aws_s3_bucket

account_id

Type: STRING

bucket_arn

Type: STRING

bucket_policy_statement

Type: UNORDERED_LIST_STRUCT

  • account_id
    Type: STRING
  • condition
    Type: MAP_STRING_STRING
  • policy_id
    Type: STRING
  • policy_not_principal
    Type: STRUCT
    • policy_id
      Type: STRING
    • principal
      Type: STRING
    • principal_aws
      Type: UNORDERED_LIST_STRING
    • principal_canonical_user
      Type: UNORDERED_LIST_STRING
    • principal_federated
      Type: UNORDERED_LIST_STRING
    • principal_service
      Type: UNORDERED_LIST_STRING
  • policy_principal
    Type: STRUCT
    • policy_id
      Type: STRING
    • principal
      Type: STRING
    • principal_aws
      Type: UNORDERED_LIST_STRING
    • principal_canonical_user
      Type: UNORDERED_LIST_STRING
    • principal_federated
      Type: UNORDERED_LIST_STRING
    • principal_service
      Type: UNORDERED_LIST_STRING
  • principal_aws
    Type: UNORDERED_LIST_STRING
  • statement_action
    Type: UNORDERED_LIST_STRING
  • statement_effect
    Type: STRING
  • statement_has_condition
    Type: BOOLEAN
  • statement_id
    Type: INT32
  • statement_not_action
    Type: UNORDERED_LIST_STRING
  • statement_not_resource
    Type: UNORDERED_LIST_STRING
  • statement_resource
    Type: UNORDERED_LIST_STRING
  • statement_sid
    Type: STRING
  • version_id
    Type: STRING

bucket_region

Type: STRING
Provider name: BucketRegion
Description: BucketRegion indicates the Amazon Web Services region where the bucket is located. If the request contains at least one valid parameter, it is included in the response.

bucket_versioning

Type: STRUCT
Provider name: GetBucketVersioningOutput

  • mfa_delete
    Type: STRING
    Provider name: MFADelete
    Description: Specifies whether MFA delete is enabled in the bucket versioning configuration. This element is only returned if the bucket has been configured with MFA delete. If the bucket has never been so configured, this element is not returned.
  • status
    Type: STRING
    Provider name: Status
    Description: The versioning state of the bucket.

bucket_website

Type: STRUCT
Provider name: GetBucketWebsiteOutput

  • error_document
    Type: STRUCT
    Provider name: ErrorDocument
    Description: The object key name of the website error document to use for 4XX class errors.
    • key
      Type: STRING
      Provider name: Key
      Description: The object key name to use when a 4XX class error occurs. Replacement must be made for object keys containing special characters (such as carriage returns) when using XML requests. For more information, see XML related object key constraints.
  • index_document
    Type: STRUCT
    Provider name: IndexDocument
    Description: The name of the index document for the website (for example index.html).
    • suffix
      Type: STRING
      Provider name: Suffix
      Description: A suffix that is appended to a request that is for a directory on the website endpoint. (For example, if the suffix is index.html and you make a request to samplebucket/images/, the data that is returned will be for the object with the key name images/index.html.) The suffix must not be empty and must not include a slash character. Replacement must be made for object keys containing special characters (such as carriage returns) when using XML requests. For more information, see XML related object key constraints.
  • redirect_all_requests_to
    Type: STRUCT
    Provider name: RedirectAllRequestsTo
    Description: Specifies the redirect behavior of all requests to a website endpoint of an Amazon S3 bucket.
    • host_name
      Type: STRING
      Provider name: HostName
      Description: Name of the host where requests are redirected.
    • protocol
      Type: STRING
      Provider name: Protocol
      Description: Protocol to use when redirecting requests. The default is the protocol that is used in the original request.
  • routing_rules
    Type: UNORDERED_LIST_STRUCT
    Provider name: RoutingRules
    Description: Rules that define when a redirect is applied and the redirect behavior.
    • condition
      Type: STRUCT
      Provider name: Condition
      Description: A container for describing a condition that must be met for the specified redirect to apply. For example, 1. If request is for pages in the /docs folder, redirect to the /documents folder. 2. If request results in HTTP error 4xx, redirect request to another host where you might process the error.
      • http_error_code_returned_equals
        Type: STRING
        Provider name: HttpErrorCodeReturnedEquals
        Description: The HTTP error code when the redirect is applied. In the event of an error, if the error code equals this value, then the specified redirect is applied. Required when parent element Condition is specified and sibling KeyPrefixEquals is not specified. If both are specified, then both must be true for the redirect to be applied.
      • key_prefix_equals
        Type: STRING
        Provider name: KeyPrefixEquals
        Description: The object key name prefix when the redirect is applied. For example, to redirect requests for ExamplePage.html, the key prefix will be ExamplePage.html. To redirect request for all pages with the prefix docs/, the key prefix will be /docs, which identifies all objects in the docs/ folder. Required when the parent element Condition is specified and sibling HttpErrorCodeReturnedEquals is not specified. If both conditions are specified, both must be true for the redirect to be applied. Replacement must be made for object keys containing special characters (such as carriage returns) when using XML requests. For more information, see XML related object key constraints.
    • redirect
      Type: STRUCT
      Provider name: Redirect
      Description: Container for redirect information. You can redirect requests to another host, to another page, or with another protocol. In the event of an error, you can specify a different error code to return.
      • host_name
        Type: STRING
        Provider name: HostName
        Description: The host name to use in the redirect request.
      • http_redirect_code
        Type: STRING
        Provider name: HttpRedirectCode
        Description: The HTTP redirect code to use on the response. Not required if one of the siblings is present.
      • protocol
        Type: STRING
        Provider name: Protocol
        Description: Protocol to use when redirecting requests. The default is the protocol that is used in the original request.
      • replace_key_prefix_with
        Type: STRING
        Provider name: ReplaceKeyPrefixWith
        Description: The object key prefix to use in the redirect request. For example, to redirect requests for all pages with prefix docs/ (objects in the docs/ folder) to documents/, you can set a condition block with KeyPrefixEquals set to docs/ and in the Redirect set ReplaceKeyPrefixWith to /documents. Not required if one of the siblings is present. Can be present only if ReplaceKeyWith is not provided. Replacement must be made for object keys containing special characters (such as carriage returns) when using XML requests. For more information, see XML related object key constraints.
      • replace_key_with
        Type: STRING
        Provider name: ReplaceKeyWith
        Description: The specific object key to use in the redirect request. For example, redirect request to error.html. Not required if one of the siblings is present. Can be present only if ReplaceKeyPrefixWith is not provided. Replacement must be made for object keys containing special characters (such as carriage returns) when using XML requests. For more information, see XML related object key constraints.

