dprevot/python-botocore
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
python-botocore/botocore/data/s3control/2018-08-20/service-2.json
TANIGUCHI Takaki 6a9487a38b New upstream version 1.12.53+repack
2018-11-28 17:58:03 +09:00

144 lines
8.2 KiB
JSON
Raw Blame History

{
"version":"2.0",
"metadata":{
"apiVersion":"2018-08-20",
"endpointPrefix":"s3-control",
"protocol":"rest-xml",
"serviceFullName":"AWS S3 Control",
"serviceId":"S3 Control",
"signatureVersion":"s3v4",
"signingName":"s3",
"uid":"s3control-2018-08-20"
},
"operations":{
"DeletePublicAccessBlock":{
"name":"DeletePublicAccessBlock",
"http":{
"method":"DELETE",
"requestUri":"/v20180820/configuration/publicAccessBlock"
},
"input":{"shape":"DeletePublicAccessBlockRequest"},
"documentation":"<p>Removes the Public Access Block configuration for an Amazon Web Services account.</p>"
},
"GetPublicAccessBlock":{
"name":"GetPublicAccessBlock",
"http":{
"method":"GET",
"requestUri":"/v20180820/configuration/publicAccessBlock"
},
"input":{"shape":"GetPublicAccessBlockRequest"},
"output":{"shape":"GetPublicAccessBlockOutput"},
"errors":[
{"shape":"NoSuchPublicAccessBlockConfiguration"}
],
"documentation":"<p>Retrieves the Public Access Block configuration for an Amazon Web Services account.</p>"
},
"PutPublicAccessBlock":{
"name":"PutPublicAccessBlock",
"http":{
"method":"PUT",
"requestUri":"/v20180820/configuration/publicAccessBlock"
},
"input":{"shape":"PutPublicAccessBlockRequest"},
"documentation":"<p>Creates or modifies the Public Access Block configuration for an Amazon Web Services account.</p>"
}
},
"shapes":{
"AccountId":{"type":"string"},
"DeletePublicAccessBlockRequest":{
"type":"structure",
"required":["AccountId"],
"members":{
"AccountId":{
"shape":"AccountId",
"documentation":"<p>The Account ID for the Amazon Web Services account whose Public Access Block configuration you want to remove.</p>",
"location":"header",
"locationName":"x-amz-account-id"
}
}
},
"GetPublicAccessBlockOutput":{
"type":"structure",
"members":{
"PublicAccessBlockConfiguration":{
"shape":"PublicAccessBlockConfiguration",
"documentation":"<p>The Public Access Block configuration currently in effect for this Amazon Web Services account.</p>"
}
},
"payload":"PublicAccessBlockConfiguration"
},
"GetPublicAccessBlockRequest":{
"type":"structure",
"required":["AccountId"],
"members":{
"AccountId":{
"shape":"AccountId",
"documentation":"<p>The Account ID for the Amazon Web Services account whose Public Access Block configuration you want to retrieve.</p>",
"location":"header",
"locationName":"x-amz-account-id"
}
}
},
"NoSuchPublicAccessBlockConfiguration":{
"type":"structure",
"members":{
"Message":{"shape":"NoSuchPublicAccessBlockConfigurationMessage"}
},
"documentation":"<p>This exception is thrown if a <code>GetPublicAccessBlock</code> request is made against an account that does not have a PublicAccessBlockConfiguration set.</p>",
"error":{"httpStatusCode":404},
"exception":true
},
"NoSuchPublicAccessBlockConfigurationMessage":{"type":"string"},
"PublicAccessBlockConfiguration":{
"type":"structure",
"members":{
"BlockPublicAcls":{
"shape":"Setting",
"documentation":"<p>Specifies whether Amazon S3 should block public ACLs for buckets in this account. Setting this element to <code>TRUE</code> causes the following behavior:</p> <ul> <li> <p>PUT Bucket acl and PUT Object acl calls will fail if the specified ACL allows public access.</p> </li> <li> <p>PUT Object calls will fail if the request includes an object ACL.</p> </li> </ul> <p>Note that enabling this setting doesn't affect existing policies or ACLs.</p>",
"locationName":"BlockPublicAcls"
},
"IgnorePublicAcls":{
"shape":"Setting",
