maxResults: int}\n@returns(200) {AccessPoints: [MultiRegionAccessPointReport]?, NextToken: str?}\n\n@endgroup\n\n@group bucket\n@endpoint GET /v20180820/bucket\n@desc This operation is not supported by directory buckets.  Returns a list of all Outposts buckets in an Outpost that are owned by the authenticated sender of the request. For more information, see Using Amazon S3 on Outposts in the Amazon S3 User Guide. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and x-amz-outpost-id in your request, see the Examples section.\n@required {x-amz-account-id: str}\n@optional {nextToken: str, maxResults: int, x-amz-outpost-id: str}\n@returns(200) {RegionalBucketList: [RegionalBucket]?, NextToken: str?}\n\n@endgroup\n\n@group storagelens\n@endpoint GET /v20180820/storagelens\n@desc This operation is not supported by directory buckets.  Gets a list of Amazon S3 Storage Lens configurations. For more information about S3 Storage Lens, see Assessing your storage activity and usage with Amazon S3 Storage Lens  in the Amazon S3 User Guide.  To use this action, you must have permission to perform the s3:ListStorageLensConfigurations action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon S3 User Guide.\n@required {x-amz-account-id: str}\n@optional {nextToken: str}\n@returns(200) {NextToken: str?, StorageLensConfigurationList: [ListStorageLensConfigurationEntry]?}\n\n@endgroup\n\n@group storagelensgroup\n@endpoint GET /v20180820/storagelensgroup\n@desc Lists all the Storage Lens groups in the specified home Region.  To use this operation, you must have the permission to perform the s3:ListStorageLensGroups action. For more information about the required Storage Lens Groups permissions, see Setting account permissions to use S3 Storage Lens groups. For information about Storage Lens groups errors, see List of Amazon S3 Storage Lens error codes.\n@required {x-amz-account-id: str}\n@optional {nextToken: str}\n@returns(200) {NextToken: str?, StorageLensGroupList: [ListStorageLensGroupEntry]?}\n\n@endgroup\n\n@group tags\n@endpoint GET /v20180820/tags/{resourceArn+}\n@desc This operation allows you to list all the Amazon Web Services resource tags for a specified resource. Each tag is a label consisting of a user-defined key and value. Tags can help you manage, identify, organize, search for, and filter resources.   Permissions  You must have the s3:ListTagsForResource permission to use this operation.     This operation is only supported for S3 Storage Lens groups and for S3 Access Grants. The tagged resource can be an S3 Storage Lens group or S3 Access Grants instance, registered location, or grant.   For more information about the required Storage Lens Groups permissions, see Setting account permissions to use S3 Storage Lens groups. For information about S3 Tagging errors, see List of Amazon S3 Tagging error codes.\n@required {x-amz-account-id: str, ResourceArn: str}\n@returns(200) {Tags: [Tag]?}\n\n@endgroup\n\n@group accessgrantsinstance\n@endpoint PUT /v20180820/accessgrantsinstance/resourcepolicy\n@desc Updates the resource policy of the S3 Access Grants instance.   Permissions  You must have the s3:PutAccessGrantsInstanceResourcePolicy permission to use this operation.\n@required {x-amz-account-id: str, Policy: str}\n@optional {Organization: str}\n@returns(200) {Policy: str?, Organization: str?, CreatedAt: str(timestamp)?}\n\n@endgroup\n\n@group accesspointforobjectlambda\n@endpoint PUT /v20180820/accesspointforobjectlambda/{name}/configuration\n@desc This operation is not supported by directory buckets.  Replaces configuration for an Object Lambda Access Point. The following actions are related to PutAccessPointConfigurationForObjectLambda:    GetAccessPointConfigurationForObjectLambda\n@required {x-amz-account-id: str, Name: str, Configuration: ObjectLambdaConfiguration}\n\n@endgroup\n\n@group accesspoint\n@endpoint PUT /v20180820/accesspoint/{name}/policy\n@desc This operation is not supported by directory buckets.  Associates an access policy with the specified access point. Each access point can have only one policy, so a request made to this API replaces any existing policy associated with the specified access point.  All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section. The following actions are related to PutAccessPointPolicy:    GetAccessPointPolicy     DeleteAccessPointPolicy\n@required {x-amz-account-id: str, Name: str, Policy: str}\n\n@endgroup\n\n@group accesspointforobjectlambda\n@endpoint PUT /v20180820/accesspointforobjectlambda/{name}/policy\n@desc This operation is not supported by directory buckets.  Creates or replaces resource policy for an Object Lambda Access Point. For an example policy, see Creating Object Lambda Access Points in the Amazon S3 User Guide. The following actions are related to PutAccessPointPolicyForObjectLambda:    DeleteAccessPointPolicyForObjectLambda     GetAccessPointPolicyForObjectLambda\n@required {x-amz-account-id: str, Name: str, Policy: str}\n\n@endgroup\n\n@group bucket\n@endpoint PUT /v20180820/bucket/{name}/lifecycleconfiguration\n@desc This action puts a lifecycle configuration to an Amazon S3 on Outposts bucket. To put a lifecycle configuration to an S3 bucket, see PutBucketLifecycleConfiguration in the Amazon S3 API Reference.   