Review the required AWS permissions and condition keys of the AWS S3 Connector actions to ensure that you grant Dynatrace only a minimum set of permissions. For more information, see AWS documentation.
Creates a copy of an object that is already stored in Amazon S3.
For more information, see the official documentation of Copy object.
Required AWS permissions:
s3:GetObjects3:PutObject| Field | Type | Description | Required |
|---|---|---|---|
| Region | string | The region to use. | required |
| Bucket | string | The name of the destination bucket. | required |
| CopySource | string | Specifies the source object for the copy operation. | required |
| Key | string | The key of the destination object. | required |
| ExpectedBucketOwner | string | The account ID of the expected destination bucket owner. | optional |
| ExpectedSourceBucketOwner | string | The account ID of the expected source bucket owner. | optional |
Returns fields as described in CopyObjectCommandOutput.
This action creates an Amazon S3 bucket.
For more information, see the official documentation of Create bucket.
Required AWS permission: s3:CreateBucket.
| Field | Type | Description | Required |
|---|---|---|---|
| Region | string | The region to use. | required |
| Bucket | string | The name of the bucket to create. | required |
| ACL | BucketCannedACL | The canned ACL to apply to the bucket. | optional |
Returns fields as described in CreateBucketCommandOutput.
Deletes the S3 bucket.
For more information, see the official documentation of Delete bucket.
Required AWS permission: s3:DeleteBucket.
| Field | Type | Description | Required |
|---|---|---|---|
| Region | string | The region to use. | required |
| Bucket | string | Specifies the bucket being deleted. | required |
| ExpectedBucketOwner | string | The account ID of the expected bucket owner. | optional |
Returns fields as described in DeleteBucketCommandOutput.
Removes an object from a bucket.
For more information, see the official documentation of Delete object.
Required AWS permission: s3:DeleteObject.
| Field | Type | Description | Required |
|---|---|---|---|
| Region | string | The region to use. | required |
| Bucket | string | The bucket name of the bucket containing the object. | required |
| Key | string | Key name of the object to delete. | required |
| ExpectedBucketOwner | string | The account ID of the expected bucket owner. | optional |
| VersionId | string | Version ID used to reference a specific version of the object. | optional |
Returns fields as described in DeleteObjectCommandOutput.
Returns the default encryption configuration for an Amazon S3 bucket.
For more information, see the official documentation of Get bucket encryption.
Required AWS permission: s3:GetEncryptionConfiguration.
| Field | Type | Description | Required |
|---|---|---|---|
| Region | string | The region to use. | required |
| Bucket | string | The name of the bucket from which the server-side encryption configuration is retrieved. | required |
Returns fields as described in GetBucketEncryptionCommandOutput.
This operation is not supported for directory buckets.
For more information, see the official documentation of Get bucket logging.
Required AWS permission: s3:GetBucketLogging.
| Field | Type | Description | Required |
|---|---|---|---|
| Region | string | The region to use. | required |
| Bucket | string | The bucket name for which to get the logging information. | required |
Returns fields as described in GetBucketLoggingCommandOutput.
Retrieves all the metadata from an object without returning the object itself.
For more information, see the official documentation of Get object attributes.
Required AWS permission: s3:GetObjectAttributes.
| Field | Type | Description | Required |
|---|---|---|---|
| Region | string | The region to use. | required |
| Bucket | string | The name of the bucket that contains the object. | required |
| Key | string | The object key. | required |
| ObjectAttributes | ObjectAttributes[] | Specifies the fields at the root level that you want returned in the response. | required |
| ExpectedBucketOwner | string | The account ID of the expected bucket owner. | optional |
| MaxParts | number | Sets the maximum number of parts to return. | optional |
| PartNumberMarker | string | Specifies the part after which the listing should begin. | optional |
| VersionId | string | The version ID used to reference a specific version of the object. | optional |
Returns fields as described in GetObjectAttributesCommandOutput.
Retrieves an object from Amazon S3.
For more information, see the official documentation of Get object.
Required AWS permission: s3:GetObject.
| Field | Type | Description | Required |
|---|---|---|---|
| Region | string | The region to use. | required |
| Bucket | string | The bucket name containing the object. | required |
| Key | string | Key of the object to get. | required |
| ExpectedBucketOwner | string | The account ID of the expected bucket owner. | optional |
| VersionId | string | Version ID used to reference a specific version of the object. | optional |
Returns fields as described in GetObjectCommandOutput.
This operation is not supported for directory buckets.
For more information, see the official documentation of List buckets.
Required AWS permission: s3:ListAllMyBuckets.
| Field | Type | Description | Required |
|---|---|---|---|
| Region | string | The region to use. | required |
| ContinuationToken | string | ContinuationToken indicates to Amazon S3 that the list is being continued on this bucket with a token. | optional |
| MaxBuckets | number | Maximum number of buckets to be returned in response. | optional |
Returns fields as described in ListBucketsCommandOutput.
Returns some or all (up to 1,000) of the objects in a bucket with each request.
For more information, see the official documentation of List objects v2.
