{ "aws:requesttag/${tagkey}": { "key": "aws:RequestTag/${TagKey}", "description": "Filters access by the tags that are passed in the request", "type": "String" }, "aws:resourcetag/${tagkey}": { "key": "aws:ResourceTag/${TagKey}", "description": "Filters access by the tags associated with the resource", "type": "String" }, "aws:tagkeys": { "key": "aws:TagKeys", "description": "Filters access by the tag keys that are passed in the request", "type": "ArrayOfString" }, "s3:accessgrantsinstancearn": { "key": "s3:AccessGrantsInstanceArn", "description": "Filters access by access grants instance ARN", "type": "ARN" }, "s3:accesspointnetworkorigin": { "key": "s3:AccessPointNetworkOrigin", "description": "Filters access by the network origin (Internet or VPC)", "type": "String" }, "s3:dataaccesspointaccount": { "key": "s3:DataAccessPointAccount", "description": "Filters access by the AWS Account ID that owns the access point", "type": "String" }, "s3:dataaccesspointarn": { "key": "s3:DataAccessPointArn", "description": "Filters access by an access point Amazon Resource Name (ARN)", "type": "ARN" }, "s3:existingjoboperation": { "key": "s3:ExistingJobOperation", "description": "Filters access by operation to updating the job priority", "type": "String" }, "s3:existingjobpriority": { "key": "s3:ExistingJobPriority", "description": "Filters access by priority range to cancelling existing jobs", "type": "Numeric" }, "s3:existingobjecttag/": { "key": "s3:ExistingObjectTag/", "description": "Filters access by existing object tag key and value", "type": "String" }, "s3:inventoryaccessibleoptionalfields": { "key": "s3:InventoryAccessibleOptionalFields", "description": "Filters access by restricting which optional metadata fields a user can add when configuring S3 Inventory reports", "type": "ArrayOfString" }, "s3:jobsuspendedcause": { "key": "s3:JobSuspendedCause", "description": "Filters access by a specific job suspended cause (for example, AWAITING_CONFIRMATION) to cancelling suspended jobs", "type": "String" }, "s3:objectcreationoperation": { "key": "s3:ObjectCreationOperation", "description": "Filters access by whether or not the operation creates an object", "type": "Bool" }, "s3:requestjoboperation": { "key": "s3:RequestJobOperation", "description": "Filters access by operation to creating jobs", "type": "String" }, "s3:requestjobpriority": { "key": "s3:RequestJobPriority", "description": "Filters access by priority range to creating new jobs", "type": "Numeric" }, "s3:requestobjecttag/": { "key": "s3:RequestObjectTag/", "description": "Filters access by the tag keys and values to be added to objects", "type": "String" }, "s3:requestobjecttagkeys": { "key": "s3:RequestObjectTagKeys", "description": "Filters access by the tag keys to be added to objects", "type": "ArrayOfString" }, "s3:resourceaccount": { "key": "s3:ResourceAccount", "description": "Filters access by the resource owner AWS account ID", "type": "String" }, "s3:tlsversion": { "key": "s3:TlsVersion", "description": "Filters access by the TLS version used by the client", "type": "Numeric" }, "s3:authtype": { "key": "s3:authType", "description": "Filters access by authentication method", "type": "String" }, "s3:delimiter": { "key": "s3:delimiter", "description": "Filters access by delimiter parameter", "type": "String" }, "s3:destinationregion": { "key": "s3:destinationRegion", "description": "Filters access by a specific replication destination region for targeted buckets of the AWS FIS action aws:s3:bucket-pause-replication", "type": "String" }, "s3:if-match": { "key": "s3:if-match", "description": "Filters access by the request's 'If-Match' conditional header", "type": "String" }, "s3:if-none-match": { "key": "s3:if-none-match", "description": "Filters access by the request's 'If-None-Match' conditional header", "type": "String" }, "s3:isreplicationpauserequest": { "key": "s3:isReplicationPauseRequest", "description": "Filters access by request made via AWS FIS action aws:s3:bucket-pause-replication", "type": "Bool" }, "s3:locationconstraint": { "key": "s3:locationconstraint", "description": "Filters