Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Authenticating and authorizing for directory buckets in Local Zones

Directory buckets in Local Zones support both Amazon Identity and Access Management (IAM) authorization and session-based authorization. For more information about authentication and authorization for directory buckets, see Authenticating and authorizing requests.

Resources

Amazon Resource Names (ARNs) for directory buckets contain the s3express namespace, the Amazon parent Region, the Amazon Web Services account ID, and the directory bucket name which includes the Zone ID. To access and perform actions on your directory bucket, you must use the following ARN format:

arn:aws:s3express:region-code:account-id:bucket/bucket-base-name--ZoneID--x-s3

For directory buckets in a Local Zone, the Zone ID is the ID of the Local Zone. For more information about directory buckets in Local Zones, see Concepts for directory buckets in Local Zones. For more information about ARNs, see Amazon Resource Names (ARNs) in the IAM User Guide. For more information about resources, see IAM JSON Policy Elements: Resource in the IAM User Guide.