aws_s3_bucket
account_id
Type: STRING
bucket_arn
Type: STRING
bucket_policy_statement
Type: UNORDERED_LIST_STRUCT
account_id
Type: STRING
condition
Type: MAP_STRING_STRING
policy_id
Type: STRING
policy_not_principal
Type: STRUCT
policy_id
Type: STRING
principal
Type: STRING
principal_aws
Type: UNORDERED_LIST_STRING
principal_canonical_user
Type: UNORDERED_LIST_STRING
principal_federated
Type: UNORDERED_LIST_STRING
principal_service
Type: UNORDERED_LIST_STRING
policy_principal
Type: STRUCT
policy_id
Type: STRING
principal
Type: STRING
principal_aws
Type: UNORDERED_LIST_STRING
principal_canonical_user
Type: UNORDERED_LIST_STRING
principal_federated
Type: UNORDERED_LIST_STRING
principal_service
Type: UNORDERED_LIST_STRING
principal_aws
Type: UNORDERED_LIST_STRING
statement_action
Type: UNORDERED_LIST_STRING
statement_effect
Type: STRING
statement_has_condition
Type: BOOLEAN
statement_id
Type: INT32
statement_not_action
Type: UNORDERED_LIST_STRING
statement_not_resource
Type: UNORDERED_LIST_STRING
statement_resource
Type: UNORDERED_LIST_STRING
statement_sid
Type: STRING
version_id
Type: STRING
bucket_region
Type: STRING
Provider name: BucketRegion
Description: BucketRegion
indicates the Amazon Web Services region where the bucket is located. If the request contains at least one valid parameter, it is included in the response.
bucket_versioning
Type: STRUCT
Provider name: GetBucketVersioningOutput
mfa_delete
Type: STRING
Provider name: MFADelete
Description: Specifies whether MFA delete is enabled in the bucket versioning configuration. This element is only returned if the bucket has been configured with MFA delete. If the bucket has never been so configured, this element is not returned.
status
Type: STRING
Provider name: Status
Description: The versioning state of the bucket.
bucket_website
Type: STRUCT
Provider name: GetBucketWebsiteOutput
error_document
Type: STRUCT
Provider name: ErrorDocument
Description: The object key name of the website error document to use for 4XX class errors.
key
Type: STRING
Provider name: Key
Description: The object key name to use when a 4XX class error occurs. Replacement must be made for object keys containing special characters (such as carriage returns) when using XML requests. For more information, see XML related object key constraints.
index_document
Type: STRUCT
Provider name: IndexDocument
Description: The name of the index document for the website (for example index.html
).
suffix
Type: STRING
Provider name: Suffix
Description: A suffix that is appended to a request that is for a directory on the website endpoint. (For example, if the suffix is index.html
and you make a request to samplebucket/images/
, the data that is returned will be for the object with the key name images/index.html
.) The suffix must not be empty and must not include a slash character. Replacement must be made for object keys containing special characters (such as carriage returns) when using XML requests. For more information, see XML related object key constraints.
redirect_all_requests_to
Type: STRUCT
Provider name: RedirectAllRequestsTo
Description: Specifies the redirect behavior of all requests to a website endpoint of an Amazon S3 bucket.
host_name
Type: STRING
Provider name: HostName
Description: Name of the host where requests are redirected.
protocol
Type: STRING
Provider name: Protocol
Description: Protocol to use when redirecting requests. The default is the protocol that is used in the original request.
routing_rules
Type: UNORDERED_LIST_STRUCT
Provider name: RoutingRules
Description: Rules that define when a redirect is applied and the redirect behavior.
condition
Type: STRUCT
Provider name: Condition
Description: A container for describing a condition that must be met for the specified redirect to apply. For example, 1. If request is for pages in the /docs
folder, redirect to the /documents
folder. 2. If request results in HTTP error 4xx, redirect request to another host where you might process the error.
http_error_code_returned_equals
Type: STRING
Provider name: HttpErrorCodeReturnedEquals
Description: The HTTP error code when the redirect is applied. In the event of an error, if the error code equals this value, then the specified redirect is applied. Required when parent element Condition
is specified and sibling KeyPrefixEquals
is not specified. If both are specified, then both must be true for the redirect to be applied.
key_prefix_equals
Type: STRING
Provider name: KeyPrefixEquals
Description: The object key name prefix when the redirect is applied. For example, to redirect requests for ExamplePage.html
, the key prefix will be ExamplePage.html
. To redirect request for all pages with the prefix docs/
, the key prefix will be /docs
, which identifies all objects in the docs/
folder. Required when the parent element Condition
is specified and sibling HttpErrorCodeReturnedEquals
is not specified. If both conditions are specified, both must be true for the redirect to be applied. Replacement must be made for object keys containing special characters (such as carriage returns) when using XML requests. For more information, see XML related object key constraints.
redirect
Type: STRUCT
Provider name: Redirect
Description: Container for redirect information. You can redirect requests to another host, to another page, or with another protocol. In the event of an error, you can specify a different error code to return.
host_name
Type: STRING
Provider name: HostName
Description: The host name to use in the redirect request.
http_redirect_code
Type: STRING
Provider name: HttpRedirectCode
Description: The HTTP redirect code to use on the response. Not required if one of the siblings is present.
protocol
Type: STRING
Provider name: Protocol
Description: Protocol to use when redirecting requests. The default is the protocol that is used in the original request.
replace_key_prefix_with
Type: STRING
Provider name: ReplaceKeyPrefixWith
Description: The object key prefix to use in the redirect request. For example, to redirect requests for all pages with prefix docs/
(objects in the docs/
folder) to documents/
, you can set a condition block with KeyPrefixEquals
set to docs/
and in the Redirect set ReplaceKeyPrefixWith
to /documents
. Not required if one of the siblings is present. Can be present only if ReplaceKeyWith
is not provided. Replacement must be made for object keys containing special characters (such as carriage returns) when using XML requests. For more information, see XML related object key constraints.
replace_key_with
Type: STRING
Provider name: ReplaceKeyWith
Description: The specific object key to use in the redirect request. For example, redirect request to error.html
. Not required if one of the siblings is present. Can be present only if ReplaceKeyPrefixWith
is not provided. Replacement must be made for object keys containing special characters (such as carriage returns) when using XML requests. For more information, see XML related object key constraints.
creation_date
Type: TIMESTAMP
Provider name: CreationDate
Description: Date the bucket was created. This date can change when making changes to your bucket, such as editing its bucket policy.
grants
Type: UNORDERED_LIST_STRUCT
Provider name: Grants
Description: A list of grants.
grantee
Type: STRUCT
Provider name: Grantee
Description: The person being granted permissions.
display_name
Type: STRING
Provider name: DisplayName
Description: Screen name of the grantee.
email_address
Type: STRING
Provider name: EmailAddress
Description: Email address of the grantee. Using email addresses to specify a grantee is only supported in the following Amazon Web Services Regions:- US East (N. Virginia)
- US West (N. California)
- US West (Oregon)
- Asia Pacific (Singapore)
- Asia Pacific (Sydney)
- Asia Pacific (Tokyo)
- Europe (Ireland)
- South America (São Paulo)
For a list of all the Amazon S3 supported Regions and endpoints, see Regions and Endpoints in the Amazon Web Services General Reference.
id
Type: STRING
Provider name: ID
Description: The canonical user ID of the grantee.
type
Type: STRING
Provider name: Type
Description: Type of grantee
uri
Type: STRING
Provider name: URI
Description: URI of the grantee group.
permission
Type: STRING
Provider name: Permission
Description: Specifies the permission given to the grantee.
inventory_configuration_list
Type: UNORDERED_LIST_STRUCT
Provider name: InventoryConfigurationList
Description: The list of inventory configurations for a bucket.
destination
Type: STRUCT
Provider name: Destination
Description: Contains information about where to publish the inventory results.
s3_bucket_destination
Type: STRUCT
Provider name: S3BucketDestination
Description: Contains the bucket name, file format, bucket owner (optional), and prefix (optional) where inventory results are published.
account_id
Type: STRING
Provider name: AccountId
Description: The account ID that owns the destination S3 bucket. If no account ID is provided, the owner is not validated before exporting data. Although this value is optional, we strongly recommend that you set it to help prevent problems if the destination bucket ownership changes.
bucket
Type: STRING
Provider name: Bucket
Description: The Amazon Resource Name (ARN) of the bucket where inventory results will be published.
encryption
Type: STRUCT
Provider name: Encryption
Description: Contains the type of server-side encryption used to encrypt the inventory results.
ssekms
Type: STRUCT
Provider name: SSEKMS
Description: Specifies the use of SSE-KMS to encrypt delivered inventory reports.
key_id
Type: STRING
Provider name: KeyId
Description: Specifies the ID of the Key Management Service (KMS) symmetric encryption customer managed key to use for encrypting inventory reports.
sses3
Type: STRUCT
Provider name: SSES3
Description: Specifies the use of SSE-S3 to encrypt delivered inventory reports.
format
Type: STRING
Provider name: Format
Description: Specifies the output format of the inventory results.
prefix
Type: STRING
Provider name: Prefix
Description: The prefix that is prepended to all inventory results.
filter
Type: STRUCT
Provider name: Filter
Description: Specifies an inventory filter. The inventory only includes objects that meet the filter’s criteria.
prefix
Type: STRING
Provider name: Prefix
Description: The prefix that an object must have to be included in the inventory results.