Creates a new lifecycle configuration for the S3 on Outposts bucket or replaces an existing lifecycle configuration. Outposts buckets only support lifecycle configurations that delete/expire objects after a certain period of time and abort incomplete multipart uploads.  All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section. The following actions are related to PutBucketLifecycleConfiguration:    GetBucketLifecycleConfiguration     DeleteBucketLifecycleConfiguration\n@required {x-amz-account-id: str, Bucket: str}\n@optional {LifecycleConfiguration: LifecycleConfiguration}\n\n@endpoint PUT /v20180820/bucket/{name}/policy\n@desc This action puts a bucket policy to an Amazon S3 on Outposts bucket. To put a policy on an S3 bucket, see PutBucketPolicy in the Amazon S3 API Reference.   Applies an Amazon S3 bucket policy to an Outposts bucket. For more information, see Using Amazon S3 on Outposts in the Amazon S3 User Guide. If you are using an identity other than the root user of the Amazon Web Services account that owns the Outposts bucket, the calling identity must have the PutBucketPolicy permissions on the specified Outposts bucket and belong to the bucket owner's account in order to use this action. If you don't have PutBucketPolicy permissions, Amazon S3 returns a 403 Access Denied error. If you have the correct permissions, but you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 405 Method Not Allowed error.   As a security precaution, the root user of the Amazon Web Services account that owns a bucket can always use this action, even if the policy explicitly denies the root user the ability to perform this action.   For more information about bucket policies, see Using Bucket Policies and User Policies. All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section. The following actions are related to PutBucketPolicy:    GetBucketPolicy     DeleteBucketPolicy\n@required {x-amz-account-id: str, Bucket: str, Policy: str}\n@optional {x-amz-confirm-remove-self-bucket-access: bool}\n\n@endpoint PUT /v20180820/bucket/{name}/replication\n@desc This action creates an Amazon S3 on Outposts bucket's replication configuration. To create an S3 bucket's replication configuration, see PutBucketReplication in the Amazon S3 API Reference.   Creates a replication configuration or replaces an existing one. For information about S3 replication on Outposts configuration, see Replicating objects for S3 on Outposts in the Amazon S3 User Guide.  It can take a while to propagate PUT or DELETE requests for a replication configuration to all S3 on Outposts systems. Therefore, the replication configuration that's returned by a GET request soon after a PUT or DELETE request might return a more recent result than what's on the Outpost. If an Outpost is offline, the delay in updating the replication configuration on that Outpost can be significant.  Specify the replication configuration in the request body. In the replication configuration, you provide the following information:   The name of the destination bucket or buckets where you want S3 on Outposts to replicate objects   The Identity and Access Management (IAM) role that S3 on Outposts can assume to replicate objects on your behalf   Other relevant information, such as replication rules   A replication configuration must include at least one rule and can contain a maximum of 100. Each rule identifies a subset of objects to replicate by filtering the objects in the source Outposts bucket. To choose additional subsets of objects to replicate, add a rule for each subset. To specify a subset of the objects in the source Outposts bucket to apply a replication rule to, add the Filter element as a child of the Rule element. You can filter objects based on an object key prefix, one or more object tags, or both. When you add the Filter element in the configuration, you must also add the following elements: DeleteMarkerReplication, Status, and Priority. Using PutBucketReplication on Outposts requires that both the source and destination buckets must have versioning enabled. For information about enabling versioning on a bucket, see Managing S3 Versioning for your S3 on Outposts bucket. For information about S3 on Outposts replication failure reasons, see Replication failure reasons in the Amazon S3 User Guide.  Handling Replication of Encrypted Objects  Outposts buckets are encrypted at all times. All the objects in the source Outposts bucket are encrypted and can be replicated. Also, all the replicas in the destination Outposts bucket are encrypted with the same encryption key as the objects in the source Outposts bucket.  Permissions  To create a PutBucketReplication request, you must have s3-outposts:PutReplicationConfiguration permissions for the bucket. The Outposts bucket owner has this permission by default and can grant it to others. For more information about permissions, see Setting up IAM with S3 on Outposts and Managing access to S3 on Outposts buckets.   