Amazon S3 Express (s3express)

Additions

Actions

• CreateAccessPoint
  
  • Description:  Grants permission to create a new access point
  • Access:  Write
  • Resources: 

    Name: accesspoint

    Required: Yes

  • Conditions: 

    s3express:DataAccessPointAccount

    s3express:DataAccessPointArn

    s3express:AccessPointNetworkOrigin

    s3express:authType

    s3express:LocationName

    s3express:ResourceAccount

    s3express:signatureversion

    s3express:TlsVersion

    s3express:x-amz-content-sha256

• DeleteAccessPoint
  
  • Description:  Grants permission to delete the access point named in the URI
  • Access:  Write
  • Resources: 

    Name: accesspoint

    Required: Yes

  • Conditions: 

    s3express:DataAccessPointAccount

    s3express:DataAccessPointArn

    s3express:AccessPointNetworkOrigin

    s3express:authType

    s3express:ResourceAccount

    s3express:signatureversion

    s3express:TlsVersion

    s3express:x-amz-content-sha256

• DeleteAccessPointPolicy
  
  • Description:  Grants permission to delete the policy on a specified access point
  • Access:  Permissions management
  • Resources: 

    Name: accesspoint

    Required: Yes

  • Conditions: 

    s3express:DataAccessPointAccount

    s3express:DataAccessPointArn

    s3express:AccessPointNetworkOrigin

    s3express:authType

    s3express:ResourceAccount

    s3express:signatureversion

    s3express:TlsVersion

    s3express:x-amz-content-sha256

• DeleteAccessPointScope
  
  • Description:  Grants permission to delete the scope configuration on a specified access point
  • Access:  Permissions management
  • Resources: 

    Name: accesspoint

    Required: Yes

  • Conditions: 

    s3express:DataAccessPointAccount

    s3express:DataAccessPointArn

    s3express:AccessPointNetworkOrigin

    s3express:authType

    s3express:ResourceAccount

    s3express:signatureversion

    s3express:TlsVersion

    s3express:x-amz-content-sha256

• GetAccessPoint
  
  • Description:  Grants permission to return configuration information about the specified access point
  • Access:  Read
  • Conditions: 

    s3express:DataAccessPointAccount

    s3express:DataAccessPointArn

    s3express:AccessPointNetworkOrigin

    s3express:authType

    s3express:ResourceAccount

    s3express:signatureversion

    s3express:TlsVersion

    s3express:x-amz-content-sha256

• GetAccessPointPolicy
  
  • Description:  Grants permission to return the access point policy associated with the specified access point
  • Access:  Read
  • Resources: 

    Name: accesspoint

    Required: Yes

  • Conditions: 

    s3express:DataAccessPointAccount

    s3express:DataAccessPointArn

    s3express:AccessPointNetworkOrigin

    s3express:authType

    s3express:ResourceAccount

    s3express:signatureversion

    s3express:TlsVersion

    s3express:x-amz-content-sha256

• GetAccessPointScope
  
  • Description:  Grants permission to return the scope configuration associated with the specified access point
  • Access:  Read
  • Resources: 

    Name: accesspoint

    Required: Yes

  • Conditions: 

    s3express:DataAccessPointAccount

    s3express:DataAccessPointArn

    s3express:AccessPointNetworkOrigin

    s3express:authType

    s3express:ResourceAccount

    s3express:signatureversion

    s3express:TlsVersion

    s3express:x-amz-content-sha256

• ListAccessPointsForDirectoryBuckets
  
  • Description:  Grants permission to list access points
  • Access:  List
  • Conditions: 

    s3express:authType

    s3express:ResourceAccount

    s3express:signatureversion

    s3express:TlsVersion

    s3express:x-amz-content-sha256

• PutAccessPointPolicy
  
  • Description:  Grants permission to associate an access policy with a specified access point
  • Access:  Permissions management
  • Resources: 

    Name: accesspoint

    Required: Yes

  • Conditions: 

    s3express:DataAccessPointAccount

    s3express:DataAccessPointArn

    s3express:AccessPointNetworkOrigin

    s3express:authType

    s3express:ResourceAccount

    s3express:signatureversion

    s3express:TlsVersion

    s3express:x-amz-content-sha256

• PutAccessPointScope
  
  • Description:  Grants permission to associate an access point with a specified access point scope configuration
  • Access:  Permissions management
  • Resources: 

    Name: accesspoint

    Required: Yes

  • Conditions: 

    s3express:DataAccessPointAccount

    s3express:DataAccessPointArn

    s3express:AccessPointNetworkOrigin

    s3express:authType

    s3express:ResourceAccount

    s3express:signatureversion

    s3express:TlsVersion

    s3express:x-amz-content-sha256

Resources

• accesspoint
  
  • Arn:  arn:${Partition}:s3express:${Region}:${Account}:accesspoint/${AccessPointName}

Conditions

• s3express:AccessPointNetworkOrigin
  
  • Description:  Filters access by the network origin (Internet or VPC)
  • Type:  String
• s3express:DataAccessPointAccount
  
  • Description:  Filters access by the AWS Account ID that owns the access point
  • Type:  String
• s3express:DataAccessPointArn
  
  • Description:  Filters access by an access point Amazon Resource Name (ARN)
  • Type:  ARN
• s3express:Permissions
  
  • Description:  Filters access by the permission requested by Access Point Scope configuration, such as GetObject, PutObject
  • Type:  ArrayOfString

Updates

Actions

• DeleteBucket
  
  Conditions
  
  • ＋ s3express:AllAccessRestrictedToLocalZoneGroup