id
Type: STRING
Provider name: Id
Description: The ID used to identify the inventory configuration.
included_object_versions
Type: STRING
Provider name: IncludedObjectVersions
Description: Object versions to include in the inventory list. If set to All
, the list includes all the object versions, which adds the version-related fields VersionId
, IsLatest
, and DeleteMarker
to the list. If set to Current
, the list does not contain these version-related fields.
is_enabled
Type: BOOLEAN
Provider name: IsEnabled
Description: Specifies whether the inventory is enabled or disabled. If set to True
, an inventory list is generated. If set to False
, no inventory list is generated.
optional_fields
Type: UNORDERED_LIST_STRING
Provider name: OptionalFields
Description: Contains the optional fields that are included in the inventory results.
schedule
Type: STRUCT
Provider name: Schedule
Description: Specifies the schedule for generating inventory results.
frequency
Type: STRING
Provider name: Frequency
Description: Specifies how frequently inventory results are produced.
location_constraint
Type: STRING
Provider name: LocationConstraint
Description: Specifies the Region where the bucket resides. For a list of all the Amazon S3 supported location constraints by Region, see Regions and Endpoints. Buckets in Region us-east-1
have a LocationConstraint of null
.
logging_enabled
Type: STRUCT
Provider name: LoggingEnabled
target_bucket
Type: STRING
Provider name: TargetBucket
Description: Specifies the bucket where you want Amazon S3 to store server access logs. You can have your logs delivered to any bucket that you own, including the same bucket that is being logged. You can also configure multiple buckets to deliver their logs to the same target bucket. In this case, you should choose a different TargetPrefix
for each source bucket so that the delivered log files can be distinguished by key.
target_grants
Type: UNORDERED_LIST_STRUCT
Provider name: TargetGrants
Description: Container for granting information. Buckets that use the bucket owner enforced setting for Object Ownership don’t support target grants. For more information, see Permissions for server access log delivery in the Amazon S3 User Guide.
grantee
Type: STRUCT
Provider name: Grantee
Description: Container for the person being granted permissions.
display_name
Type: STRING
Provider name: DisplayName
Description: Screen name of the grantee.
email_address
Type: STRING
Provider name: EmailAddress
Description: Email address of the grantee. Using email addresses to specify a grantee is only supported in the following Amazon Web Services Regions:- US East (N. Virginia)
- US West (N. California)
- US West (Oregon)
- Asia Pacific (Singapore)
- Asia Pacific (Sydney)
- Asia Pacific (Tokyo)
- Europe (Ireland)
- South America (São Paulo)
For a list of all the Amazon S3 supported Regions and endpoints, see Regions and Endpoints in the Amazon Web Services General Reference.
id
Type: STRING
Provider name: ID
Description: The canonical user ID of the grantee.
type
Type: STRING
Provider name: Type
Description: Type of grantee
uri
Type: STRING
Provider name: URI
Description: URI of the grantee group.
permission
Type: STRING
Provider name: Permission
Description: Logging permissions assigned to the grantee for the bucket.
target_object_key_format
Type: STRUCT
Provider name: TargetObjectKeyFormat
Description: Amazon S3 key format for log objects.
partitioned_prefix
Type: STRUCT
Provider name: PartitionedPrefix
Description: Partitioned S3 key for log objects.
partition_date_source
Type: STRING
Provider name: PartitionDateSource
Description: Specifies the partition date source for the partitioned prefix. PartitionDateSource
can be EventTime
or DeliveryTime
. For DeliveryTime
, the time in the log file names corresponds to the delivery time for the log files. For EventTime
, The logs delivered are for a specific day only. The year, month, and day correspond to the day on which the event occurred, and the hour, minutes and seconds are set to 00 in the key.
simple_prefix
Type: STRUCT
Provider name: SimplePrefix
Description: To use the simple format for S3 keys for log objects. To specify SimplePrefix format, set SimplePrefix to {}.
target_prefix
Type: STRING
Provider name: TargetPrefix
Description: A prefix for all log object keys. If you store log files from multiple Amazon S3 buckets in a single bucket, you can use a prefix to distinguish which log files came from which bucket.
name
Type: STRING
Provider name: Name
Description: The name of the bucket.
notification_configuration
Type: STRUCT
Provider name: NotificationConfiguration
lambda_function_configurations
Type: UNORDERED_LIST_STRUCT
Provider name: LambdaFunctionConfigurations
Description: Describes the Lambda functions to invoke and the events for which to invoke them.
events
Type: UNORDERED_LIST_STRING
Provider name: Events
Description: The Amazon S3 bucket event for which to invoke the Lambda function. For more information, see Supported Event Types in the Amazon S3 User Guide.