creation_date

Type: TIMESTAMP
Provider name: CreationDate
Description: Date the bucket was created. This date can change when making changes to your bucket, such as editing its bucket policy.

grants

Type: UNORDERED_LIST_STRUCT
Provider name: Grants
Description: A list of grants.

  • grantee
    Type: STRUCT
    Provider name: Grantee
    Description: The person being granted permissions.
    • display_name
      Type: STRING
      Provider name: DisplayName
      Description: Screen name of the grantee.
    • email_address
      Type: STRING
      Provider name: EmailAddress
      Description: Email address of the grantee. Using email addresses to specify a grantee is only supported in the following Amazon Web Services Regions:
      • US East (N. Virginia)
      • US West (N. California)
      • US West (Oregon)
      • Asia Pacific (Singapore)
      • Asia Pacific (Sydney)
      • Asia Pacific (Tokyo)
      • Europe (Ireland)
      • South America (São Paulo)
      For a list of all the Amazon S3 supported Regions and endpoints, see Regions and Endpoints in the Amazon Web Services General Reference.

    • id
      Type: STRING
      Provider name: ID
      Description: The canonical user ID of the grantee.
    • type
      Type: STRING
      Provider name: Type
      Description: Type of grantee
    • uri
      Type: STRING
      Provider name: URI
      Description: URI of the grantee group.
  • permission
    Type: STRING
    Provider name: Permission
    Description: Specifies the permission given to the grantee.

inventory_configuration_list

Type: UNORDERED_LIST_STRUCT
Provider name: InventoryConfigurationList
Description: The list of inventory configurations for a bucket.

  • destination
    Type: STRUCT
    Provider name: Destination
    Description: Contains information about where to publish the inventory results.
    • s3_bucket_destination
      Type: STRUCT
      Provider name: S3BucketDestination
      Description: Contains the bucket name, file format, bucket owner (optional), and prefix (optional) where inventory results are published.
      • account_id
        Type: STRING
        Provider name: AccountId
        Description: The account ID that owns the destination S3 bucket. If no account ID is provided, the owner is not validated before exporting data. Although this value is optional, we strongly recommend that you set it to help prevent problems if the destination bucket ownership changes.
      • bucket
        Type: STRING
        Provider name: Bucket
        Description: The Amazon Resource Name (ARN) of the bucket where inventory results will be published.
      • encryption
        Type: STRUCT
        Provider name: Encryption
        Description: Contains the type of server-side encryption used to encrypt the inventory results.
        • ssekms
          Type: STRUCT
          Provider name: SSEKMS
          Description: Specifies the use of SSE-KMS to encrypt delivered inventory reports.
          • key_id
            Type: STRING
            Provider name: KeyId
            Description: Specifies the ID of the Key Management Service (KMS) symmetric encryption customer managed key to use for encrypting inventory reports.
        • sses3
          Type: STRUCT
          Provider name: SSES3
          Description: Specifies the use of SSE-S3 to encrypt delivered inventory reports.
      • format
        Type: STRING
        Provider name: Format
        Description: Specifies the output format of the inventory results.
      • prefix
        Type: STRING
        Provider name: Prefix
        Description: The prefix that is prepended to all inventory results.
  • filter
    Type: STRUCT
    Provider name: Filter
    Description: Specifies an inventory filter. The inventory only includes objects that meet the filter’s criteria.
    • prefix
      Type: STRING
      Provider name: Prefix
      Description: The prefix that an object must have to be included in the inventory results.
  • id
    Type: STRING
    Provider name: Id
    Description: The ID used to identify the inventory configuration.
  • included_object_versions
    Type: STRING
    Provider name: IncludedObjectVersions
    Description: Object versions to include in the inventory list. If set to All, the list includes all the object versions, which adds the version-related fields VersionId, IsLatest, and DeleteMarker to the list. If set to Current, the list does not contain these version-related fields.
  • is_enabled
    Type: BOOLEAN
    Provider name: IsEnabled
    Description: Specifies whether the inventory is enabled or disabled. If set to True, an inventory list is generated. If set to False, no inventory list is generated.
  • optional_fields
    Type: UNORDERED_LIST_STRING
    Provider name: OptionalFields
    Description: Contains the optional fields that are included in the inventory results.
  • schedule
    Type: STRUCT
    Provider name: Schedule
    Description: Specifies the schedule for generating inventory results.
    • frequency
      Type: STRING
      Provider name: Frequency
      Description: Specifies how frequently inventory results are produced.