To perform this operation, the user or role must also have the iam:CreateRole and iam:PassRole permissions. For more information, see Granting a user permissions to pass a role to an Amazon Web Services service.  All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section. The following operations are related to PutBucketReplication:    GetBucketReplication     DeleteBucketReplication\n@required {x-amz-account-id: str, Bucket: str, ReplicationConfiguration: ReplicationConfiguration}\n\n@endpoint PUT /v20180820/bucket/{name}/tagging\n@desc This action puts tags on an Amazon S3 on Outposts bucket. To put tags on an S3 bucket, see PutBucketTagging in the Amazon S3 API Reference.   Sets the tags for an S3 on Outposts bucket. For more information, see Using Amazon S3 on Outposts in the Amazon S3 User Guide. Use tags to organize your Amazon Web Services bill to reflect your own cost structure. To do this, sign up to get your Amazon Web Services account bill with tag key values included. Then, to see the cost of combined resources, organize your billing information according to resources with the same tag key values. For example, you can tag several resources with a specific application name, and then organize your billing information to see the total cost of that application across several services. For more information, see Cost allocation and tagging.  Within a bucket, if you add a tag that has the same key as an existing tag, the new value overwrites the old value. For more information, see  Using cost allocation in Amazon S3 bucket tags.  To use this action, you must have permissions to perform the s3-outposts:PutBucketTagging action. The Outposts bucket owner has this permission by default and can grant this permission to others. For more information about permissions, see  Permissions Related to Bucket Subresource Operations and Managing access permissions to your Amazon S3 resources.  PutBucketTagging has the following special errors:   Error code: InvalidTagError    Description: The tag provided was not a valid tag. This error can occur if the tag did not pass input validation. For information about tag restrictions, see  User-Defined Tag Restrictions and  Amazon Web Services-Generated Cost Allocation Tag Restrictions.     Error code: MalformedXMLError    Description: The XML provided does not match the schema.     Error code: OperationAbortedError     Description: A conflicting conditional action is currently in progress against this resource. Try again.     Error code: InternalError    Description: The service was unable to apply the provided tag to the bucket.     All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section. The following actions are related to PutBucketTagging:    GetBucketTagging     DeleteBucketTagging\n@required {x-amz-account-id: str, Bucket: str, Tagging: Tagging}\n\n@endpoint PUT /v20180820/bucket/{name}/versioning\n@desc This operation sets the versioning state for S3 on Outposts buckets only. To set the versioning state for an S3 bucket, see PutBucketVersioning in the Amazon S3 API Reference.   Sets the versioning state for an S3 on Outposts bucket. With S3 Versioning, you can save multiple distinct copies of your objects and recover from unintended user actions and application failures. You can set the versioning state to one of the following:    Enabled - Enables versioning for the objects in the bucket. All objects added to the bucket receive a unique version ID.    Suspended - Suspends versioning for the objects in the bucket. All objects added to the bucket receive the version ID null.   If you've never set versioning on your bucket, it has no versioning state. In that case, a  GetBucketVersioning request does not return a versioning state value. When you enable S3 Versioning, for each object in your bucket, you have a current version and zero or more noncurrent versions. You can configure your bucket S3 Lifecycle rules to expire noncurrent versions after a specified time period. For more information, see  Creating and managing a lifecycle configuration for your S3 on Outposts bucket in the Amazon S3 User Guide. If you have an object expiration lifecycle configuration in your non-versioned bucket and you want to maintain the same permanent delete behavior when you enable versioning, you must add a noncurrent expiration policy. The noncurrent expiration lifecycle configuration will manage the deletes of the noncurrent object versions in the version-enabled bucket. For more information, see Versioning in the Amazon S3 User Guide. All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section. The following operations are related to PutBucketVersioning for S3 on Outposts.    