filter
Type: STRUCT
Provider name: Filter
key
Type: STRUCT
Provider name: Key
filter_rules
Type: UNORDERED_LIST_STRUCT
Provider name: FilterRules
name
Type: STRING
Provider name: Name
Description: The object key name prefix or suffix identifying one or more objects to which the filtering rule applies. The maximum length is 1,024 characters. Overlapping prefixes and suffixes are not supported. For more information, see Configuring Event Notifications in the Amazon S3 User Guide.
value
Type: STRING
Provider name: Value
Description: The value that the filter searches for in object key names.
id
Type: STRING
Provider name: Id
lambda_function_arn
Type: STRING
Provider name: LambdaFunctionArn
Description: The Amazon Resource Name (ARN) of the Lambda function that Amazon S3 invokes when the specified event type occurs.
queue_configurations
Type: UNORDERED_LIST_STRUCT
Provider name: QueueConfigurations
Description: The Amazon Simple Queue Service queues to publish messages to and the events for which to publish messages.
events
Type: UNORDERED_LIST_STRING
Provider name: Events
Description: A collection of bucket events for which to send notifications
filter
Type: STRUCT
Provider name: Filter
key
Type: STRUCT
Provider name: Key
filter_rules
Type: UNORDERED_LIST_STRUCT
Provider name: FilterRules
name
Type: STRING
Provider name: Name
Description: The object key name prefix or suffix identifying one or more objects to which the filtering rule applies. The maximum length is 1,024 characters. Overlapping prefixes and suffixes are not supported. For more information, see Configuring Event Notifications in the Amazon S3 User Guide.
value
Type: STRING
Provider name: Value
Description: The value that the filter searches for in object key names.
id
Type: STRING
Provider name: Id
queue_arn
Type: STRING
Provider name: QueueArn
Description: The Amazon Resource Name (ARN) of the Amazon SQS queue to which Amazon S3 publishes a message when it detects events of the specified type.
topic_configurations
Type: UNORDERED_LIST_STRUCT
Provider name: TopicConfigurations
Description: The topic to which notifications are sent and the events for which notifications are generated.
events
Type: UNORDERED_LIST_STRING
Provider name: Events
Description: The Amazon S3 bucket event about which to send notifications. For more information, see Supported Event Types in the Amazon S3 User Guide.
filter
Type: STRUCT
Provider name: Filter
key
Type: STRUCT
Provider name: Key
filter_rules
Type: UNORDERED_LIST_STRUCT
Provider name: FilterRules
name
Type: STRING
Provider name: Name
Description: The object key name prefix or suffix identifying one or more objects to which the filtering rule applies. The maximum length is 1,024 characters. Overlapping prefixes and suffixes are not supported. For more information, see Configuring Event Notifications in the Amazon S3 User Guide.
value
Type: STRING
Provider name: Value
Description: The value that the filter searches for in object key names.
id
Type: STRING
Provider name: Id
topic_arn
Type: STRING
Provider name: TopicArn
Description: The Amazon Resource Name (ARN) of the Amazon SNS topic to which Amazon S3 publishes a message when it detects events of the specified type.
owner
Type: STRUCT
Provider name: Owner
Description: Container for the bucket owner’s display name and ID.
display_name
Type: STRING
Provider name: DisplayName
Description: Container for the display name of the owner. This value is only supported in the following Amazon Web Services Regions:- US East (N. Virginia)
- US West (N. California)
- US West (Oregon)
- Asia Pacific (Singapore)
- Asia Pacific (Sydney)
- Asia Pacific (Tokyo)
- Europe (Ireland)
- South America (São Paulo)
This functionality is not supported for directory buckets.
id
Type: STRING
Provider name: ID
Description: Container for the ID of the owner.
policy
Type: STRING
Provider name: Policy
Description: The bucket policy as a JSON document.
policy_status
Type: STRUCT
Provider name: PolicyStatus
Description: The policy status for the specified bucket.
is_public
Type: BOOLEAN
Provider name: IsPublic
Description: The policy status for this bucket. TRUE
indicates that this bucket is public. FALSE
indicates that the bucket is not public.
public_access_block_configuration
Type: STRUCT
Provider name: PublicAccessBlockConfiguration
Description: The PublicAccessBlock
configuration currently in effect for this Amazon S3 bucket.
block_public_acls
Type: BOOLEAN
Provider name: BlockPublicAcls
Description: Specifies whether Amazon S3 should block public access control lists (ACLs) for this bucket and objects in this bucket. Setting this element to TRUE
causes the following behavior:- PUT Bucket ACL and PUT Object ACL calls fail if the specified ACL is public.
- PUT Object calls fail if the request includes a public ACL.
- PUT Bucket calls fail if the request includes a public ACL.
