144 lines
8.2 KiB
JSON
144 lines
8.2 KiB
JSON
|
{
|
||
|
"version":"2.0",
|
||
|
"metadata":{
|
||
|
"apiVersion":"2018-08-20",
|
||
|
"endpointPrefix":"s3-control",
|
||
|
"protocol":"rest-xml",
|
||
|
"serviceFullName":"AWS S3 Control",
|
||
|
"serviceId":"S3 Control",
|
||
|
"signatureVersion":"s3v4",
|
||
|
"signingName":"s3",
|
||
|
"uid":"s3control-2018-08-20"
|
||
|
},
|
||
|
"operations":{
|
||
|
"DeletePublicAccessBlock":{
|
||
|
"name":"DeletePublicAccessBlock",
|
||
|
"http":{
|
||
|
"method":"DELETE",
|
||
|
"requestUri":"/v20180820/configuration/publicAccessBlock"
|
||
|
},
|
||
|
"input":{"shape":"DeletePublicAccessBlockRequest"},
|
||
|
"documentation":"<p>Removes the Public Access Block configuration for an Amazon Web Services account.</p>"
|
||
|
},
|
||
|
"GetPublicAccessBlock":{
|
||
|
"name":"GetPublicAccessBlock",
|
||
|
"http":{
|
||
|
"method":"GET",
|
||
|
"requestUri":"/v20180820/configuration/publicAccessBlock"
|
||
|
},
|
||
|
"input":{"shape":"GetPublicAccessBlockRequest"},
|
||
|
"output":{"shape":"GetPublicAccessBlockOutput"},
|
||
|
"errors":[
|
||
|
{"shape":"NoSuchPublicAccessBlockConfiguration"}
|
||
|
],
|
||
|
"documentation":"<p>Retrieves the Public Access Block configuration for an Amazon Web Services account.</p>"
|
||
|
},
|
||
|
"PutPublicAccessBlock":{
|
||
|
"name":"PutPublicAccessBlock",
|
||
|
"http":{
|
||
|
"method":"PUT",
|
||
|
"requestUri":"/v20180820/configuration/publicAccessBlock"
|
||
|
},
|
||
|
"input":{"shape":"PutPublicAccessBlockRequest"},
|
||
|
"documentation":"<p>Creates or modifies the Public Access Block configuration for an Amazon Web Services account.</p>"
|
||
|
}
|
||
|
},
|
||
|
"shapes":{
|
||
|
"AccountId":{"type":"string"},
|
||
|
"DeletePublicAccessBlockRequest":{
|
||
|
"type":"structure",
|
||
|
"required":["AccountId"],
|
||
|
"members":{
|
||
|
"AccountId":{
|
||
|
"shape":"AccountId",
|
||
|
"documentation":"<p>The Account ID for the Amazon Web Services account whose Public Access Block configuration you want to remove.</p>",
|
||
|
"location":"header",
|
||
|
"locationName":"x-amz-account-id"
|
||
|
}
|
||
|
}
|
||
|
},
|
||
|
"GetPublicAccessBlockOutput":{
|
||
|
"type":"structure",
|
||
|
"members":{
|
||
|
"PublicAccessBlockConfiguration":{
|
||
|
"shape":"PublicAccessBlockConfiguration",
|
||
|
"documentation":"<p>The Public Access Block configuration currently in effect for this Amazon Web Services account.</p>"
|
||
|
}
|
||
|
},
|
||
|
"payload":"PublicAccessBlockConfiguration"
|
||
|
},
|
||
|
"GetPublicAccessBlockRequest":{
|
||
|
"type":"structure",
|
||
|
"required":["AccountId"],
|
||
|
"members":{
|
||
|
"AccountId":{
|
||
|
"shape":"AccountId",
|
||
|
"documentation":"<p>The Account ID for the Amazon Web Services account whose Public Access Block configuration you want to retrieve.</p>",
|
||
|
"location":"header",
|
||
|
"locationName":"x-amz-account-id"
|
||
|
}
|
||
|
}
|
||
|
},
|
||
|
"NoSuchPublicAccessBlockConfiguration":{
|
||
|
"type":"structure",
|
||
|
"members":{
|
||
|
"Message":{"shape":"NoSuchPublicAccessBlockConfigurationMessage"}
|
||
|
},
|
||
|
"documentation":"<p>This exception is thrown if a <code>GetPublicAccessBlock</code> request is made against an account that does not have a PublicAccessBlockConfiguration set.</p>",
|
||
|
"error":{"httpStatusCode":404},
|
||
|
"exception":true
|
||
|
},
|
||
|
"NoSuchPublicAccessBlockConfigurationMessage":{"type":"string"},
|
||
|
"PublicAccessBlockConfiguration":{
|
||
|
"type":"structure",
|
||
|
"members":{
|
||
|
"BlockPublicAcls":{
|
||
|
"shape":"Setting",
|
||
|
"documentation":"<p>Specifies whether Amazon S3 should block public ACLs for buckets in this account. Setting this element to <code>TRUE</code> causes the following behavior:</p> <ul> <li> <p>PUT Bucket acl and PUT Object acl calls will fail if the specified ACL allows public access.</p> </li> <li> <p>PUT Object calls will fail if the request includes an object ACL.</p> </li> </ul> <p>Note that enabling this setting doesn't affect existing policies or ACLs.</p>",
|
||
|
"locationName":"BlockPublicAcls"
|
||
|
},
|
||
|
"IgnorePublicAcls":{
|
||
|
"shape":"Setting",
|
||
|
