Amazon S3 - Set ACL
Declaration
<AMAWSRDS ACTIVITY="authorize_security_group" SECURITYGROUP="text" CIDRIP="text" ACCESSKEY="text" SECRETKEY="text (encrypted)" SERVICEURL="text" PROXYHOST="text" USERAGENT="text" PROXYPORT="number" PROXYUSER="text" PROXYPWD="text (encrypted)" MAXERRORRETRY="number" SIGNMETHOD="text" SIGNVERSION="number" />
Description
Sets the Access Control List (ACL) permissions for an existing bucket
or object. Each bucket and object in S3 includes an ACL that defines which
users are granted access to objects, as well as what operations are allowed
on given objects.
IMPORTANT: The AWS S3 activities
are performed using Amazon's Simple Storage Service engine, therefore,
launching and operating Amazon S3 through Automate Desktop requires a
valid Access Key ID and Secret Access Key.
NOTE: Bucket ACLs are completely
independent of Object ACLs. This means that ACLs set on a bucket
can be different of ACLs set on any object contained in bucket.
An ACL is a list of grants. A grant consists of one grantee and
one permission.
Practical usage
Used to set the ACL permissions for an existing bucket or object.
Parameters
Connection
Connection |
--- |
--- |
--- |
--- |
Indicates
where AWS user credentials and preferences should originate from.
This is a design mode parameter used only during task construction
and configuration, thus, comprises no markup. The available options
are:- Host (default)- Specifies
that user credentials and advanced preferences are configured
individually for this activity. This option is normally chosen
if only a single activity is required to complete an operation.
- Session - Specifies that
user credentials and advanced preferences are obtained
from a pre-configured session created in an earlier step with the use of the Amazon S3
- Create session activity. This option is normally chosen
if a combination of related activities are required to complete
an operation. Linking several activities to a single session
eliminates redundancy. Additionally, a single task supports
construction and simultaneous execution of multiple sessions, improving
efficiency.
|
Connection - Session
Session |
Text |
Yes,
if Connection is set to Session |
EC2Session1 |
SESSION="S3Session1"
|
The
name of an existing session to attach this activity to. This parameter
is active only if the Connection
parameter is set to Session.
The default session name is S3Session1. |
Connection - Host > Credentials
Access key |
Text |
Yes,
if Connection is set to Host |
(Empty) |
ACCESSKEY="022QF06E7MXBSH9DHM02"
|
A
20-character alphanumeric string that uniquely identifies the
owner of the AWS service account, similar to a username. This
key along with a corresponding secret access key forms a secure
information set that AWS uses to confirm a valid user's identity.
This parameter is active only if the
Connection parameter is set to Host. |
Secret access key |
Text |
Yes,
if Connection is set to Host |
(Empty) |
SECRETKEY="text (encrypted)"
|
A
40-character string that serves the role as password to access
the AWS service account. This along with an associated access
key forms a secure information set that EC2 uses to confirm a
valid user's identity. This parameter is active only if the Connection parameter is set
to Host. |
Connection - Host > Advanced
Protocol |
Text
(options) |
No |
HTTP |
PROTOCOL="HTTPS"
|
The
protocol required. The available options are: |
User
agent |
Text |
No |
Automate |
USERAGENT="Automate"
|
The
name of the client or application initiating requests to AWS,
which in this case, is Automate Desktop. This parameter's default value
is Automate. |
Service URL |
Text |
No |
(Empty) |
SERVICEURL="https://s3.eu-west-1.amazonaws.com"
|
The
URL that provides the service endpoint. To make the service call
to a different region, you can pass the region-specific endpoint
URL. For example, entering https://s3.us-west-1.amazonaws.com
points to US West (Northern California) region. A complete list
of S3 regions, along with associated endpoints and valid protocols
can be found below under Amazon S3 regions and endpoints . |
Maximum number of retries on error |
Number |
No |
(Empty) |
MAXERRORRETRY="4"
|
The
total amount of times this activity should retry its request to
the server before returning an error. Network components can generate
errors anytime in the life of a request, thus, implementing retries
can increase reliability. |
Proxy host |
Text |
No |
(Empty) |
PROXYHOST="proxy.host.com"
|
The
hostname (for example, server.domain.com) or IP address (for example, 192.168.0.100)
of the proxy server to use when connecting to AWS. |
Proxy port |
Number |
No |
(Empty) |
PROXYPORT="1028"
|
The
port that should be used to connect to the proxy server. |
Proxy username |
Text |
No |
(Empty) |
PROXYUSER="username"
|
The
username that should be used to authenticate connection with the
proxy server (if required). |
Proxy password |
Text |
No |
(Empty) |
PROXYPWD="encrypted"
|
The
password that should be used to authenticate connection with the
proxy server (if required). |
ACL
Bucket Name |
Text |
Yes |
(Empty) |
BUCKETNAME="MyBucket"
|
Indicates the name of the Bucket to set. |
Key Name (Optional) |
Text |
No |
(Empty) |
KEYNAME="myFile"
|
The key name of the object to set. A key is
the unique identifier for an object within a bucket. Every object
in a bucket has exactly one key. |
Canned ACL |
Text |
Yes |
Private |
ACL="PublicRead"
|
Specifies the ACL policy to set. The available
Canned ACL options are:- NoACL
- No access policies.