Enabling this setting doesn’t affect existing policies or ACLs.
block_public_policy
Type: BOOLEAN
Provider name: BlockPublicPolicy
Description: Specifies whether Amazon S3 should block public bucket policies for this bucket. Setting this element to TRUE
causes Amazon S3 to reject calls to PUT Bucket policy if the specified bucket policy allows public access. Enabling this setting doesn’t affect existing bucket policies.
ignore_public_acls
Type: BOOLEAN
Provider name: IgnorePublicAcls
Description: Specifies whether Amazon S3 should ignore public ACLs for this bucket and objects in this bucket. Setting this element to TRUE
causes Amazon S3 to ignore all public ACLs on this bucket and objects in this bucket. Enabling this setting doesn’t affect the persistence of any existing ACLs and doesn’t prevent new public ACLs from being set.
restrict_public_buckets
Type: BOOLEAN
Provider name: RestrictPublicBuckets
Description: Specifies whether Amazon S3 should restrict public bucket policies for this bucket. Setting this element to TRUE
restricts access to this bucket to only Amazon Web Services service principals and authorized users within this account if the bucket has a public policy. Enabling this setting doesn’t affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked.
replication_configuration
Type: STRUCT
Provider name: ReplicationConfiguration
role
Type: STRING
Provider name: Role
Description: The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role that Amazon S3 assumes when replicating objects. For more information, see How to Set Up Replication in the Amazon S3 User Guide.
rules
Type: UNORDERED_LIST_STRUCT
Provider name: Rules
Description: A container for one or more replication rules. A replication configuration must have at least one rule and can contain a maximum of 1,000 rules.
delete_marker_replication
Type: STRUCT
Provider name: DeleteMarkerReplication
status
Type: STRING
Provider name: Status
Description: Indicates whether to replicate delete markers. Indicates whether to replicate delete markers.
destination
Type: STRUCT
Provider name: Destination
Description: A container for information about the replication destination and its configurations including enabling the S3 Replication Time Control (S3 RTC).
access_control_translation
Type: STRUCT
Provider name: AccessControlTranslation
Description: Specify this only in a cross-account scenario (where source and destination bucket owners are not the same), and you want to change replica ownership to the Amazon Web Services account that owns the destination bucket. If this is not specified in the replication configuration, the replicas are owned by same Amazon Web Services account that owns the source object.
owner
Type: STRING
Provider name: Owner
Description: Specifies the replica ownership. For default and valid values, see PUT bucket replication in the Amazon S3 API Reference.
account
Type: STRING
Provider name: Account
Description: Destination bucket owner account ID. In a cross-account scenario, if you direct Amazon S3 to change replica ownership to the Amazon Web Services account that owns the destination bucket by specifying the AccessControlTranslation
property, this is the account ID of the destination bucket owner. For more information, see Replication Additional Configuration: Changing the Replica Owner in the Amazon S3 User Guide.
bucket
Type: STRING
Provider name: Bucket
Description: The Amazon Resource Name (ARN) of the bucket where you want Amazon S3 to store the results.
encryption_configuration
Type: STRUCT
Provider name: EncryptionConfiguration
Description: A container that provides information about encryption. If SourceSelectionCriteria
is specified, you must specify this element.
replica_kms_key_id
Type: STRING
Provider name: ReplicaKmsKeyID
Description: Specifies the ID (Key ARN or Alias ARN) of the customer managed Amazon Web Services KMS key stored in Amazon Web Services Key Management Service (KMS) for the destination bucket. Amazon S3 uses this key to encrypt replica objects. Amazon S3 only supports symmetric encryption KMS keys. For more information, see Asymmetric keys in Amazon Web Services KMS in the Amazon Web Services Key Management Service Developer Guide.
metrics
Type: STRUCT
Provider name: Metrics
Description: A container specifying replication metrics-related settings enabling replication metrics and events.
event_threshold
Type: STRUCT
Provider name: EventThreshold
Description: A container specifying the time threshold for emitting the s3:Replication:OperationMissedThreshold
event.
minutes
Type: INT32
Provider name: Minutes
Description: Contains an integer specifying time in minutes. Valid value: 15
status
Type: STRING
Provider name: Status
Description: Specifies whether the replication metrics are enabled.
replication_time
Type: STRUCT
Provider name: ReplicationTime
Description: A container specifying S3 Replication Time Control (S3 RTC), including whether S3 RTC is enabled and the time when all objects and operations on objects must be replicated. Must be specified together with a Metrics
block.
status
Type: STRING
Provider name: Status
Description: Specifies whether the replication time is enabled.
time
Type: STRUCT
Provider name: Time
Description: A container specifying the time by which replication should be complete for all objects and operations on objects.
minutes
Type: INT32
Provider name: Minutes
Description: Contains an integer specifying time in minutes. Valid value: 15
storage_class
Type: STRING
Provider name: StorageClass
Description: The storage class to use when replicating objects, such as S3 Standard or reduced redundancy. By default, Amazon S3 uses the storage class of the source object to create the object replica. For valid values, see the StorageClass
element of the PUT Bucket replication action in the Amazon S3 API Reference.