GetBucketVersioning     PutBucketLifecycleConfiguration     GetBucketLifecycleConfiguration\n@required {x-amz-account-id: str, Bucket: str, VersioningConfiguration: VersioningConfiguration}\n@optional {x-amz-mfa: str}\n\n@endgroup\n\n@group jobs\n@endpoint PUT /v20180820/jobs/{id}/tagging\n@desc Sets the supplied tag-set on an S3 Batch Operations job. A tag is a key-value pair. You can associate S3 Batch Operations tags with any job by sending a PUT request against the tagging subresource that is associated with the job. To modify the existing tag set, you can either replace the existing tag set entirely, or make changes within the existing tag set by retrieving the existing tag set using GetJobTagging, modify that tag set, and use this operation to replace the tag set with the one you modified. For more information, see Controlling access and labeling jobs using tags in the Amazon S3 User Guide.     If you send this request with an empty tag set, Amazon S3 deletes the existing tag set on the Batch Operations job. If you use this method, you are charged for a Tier 1 Request (PUT). For more information, see Amazon S3 pricing.   For deleting existing tags for your Batch Operations job, a DeleteJobTagging request is preferred because it achieves the same result without incurring charges.   A few things to consider about using tags:   Amazon S3 limits the maximum number of tags to 50 tags per job.   You can associate up to 50 tags with a job as long as they have unique tag keys.   A tag key can be up to 128 Unicode characters in length, and tag values can be up to 256 Unicode characters in length.   The key and values are case sensitive.   For tagging-related restrictions related to characters and encodings, see User-Defined Tag Restrictions in the Billing and Cost Management User Guide.       Permissions  To use the PutJobTagging operation, you must have permission to perform the s3:PutJobTagging action.   Related actions include:    CreateJob     GetJobTagging     DeleteJobTagging\n@required {x-amz-account-id: str, JobId: str, Tags: [S3Tag]}\n\n@endgroup\n\n@group async-requests\n@endpoint POST /v20180820/async-requests/mrap/put-policy\n@desc This operation is not supported by directory buckets.  Associates an access control policy with the specified Multi-Region Access Point. Each Multi-Region Access Point can have only one policy, so a request made to this action replaces any existing policy that is associated with the specified Multi-Region Access Point. This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around working with Multi-Region Access Points, see Multi-Region Access Point restrictions and limitations in the Amazon S3 User Guide. The following actions are related to PutMultiRegionAccessPointPolicy:    GetMultiRegionAccessPointPolicy     GetMultiRegionAccessPointPolicyStatus\n@required {x-amz-account-id: str, ClientToken: str, Details: PutMultiRegionAccessPointPolicyInput}\n@returns(200) {RequestTokenARN: str?}\n\n@endgroup\n\n@group configuration\n@endpoint PUT /v20180820/configuration/publicAccessBlock\n@desc This operation is not supported by directory buckets.  Creates or modifies the PublicAccessBlock configuration for an Amazon Web Services account. For this operation, users must have the s3:PutAccountPublicAccessBlock permission. For more information, see  Using Amazon S3 block public access. Related actions include:    GetPublicAccessBlock     DeletePublicAccessBlock\n@required {x-amz-account-id: str, PublicAccessBlockConfiguration: PublicAccessBlockConfiguration}\n\n@endgroup\n\n@group storagelens\n@endpoint PUT /v20180820/storagelens/{storagelensid}\n@desc This operation is not supported by directory buckets.  Puts an Amazon S3 Storage Lens configuration. For more information about S3 Storage Lens, see Working with Amazon S3 Storage Lens in the Amazon S3 User Guide. For a complete list of S3 Storage Lens metrics, see S3 Storage Lens metrics glossary in the Amazon S3 User Guide.  To use this action, you must have permission to perform the s3:PutStorageLensConfiguration action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon S3 User Guide.\n@required {ConfigId: str, x-amz-account-id: str, StorageLensConfiguration: StorageLensConfiguration}\n@optional {Tags: [StorageLensTag]}\n\n@endpoint PUT /v20180820/storagelens/{storagelensid}/tagging\n@desc This operation is not supported by directory buckets.  Put or replace tags on an existing Amazon S3 Storage Lens configuration. For more information about S3 Storage Lens, see Assessing your storage activity and usage with Amazon S3 Storage Lens  in the Amazon S3 User Guide.  To use this action, you must have permission to perform the s3:PutStorageLensConfigurationTagging action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon S3 User Guide.\n@required {ConfigId: str, x-amz-account-id: str, Tags: [StorageLensTag]}\n\n@endgroup\n\n@group mrap\n@endpoint PATCH /v20180820/mrap/instances/{mrap+}/routes\n@desc This operation is not supported by directory buckets.  