- Private
(Default) - Owner gets full control. No one else has
access rights.
- PublicRead
- Owner gets full control and the anonymous principal
is granted read access.
- PublicReadWrite
- Owner gets full control, the anonymous principal is granted
read/write access. Useful policy to apply to a bucket, but
is generally not recommended.
- AuthenticatedRead
- Owner gets full control, and any principal authenticated
as a registered Amazon S3 user is granted read access.
- BucketOwnerRead
- Object owner gets full control. Bucket owner gets read access.
This ACL applies only to objects and is equivalent to Private when used with Amazon S3 - Create bucket activity.
Use this ACL to let someone other than the bucket owner write
content (get full control) in the bucket but still grant the
bucket owner read access to the objects.
- BucketOwnerFullControl
- Object owner gets full control. Bucket owner gets full control.
Applies only to objects and is equivalent to Private
when used with Amazon S3 - Create bucket
activity. Use this ACL to let someone other than the bucket
owner write content (get full control) in the bucket but still
grant the bucket owner full rights over the objects.
|
Version ID (Optional) |
Text |
No |
(Empty) |
VERSION="333333"
|
Specifies the version of the object in which
to set. This property is useful if an object has the same key
name but different version IDs. |
Advanced
Name |
Text |
No |
(Empty) |
HEADER NAME="myHeader"
|
Specifies the "key" in a key-value
pair. This is the handle that you assign to an object. In Amazon
S3, details about each file and folder are stored in key value
pairs called metadata or headers. System metadata is used and
processed by Amazon S3, however, user metadata or custom headers
can be specified by you. This adds more flexibility and enables
you to better distinguish specific files by adding or editing
custom headers on existing S3 objects or assigning custom headers
to new objects. Press Click here
to add new row... to add a key-value pair. Press the red
X to remove an existing
key-value pair. |
Value |
Text |
No |
(Empty) |
VALUE="theValue"
|
Specifies the "value" in a key-value
pair. This is the content that you are storing for an object.
In Amazon S3, details about each file and folder are stored in
key value pairs called metadata or headers. System metadata is
used and processed by Amazon S3, however, user metadata or custom
headers can be specified by you. This adds more flexibility and
enables you to better distinguish specific files by adding or
editing custom headers on existing S3 objects or assigning custom
headers to new objects. Press Click
here to add new row... to add a key-value pair. Press the
red X to remove an existing
key-value pair. |
Description
Error Causes
On Error
Additional notes
Amazon S3 regions and endpoints
This table contains a complete list of Amazon Simple Storage Service
endpoints, along with their corresponding regions, supported protocols
and location constraints.
s3.amazonaws.com
|
US Standard
* |
HTTP
and HTTPS |
(none
required) |
s3.us-west-2.amazonaws.com
|
US West
(Oregon) Region |
HTTP
and HTTPS |
us-west-2
|
s3.us-west-1.amazonaws.com
|
US West
(Northern California) Region |
HTTP
and HTTPS |
us-west-1
|
s3.eu-west-1.amazonaws.com
|
EU (Ireland)
Region |
HTTP
and HTTPS |
EU |
s3.ap-southeast-1.amazonaws.com
|
Asia
Pacific (Singapore) Region |
HTTP
and HTTPS |
ap-southeast-1
|
s3.ap-southeast-2.amazonaws.com
|
Asia
Pacific (Sydney) Region |
HTTP
and HTTPS |
ap-southeast-2
|
s3.ap-northeast-1.amazonaws.com
|
Asia
Pacific (Tokyo) Region |
HTTP
and HTTPS |
ap-northeast-1
|
s3.sa-east-1.amazonaws.com
|
South
America (Sao Paulo) Region |
HTTP
and HTTPS |
sa-east-1
|
* The US Standard region automatically routes
requests to facilities in Northern Virginia or the Pacific Northwest using
network maps.
Example
NOTE:
- Copy and paste the sample AML code below directly into
the Task Builder Steps Panel.
- To successfully run the sample code, update parameters containing user credentials, files, file paths, or other information specific to the task to match your environment.
Description
Set access control list (ACL) to "PublicRead". Bucket
name is "myBucket". Key name is "file.txt". Version
ID is "2". Use "mySession" S3 session.
Copy
1
<AMAWSS3 ACTIVITY="set_acl" BUCKETNAME="myBucket" KEYNAME="file.txt" VERSION="2" ACL="PublicRead" SESSION="mySession" />