location_constraint

Type: STRING
Provider name: LocationConstraint
Description: Specifies the Region where the bucket resides. For a list of all the Amazon S3 supported location constraints by Region, see Regions and Endpoints. Buckets in Region us-east-1 have a LocationConstraint of null.

logging_enabled

Type: STRUCT
Provider name: LoggingEnabled

  • target_bucket
    Type: STRING
    Provider name: TargetBucket
    Description: Specifies the bucket where you want Amazon S3 to store server access logs. You can have your logs delivered to any bucket that you own, including the same bucket that is being logged. You can also configure multiple buckets to deliver their logs to the same target bucket. In this case, you should choose a different TargetPrefix for each source bucket so that the delivered log files can be distinguished by key.
  • target_grants
    Type: UNORDERED_LIST_STRUCT
    Provider name: TargetGrants
    Description: Container for granting information. Buckets that use the bucket owner enforced setting for Object Ownership don’t support target grants. For more information, see Permissions for server access log delivery in the Amazon S3 User Guide.
    • grantee
      Type: STRUCT
      Provider name: Grantee
      Description: Container for the person being granted permissions.
      • display_name
        Type: STRING
        Provider name: DisplayName
        Description: Screen name of the grantee.
      • email_address
        Type: STRING
        Provider name: EmailAddress
        Description: Email address of the grantee. Using email addresses to specify a grantee is only supported in the following Amazon Web Services Regions:
        • US East (N. Virginia)
        • US West (N. California)
        • US West (Oregon)
        • Asia Pacific (Singapore)
        • Asia Pacific (Sydney)
        • Asia Pacific (Tokyo)
        • Europe (Ireland)
        • South America (São Paulo)
        For a list of all the Amazon S3 supported Regions and endpoints, see Regions and Endpoints in the Amazon Web Services General Reference.

      • id
        Type: STRING
        Provider name: ID
        Description: The canonical user ID of the grantee.
      • type
        Type: STRING
        Provider name: Type
        Description: Type of grantee
      • uri
        Type: STRING
        Provider name: URI
        Description: URI of the grantee group.
    • permission
      Type: STRING
      Provider name: Permission
      Description: Logging permissions assigned to the grantee for the bucket.
  • target_object_key_format
    Type: STRUCT
    Provider name: TargetObjectKeyFormat
    Description: Amazon S3 key format for log objects.
    • partitioned_prefix
      Type: STRUCT
      Provider name: PartitionedPrefix
      Description: Partitioned S3 key for log objects.
      • partition_date_source
        Type: STRING
        Provider name: PartitionDateSource
        Description: Specifies the partition date source for the partitioned prefix. PartitionDateSource can be EventTime or DeliveryTime. For DeliveryTime, the time in the log file names corresponds to the delivery time for the log files. For EventTime, The logs delivered are for a specific day only. The year, month, and day correspond to the day on which the event occurred, and the hour, minutes and seconds are set to 00 in the key.
    • simple_prefix
      Type: STRUCT
      Provider name: SimplePrefix
      Description: To use the simple format for S3 keys for log objects. To specify SimplePrefix format, set SimplePrefix to {}.
  • target_prefix
    Type: STRING
    Provider name: TargetPrefix
    Description: A prefix for all log object keys. If you store log files from multiple Amazon S3 buckets in a single bucket, you can use a prefix to distinguish which log files came from which bucket.

name

Type: STRING
Provider name: Name
Description: The name of the bucket.

