CreateAccessGrantsInstance
Creates an S3 Access Grants instance, which serves as a logical grouping for access grants. You can create one S3 Access Grants instance per Region per account.
- Permissions
-
You must have the
s3:CreateAccessGrantsInstancepermission to use this operation. - Additional Permissions
-
To associate an IAM Identity Center instance with your S3 Access Grants instance, you must also have the
sso:DescribeInstance,sso:CreateApplication,sso:PutApplicationGrant, andsso:PutApplicationAuthenticationMethodpermissions.
Request Syntax
POST /v20180820/accessgrantsinstance HTTP/1.1
Host: s3-control.amazonaws.com.cn
x-amz-account-id: AccountId
<?xml version="1.0" encoding="UTF-8"?>
<CreateAccessGrantsInstanceRequest xmlns="http://awss3control.amazonaws.com/doc/2018-08-20/">
<IdentityCenterArn>string</IdentityCenterArn>
<Tags>
<Tag>
<Key>string</Key>
<Value>string</Value>
</Tag>
</Tags>
</CreateAccessGrantsInstanceRequest>URI Request Parameters
The request uses the following URI parameters.
- x-amz-account-id
-
The ID of the Amazon account that is making this request.
Length Constraints: Maximum length of 64.
Pattern:
^\d{12}$Required: Yes
Request Body
The request accepts the following data in XML format.
- CreateAccessGrantsInstanceRequest
-
Root level tag for the CreateAccessGrantsInstanceRequest parameters.
Required: Yes
- IdentityCenterArn
-
If you would like to associate your S3 Access Grants instance with an Amazon IAM Identity Center instance, use this field to pass the Amazon Resource Name (ARN) of the Amazon IAM Identity Center instance that you are associating with your S3 Access Grants instance. An IAM Identity Center instance is your corporate identity directory that you added to the IAM Identity Center. You can use the ListInstances API operation to retrieve a list of your Identity Center instances and their ARNs.
Type: String
Length Constraints: Minimum length of 10. Maximum length of 1224.
Pattern:
arn:[^:]+:sso::(\d{12}){0,1}:instance/.*$Required: No
- Tags
-
The Amazon resource tags that you are adding to the S3 Access Grants instance. Each tag is a label consisting of a user-defined key and value. Tags can help you manage, identify, organize, search for, and filter resources.
Type: Array of Tag data types
Array Members: Minimum number of 0 items. Maximum number of 50 items.
Required: No
Response Syntax
HTTP/1.1 200
<?xml version="1.0" encoding="UTF-8"?>
<CreateAccessGrantsInstanceResult>
<CreatedAt>timestamp</CreatedAt>
<AccessGrantsInstanceId>string</AccessGrantsInstanceId>
<AccessGrantsInstanceArn>string</AccessGrantsInstanceArn>
<IdentityCenterArn>string</IdentityCenterArn>
</CreateAccessGrantsInstanceResult>Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in XML format by the service.
- CreateAccessGrantsInstanceResult
-
Root level tag for the CreateAccessGrantsInstanceResult parameters.
Required: Yes
- AccessGrantsInstanceArn
-
The Amazon Resource Name (ARN) of the S3 Access Grants instance.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 2048.
Pattern:
arn:[a-z\-]+:s3:[a-z0-9\-]+:\d{12}:access\-grants\/[a-zA-Z0-9\-]+ - AccessGrantsInstanceId
-
The ID of the S3 Access Grants instance. The ID is
default. You can have one S3 Access Grants instance per Region per account.Type: String
Length Constraints: Minimum length of 1. Maximum length of 64.
Pattern:
[a-zA-Z0-9\-]+ - CreatedAt
-
The date and time when you created the S3 Access Grants instance.
Type: Timestamp
- IdentityCenterArn
-
If you associated your S3 Access Grants instance with an Amazon IAM Identity Center instance, this field returns the Amazon Resource Name (ARN) of the IAM Identity Center instance application; a subresource of the original Identity Center instance passed in the request. S3 Access Grants creates this Identity Center application for this specific S3 Access Grants instance.
Type: String
Length Constraints: Minimum length of 10. Maximum length of 1224.
Pattern:
arn:[^:]+:sso::(\d{12}){0,1}:instance/.*$
See Also
For more information about using this API in one of the language-specific Amazon SDKs, see the following: