{
  "s3-outposts:accesspointnetworkorigin": {
    "key": "s3-outposts:AccessPointNetworkOrigin",
    "description": "Filters access by the network origin (Internet or VPC)",
    "type": "String"
  },
  "s3-outposts:dataaccesspointaccount": {
    "key": "s3-outposts:DataAccessPointAccount",
    "description": "Filters access by the AWS Account ID that owns the access point",
    "type": "String"
  },
  "s3-outposts:dataaccesspointarn": {
    "key": "s3-outposts:DataAccessPointArn",
    "description": "Filters access by an access point Amazon Resource Name (ARN)",
    "type": "ARN"
  },
  "s3-outposts:existingobjecttag/<key>": {
    "key": "s3-outposts:ExistingObjectTag/<key>",
    "description": "Filters access by requiring that an existing object tag has a specific tag key and value",
    "type": "String"
  },
  "s3-outposts:requestobjecttag/<key>": {
    "key": "s3-outposts:RequestObjectTag/<key>",
    "description": "Filters access by restricting the tag keys and values allowed on objects",
    "type": "String"
  },
  "s3-outposts:requestobjecttagkeys": {
    "key": "s3-outposts:RequestObjectTagKeys",
    "description": "Filters access by restricting the tag keys allowed on objects",
    "type": "String"
  },
  "s3-outposts:authtype": {
    "key": "s3-outposts:authType",
    "description": "Filters access by restricting incoming requests to a specific authentication method",
    "type": "String"
  },
  "s3-outposts:delimiter": {
    "key": "s3-outposts:delimiter",
    "description": "Filters access by requiring the delimiter parameter",
    "type": "String"
  },
  "s3-outposts:max-keys": {
    "key": "s3-outposts:max-keys",
    "description": "Filters access by limiting the maximum number of keys returned in a ListBucket request",
    "type": "Numeric"
  },
  "s3-outposts:prefix": {
    "key": "s3-outposts:prefix",
    "description": "Filters access by key name prefix",
    "type": "String"
  },
  "s3-outposts:signatureage": {
    "key": "s3-outposts:signatureAge",
    "description": "Filters access by identifying the length of time, in milliseconds, that a signature is valid in an authenticated request",
    "type": "Numeric"
  },
  "s3-outposts:signatureversion": {
    "key": "s3-outposts:signatureversion",
    "description": "Filters access by identifying the version of AWS Signature that is supported for authenticated requests",
    "type": "String"
  },
  "s3-outposts:versionid": {
    "key": "s3-outposts:versionid",
    "description": "Filters access by a specific object version",
    "type": "String"
  },
  "s3-outposts:x-amz-acl": {
    "key": "s3-outposts:x-amz-acl",
    "description": "Filters access by requiring the x-amz-acl header with a specific canned ACL in a request",
    "type": "String"
  },
  "s3-outposts:x-amz-content-sha256": {
    "key": "s3-outposts:x-amz-content-sha256",
    "description": "Filters access by disallowing unsigned content in your bucket",
    "type": "String"
  },
  "s3-outposts:x-amz-copy-source": {
    "key": "s3-outposts:x-amz-copy-source",
    "description": "Filters access by restricting the copy source to a specific bucket, prefix, or object",
    "type": "String"
  },
  "s3-outposts:x-amz-metadata-directive": {
    "key": "s3-outposts:x-amz-metadata-directive",
    "description": "Filters access by enabling enforcement of object metadata behavior (COPY or REPLACE) when objects are copied",
    "type": "String"
  },
  "s3-outposts:x-amz-server-side-encryption": {
    "key": "s3-outposts:x-amz-server-side-encryption",
    "description": "Filters access by requiring server-side encryption",
    "type": "String"
  },
  "s3-outposts:x-amz-storage-class": {
    "key": "s3-outposts:x-amz-storage-class",
    "description": "Filters access by storage class",
    "type": "String"
  }
}