notification_configuration

Type: STRUCT
Provider name: NotificationConfiguration

  • lambda_function_configurations
    Type: UNORDERED_LIST_STRUCT
    Provider name: LambdaFunctionConfigurations
    Description: Describes the Lambda functions to invoke and the events for which to invoke them.
    • events
      Type: UNORDERED_LIST_STRING
      Provider name: Events
      Description: The Amazon S3 bucket event for which to invoke the Lambda function. For more information, see Supported Event Types in the Amazon S3 User Guide.
    • filter
      Type: STRUCT
      Provider name: Filter
      • key
        Type: STRUCT
        Provider name: Key
        • filter_rules
          Type: UNORDERED_LIST_STRUCT
          Provider name: FilterRules
          • name
            Type: STRING
            Provider name: Name
            Description: The object key name prefix or suffix identifying one or more objects to which the filtering rule applies. The maximum length is 1,024 characters. Overlapping prefixes and suffixes are not supported. For more information, see Configuring Event Notifications in the Amazon S3 User Guide.
          • value
            Type: STRING
            Provider name: Value
            Description: The value that the filter searches for in object key names.
    • id
      Type: STRING
      Provider name: Id
    • lambda_function_arn
      Type: STRING
      Provider name: LambdaFunctionArn
      Description: The Amazon Resource Name (ARN) of the Lambda function that Amazon S3 invokes when the specified event type occurs.
  • queue_configurations
    Type: UNORDERED_LIST_STRUCT
    Provider name: QueueConfigurations
    Description: The Amazon Simple Queue Service queues to publish messages to and the events for which to publish messages.
    • events
      Type: UNORDERED_LIST_STRING
      Provider name: Events
      Description: A collection of bucket events for which to send notifications
    • filter
      Type: STRUCT
      Provider name: Filter
      • key
        Type: STRUCT
        Provider name: Key
        • filter_rules
          Type: UNORDERED_LIST_STRUCT
          Provider name: FilterRules
          • name
            Type: STRING
            Provider name: Name
            Description: The object key name prefix or suffix identifying one or more objects to which the filtering rule applies. The maximum length is 1,024 characters. Overlapping prefixes and suffixes are not supported. For more information, see Configuring Event Notifications in the Amazon S3 User Guide.
          • value
            Type: STRING
            Provider name: Value
            Description: The value that the filter searches for in object key names.
    • id
      Type: STRING
      Provider name: Id
    • queue_arn
      Type: STRING
      Provider name: QueueArn
      Description: The Amazon Resource Name (ARN) of the Amazon SQS queue to which Amazon S3 publishes a message when it detects events of the specified type.
  • topic_configurations
    Type: UNORDERED_LIST_STRUCT
    Provider name: TopicConfigurations
    Description: The topic to which notifications are sent and the events for which notifications are generated.
    • events
      Type: UNORDERED_LIST_STRING
      Provider name: Events
      Description: The Amazon S3 bucket event about which to send notifications. For more information, see Supported Event Types in the Amazon S3 User Guide.
    • filter
      Type: STRUCT
      Provider name: Filter
      • key
        Type: STRUCT
        Provider name: Key
        • filter_rules
          Type: UNORDERED_LIST_STRUCT
          Provider name: FilterRules
          • name
            Type: STRING
            Provider name: Name
            Description: The object key name prefix or suffix identifying one or more objects to which the filtering rule applies. The maximum length is 1,024 characters. Overlapping prefixes and suffixes are not supported. For more information, see Configuring Event Notifications in the Amazon S3 User Guide.
          • value
            Type: STRING
            Provider name: Value
            Description: The value that the filter searches for in object key names.
    • id
      Type: STRING
      Provider name: Id
    • topic_arn
      Type: STRING
      Provider name: TopicArn
      Description: The Amazon Resource Name (ARN) of the Amazon SNS topic to which Amazon S3 publishes a message when it detects events of the specified type.

owner

Type: STRUCT
Provider name: Owner
Description: Container for the bucket owner’s display name and ID.

  • display_name
    Type: STRING
    Provider name: DisplayName
    Description: Container for the display name of the owner. This value is only supported in the following Amazon Web Services Regions:
    • US East (N. Virginia)
    • US West (N. California)
    • US West (Oregon)
    • Asia Pacific (Singapore)
    • Asia Pacific (Sydney)
    • Asia Pacific (Tokyo)
    • Europe (Ireland)
    • South America (São Paulo)
    This functionality is not supported for directory buckets.
  • id
    Type: STRING
    Provider name: ID
    Description: Container for the ID of the owner.

policy

Type: STRING
Provider name: Policy
Description: The bucket policy as a JSON document.

policy_status

Type: STRUCT
Provider name: PolicyStatus
Description: The policy status for the specified bucket.

  • is_public
    Type: BOOLEAN
    Provider name: IsPublic
    Description: The policy status for this bucket. TRUE indicates that this bucket is public. FALSE indicates that the bucket is not public.

public_access_block_configuration

Type: STRUCT
Provider name: PublicAccessBlockConfiguration
Description: The PublicAccessBlock configuration currently in effect for this Amazon S3 bucket.

