Amazon S3 - Get ACL
Declaration
<AMAWSS3 ACTIVITY="get_acl" PROVIDER="text (optoins)" SESSION="text" ACCESSKEY="text" SECRETKEY="text (encrypted)" PROTOCOL="text (options)" USERAGENT="text" MAXERRORRETRY="number" SERVICEURL="text" PROXYHOST="text" PROXYPORT="number" PROXYUSER="text" PROXYPWD="text (encrypted)" BUCKETNAME="text" RESULTDATASET="text" VERSION="number" KEYNAME="text"><HEADER NAME="text" VALUE="text" /></AMAWSS3>
Description
Retrieves the Access Control List (ACL) of a given bucket or object and populates a dataset with the results. Each bucket and object in Amazon S3 includes an ACL that defines which users are granted access to objects, as well as what operations are allowed on given objects.
Practical usage
Used to retrieve and examine the Access Control List of a bucket or object to determine user permissions. An Access Control List is primarily a list of grants. A grant consists of one grantee and one permission. Bucket ACLs are completely independent of Object ACLs. This means that ACLs set on a bucket can be different than ACLs set on any object contained in the bucket.
Parameters
Connection
| Property | Type | Required | Default | Markup | Description |
|---|---|---|---|---|---|
| Connection | --- | --- | --- | --- | Indicates
where AWS user credentials and preferences should originate from.
This is a design mode parameter used only during task construction
and configuration, thus, comprises no markup. The available options
are:
|
Connection - Session
| Property | Type | Required | Default | Markup | Description |
|---|---|---|---|---|---|
| Session | Text | Yes, if Connection is set to Session | EC2Session1 | SESSION="S3Session1" | The name of an existing session to attach this activity to. This parameter is active only if the Connection parameter is set to Session. The default session name is S3Session1. |
Connection - Host > Credentials
| Property | Type | Required | Default | Markup | Description |
|---|---|---|---|---|---|
| Access key | Text | Yes, if Connection is set to Host | (Empty) | ACCESSKEY="022QF06E7MXBSH9DHM02" | A 20-character alphanumeric string that uniquely identifies the owner of the AWS service account, similar to a username. This key along with a corresponding secret access key forms a secure information set that AWS uses to confirm a valid user's identity. This parameter is active only if the Connection parameter is set to Host. |
| Secret access key | Text | Yes, if Connection is set to Host | (Empty) | SECRETKEY="text (encrypted)" | A 40-character string that serves the role as password to access the AWS service account. This along with an associated access key forms a secure information set that EC2 uses to confirm a valid user's identity. This parameter is active only if the Connection parameter is set to Host. |
Connection - Host > Advanced
| Property | Type | Required | Default | Markup | Description |
|---|---|---|---|---|---|
| Protocol | Text (options) | No | HTTP | PROTOCOL="HTTPS" | The
protocol required. The available options are:
|
| User agent | Text | No | Automate | USERAGENT="Automate" | The name of the client or application initiating requests to AWS, which in this case, is Automate Desktop. This parameter's default value is Automate. |
| Service URL | Text | No | (Empty) | SERVICEURL="https://s3.eu-west-1.amazonaws.com" | The URL that provides the service endpoint. To make the service call to a different region, you can pass the region-specific endpoint URL. For example, entering https://s3.us-west-1.amazonaws.com points to US West (Northern California) region. A complete list of S3 regions, along with associated endpoints and valid protocols can be found below under Amazon S3 regions and endpoints . |
| Maximum number of retries on error | Number | No | (Empty) | MAXERRORRETRY="4" | The total amount of times this activity should retry its request to the server before returning an error. Network components can generate errors anytime in the life of a request, thus, implementing retries can increase reliability. |
| Proxy host | Text | No | (Empty) | PROXYHOST="proxy.host.com" | The hostname (for example, server.domain.com) or IP address (for example, 192.168.0.100) of the proxy server to use when connecting to AWS. |
| Proxy port | Number | No | (Empty) | PROXYPORT="1028" | The port that should be used to connect to the proxy server. |
| Proxy username | Text | No | (Empty) | PROXYUSER="username" | The username that should be used to authenticate connection with the proxy server (if required). |
| Proxy password | Text | No | (Empty) | PROXYPWD="encrypted" | The password that should be used to authenticate connection with the proxy server (if required). |
ACL
| Property | Type | Required | Default | Markup | Description |
|---|---|---|---|---|---|
| Bucket name | Text | Yes | (Empty) | BUCKETNAME="MyBucket" | The name of the bucket in which to retrieve ACL (Access Control List) from. |
| Key name | Text | No | (Empty) | KEYNAME="myFile" | The key name of the object in which to retrieve ACL from. A key is the unique identifier for an object within a bucket. Every object in a bucket has exactly one key. |
| Version ID (optional) | Text | No | (Empty) | VERSION="333333" | The version of the object in which to retrieve ACL from. This property is useful if an object has the same key name but different version IDs. |
| Create and populate dataset with ACL info | Text | Yes | (Empty) | RESULTDATASET="myDataset" | The name of a dataset to create and populate with ACL information. More details on the individual fields that this dataset creates can be found below under Datasets. |
Advanced
Each Amazon S3 object has a set of key-value pairs with which it is associated called Headers or Metadata. Metadata provides important details about an object, such as file name, type, date of creation/modification etc. There are two kinds of metadata in Amazon S3; system metadata, and user metadata. System metadata is used and processed by Amazon S3. User metadata (also known as custom header) is specified by you, the user. Amazon S3 simply stores it and passes it back to you upon request.
Automate Desktop lets you to store your personal information as custom headers or user metadata like name, company name, and phone numbers etc, so that you can distinguish specific files. Using this option, you can add new custom header/user metadata to existing Amazon S3 objects, edit default Amazon S3 metadata on a bucket or store/upload new objects with custom header or metadata.
| Property | Type | Required | Default | Markup | Description |
|---|---|---|---|---|---|
| Name | Text | No | (Empty) | HEADER NAME="myHeader" | Specifies the "key" in a key-value pair. This is the handle that you assign to an object. In Amazon S3, details about each file and folder are stored in key value pairs called metadata or headers. System metadata is used and processed by Amazon S3, however, user metadata or custom headers can be specified by you. This adds more flexibility and enables you to better distinguish specific files by adding or editing custom headers on existing Amazon S3 objects or assigning custom headers to new objects. Press Click here to add new row... to add a key-value pair. Press the red X to remove an existing key-value pair. |
| Value | Text | No | (Empty) | VALUE="theValue" | Specifies the "value" in a key-value pair. This is the content that you are storing for an object. In Amazon S3, details about each file and folder are stored in key value pairs called metadata or headers. System metadata is used and processed by Amazon S3, however, user metadata or custom headers can be specified by you. This adds more flexibility and enables you to better distinguish specific files by adding or editing custom headers on existing Amazon S3 objects or assigning custom headers to new objects. Press Click here to add new row... to add a key-value pair. Press the red X to remove an existing key-value pair. |
Additional notes
Amazon S3 regions and endpoints
This table contains a complete list of Amazon Simple Storage Service endpoints, along with their corresponding regions, supported protocols and location constraints.
| Endpoint | Region | Protocol | Location Constraints |
|---|---|---|---|
| s3.amazonaws.com | US Standard * | HTTP and HTTPS | (none required) |
| s3.us-west-2.amazonaws.com | US West (Oregon) Region | HTTP and HTTPS | us-west-2 |
| s3.us-west-1.amazonaws.com | US West (Northern California) Region | HTTP and HTTPS | us-west-1 |
| s3.eu-west-1.amazonaws.com | EU (Ireland) Region | HTTP and HTTPS | EU |
| s3.ap-southeast-1.amazonaws.com | Asia Pacific (Singapore) Region | HTTP and HTTPS | ap-southeast-1 |
| s3.ap-southeast-2.amazonaws.com | Asia Pacific (Sydney) Region | HTTP and HTTPS | ap-southeast-2 |
| s3.ap-northeast-1.amazonaws.com | Asia Pacific (Tokyo) Region | HTTP and HTTPS | ap-northeast-1 |
| s3.sa-east-1.amazonaws.com | South America (Sao Paulo) Region | HTTP and HTTPS | sa-east-1 |
* The US Standard region automatically routes requests to facilities in Northern Virginia or the Pacific Northwest using network maps.
Datasets
A dataset is a multiple column, multiple row container object. This activity creates and populates a dataset containing a specific set of fields. The table below describes these fields (assuming the dataset name assigned was theDataset).
| Name | Type | Return Value |
|---|---|---|
| theDataset.User | Text | Returns the user assigned to the bucket or object. |
| theDataset.Permission | Text | Returns the user's permission level in relation to the bucket/object (for example, Full_Control). |
Example
- Copy and paste the sample AML code below directly into the Task Builder Steps Panel.
- To successfully run the sample code, update parameters containing user credentials, files, file paths, or other information specific to the task to match your environment.
Description
Get access control list (ACL) and store it into dataset "theData". Bucket name is "mybucket". Key name is "234234". Use "mysession" S3 session.
<AMAWSS3 ACTIVITY="create_session" SESSION="MyS3Session" ACCESSKEY="AKIAJ25JAKOPAC7GSQ7A" SECRETKEY="AM3GO5REGn4Hic=aME" />
<!-- Retrieve available buckets and create and populate a dataset named "with results. -->
<AMAWSS3 ACTIVITY="list_buckets" PROVIDER="session_based" SESSION="S3Session1" RESULTDATASET="theBucketList" />
<!-- Loop the dataset. -->
<AMLOOP ACTIVITY="dataset" DATASET="theBucketList">
<!-- Loop the dataset. -->
<AMSHOWDIALOG WINDOWTITLE="Name and creation date of current bucket list.">Bucket name: %theBucketList.BucketName%Bucket creation date: date: %theBucketList.CreationDate%</AMSHOWDIALOG></AMLOOP>
<AMAWSS3 ACTIVITY="end_session" SESSION="S3Session1" />