Required AWS permission: s3:ListBucket.
| Field | Type | Description | Required |
|---|---|---|---|
| Region | string | The region to use. | required |
| Bucket | string | When you use this operation with a directory bucket, you need to use virtual-hosted-style requests in the format bucket-name.s3express-zone-id.region-code.amazonaws.com. | required |
| ExpectedBucketOwner | string | The account ID of the expected bucket owner. | optional |
| MaxKeys | number | Sets the maximum number of keys returned in the response. | optional |
| Prefix | string | Limits the response to keys that begin with the specified prefix. | optional |
| StartAfter | string | StartAfter is where you want Amazon S3 to start listing from. | optional |
Returns fields as described in ListObjectsV2CommandOutput.
This operation is not supported for directory buckets.
For more information, see the official documentation of Put bucket ACL.
Required AWS permission: s3:PutBucketAcl.
| Field | Type | Description | Required |
|---|---|---|---|
| Region | string | The region to use. | required |
| Bucket | string | The bucket to apply the ACL. | required |
| ACL | BucketCannedACL | The canned ACL to apply to the bucket. | optional |
| AccessControlPolicy | AccessControlPolicy | Contains the elements that set the ACL permissions for an object per grantee. | optional |
| ChecksumAlgorithm | ChecksumAlgorithm | Indicates the algorithm used to create the checksum for the request when you use the SDK. | optional |
| ExpectedBucketOwner | string | The account ID of the expected bucket owner. | optional |
| GrantFullControl | string | Allows grantee to read, write, read ACP, and write ACP permissions on the bucket. | optional |
| GrantRead | string | Allows grantee to list the objects in the bucket. | optional |
| GrantReadACP | string | Allows grantee to read the bucket ACL. | optional |
| GrantWrite | string | Allows grantee to create new objects in the bucket. | optional |
| GrantWriteACP | string | Allows grantee to write the ACL for the applicable bucket. | optional |
Returns fields as described in PutBucketAclCommandOutput.
This operation configures default encryption and Amazon S3 Bucket Keys for an existing bucket.
For more information, see the official documentation of Put bucket encryption.
Required AWS permission: s3:PutEncryptionConfiguration.
| Field | Type | Description | Required |
|---|---|---|---|
| Region | string | The region to use. | required |
| Bucket | string | Specifies default encryption for a bucket using server-side encryption with different key options. | required |
| ServerSideEncryptionConfiguration | ServerSideEncryptionConfiguration | Specifies the default server-side-encryption configuration. | required |
| ChecksumAlgorithm | ChecksumAlgorithm | Indicates the algorithm used to create the checksum for the request when you use the SDK. | optional |
| ExpectedBucketOwner | string | The account ID of the expected bucket owner. | optional |
Returns fields as described in PutBucketEncryptionCommandOutput.
This operation is not supported for directory buckets.
For more information, see the official documentation of Put bucket logging.
Required AWS permission: s3:PutBucketLogging.
| Field | Type | Description | Required |
|---|---|---|---|
| Region | string | The region to use. | required |
| Bucket | string | The bucket name for setting the logging parameters. | required |
| BucketLoggingStatus | BucketLoggingStatus | Container for logging status information. | required |
| ChecksumAlgorithm | ChecksumAlgorithm | Indicates the algorithm used to create the checksum for the request when you use the SDK. | optional |
| ExpectedBucketOwner | string | The account ID of the expected bucket owner. | optional |
Returns fields as described in PutBucketLoggingCommandOutput.
Adds an object to a bucket.
For more information, see the official documentation of Put object.
Required AWS permission: s3:PutObject.
| Field | Type | Description | Required |
|---|---|---|---|
| Region | string | The region to use. | required |
| Bucket | string | The bucket name to which the PUT action was initiated. | required |
| Key | string | Object key for which the PUT action was initiated. | required |
| Body | string | The Body parameter of the request. | optional |
| ACL | ObjectCannedACL | The canned ACL to be applied to the object. | optional |
| ContentType | string | A standard MIME type describing the format of the contents. | optional |
| ServerSideEncryption | ServerSideEncryption | The server-side encryption algorithm that was used when you store this object in Amazon S3. | optional |
| StorageClass | StorageClass | The storage class of the object. | optional |
| ExpectedBucketOwner | string | The account ID of the expected bucket owner. | optional |
Returns fields as described in PutObjectCommandOutput.
This operation is not supported for directory buckets.
For more information, see the official documentation of Put public access block.
Required AWS permission: s3:PutBucketPublicAccessBlock.
| Field | Type | Description | Required |
|---|---|---|---|
| Region | string | The region to use. | required |
| Bucket | string | The name of the Amazon S3 bucket whose PublicAccessBlock configuration you want to set. | required |
| PublicAccessBlockConfiguration | PublicAccessBlockConfiguration | The PublicAccessBlock configuration you want to apply to this Amazon S3 bucket. | required |
| ChecksumAlgorithm | ChecksumAlgorithm | Indicates the algorithm used to create the checksum for the object when you use the SDK. | optional |
| ExpectedBucketOwner | string | The account ID of the expected bucket owner. | optional |
Returns fields as described in PutPublicAccessBlockCommandOutput.