  • block_public_acls
    Type: BOOLEAN
    Provider name: BlockPublicAcls
    Description: Specifies whether Amazon S3 should block public access control lists (ACLs) for this bucket and objects in this bucket. Setting this element to TRUE causes the following behavior:
    • PUT Bucket ACL and PUT Object ACL calls fail if the specified ACL is public.
    • PUT Object calls fail if the request includes a public ACL.
    • PUT Bucket calls fail if the request includes a public ACL.
    Enabling this setting doesn’t affect existing policies or ACLs.
  • block_public_policy
    Type: BOOLEAN
    Provider name: BlockPublicPolicy
    Description: Specifies whether Amazon S3 should block public bucket policies for this bucket. Setting this element to TRUE causes Amazon S3 to reject calls to PUT Bucket policy if the specified bucket policy allows public access. Enabling this setting doesn’t affect existing bucket policies.
  • ignore_public_acls
    Type: BOOLEAN
    Provider name: IgnorePublicAcls
    Description: Specifies whether Amazon S3 should ignore public ACLs for this bucket and objects in this bucket. Setting this element to TRUE causes Amazon S3 to ignore all public ACLs on this bucket and objects in this bucket. Enabling this setting doesn’t affect the persistence of any existing ACLs and doesn’t prevent new public ACLs from being set.
  • restrict_public_buckets
    Type: BOOLEAN
    Provider name: RestrictPublicBuckets
    Description: Specifies whether Amazon S3 should restrict public bucket policies for this bucket. Setting this element to TRUE restricts access to this bucket to only Amazon Web Services service principals and authorized users within this account if the bucket has a public policy. Enabling this setting doesn’t affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked.