Submits an updated route configuration for a Multi-Region Access Point. This API operation updates the routing status for the specified Regions from active to passive, or from passive to active. A value of 0 indicates a passive status, which means that traffic won't be routed to the specified Region. A value of 100 indicates an active status, which means that traffic will be routed to the specified Region. At least one Region must be active at all times. When the routing configuration is changed, any in-progress operations (uploads, copies, deletes, and so on) to formerly active Regions will continue to run to their final completion state (success or failure). The routing configurations of any Regions that aren’t specified remain unchanged.  Updated routing configurations might not be immediately applied. It can take up to 2 minutes for your changes to take effect.  To submit routing control changes and failover requests, use the Amazon S3 failover control infrastructure endpoints in these five Amazon Web Services Regions:    us-east-1     us-west-2     ap-southeast-2     ap-northeast-1     eu-west-1\n@required {x-amz-account-id: str, Mrap: str, RouteUpdates: [MultiRegionAccessPointRoute]}\n\n@endgroup\n\n@group tags\n@endpoint POST /v20180820/tags/{resourceArn+}\n@desc Creates a new Amazon Web Services resource tag or updates an existing resource tag. Each tag is a label consisting of a user-defined key and value. Tags can help you manage, identify, organize, search for, and filter resources. You can add up to 50 Amazon Web Services resource tags for each S3 resource.   This operation is only supported for S3 Storage Lens groups and for S3 Access Grants. The tagged resource can be an S3 Storage Lens group or S3 Access Grants instance, registered location, or grant.    Permissions  You must have the s3:TagResource permission to use this operation.    For more information about the required Storage Lens Groups permissions, see Setting account permissions to use S3 Storage Lens groups. For information about S3 Tagging errors, see List of Amazon S3 Tagging error codes.\n@required {x-amz-account-id: str, ResourceArn: str, Tags: [Tag]}\n\n@endpoint DELETE /v20180820/tags/{resourceArn+}\n@desc This operation removes the specified Amazon Web Services resource tags from an S3 resource. Each tag is a label consisting of a user-defined key and value. Tags can help you manage, identify, organize, search for, and filter resources.   This operation is only supported for S3 Storage Lens groups and for S3 Access Grants. The tagged resource can be an S3 Storage Lens group or S3 Access Grants instance, registered location, or grant.    Permissions  You must have the s3:UntagResource permission to use this operation.    For more information about the required Storage Lens Groups permissions, see Setting account permissions to use S3 Storage Lens groups. For information about S3 Tagging errors, see List of Amazon S3 Tagging error codes.\n@required {x-amz-account-id: str, ResourceArn: str, tagKeys: [str]}\n\n@endgroup\n\n@group accessgrantsinstance\n@endpoint PUT /v20180820/accessgrantsinstance/location/{id}\n@desc Updates the IAM role of a registered location in your S3 Access Grants instance.  Permissions  You must have the s3:UpdateAccessGrantsLocation permission to use this operation.   Additional Permissions  You must also have the following permission: iam:PassRole\n@required {x-amz-account-id: str, AccessGrantsLocationId: str, IAMRoleArn: str}\n@returns(200) {CreatedAt: str(timestamp)?, AccessGrantsLocationId: str?, AccessGrantsLocationArn: str?, LocationScope: str?, IAMRoleArn: str?}\n\n@endgroup\n\n@group jobs\n@endpoint POST /v20180820/jobs/{id}/priority\n@desc Updates an existing S3 Batch Operations job's priority. For more information, see S3 Batch Operations in the Amazon S3 User Guide.  Permissions  To use the UpdateJobPriority operation, you must have permission to perform the s3:UpdateJobPriority action.   Related actions include:    CreateJob     ListJobs     DescribeJob     UpdateJobStatus\n@required {x-amz-account-id: str, JobId: str, priority: int}\n@returns(200) {JobId: str, Priority: int}\n\n@endpoint POST /v20180820/jobs/{id}/status\n@desc Updates the status for the specified job. Use this operation to confirm that you want to run a job or to cancel an existing job. For more information, see S3 Batch Operations in the Amazon S3 User Guide.  Permissions  To use the UpdateJobStatus operation, you must have permission to perform the s3:UpdateJobStatus action.   Related actions include:    CreateJob     ListJobs     DescribeJob     UpdateJobStatus\n@required {x-amz-account-id: str, JobId: str, requestedJobStatus: str}\n@optional {statusUpdateReason: str}\n@returns(200) {JobId: str?, Status: str?, StatusUpdateReason: str?}\n\n@endgroup\n\n@group storagelensgroup\n@endpoint PUT /v20180820/storagelensgroup/{name}\n@desc Updates the existing Storage Lens group. To use this operation, you must have the permission to perform the s3:UpdateStorageLensGroup action. For more information about the required Storage Lens Groups permissions, see Setting account permissions to use S3 Storage Lens groups. For information about Storage Lens groups errors, see List of Amazon S3 Storage Lens error codes.\n@required {Name: str, x-amz-account-id: str, StorageLensGroup: StorageLensGroup}\n\n@endgroup\n\n@end\n"}}