Amazon S3 (s3)

2026-06-18

11 new actions, 4 new conditions | 1 updated action

Additions

    Actions
  • DeleteObjectAnnotation
    • Description:  Grants permission to delete an annotation from an object
    • Access:  Write
    • Resources: 

      Name: accesspointobject

      Required: No

      Name: object

      Required: No

    • Conditions: 

      s3:authType

      s3:signatureAge

      s3:signatureversion

      s3:TlsVersion

      s3:x-amz-content-sha256

      s3:ResourceAccount

      s3:x-amz-object-if-match

      s3:ExistingObjectTag/
  • DeleteObjectVersionAnnotation
    • Description:  Grants permission to delete an annotation from a specific version of an object
    • Access:  Write
    • Resources: 

      Name: accesspointobject

      Required: No

      Name: object

      Required: No

    • Conditions: 

      s3:authType

      s3:signatureAge

      s3:signatureversion

      s3:TlsVersion

      s3:x-amz-content-sha256

      s3:ResourceAccount

      s3:versionid

      s3:x-amz-object-if-match

      s3:ExistingObjectTag/
  • GetObjectAnnotation
    • Description:  Grants permission to retrieve an annotation from an object
    • Access:  Read
    • Resources: 

      Name: accesspointobject

      Required: No

      Name: object

      Required: No

    • Conditions: 

      s3:authType

      s3:signatureAge

      s3:signatureversion

      s3:TlsVersion

      s3:x-amz-content-sha256

      s3:ResourceAccount

      s3:ExistingObjectTag/
  • GetObjectVersionAnnotation
    • Description:  Grants permission to retrieve an annotation from a specific version of an object
    • Access:  Read
    • Resources: 

      Name: accesspointobject

      Required: No

      Name: object

      Required: No

    • Conditions: 

      s3:authType

      s3:signatureAge

      s3:signatureversion

      s3:TlsVersion

      s3:x-amz-content-sha256

      s3:ResourceAccount

      s3:versionid

      s3:ExistingObjectTag/
  • GetObjectVersionAnnotationForReplication
    • Description:  Grants permission to get an object version annotation for replication
    • Access:  Read
    • Resources: 

      Name: object

      Required: Yes

    • Conditions: 

      s3:authType

      s3:ResourceAccount

      s3:signatureAge

      s3:signatureversion

      s3:TlsVersion

      s3:x-amz-content-sha256
  • ListObjectAnnotations
    • Description:  Grants permission to list annotations on an object
    • Access:  List
    • Resources: 

      Name: accesspointobject

      Required: No

      Name: object

      Required: No

    • Conditions: 

      s3:authType

      s3:signatureAge

      s3:signatureversion

      s3:TlsVersion

      s3:x-amz-content-sha256

      s3:ResourceAccount

      s3:annotation-prefix

      s3:max-annotation-results

      s3:ExistingObjectTag/
  • ListObjectVersionAnnotations
    • Description:  Grants permission to list annotations on a specific version of an object
    • Access:  List
    • Resources: 

      Name: accesspointobject

      Required: No

      Name: object

      Required: No

    • Conditions: 

      s3:authType

      s3:signatureAge

      s3:signatureversion

      s3:TlsVersion

      s3:x-amz-content-sha256

      s3:ResourceAccount

      s3:versionid

      s3:annotation-prefix

      s3:max-annotation-results

      s3:ExistingObjectTag/
  • PutObjectAnnotation
    • Description:  Grants permission to add or replace an annotation on an object
    • Access:  Write
    • Resources: 

      Name: accesspointobject

      Required: No

      Name: object

      Required: No

    • Conditions: 

      s3:authType

      s3:signatureAge

      s3:signatureversion

      s3:TlsVersion

      s3:x-amz-content-sha256

      s3:ResourceAccount

      s3:x-amz-object-if-match

      s3:ExistingObjectTag/
  • PutObjectVersionAnnotation
    • Description:  Grants permission to add or replace an annotation on a specific version of an object
    • Access:  Write
    • Resources: 

      Name: accesspointobject

      Required: No

      Name: object

      Required: No

    • Conditions: 

      s3:authType

      s3:signatureAge

      s3:signatureversion

      s3:TlsVersion

      s3:x-amz-content-sha256

      s3:ResourceAccount

      s3:versionid

      s3:x-amz-object-if-match

      s3:ExistingObjectTag/
  • ReplicateObjectAnnotation
    • Description:  Grants permission to replicate annotations to the destination bucket
    • Access:  Write
    • Resources: 

      Name: object

      Required: Yes

    • Conditions: 

      s3:authType

      s3:ResourceAccount

      s3:signatureAge

      s3:signatureversion

      s3:TlsVersion

      s3:x-amz-content-sha256
  • UpdateBucketMetadataAnnotationTableConfiguration
    • Description:  Grants permission to update the annotation table configuration for a bucket
    • Access:  Write
    • Resources: 

      Name: bucket

      Required: Yes

    • Conditions: 

      s3:authType

      s3:ResourceAccount

      s3:signatureAge

      s3:signatureversion

      s3:TlsVersion

      s3:x-amz-content-sha256
    Conditions
  • s3:annotation-prefix
    • Description:  Filters access by the annotation name prefix specified in the request
    • Type:  String
  • s3:max-annotation-results
    • Description:  Filters access by the maximum number of annotation results requested
    • Type:  Numeric
  • s3:x-amz-object-annotation-directive
    • Description:  Filters access by the annotation copy directive specified in the request
    • Type:  String
  • s3:x-amz-object-if-match
    • Description:  Filters access by the ETag of the object version specified in the request
    • Type:  String

Updates