replication_configuration

Type: STRUCT
Provider name: ReplicationConfiguration

  • role
    Type: STRING
    Provider name: Role
    Description: The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role that Amazon S3 assumes when replicating objects. For more information, see How to Set Up Replication in the Amazon S3 User Guide.
  • rules
    Type: UNORDERED_LIST_STRUCT
    Provider name: Rules
    Description: A container for one or more replication rules. A replication configuration must have at least one rule and can contain a maximum of 1,000 rules.
    • delete_marker_replication
      Type: STRUCT
      Provider name: DeleteMarkerReplication
      • status
        Type: STRING
        Provider name: Status
        Description: Indicates whether to replicate delete markers. Indicates whether to replicate delete markers.
    • destination
      Type: STRUCT
      Provider name: Destination
      Description: A container for information about the replication destination and its configurations including enabling the S3 Replication Time Control (S3 RTC).
      • access_control_translation
        Type: STRUCT
        Provider name: AccessControlTranslation
        Description: Specify this only in a cross-account scenario (where source and destination bucket owners are not the same), and you want to change replica ownership to the Amazon Web Services account that owns the destination bucket. If this is not specified in the replication configuration, the replicas are owned by same Amazon Web Services account that owns the source object.
        • owner
          Type: STRING
          Provider name: Owner
          Description: Specifies the replica ownership. For default and valid values, see PUT bucket replication in the Amazon S3 API Reference.
      • account
        Type: STRING
        Provider name: Account
        Description: Destination bucket owner account ID. In a cross-account scenario, if you direct Amazon S3 to change replica ownership to the Amazon Web Services account that owns the destination bucket by specifying the AccessControlTranslation property, this is the account ID of the destination bucket owner. For more information, see Replication Additional Configuration: Changing the Replica Owner in the Amazon S3 User Guide.
      • bucket
        Type: STRING
        Provider name: Bucket
        Description: The Amazon Resource Name (ARN) of the bucket where you want Amazon S3 to store the results.
      • encryption_configuration
        Type: STRUCT
        Provider name: EncryptionConfiguration
        Description: A container that provides information about encryption. If SourceSelectionCriteria is specified, you must specify this element.
        • replica_kms_key_id
          Type: STRING
          Provider name: ReplicaKmsKeyID
          Description: Specifies the ID (Key ARN or Alias ARN) of the customer managed Amazon Web Services KMS key stored in Amazon Web Services Key Management Service (KMS) for the destination bucket. Amazon S3 uses this key to encrypt replica objects. Amazon S3 only supports symmetric encryption KMS keys. For more information, see Asymmetric keys in Amazon Web Services KMS in the Amazon Web Services Key Management Service Developer Guide.
      • metrics
        Type: STRUCT
        Provider name: Metrics
        Description: A container specifying replication metrics-related settings enabling replication metrics and events.
        • event_threshold
          Type: STRUCT
          Provider name: EventThreshold
          Description: A container specifying the time threshold for emitting the s3:Replication:OperationMissedThreshold event.
          • minutes
            Type: INT32
            Provider name: Minutes
            Description: Contains an integer specifying time in minutes. Valid value: 15
        • status
          Type: STRING
          Provider name: Status
          Description: Specifies whether the replication metrics are enabled.
      • replication_time
        Type: STRUCT
        Provider name: ReplicationTime
        Description: A container specifying S3 Replication Time Control (S3 RTC), including whether S3 RTC is enabled and the time when all objects and operations on objects must be replicated. Must be specified together with a Metrics block.
        • status
          Type: STRING
          Provider name: Status
          Description: Specifies whether the replication time is enabled.
        • time
          Type: STRUCT
          Provider name: Time
          Description: A container specifying the time by which replication should be complete for all objects and operations on objects.
          • minutes
            Type: INT32
            Provider name: Minutes
            Description: Contains an integer specifying time in minutes. Valid value: 15
      • storage_class
        Type: STRING
        Provider name: StorageClass
        Description: The storage class to use when replicating objects, such as S3 Standard or reduced redundancy. By default, Amazon S3 uses the storage class of the source object to create the object replica. For valid values, see the StorageClass element of the PUT Bucket replication action in the Amazon S3 API Reference.
    • existing_object_replication
      Type: STRUCT
      Provider name: ExistingObjectReplication
      Description: Optional configuration to replicate existing source bucket objects. This parameter is no longer supported. To replicate existing objects, see Replicating existing objects with S3 Batch Replication in the Amazon S3 User Guide.
      • status
        Type: STRING
        Provider name: Status
        Description: Specifies whether Amazon S3 replicates existing source bucket objects.
    • filter
      Type: STRUCT
      Provider name: Filter
      • and
        Type: STRUCT
        Provider name: And
        Description: A container for specifying rule filters. The filters determine the subset of objects to which the rule applies. This element is required only if you specify more than one filter. For example:
        • If you specify both a Prefix and a Tag filter, wrap these filters in an And tag.
        • If you specify a filter based on multiple tags, wrap the Tag elements in an And tag.
        • prefix
          Type: STRING
          Provider name: Prefix
          Description: An object key name prefix that identifies the subset of objects to which the rule applies.
      • prefix
        Type: STRING
        Provider name: Prefix
        Description: An object key name prefix that identifies the subset of objects to which the rule applies. Replacement must be made for object keys containing special characters (such as carriage returns) when using XML requests. For more information, see XML related object key constraints.
      • tag
        Type: STRUCT
        Provider name: Tag
        Description: A container for specifying a tag key and value. The rule applies only to objects that have the tag in their tag set.
        • key
          Type: STRING
          Provider name: Key
          Description: Name of the object key.
        • value
          Type: STRING
          Provider name: Value
          Description: Value of the tag.
    • id
      Type: STRING
      Provider name: ID
      Description: A unique identifier for the rule. The maximum value is 255 characters.
    • prefix
      Type: STRING
      Provider name: Prefix
      Description: An object key name prefix that identifies the object or objects to which the rule applies. The maximum prefix length is 1,024 characters. To include all objects in a bucket, specify an empty string. Replacement must be made for object keys containing special characters (such as carriage returns) when using XML requests. For more information, see XML related object key constraints.
    • priority
      Type: INT32
      Provider name: Priority
      Description: The priority indicates which rule has precedence whenever two or more replication rules conflict. Amazon S3 will attempt to replicate objects according to all replication rules. However, if there are two or more rules with the same destination bucket, then objects will be replicated according to the rule with the highest priority. The higher the number, the higher the priority. For more information, see Replication in the Amazon S3 User Guide.
    • source_selection_criteria
      Type: STRUCT
      Provider name: SourceSelectionCriteria
      Description: A container that describes additional filters for identifying the source objects that you want to replicate. You can choose to enable or disable the replication of these objects. Currently, Amazon S3 supports only the filter that you can specify for objects created with server-side encryption using a customer managed key stored in Amazon Web Services Key Management Service (SSE-KMS).
      • replica_modifications
        Type: STRUCT
        Provider name: ReplicaModifications
        Description: A filter that you can specify for selections for modifications on replicas. Amazon S3 doesn’t replicate replica modifications by default. In the latest version of replication configuration (when Filter is specified), you can specify this element and set the status to Enabled to replicate modifications on replicas. If you don’t specify the Filter element, Amazon S3 assumes that the replication configuration is the earlier version, V1. In the earlier version, this element is not allowed
        • status
          Type: STRING
          Provider name: Status
          Description: Specifies whether Amazon S3 replicates modifications on replicas.
      • sse_kms_encrypted_objects
        Type: STRUCT
        Provider name: SseKmsEncryptedObjects
        Description: A container for filter information for the selection of Amazon S3 objects encrypted with Amazon Web Services KMS. If you include SourceSelectionCriteria in the replication configuration, this element is required.
        • status
          Type: STRING
          Provider name: Status
          Description: Specifies whether Amazon S3 replicates objects created with server-side encryption using an Amazon Web Services KMS key stored in Amazon Web Services Key Management Service.
    • status
      Type: STRING
      Provider name: Status
      Description: Specifies whether the rule is enabled.

rules

Type: UNORDERED_LIST_STRUCT
Provider name: Rules
Description: Container for a lifecycle rule.

