Amazon S3 Express (s3express)

2025-04-01

10 new actions, 1 new resource, 4 new conditions | 1 updated action

Additions

    Actions
  • CreateAccessPoint
    • Description:  Grants permission to create a new access point
    • Access:  Write
    • Resources: 

      Name: accesspoint

      Required: Yes

    • Conditions: 

      s3express:DataAccessPointAccount

      s3express:DataAccessPointArn

      s3express:AccessPointNetworkOrigin

      s3express:authType

      s3express:LocationName

      s3express:ResourceAccount

      s3express:signatureversion

      s3express:TlsVersion

      s3express:x-amz-content-sha256

  • DeleteAccessPoint
    • Description:  Grants permission to delete the access point named in the URI
    • Access:  Write
    • Resources: 

      Name: accesspoint

      Required: Yes

    • Conditions: 

      s3express:DataAccessPointAccount

      s3express:DataAccessPointArn

      s3express:AccessPointNetworkOrigin

      s3express:authType

      s3express:ResourceAccount

      s3express:signatureversion

      s3express:TlsVersion

      s3express:x-amz-content-sha256

  • DeleteAccessPointPolicy
    • Description:  Grants permission to delete the policy on a specified access point
    • Access:  Permissions management
    • Resources: 

      Name: accesspoint

      Required: Yes

    • Conditions: 

      s3express:DataAccessPointAccount

      s3express:DataAccessPointArn

      s3express:AccessPointNetworkOrigin

      s3express:authType

      s3express:ResourceAccount

      s3express:signatureversion

      s3express:TlsVersion

      s3express:x-amz-content-sha256

  • DeleteAccessPointScope
    • Description:  Grants permission to delete the scope configuration on a specified access point
    • Access:  Permissions management
    • Resources: 

      Name: accesspoint

      Required: Yes

    • Conditions: 

      s3express:DataAccessPointAccount

      s3express:DataAccessPointArn

      s3express:AccessPointNetworkOrigin

      s3express:authType

      s3express:ResourceAccount

      s3express:signatureversion

      s3express:TlsVersion

      s3express:x-amz-content-sha256

  • GetAccessPoint
    • Description:  Grants permission to return configuration information about the specified access point
    • Access:  Read
    • Conditions: 

      s3express:DataAccessPointAccount

      s3express:DataAccessPointArn

      s3express:AccessPointNetworkOrigin

      s3express:authType

      s3express:ResourceAccount

      s3express:signatureversion

      s3express:TlsVersion

      s3express:x-amz-content-sha256

  • GetAccessPointPolicy
    • Description:  Grants permission to return the access point policy associated with the specified access point
    • Access:  Read
    • Resources: 

      Name: accesspoint

      Required: Yes

    • Conditions: 

      s3express:DataAccessPointAccount

      s3express:DataAccessPointArn

      s3express:AccessPointNetworkOrigin

      s3express:authType

      s3express:ResourceAccount

      s3express:signatureversion

      s3express:TlsVersion

      s3express:x-amz-content-sha256

  • GetAccessPointScope
    • Description:  Grants permission to return the scope configuration associated with the specified access point
    • Access:  Read
    • Resources: 

      Name: accesspoint

      Required: Yes

    • Conditions: 

      s3express:DataAccessPointAccount

      s3express:DataAccessPointArn

      s3express:AccessPointNetworkOrigin

      s3express:authType

      s3express:ResourceAccount

      s3express:signatureversion

      s3express:TlsVersion

      s3express:x-amz-content-sha256

  • ListAccessPointsForDirectoryBuckets
    • Description:  Grants permission to list access points
    • Access:  List
    • Conditions: 

      s3express:authType

      s3express:ResourceAccount

      s3express:signatureversion

      s3express:TlsVersion

      s3express:x-amz-content-sha256

  • PutAccessPointPolicy
    • Description:  Grants permission to associate an access policy with a specified access point
    • Access:  Permissions management
    • Resources: 

      Name: accesspoint

      Required: Yes

    • Conditions: 

      s3express:DataAccessPointAccount

      s3express:DataAccessPointArn

      s3express:AccessPointNetworkOrigin

      s3express:authType

      s3express:ResourceAccount

      s3express:signatureversion

      s3express:TlsVersion

      s3express:x-amz-content-sha256

  • PutAccessPointScope
    • Description:  Grants permission to associate an access point with a specified access point scope configuration
    • Access:  Permissions management
    • Resources: 

      Name: accesspoint

      Required: Yes

    • Conditions: 

      s3express:DataAccessPointAccount

      s3express:DataAccessPointArn

      s3express:AccessPointNetworkOrigin

      s3express:authType

      s3express:ResourceAccount

      s3express:signatureversion

      s3express:TlsVersion

      s3express:x-amz-content-sha256

    Resources
  • accesspoint
    • Arn:  arn:${Partition}:s3express:${Region}:${Account}:accesspoint/${AccessPointName}

Updates

    Actions
  • DeleteBucket
      Conditions
    • + s3express:AllAccessRestrictedToLocalZoneGroup