access by a specific Region", "type": "String" }, "s3:max-keys": { "key": "s3:max-keys", "description": "Filters access by maximum number of keys returned in a ListBucket request", "type": "Numeric" }, "s3:object-lock-legal-hold": { "key": "s3:object-lock-legal-hold", "description": "Filters access by object legal hold status", "type": "String" }, "s3:object-lock-mode": { "key": "s3:object-lock-mode", "description": "Filters access by object retention mode (COMPLIANCE or GOVERNANCE)", "type": "String" }, "s3:object-lock-remaining-retention-days": { "key": "s3:object-lock-remaining-retention-days", "description": "Filters access by remaining object retention days", "type": "Numeric" }, "s3:object-lock-retain-until-date": { "key": "s3:object-lock-retain-until-date", "description": "Filters access by object retain-until date", "type": "Date" }, "s3:prefix": { "key": "s3:prefix", "description": "Filters access by key name prefix", "type": "String" }, "s3:signatureage": { "key": "s3:signatureAge", "description": "Filters access by the age in milliseconds of the request signature", "type": "Numeric" }, "s3:signatureversion": { "key": "s3:signatureversion", "description": "Filters access by the version of AWS Signature used on the request", "type": "String" }, "s3:versionid": { "key": "s3:versionid", "description": "Filters access by a specific object version", "type": "String" }, "s3:x-amz-acl": { "key": "s3:x-amz-acl", "description": "Filters access by canned ACL in the request's x-amz-acl header", "type": "String" }, "s3:x-amz-content-sha256": { "key": "s3:x-amz-content-sha256", "description": "Filters access by unsigned content in your bucket", "type": "String" }, "s3:x-amz-copy-source": { "key": "s3:x-amz-copy-source", "description": "Filters access by copy source bucket, prefix, or object in the copy object requests", "type": "String" }, "s3:x-amz-grant-full-control": { "key": "s3:x-amz-grant-full-control", "description": "Filters access by x-amz-grant-full-control (full control) header", "type": "String" }, "s3:x-amz-grant-read": { "key": "s3:x-amz-grant-read", "description": "Filters access by x-amz-grant-read (read access) header", "type": "String" }, "s3:x-amz-grant-read-acp": { "key": "s3:x-amz-grant-read-acp", "description": "Filters access by the x-amz-grant-read-acp (read permissions for the ACL) header", "type": "String" }, "s3:x-amz-grant-write": { "key": "s3:x-amz-grant-write", "description": "Filters access by the x-amz-grant-write (write access) header", "type": "String" }, "s3:x-amz-grant-write-acp": { "key": "s3:x-amz-grant-write-acp", "description": "Filters access by the x-amz-grant-write-acp (write permissions for the ACL) header", "type": "String" }, "s3:x-amz-metadata-directive": { "key": "s3:x-amz-metadata-directive", "description": "Filters access by object metadata behavior (COPY or REPLACE) when objects are copied", "type": "String" }, "s3:x-amz-object-ownership": { "key": "s3:x-amz-object-ownership", "description": "Filters access by Object Ownership", "type": "String" }, "s3:x-amz-server-side-encryption": { "key": "s3:x-amz-server-side-encryption", "description": "Filters access by server-side encryption", "type": "String" }, "s3:x-amz-server-side-encryption-aws-kms-key-id": { "key": "s3:x-amz-server-side-encryption-aws-kms-key-id", "description": "Filters access by AWS KMS customer managed CMK for server-side encryption", "type": "ARN" }, "s3:x-amz-server-side-encryption-customer-algorithm": { "key": "s3:x-amz-server-side-encryption-customer-algorithm", "description": "Filters access by customer specified algorithm for server-side encryption", "type": "String" }, "s3:x-amz-storage-class": { "key": "s3:x-amz-storage-class", "description": "Filters access by storage class", "type": "String" }, "s3:x-amz-website-redirect-location": { "key": "s3:x-amz-website-redirect-location", "description": "Filters access by a specific website redirect location for buckets that are configured as static websites", "type": "String" } }