  • abort_incomplete_multipart_upload
    Type: STRUCT
    Provider name: AbortIncompleteMultipartUpload
    • days_after_initiation
      Type: INT32
      Provider name: DaysAfterInitiation
      Description: Specifies the number of days after which Amazon S3 aborts an incomplete multipart upload.
  • expiration
    Type: STRUCT
    Provider name: Expiration
    Description: Specifies the expiration for the lifecycle of the object in the form of date, days and, whether the object has a delete marker.
    • date
      Type: TIMESTAMP
      Provider name: Date
      Description: Indicates at what date the object is to be moved or deleted. The date value must conform to the ISO 8601 format. The time is always midnight UTC. This parameter applies to general purpose buckets only. It is not supported for directory bucket lifecycle configurations.
    • days
      Type: INT32
      Provider name: Days
      Description: Indicates the lifetime, in days, of the objects that are subject to the rule. The value must be a non-zero positive integer.
    • expired_object_delete_marker
      Type: BOOLEAN
      Provider name: ExpiredObjectDeleteMarker
      Description: Indicates whether Amazon S3 will remove a delete marker with no noncurrent versions. If set to true, the delete marker will be expired; if set to false the policy takes no action. This cannot be specified with Days or Date in a Lifecycle Expiration Policy. This parameter applies to general purpose buckets only. It is not supported for directory bucket lifecycle configurations.
  • filter
    Type: STRUCT
    Provider name: Filter
    Description: The Filter is used to identify objects that a Lifecycle Rule applies to. A Filter must have exactly one of Prefix, Tag, or And specified. Filter is required if the LifecycleRule does not contain a Prefix element. Tag filters are not supported for directory buckets.
    • and
      Type: STRUCT
      Provider name: And
      • object_size_greater_than
        Type: INT64
        Provider name: ObjectSizeGreaterThan
        Description: Minimum object size to which the rule applies.
      • object_size_less_than
        Type: INT64
        Provider name: ObjectSizeLessThan
        Description: Maximum object size to which the rule applies.
      • prefix
        Type: STRING
        Provider name: Prefix
        Description: Prefix identifying one or more objects to which the rule applies.
    • object_size_greater_than
      Type: INT64
      Provider name: ObjectSizeGreaterThan
      Description: Minimum object size to which the rule applies.
    • object_size_less_than
      Type: INT64
      Provider name: ObjectSizeLessThan
      Description: Maximum object size to which the rule applies.
    • prefix
      Type: STRING
      Provider name: Prefix
      Description: Prefix identifying one or more objects to which the rule applies. Replacement must be made for object keys containing special characters (such as carriage returns) when using XML requests. For more information, see XML related object key constraints.
    • tag
      Type: STRUCT
      Provider name: Tag
      Description: This tag must exist in the object’s tag set in order for the rule to apply. This parameter applies to general purpose buckets only. It is not supported for directory bucket lifecycle configurations.
      • key
        Type: STRING
        Provider name: Key
        Description: Name of the object key.
      • value
        Type: STRING
        Provider name: Value
        Description: Value of the tag.
  • id
    Type: STRING
    Provider name: ID
    Description: Unique identifier for the rule. The value cannot be longer than 255 characters.
  • noncurrent_version_expiration
    Type: STRUCT
    Provider name: NoncurrentVersionExpiration
    • newer_noncurrent_versions
      Type: INT32
      Provider name: NewerNoncurrentVersions
      Description: Specifies how many noncurrent versions Amazon S3 will retain. You can specify up to 100 noncurrent versions to retain. Amazon S3 will permanently delete any additional noncurrent versions beyond the specified number to retain. For more information about noncurrent versions, see Lifecycle configuration elements in the Amazon S3 User Guide. This parameter applies to general purpose buckets only. It is not supported for directory bucket lifecycle configurations.
    • noncurrent_days
      Type: INT32
      Provider name: NoncurrentDays
      Description: Specifies the number of days an object is noncurrent before Amazon S3 can perform the associated action. The value must be a non-zero positive integer. For information about the noncurrent days calculations, see How Amazon S3 Calculates When an Object Became Noncurrent in the Amazon S3 User Guide. This parameter applies to general purpose buckets only. It is not supported for directory bucket lifecycle configurations.
  • noncurrent_version_transitions
    Type: UNORDERED_LIST_STRUCT
    Provider name: NoncurrentVersionTransitions
    Description: Specifies the transition rule for the lifecycle rule that describes when noncurrent objects transition to a specific storage class. If your bucket is versioning-enabled (or versioning is suspended), you can set this action to request that Amazon S3 transition noncurrent object versions to a specific storage class at a set period in the object’s lifetime. This parameter applies to general purpose buckets only. It is not supported for directory bucket lifecycle configurations.
    • newer_noncurrent_versions
      Type: INT32
      Provider name: NewerNoncurrentVersions
      Description: Specifies how many noncurrent versions Amazon S3 will retain in the same storage class before transitioning objects. You can specify up to 100 noncurrent versions to retain. Amazon S3 will transition any additional noncurrent versions beyond the specified number to retain. For more information about noncurrent versions, see Lifecycle configuration elements in the Amazon S3 User Guide.
    • noncurrent_days
      Type: INT32
      Provider name: NoncurrentDays
      Description: Specifies the number of days an object is noncurrent before Amazon S3 can perform the associated action. For information about the noncurrent days calculations, see How Amazon S3 Calculates How Long an Object Has Been Noncurrent in the Amazon S3 User Guide.
    • storage_class
      Type: STRING
      Provider name: StorageClass
      Description: The class of storage used to store the object.
  • prefix
    Type: STRING
    Provider name: Prefix
    Description: Prefix identifying one or more objects to which the rule applies. This is no longer used; use Filter instead. Replacement must be made for object keys containing special characters (such as carriage returns) when using XML requests. For more information, see XML related object key constraints.
  • status
    Type: STRING
    Provider name: Status
    Description: If ‘Enabled’, the rule is currently being applied. If ‘Disabled’, the rule is not currently being applied.
  • transitions
    Type: UNORDERED_LIST_STRUCT
    Provider name: Transitions
    Description: Specifies when an Amazon S3 object transitions to a specified storage class. This parameter applies to general purpose buckets only. It is not supported for directory bucket lifecycle configurations.
    • date
      Type: TIMESTAMP
      Provider name: Date
      Description: Indicates when objects are transitioned to the specified storage class. The date value must be in ISO 8601 format. The time is always midnight UTC.
    • days
      Type: INT32
      Provider name: Days
      Description: Indicates the number of days after creation when objects are transitioned to the specified storage class. The value must be a positive integer.
    • storage_class
      Type: STRING
      Provider name: StorageClass
      Description: The storage class to which you want the object to transition.

