Amazon S3 (s3)

2025-08-22

1 new resource | 33 updated actions, 1 updated resource

Additions

    Resources
  • accesspointobject
    • Arn:  arn:${Partition}:s3:${Region}:${Account}:accesspoint/${AccessPointName}/object/${ObjectName}
    • Conditions: 

      aws:ResourceTag/${TagKey}

      s3:AccessPointNetworkOrigin

      s3:AccessPointTag/${TagKey}

      s3:DataAccessPointAccount

      s3:DataAccessPointArn

Updates

    Actions
  • AbortMultipartUpload
      Resources

    • New_value: No

      Old_value: Yes

    • + accesspointobject
      Conditions
    • - s3:DataAccessPointArn
    • - s3:DataAccessPointAccount
    • - s3:AccessPointNetworkOrigin
    • - s3:AccessPointTag/${TagKey}
    • - aws:ResourceTag/${TagKey}
  • BypassGovernanceRetention
      Resources

    • New_value: No

      Old_value: Yes

    • + accesspointobject
      Conditions
    • - s3:DataAccessPointAccount
    • - s3:DataAccessPointArn
    • - s3:AccessPointNetworkOrigin
  • DeleteObject
      Resources

    • New_value: No

      Old_value: Yes

    • + accesspointobject
      Conditions
    • - s3:DataAccessPointAccount
    • - s3:DataAccessPointArn
    • - s3:AccessPointNetworkOrigin
    • - s3:AccessPointTag/${TagKey}
    • - aws:ResourceTag/${TagKey}
  • DeleteObjectTagging
      Resources

    • New_value: No

      Old_value: Yes

    • + accesspointobject
      Conditions
    • - s3:DataAccessPointAccount
    • - s3:DataAccessPointArn
    • - s3:AccessPointNetworkOrigin
    • - s3:AccessPointTag/${TagKey}
    • - aws:ResourceTag/${TagKey}
  • DeleteObjectVersion
      Resources

    • New_value: No

      Old_value: Yes

    • + accesspointobject
      Conditions
    • - s3:DataAccessPointAccount
    • - s3:DataAccessPointArn
    • - s3:AccessPointNetworkOrigin
  • DeleteObjectVersionTagging
      Resources

    • New_value: No

      Old_value: Yes

    • + accesspointobject
      Conditions
    • - s3:DataAccessPointAccount
    • - s3:DataAccessPointArn
    • - s3:AccessPointNetworkOrigin
  • GetBucketAcl
      Resources

    • New_value: No

      Old_value: Yes

    • + accesspoint
      Conditions
    • - s3:AccessPointTag/${TagKey}
    • - aws:ResourceTag/${TagKey}
  • GetBucketCORS
      Resources

    • New_value: No

      Old_value: Yes

    • + accesspoint
      Conditions
    • - s3:AccessPointTag/${TagKey}
    • - aws:ResourceTag/${TagKey}
  • GetBucketLocation
      Resources

    • New_value: No

      Old_value: Yes

    • + accesspoint
      Conditions
    • - s3:AccessPointTag/${TagKey}
    • - aws:ResourceTag/${TagKey}
  • GetBucketNotification
      Resources

    • New_value: No

      Old_value: Yes

    • + accesspoint
      Conditions
    • - s3:AccessPointTag/${TagKey}
    • - aws:ResourceTag/${TagKey}
  • GetBucketPolicy
      Resources

    • New_value: No

      Old_value: Yes

    • + accesspoint
      Conditions
    • - s3:AccessPointTag/${TagKey}
    • - aws:ResourceTag/${TagKey}
  • GetObject
      Resources

    • New_value: No

      Old_value: Yes

    • + accesspointobject
      Conditions
    • - s3:DataAccessPointAccount
    • - s3:DataAccessPointArn
    • - s3:AccessPointNetworkOrigin
    • - s3:AccessPointTag/${TagKey}
    • - aws:ResourceTag/${TagKey}
  • GetObjectAcl
      Resources

    • New_value: No

      Old_value: Yes

    • + accesspointobject
      Conditions
    • - s3:DataAccessPointAccount
    • - s3:DataAccessPointArn
    • - s3:AccessPointNetworkOrigin
    • - s3:AccessPointTag/${TagKey}
    • - aws:ResourceTag/${TagKey}
  • GetObjectAttributes
      Resources
    • + {'name': 'accesspointobject', 'is_required': False}
    • - {'name': 'accesspoint', 'is_required': True}
      Conditions
    • - s3:DataAccessPointAccount
    • - s3:DataAccessPointArn
    • - s3:AccessPointNetworkOrigin
    • - s3:AccessPointTag/${TagKey}
    • - aws:ResourceTag/${TagKey}
  • GetObjectLegalHold
      Resources

    • New_value: No

      Old_value: Yes

    • + accesspointobject
      Conditions
    • - s3:DataAccessPointAccount
    • - s3:DataAccessPointArn
    • - s3:AccessPointNetworkOrigin
    • - s3:AccessPointTag/${TagKey}
    • - aws:ResourceTag/${TagKey}
  • GetObjectRetention
      Resources

    • New_value: No

      Old_value: Yes

    • + accesspointobject
      Conditions
    • - s3:DataAccessPointAccount
    • - s3:DataAccessPointArn
    • - s3:AccessPointNetworkOrigin
    • - s3:AccessPointTag/${TagKey}
    • - aws:ResourceTag/${TagKey}
  • GetObjectTagging
      Resources