"documentation":"<p>Specifies whether Amazon S3 should ignore public ACLs for buckets in this account. Setting this element to <code>TRUE</code> causes Amazon S3 to ignore all public ACLs on buckets in this account and any objects that they contain. </p> <p>Note that enabling this setting doesn't affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set.</p>",
"locationName":"IgnorePublicAcls"
},
"BlockPublicPolicy":{
"shape":"Setting",
"documentation":"<p>Specifies whether Amazon S3 should block public bucket policies for buckets in this account. Setting this element to <code>TRUE</code> causes Amazon S3 to reject calls to PUT Bucket policy if the specified bucket policy allows public access. </p> <p>Note that enabling this setting doesn't affect existing bucket policies.</p>",
"locationName":"BlockPublicPolicy"
},
"RestrictPublicBuckets":{
"shape":"Setting",
"documentation":"<p>Specifies whether Amazon S3 should restrict public bucket policies for buckets in this account. If this element is set to <code>TRUE</code>, then only the bucket owner and AWS Services can access buckets with public policies.</p> <p>Note that enabling this setting doesn't affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked. </p>",
"locationName":"RestrictPublicBuckets"
}
},
"documentation":"<p>The container element for all Public Access Block configuration options. You can enable the configuration options in any combination.</p> <p>Amazon S3 considers a bucket policy public unless at least one of the following conditions is true:</p> <ol> <li> <p>The policy limits access to a set of CIDRs using <code>aws:SourceIp</code>. For more information on CIDR, see <a href=\"http://www.rfc-editor.org/rfc/rfc4632.txt\">http://www.rfc-editor.org/rfc/rfc4632.txt</a> </p> </li> <li> <p>The policy grants permissions, not including any \"bad actions,\" to one of the following:</p> <ul> <li> <p>A fixed AWS principal, user, role, or service principal</p> </li> <li> <p>A fixed <code>aws:SourceArn</code> </p> </li> <li> <p>A fixed <code>aws:SourceVpc</code> </p> </li> <li> <p>A fixed <code>aws:SourceVpce</code> </p> </li> <li> <p>A fixed <code>aws:SourceOwner</code> </p> </li> <li> <p>A fixed <code>aws:SourceAccount</code> </p> </li> <li> <p>A fixed value of <code>s3:x-amz-server-side-encryption-aws-kms-key-id</code> </p> </li> <li> <p>A fixed value of <code>aws:userid</code> outside the pattern \"<code>AROLEID:*</code>\"</p> </li> </ul> </li> </ol> <p>\"Bad actions\" are those that could expose the data inside a bucket to reads or writes by the public. These actions are <code>s3:Get*</code>, <code>s3:List*</code>, <code>s3:AbortMultipartUpload</code>, <code>s3:Delete*</code>, <code>s3:Put*</code>, and <code>s3:RestoreObject</code>.</p> <p>The star notation for bad actions indicates that all matching operations are considered bad actions. For example, because <code>s3:Get*</code> is a bad action, <code>s3:GetObject</code>, <code>s3:GetObjectVersion</code>, and <code>s3:GetObjectAcl</code> are all bad actions.</p>"
},
"PutPublicAccessBlockRequest":{
"type":"structure",
"required":[
"PublicAccessBlockConfiguration",
"AccountId"
],
"members":{
"PublicAccessBlockConfiguration":{
"shape":"PublicAccessBlockConfiguration",
"documentation":"<p>The Public Access Block configuration that you want to apply to this Amazon Web Services account.</p>",
"locationName":"PublicAccessBlockConfiguration",
"xmlNamespace":{"uri":"http://awss3control.amazonaws.com/doc/2018-08-20/"}
},
"AccountId":{
"shape":"AccountId",
"documentation":"<p>The Account ID for the Amazon Web Services account whose Public Access Block configuration you want to set.</p>",
"location":"header",
"locationName":"x-amz-account-id"
}
},
"payload":"PublicAccessBlockConfiguration"
},
"Setting":{"type":"boolean"}
},
"documentation":"<p> AWS S3 Control provides access to Amazon S3 control plane operations. </p>"
}
Reference in a new issue View git blame Copy permalink