Amazon IAM Access Analyzer · Schema

S3BucketConfiguration

Proposed access control configuration for an Amazon S3 bucket. You can propose a configuration for a new Amazon S3 bucket or an existing Amazon S3 bucket that you own by specifying the Amazon S3 bucket policy, bucket ACLs, bucket BPA settings, Amazon S3 access points, and multi-region access points attached to the bucket. If the configuration is for an existing Amazon S3 bucket and you do not specify the Amazon S3 bucket policy, the access preview uses the existing policy attached to the bucket. If the access preview is for a new resource and you do not specify the Amazon S3 bucket policy, the access preview assumes a bucket without a policy. To propose deletion of an existing bucket policy, you can specify an empty string. For more information about bucket policy limits, see Bucket Policy Examples.

Access ControlComplianceIAMPolicy ManagementSecurity

Properties

Name Type Description
bucketPolicy object
bucketAclGrants object
bucketPublicAccessBlock object
accessPoints object
View JSON Schema on GitHub

JSON Schema

iam-access-analyzer-s3-bucket-configuration-schema.json Raw ↑ 
{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id": "https://raw.githubusercontent.com/api-evangelist/amazon-iam-access-analyzer/refs/heads/main/json-schema/iam-access-analyzer-s3-bucket-configuration-schema.json",
  "title": "S3BucketConfiguration",
  "description": "Proposed access control configuration for an Amazon S3 bucket. You can propose a configuration for a new Amazon S3 bucket or an existing Amazon S3 bucket that you own by specifying the Amazon S3 bucket policy, bucket ACLs, bucket BPA settings, Amazon S3 access points, and multi-region access points attached to the bucket. If the configuration is for an existing Amazon S3 bucket and you do not specify the Amazon S3 bucket policy, the access preview uses the existing policy attached to the bucket. If the access preview is for a new resource and you do not specify the Amazon S3 bucket policy, the access preview assumes a bucket without a policy. To propose deletion of an existing bucket policy, you can specify an empty string. For more information about bucket policy limits, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html\">Bucket Policy Examples</a>.",
  "type": "object",
  "properties": {
    "bucketPolicy": {
      "allOf": [
        {
          "$ref": "#/components/schemas/S3BucketPolicy"
        },
        {
          "description": "The proposed bucket policy for the Amazon S3 bucket."
        }
      ]
    },
    "bucketAclGrants": {
      "allOf": [
        {
          "$ref": "#/components/schemas/S3BucketAclGrantConfigurationsList"
        },
        {
          "description": "The proposed list of ACL grants for the Amazon S3 bucket. You can propose up to 100 ACL grants per bucket. If the proposed grant configuration is for an existing bucket, the access preview uses the proposed list of grant configurations in place of the existing grants. Otherwise, the access preview uses the existing grants for the bucket."
        }
      ]
    },
    "bucketPublicAccessBlock": {
      "allOf": [
        {
          "$ref": "#/components/schemas/S3PublicAccessBlockConfiguration"
        },
        {
          "description": "The proposed block public access configuration for the Amazon S3 bucket."
        }
      ]
    },
    "accessPoints": {
      "allOf": [
        {
          "$ref": "#/components/schemas/S3AccessPointConfigurationsMap"
        },
        {
          "description": "The configuration of Amazon S3 access points or multi-region access points for the bucket. You can propose up to 10 new access points per bucket."
        }
      ]
    }
  }
}