server_side_encryption_configuration

Type: STRUCT
Provider name: ServerSideEncryptionConfiguration

  • rules
    Type: UNORDERED_LIST_STRUCT
    Provider name: Rules
    Description: Container for information about a particular server-side encryption configuration rule.
    • apply_server_side_encryption_by_default
      Type: STRUCT
      Provider name: ApplyServerSideEncryptionByDefault
      Description: Specifies the default server-side encryption to apply to new objects in the bucket. If a PUT Object request doesn’t specify any server-side encryption, this default encryption will be applied.
      • kms_master_key_id
        Type: STRING
        Provider name: KMSMasterKeyID
        Description: Amazon Web Services Key Management Service (KMS) customer managed key ID to use for the default encryption.
        • General purpose buckets - This parameter is allowed if and only if SSEAlgorithm is set to aws:kms or aws:kms:dsse.
        • Directory buckets - This parameter is allowed if and only if SSEAlgorithm is set to aws:kms.
        You can specify the key ID, key alias, or the Amazon Resource Name (ARN) of the KMS key.
        • Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
        • Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
        • Key Alias: alias/alias-name
        If you are using encryption with cross-account or Amazon Web Services service operations, you must use a fully qualified KMS key ARN. For more information, see Using encryption for cross-account operations.
        • General purpose buckets - If you’re specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that’s encrypted with a KMS key that belongs to the requester, and not the bucket owner. Also, if you use a key ID, you can run into a LogDestination undeliverable error when creating a VPC flow log.
        • Directory buckets - When you specify an KMS customer managed key for encryption in your directory bucket, only use the key ID or key ARN. The key alias format of the KMS key isn’t supported.
        Amazon S3 only supports symmetric encryption KMS keys. For more information, see Asymmetric keys in Amazon Web Services KMS in the Amazon Web Services Key Management Service Developer Guide.
      • sse_algorithm
        Type: STRING
        Provider name: SSEAlgorithm
        Description: Server-side encryption algorithm to use for the default encryption. For directory buckets, there are only two supported values for server-side encryption: AES256 and aws:kms.
    • bucket_key_enabled
      Type: BOOLEAN
      Provider name: BucketKeyEnabled
      Description: Specifies whether Amazon S3 should use an S3 Bucket Key with server-side encryption using KMS (SSE-KMS) for new objects in the bucket. Existing objects are not affected. Setting the BucketKeyEnabled element to true causes Amazon S3 to use an S3 Bucket Key.
      • General purpose buckets - By default, S3 Bucket Key is not enabled. For more information, see Amazon S3 Bucket Keys in the Amazon S3 User Guide.
      • Directory buckets - S3 Bucket Keys are always enabled for GET and PUT operations in a directory bucket and can’t be disabled. S3 Bucket Keys aren’t supported, when you copy SSE-KMS encrypted objects from general purpose buckets to directory buckets, from directory buckets to general purpose buckets, or between directory buckets, through CopyObject, UploadPartCopy, the Copy operation in Batch Operations, or the import jobs. In this case, Amazon S3 makes a call to KMS every time a copy request is made for a KMS-encrypted object.

tags

Type: UNORDERED_LIST_STRING

transition_default_minimum_object_size

Type: STRING
Provider name: TransitionDefaultMinimumObjectSize
Description: Indicates which default minimum object size behavior is applied to the lifecycle configuration. This parameter applies to general purpose buckets only. It is not supported for directory bucket lifecycle configurations.

  • all_storage_classes_128K - Objects smaller than 128 KB will not transition to any storage class by default.
  • varies_by_storage_class - Objects smaller than 128 KB will transition to Glacier Flexible Retrieval or Glacier Deep Archive storage classes. By default, all other storage classes will prevent transitions smaller than 128 KB.
To customize the minimum object size for any transition you can add a filter that specifies a custom ObjectSizeGreaterThan or ObjectSizeLessThan in the body of your transition rule. Custom filters always take precedence over the default transition behavior.