    • New_value: No

      Old_value: Yes

    • + accesspointobject
      Conditions
    • - s3:DataAccessPointAccount
    • - s3:DataAccessPointArn
    • - s3:AccessPointNetworkOrigin
    • - s3:AccessPointTag/${TagKey}
    • - aws:ResourceTag/${TagKey}
  • GetObjectVersion
      Resources

    • New_value: No

      Old_value: Yes

    • + accesspointobject
      Conditions
    • - s3:DataAccessPointAccount
    • - s3:DataAccessPointArn
    • - s3:AccessPointNetworkOrigin
  • GetObjectVersionAcl
      Resources

    • New_value: No

      Old_value: Yes

    • + accesspointobject
      Conditions
    • - s3:DataAccessPointAccount
    • - s3:DataAccessPointArn
    • - s3:AccessPointNetworkOrigin
  • GetObjectVersionAttributes
      Resources

    • New_value: No

      Old_value: Yes

    • + accesspointobject
      Conditions
    • - s3:DataAccessPointAccount
    • - s3:DataAccessPointArn
    • - s3:AccessPointNetworkOrigin
  • GetObjectVersionTagging
      Resources

    • New_value: No

      Old_value: Yes

    • + accesspointobject
      Conditions
    • - s3:DataAccessPointAccount
    • - s3:DataAccessPointArn
    • - s3:AccessPointNetworkOrigin
  • ListBucket
      Resources

    • New_value: No

      Old_value: Yes

    • + accesspoint
      Conditions
    • - s3:DataAccessPointAccount
    • - s3:DataAccessPointArn
    • - s3:AccessPointNetworkOrigin
    • - s3:AccessPointTag/${TagKey}
    • - aws:ResourceTag/${TagKey}
  • ListBucketVersions
      Resources

    • New_value: No

      Old_value: Yes

    • + accesspoint
      Conditions
    • - s3:DataAccessPointAccount
    • - s3:DataAccessPointArn
    • - s3:AccessPointNetworkOrigin
    • - s3:AccessPointTag/${TagKey}
    • - aws:ResourceTag/${TagKey}
  • ListMultipartUploadParts
      Resources

    • New_value: No

      Old_value: Yes

    • + accesspointobject
      Conditions
    • - s3:DataAccessPointAccount
    • - s3:DataAccessPointArn
    • - s3:AccessPointNetworkOrigin
    • - s3:AccessPointTag/${TagKey}
    • - aws:ResourceTag/${TagKey}
  • PutAccessPointPolicy
      Conditions
    • - s3:DataAccessPointAccount
    • - s3:DataAccessPointArn
    • - s3:AccessPointNetworkOrigin
    • - s3:AccessPointTag/${TagKey}
    • - aws:ResourceTag/${TagKey}
  • PutObject
      Resources

    • New_value: No

      Old_value: Yes

    • + accesspointobject
      Conditions
    • - s3:DataAccessPointAccount
    • - s3:DataAccessPointArn
    • - s3:AccessPointNetworkOrigin
    • - s3:AccessPointTag/${TagKey}
    • - aws:ResourceTag/${TagKey}
  • PutObjectAcl
      Resources

    • New_value: No

      Old_value: Yes

    • + accesspointobject
      Conditions
    • - s3:DataAccessPointAccount
    • - s3:DataAccessPointArn
    • - s3:AccessPointNetworkOrigin
    • - s3:AccessPointTag/${TagKey}
    • - aws:ResourceTag/${TagKey}
  • PutObjectLegalHold
      Resources

    • New_value: No

      Old_value: Yes

    • + accesspointobject
      Conditions
    • - s3:DataAccessPointAccount
    • - s3:DataAccessPointArn
    • - s3:AccessPointNetworkOrigin
    • - s3:AccessPointTag/${TagKey}
    • - aws:ResourceTag/${TagKey}
  • PutObjectRetention
      Resources

    • New_value: No

      Old_value: Yes

    • + accesspointobject
      Conditions
    • - s3:DataAccessPointAccount
    • - s3:DataAccessPointArn
    • - s3:AccessPointNetworkOrigin
    • - s3:AccessPointTag/${TagKey}
    • - aws:ResourceTag/${TagKey}
  • PutObjectTagging
      Resources

    • New_value: No

      Old_value: Yes

    • + accesspointobject
      Conditions
    • - s3:DataAccessPointAccount
    • - s3:DataAccessPointArn
    • - s3:AccessPointNetworkOrigin
    • - s3:AccessPointTag/${TagKey}
    • - aws:ResourceTag/${TagKey}
  • PutObjectVersionAcl
      Resources

    • New_value: No

      Old_value: Yes

    • + accesspointobject
      Conditions
    • - s3:DataAccessPointAccount
    • - s3:DataAccessPointArn
    • - s3:AccessPointNetworkOrigin
  • PutObjectVersionTagging
      Resources

    • New_value: No

      Old_value: Yes

    • + accesspointobject
      Conditions
    • - s3:DataAccessPointAccount
    • - s3:DataAccessPointArn
    • - s3:AccessPointNetworkOrigin
  • RestoreObject
      Resources

    • New_value: No

      Old_value: Yes

    • + accesspointobject
      Conditions
    • - s3:DataAccessPointAccount
    • - s3:DataAccessPointArn
    • - s3:AccessPointNetworkOrigin
    • - s3:AccessPointTag/${TagKey}
    • - aws:ResourceTag/${TagKey}
    Resources
  • accesspoint
      Conditions
    • + aws:ResourceTag/${TagKey}
    • + s3:AccessPointNetworkOrigin
    • + s3:AccessPointTag/${TagKey}
    • + s3:DataAccessPointAccount
    • + s3:DataAccessPointArn