existing_object_replication
Type: STRUCT
Provider name: ExistingObjectReplication
Description: Optional configuration to replicate existing source bucket objects. This parameter is no longer supported. To replicate existing objects, see Replicating existing objects with S3 Batch Replication in the Amazon S3 User Guide.
status
Type: STRING
Provider name: Status
Description: Specifies whether Amazon S3 replicates existing source bucket objects.
filter
Type: STRUCT
Provider name: Filter
and
Type: STRUCT
Provider name: And
Description: A container for specifying rule filters. The filters determine the subset of objects to which the rule applies. This element is required only if you specify more than one filter. For example:- If you specify both a
Prefix
and a Tag
filter, wrap these filters in an And
tag. - If you specify a filter based on multiple tags, wrap the
Tag
elements in an And
tag.
prefix
Type: STRING
Provider name: Prefix
Description: An object key name prefix that identifies the subset of objects to which the rule applies.
prefix
Type: STRING
Provider name: Prefix
Description: An object key name prefix that identifies the subset of objects to which the rule applies. Replacement must be made for object keys containing special characters (such as carriage returns) when using XML requests. For more information, see XML related object key constraints.
tag
Type: STRUCT
Provider name: Tag
Description: A container for specifying a tag key and value. The rule applies only to objects that have the tag in their tag set.
key
Type: STRING
Provider name: Key
Description: Name of the object key.
value
Type: STRING
Provider name: Value
Description: Value of the tag.
id
Type: STRING
Provider name: ID
Description: A unique identifier for the rule. The maximum value is 255 characters.
prefix
Type: STRING
Provider name: Prefix
Description: An object key name prefix that identifies the object or objects to which the rule applies. The maximum prefix length is 1,024 characters. To include all objects in a bucket, specify an empty string. Replacement must be made for object keys containing special characters (such as carriage returns) when using XML requests. For more information, see XML related object key constraints.
priority
Type: INT32
Provider name: Priority
Description: The priority indicates which rule has precedence whenever two or more replication rules conflict. Amazon S3 will attempt to replicate objects according to all replication rules. However, if there are two or more rules with the same destination bucket, then objects will be replicated according to the rule with the highest priority. The higher the number, the higher the priority. For more information, see Replication in the Amazon S3 User Guide.
source_selection_criteria
Type: STRUCT
Provider name: SourceSelectionCriteria
Description: A container that describes additional filters for identifying the source objects that you want to replicate. You can choose to enable or disable the replication of these objects. Currently, Amazon S3 supports only the filter that you can specify for objects created with server-side encryption using a customer managed key stored in Amazon Web Services Key Management Service (SSE-KMS).
replica_modifications
Type: STRUCT
Provider name: ReplicaModifications
Description: A filter that you can specify for selections for modifications on replicas. Amazon S3 doesn’t replicate replica modifications by default. In the latest version of replication configuration (when Filter
is specified), you can specify this element and set the status to Enabled
to replicate modifications on replicas. If you don’t specify the Filter
element, Amazon S3 assumes that the replication configuration is the earlier version, V1. In the earlier version, this element is not allowed
status
Type: STRING
Provider name: Status
Description: Specifies whether Amazon S3 replicates modifications on replicas.
sse_kms_encrypted_objects
Type: STRUCT
Provider name: SseKmsEncryptedObjects
Description: A container for filter information for the selection of Amazon S3 objects encrypted with Amazon Web Services KMS. If you include SourceSelectionCriteria
in the replication configuration, this element is required.
status
Type: STRING
Provider name: Status
Description: Specifies whether Amazon S3 replicates objects created with server-side encryption using an Amazon Web Services KMS key stored in Amazon Web Services Key Management Service.
status
Type: STRING
Provider name: Status
Description: Specifies whether the rule is enabled.
rules
Type: UNORDERED_LIST_STRUCT
Provider name: Rules
Description: Container for a lifecycle rule.
abort_incomplete_multipart_upload
Type: STRUCT
Provider name: AbortIncompleteMultipartUpload
days_after_initiation
Type: INT32
Provider name: DaysAfterInitiation
Description: Specifies the number of days after which Amazon S3 aborts an incomplete multipart upload.
expiration
Type: STRUCT
Provider name: Expiration
Description: Specifies the expiration for the lifecycle of the object in the form of date, days and, whether the object has a delete marker.
date
Type: TIMESTAMP
Provider name: Date
Description: Indicates at what date the object is to be moved or deleted. The date value must conform to the ISO 8601 format. The time is always midnight UTC. This parameter applies to general purpose buckets only. It is not supported for directory bucket lifecycle configurations.
days
Type: INT32
Provider name: Days
Description: Indicates the lifetime, in days, of the objects that are subject to the rule. The value must be a non-zero positive integer.
