UNPKG

@aws-sdk/client-s3

Version:

AWS SDK for JavaScript S3 Client for Node.js, Browser and React Native

github.com/aws/aws-sdk-js-v3/tree/main/clients/client-s3

aws/aws-sdk-js-v3

117 lines (116 loc) 5.98 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
import { EndpointParameterInstructions } from "@aws-sdk/middleware-endpoint"; import { Command as $Command } from "@aws-sdk/smithy-client"; import { Handler, HttpHandlerOptions as __HttpHandlerOptions, MetadataBearer as __MetadataBearer, MiddlewareStack } from "@aws-sdk/types"; import { GetBucketPolicyOutput, GetBucketPolicyRequest } from "../models/models_0"; import { S3ClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../S3Client"; /** * @public * * The input for {@link GetBucketPolicyCommand}. */ export interface GetBucketPolicyCommandInput extends GetBucketPolicyRequest { } /** * @public * * The output of {@link GetBucketPolicyCommand}. */ export interface GetBucketPolicyCommandOutput extends GetBucketPolicyOutput, __MetadataBearer { } /** * @public * <p>Returns the policy of a specified bucket. If you are using an identity other than the * root user of the Amazon Web Services account that owns the bucket, the calling identity must have the * <code>GetBucketPolicy</code> permissions on the specified bucket and belong to the * bucket owner's account in order to use this operation.</p> * <p>If you don't have <code>GetBucketPolicy</code> permissions, Amazon S3 returns a <code>403 * Access Denied</code> error. If you have the correct permissions, but you're not using an * identity that belongs to the bucket owner's account, Amazon S3 returns a <code>405 Method Not * Allowed</code> error.</p> * <important> * <p>To ensure that bucket owners don't inadvertently lock themselves out of their own * buckets, the root principal in a bucket owner's Amazon Web Services account can perform the * <code>GetBucketPolicy</code>, <code>PutBucketPolicy</code>, and * <code>DeleteBucketPolicy</code> API actions, even if their bucket policy explicitly * denies the root principal's access. Bucket owner root principals can only be blocked from performing * these API actions by VPC endpoint policies and Amazon Web Services Organizations policies.</p> * </important> * <p>To use this API operation against an access point, provide the alias of the access point in place of the bucket name.</p> * <p>To use this API operation against an Object Lambda access point, provide the alias of the Object Lambda access point in place of the bucket name. * If the Object Lambda access point alias in a request is not valid, the error code <code>InvalidAccessPointAliasError</code> is returned. * For more information about <code>InvalidAccessPointAliasError</code>, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList">List of * Error Codes</a>.</p> * <p>For more information about bucket policies, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html">Using Bucket Policies and User * Policies</a>.</p> * <p>The following action is related to <code>GetBucketPolicy</code>:</p> * <ul> * <li> * <p> * <a href="https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html">GetObject</a> * </p> * </li> * </ul> * @example * Use a bare-bones client and the command you need to make an API call. * ```javascript * import { S3Client, GetBucketPolicyCommand } from "@aws-sdk/client-s3"; // ES Modules import * // const { S3Client, GetBucketPolicyCommand } = require("@aws-sdk/client-s3"); // CommonJS import * const client = new S3Client(config); * const input = { // GetBucketPolicyRequest * Bucket: "STRING_VALUE", // required * ExpectedBucketOwner: "STRING_VALUE", * }; * const command = new GetBucketPolicyCommand(input); * const response = await client.send(command); * // { // GetBucketPolicyOutput * // Policy: "STRING_VALUE", * // }; * * ``` * * @param GetBucketPolicyCommandInput - {@link GetBucketPolicyCommandInput} * @returns {@link GetBucketPolicyCommandOutput} * @see {@link GetBucketPolicyCommandInput} for command's `input` shape. * @see {@link GetBucketPolicyCommandOutput} for command's `response` shape. * @see {@link S3ClientResolvedConfig | config} for S3Client's `config` shape. * * @throws {@link S3ServiceException} * <p>Base exception class for all service exceptions from S3 service.</p> * * @example To get bucket policy * ```javascript * // The following example returns bucket policy associated with a bucket. * const input = { * "Bucket": "examplebucket" * }; * const command = new GetBucketPolicyCommand(input); * const response = await client.send(command); * /* response == * { * "Policy": "{\"Version\":\"2008-10-17\",\"Id\":\"LogPolicy\",\"Statement\":[{\"Sid\":\"Enables the log delivery group to publish logs to your bucket \",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"111122223333\"},\"Action\":[\"s3:GetBucketAcl\",\"s3:GetObjectAcl\",\"s3:PutObject\"],\"Resource\":[\"arn:aws:s3:::policytest1/*\",\"arn:aws:s3:::policytest1\"]}]}" * } * *\/ * // example id: to-get-bucket-policy-1481595098424 * ``` * */ export declare class GetBucketPolicyCommand extends $Command<GetBucketPolicyCommandInput, GetBucketPolicyCommandOutput, S3ClientResolvedConfig> { readonly input: GetBucketPolicyCommandInput; static getEndpointParameterInstructions(): EndpointParameterInstructions; /** * @public */ constructor(input: GetBucketPolicyCommandInput); /** * @internal */ resolveMiddleware(clientStack: MiddlewareStack<ServiceInputTypes, ServiceOutputTypes>, configuration: S3ClientResolvedConfig, options?: __HttpHandlerOptions): Handler<GetBucketPolicyCommandInput, GetBucketPolicyCommandOutput>; /** * @internal */ private serialize; /** * @internal */ private deserialize; }