"documentation":"<p>Specifies whether Amazon S3 should ignore public ACLs for buckets in this account. Setting this element to <code>TRUE</code> causes Amazon S3 to ignore all public ACLs on buckets in this account and any objects that they contain. </p> <p>Note that enabling this setting doesn't affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set.</p>",
|
||
|
"locationName":"IgnorePublicAcls"
|
||
|
},
|
||
|
"BlockPublicPolicy":{
|
||
|
"shape":"Setting",
|
||
|
"documentation":"<p>Specifies whether Amazon S3 should block public bucket policies for buckets in this account. Setting this element to <code>TRUE</code> causes Amazon S3 to reject calls to PUT Bucket policy if the specified bucket policy allows public access. </p> <p>Note that enabling this setting doesn't affect existing bucket policies.</p>",
|
||
|
"locationName":"BlockPublicPolicy"
|
||
|
},
|
||
|
"RestrictPublicBuckets":{
|
||
|
"shape":"Setting",
|
||
|
"documentation":"<p>Specifies whether Amazon S3 should restrict public bucket policies for buckets in this account. If this element is set to <code>TRUE</code>, then only the bucket owner and AWS Services can access buckets with public policies.</p> <p>Note that enabling this setting doesn't affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked. </p>",
|
||
|
"locationName":"RestrictPublicBuckets"
|
||
|
}
|
||
|
},
|
||
|
"documentation":"<p>The container element for all Public Access Block configuration options. You can enable the configuration options in any combination.</p> <p>Amazon S3 considers a bucket policy public unless at least one of the following conditions is true:</p> <ol> <li> <p>The policy limits access to a set of CIDRs using <code>aws:SourceIp</code>. For more information on CIDR, see <a href=\"http://www.rfc-editor.org/rfc/rfc4632.txt\">http://www.rfc-editor.org/rfc/rfc4632.txt</a> </p> </li> <li> <p>The policy grants permissions, not including any \"bad actions,\" to one of the following:</p> <ul> <li> <p>A fixed AWS principal, user, role, or service principal</p> </li> <li> <p>A fixed <code>aws:SourceArn</code> </p> </li> <li> <p>A fixed <code>aws:SourceVpc</code> </p> </li> <li> <p>A fixed <code>aws:SourceVpce</code> </p> </li> <li> <p>A fixed <code>aws:SourceOwner</code> </p> </li> <li> <p>A fixed <code>aws:SourceAccount</code> </p> </li> <li> <p>A fixed value of <code>s3:x-amz-server-side-encryption-aws-kms-key-id</code> </p> </li> <li> <p>A fixed value of <code>aws:userid</code> outside the pattern \"<code>AROLEID:*</code>\"</p> </li> </ul> </li> </ol> <p>\"Bad actions\" are those that could expose the data inside a bucket to reads or writes by the public. These actions are <code>s3:Get*</code>, <code>s3:List*</code>, <code>s3:AbortMultipartUpload</code>, <code>s3:Delete*</code>, <code>s3:Put*</code>, and <code>s3:RestoreObject</code>.</p> <p>The star notation for bad actions indicates that all matching operations are considered bad actions. For example, because <code>s3:Get*</code> is a bad action, <code>s3:GetObject</code>, <code>s3:GetObjectVersion</code>, and <code>s3:GetObjectAcl</code> are all bad actions.</p>"
|
||
|
},
|
||
|
"PutPublicAccessBlockRequest":{
|
||
|
"type":"structure",
|
||
|
"required":[
|
||
|
"PublicAccessBlockConfiguration",
|
||
|
"AccountId"
|
||
|
],
|
||
|
"members":{
|
||
|
"PublicAccessBlockConfiguration":{
|
||
|
"shape":"PublicAccessBlockConfiguration",
|
||
|
"documentation":"<p>The Public Access Block configuration that you want to apply to this Amazon Web Services account.</p>",
|
||
|
"locationName":"PublicAccessBlockConfiguration",
|
||
|
"xmlNamespace":{"uri":"http://awss3control.amazonaws.com/doc/2018-08-20/"}
|
||
|
},
|
||
|
"AccountId":{
|
||
|
"shape":"AccountId",
|
||
|
"documentation":"<p>The Account ID for the Amazon Web Services account whose Public Access Block configuration you want to set.</p>",
|
||
|
"location":"header",
|
||
|
"locationName":"x-amz-account-id"
|
||
|
}
|
||
|
},
|
||
|
"payload":"PublicAccessBlockConfiguration"
|
||
|
},
|
||
|
"Setting":{"type":"boolean"}
|
||
|
},
|
||
|
"documentation":"<p> AWS S3 Control provides access to Amazon S3 control plane operations. </p>"
|
||
|
}
|