expired_object_delete_marker
Type: BOOLEAN
Provider name: ExpiredObjectDeleteMarker
Description: Indicates whether Amazon S3 will remove a delete marker with no noncurrent versions. If set to true, the delete marker will be expired; if set to false the policy takes no action. This cannot be specified with Days or Date in a Lifecycle Expiration Policy. This parameter applies to general purpose buckets only. It is not supported for directory bucket lifecycle configurations.
filter
Type: STRUCT
Provider name: Filter
Description: The Filter
is used to identify objects that a Lifecycle Rule applies to. A Filter
must have exactly one of Prefix
, Tag
, or And
specified. Filter
is required if the LifecycleRule
does not contain a Prefix
element. Tag
filters are not supported for directory buckets.
and
Type: STRUCT
Provider name: And
object_size_greater_than
Type: INT64
Provider name: ObjectSizeGreaterThan
Description: Minimum object size to which the rule applies.
object_size_less_than
Type: INT64
Provider name: ObjectSizeLessThan
Description: Maximum object size to which the rule applies.
prefix
Type: STRING
Provider name: Prefix
Description: Prefix identifying one or more objects to which the rule applies.
object_size_greater_than
Type: INT64
Provider name: ObjectSizeGreaterThan
Description: Minimum object size to which the rule applies.
object_size_less_than
Type: INT64
Provider name: ObjectSizeLessThan
Description: Maximum object size to which the rule applies.
prefix
Type: STRING
Provider name: Prefix
Description: Prefix identifying one or more objects to which the rule applies. Replacement must be made for object keys containing special characters (such as carriage returns) when using XML requests. For more information, see XML related object key constraints.
tag
Type: STRUCT
Provider name: Tag
Description: This tag must exist in the object’s tag set in order for the rule to apply. This parameter applies to general purpose buckets only. It is not supported for directory bucket lifecycle configurations.
key
Type: STRING
Provider name: Key
Description: Name of the object key.
value
Type: STRING
Provider name: Value
Description: Value of the tag.
id
Type: STRING
Provider name: ID
Description: Unique identifier for the rule. The value cannot be longer than 255 characters.
noncurrent_version_expiration
Type: STRUCT
Provider name: NoncurrentVersionExpiration
newer_noncurrent_versions
Type: INT32
Provider name: NewerNoncurrentVersions
Description: Specifies how many noncurrent versions Amazon S3 will retain. You can specify up to 100 noncurrent versions to retain. Amazon S3 will permanently delete any additional noncurrent versions beyond the specified number to retain. For more information about noncurrent versions, see Lifecycle configuration elements in the Amazon S3 User Guide. This parameter applies to general purpose buckets only. It is not supported for directory bucket lifecycle configurations.
noncurrent_days
Type: INT32
Provider name: NoncurrentDays
Description: Specifies the number of days an object is noncurrent before Amazon S3 can perform the associated action. The value must be a non-zero positive integer. For information about the noncurrent days calculations, see How Amazon S3 Calculates When an Object Became Noncurrent in the Amazon S3 User Guide. This parameter applies to general purpose buckets only. It is not supported for directory bucket lifecycle configurations.
noncurrent_version_transitions
Type: UNORDERED_LIST_STRUCT
Provider name: NoncurrentVersionTransitions
Description: Specifies the transition rule for the lifecycle rule that describes when noncurrent objects transition to a specific storage class. If your bucket is versioning-enabled (or versioning is suspended), you can set this action to request that Amazon S3 transition noncurrent object versions to a specific storage class at a set period in the object’s lifetime. This parameter applies to general purpose buckets only. It is not supported for directory bucket lifecycle configurations.
newer_noncurrent_versions
Type: INT32
Provider name: NewerNoncurrentVersions
Description: Specifies how many noncurrent versions Amazon S3 will retain in the same storage class before transitioning objects. You can specify up to 100 noncurrent versions to retain. Amazon S3 will transition any additional noncurrent versions beyond the specified number to retain. For more information about noncurrent versions, see Lifecycle configuration elements in the Amazon S3 User Guide.
noncurrent_days
Type: INT32
Provider name: NoncurrentDays
Description: Specifies the number of days an object is noncurrent before Amazon S3 can perform the associated action. For information about the noncurrent days calculations, see How Amazon S3 Calculates How Long an Object Has Been Noncurrent in the Amazon S3 User Guide.
storage_class
Type: STRING
Provider name: StorageClass
Description: The class of storage used to store the object.
prefix
Type: STRING
Provider name: Prefix
Description: Prefix identifying one or more objects to which the rule applies. This is no longer used; use Filter
instead. Replacement must be made for object keys containing special characters (such as carriage returns) when using XML requests. For more information, see XML related object key constraints.
status
Type: STRING
Provider name: Status
Description: If ‘Enabled’, the rule is currently being applied. If ‘Disabled’, the rule is not currently being applied.
transitions
Type: UNORDERED_LIST_STRUCT
Provider name: Transitions
Description: Specifies when an Amazon S3 object transitions to a specified storage class. This parameter applies to general purpose buckets only. It is not supported for directory bucket lifecycle configurations.
date
Type: TIMESTAMP
Provider name: Date
Description: Indicates when objects are transitioned to the specified storage class. The date value must be in ISO 8601 format. The time is always midnight UTC.
days
Type: INT32
Provider name: Days
Description: Indicates the number of days after creation when objects are transitioned to the specified storage class. The value must be a positive integer.
storage_class
Type: STRING
Provider name: StorageClass
Description: The storage class to which you want the object to transition.
server_side_encryption_configuration
Type: STRUCT
Provider name: ServerSideEncryptionConfiguration
rules
Type: UNORDERED_LIST_STRUCT
Provider name: Rules
Description: Container for information about a particular server-side encryption configuration rule.
apply_server_side_encryption_by_default
Type: STRUCT
Provider name: ApplyServerSideEncryptionByDefault
Description: Specifies the default server-side encryption to apply to new objects in the bucket. If a PUT Object request doesn’t specify any server-side encryption, this default encryption will be applied.
kms_master_key_id
Type: STRING
Provider name: KMSMasterKeyID
Description: Amazon Web Services Key Management Service (KMS) customer managed key ID to use for the default encryption. - General purpose buckets - This parameter is allowed if and only if
SSEAlgorithm
is set to aws:kms
or aws:kms:dsse
. - Directory buckets - This parameter is allowed if and only if
SSEAlgorithm
is set to aws:kms
.
You can specify the key ID, key alias, or the Amazon Resource Name (ARN) of the KMS key.- Key ID:
1234abcd-12ab-34cd-56ef-1234567890ab
- Key ARN:
arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
- Key Alias:
alias/alias-name
If you are using encryption with cross-account or Amazon Web Services service operations, you must use a fully qualified KMS key ARN. For more information, see Using encryption for cross-account operations. - General purpose buckets - If you’re specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that’s encrypted with a KMS key that belongs to the requester, and not the bucket owner. Also, if you use a key ID, you can run into a LogDestination undeliverable error when creating a VPC flow log.
- Directory buckets - When you specify an KMS customer managed key for encryption in your directory bucket, only use the key ID or key ARN. The key alias format of the KMS key isn’t supported.
Amazon S3 only supports symmetric encryption KMS keys. For more information, see Asymmetric keys in Amazon Web Services KMS in the Amazon Web Services Key Management Service Developer Guide.
sse_algorithm
Type: STRING
Provider name: SSEAlgorithm
Description: Server-side encryption algorithm to use for the default encryption. For directory buckets, there are only two supported values for server-side encryption: AES256
and aws:kms
.
bucket_key_enabled
Type: BOOLEAN
Provider name: BucketKeyEnabled
Description: Specifies whether Amazon S3 should use an S3 Bucket Key with server-side encryption using KMS (SSE-KMS) for new objects in the bucket. Existing objects are not affected. Setting the BucketKeyEnabled
element to true
causes Amazon S3 to use an S3 Bucket Key. - General purpose buckets - By default, S3 Bucket Key is not enabled. For more information, see Amazon S3 Bucket Keys in the Amazon S3 User Guide.
- Directory buckets - S3 Bucket Keys are always enabled for
GET
and PUT
operations in a directory bucket and can’t be disabled. S3 Bucket Keys aren’t supported, when you copy SSE-KMS encrypted objects from general purpose buckets to directory buckets, from directory buckets to general purpose buckets, or between directory buckets, through CopyObject, UploadPartCopy, the Copy operation in Batch Operations, or the import jobs. In this case, Amazon S3 makes a call to KMS every time a copy request is made for a KMS-encrypted object.
Type: UNORDERED_LIST_STRING
transition_default_minimum_object_size
Type: STRING
Provider name: TransitionDefaultMinimumObjectSize
Description: Indicates which default minimum object size behavior is applied to the lifecycle configuration. This parameter applies to general purpose buckets only. It is not supported for directory bucket lifecycle configurations.
all_storage_classes_128K
- Objects smaller than 128 KB will not transition to any storage class by default.varies_by_storage_class
- Objects smaller than 128 KB will transition to Glacier Flexible Retrieval or Glacier Deep Archive storage classes. By default, all other storage classes will prevent transitions smaller than 128 KB.
To customize the minimum object size for any transition you can add a filter that specifies a custom
ObjectSizeGreaterThan
or
ObjectSizeLessThan
in the body of your transition rule. Custom filters always take precedence over the default transition behavior.