import { Command as $Command } from "@smithy/smithy-client"; import { MetadataBearer as __MetadataBearer } from "@smithy/types"; import { PutBucketPolicyRequest } from "../models/models_1"; import { S3ClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../S3Client"; /** * @public */ export type { __MetadataBearer }; export { $Command }; /** * @public * * The input for {@link PutBucketPolicyCommand}. */ export interface PutBucketPolicyCommandInput extends PutBucketPolicyRequest { } /** * @public * * The output of {@link PutBucketPolicyCommand}. */ export interface PutBucketPolicyCommandOutput extends __MetadataBearer { } declare const PutBucketPolicyCommand_base: { new (input: PutBucketPolicyCommandInput): import("@smithy/smithy-client").CommandImpl; new (__0_0: PutBucketPolicyCommandInput): import("@smithy/smithy-client").CommandImpl; getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions; }; /** *

Applies an Amazon S3 bucket policy to an Amazon S3 bucket.

* *

* Directory buckets - For directory buckets, you must make requests for this API operation to the Regional endpoint. These endpoints support path-style requests in the format https://s3express-control.region-code.amazonaws.com/bucket-name *. Virtual-hosted-style requests aren't supported. * For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the * Amazon S3 User Guide. For more information about endpoints in Local Zones, see Concepts for directory buckets in Local Zones in the * Amazon S3 User Guide.

* *

Permissions

If you are using an identity other than the root user of the Amazon Web Services account that * owns the bucket, the calling identity must both have the * PutBucketPolicy permissions on the specified bucket and belong to * the bucket owner's account in order to use this operation.

If you don't have PutBucketPolicy permissions, Amazon S3 returns a * 403 Access Denied error. If you have the correct permissions, but * you're not using an identity that belongs to the bucket owner's account, Amazon S3 * returns a 405 Method Not Allowed error.

* *

To ensure that bucket owners don't inadvertently lock themselves out of * their own buckets, the root principal in a bucket owner's Amazon Web Services account can * perform the GetBucketPolicy, PutBucketPolicy, and * DeleteBucketPolicy API actions, even if their bucket policy * explicitly denies the root principal's access. Bucket owner root principals can * only be blocked from performing these API actions by VPC endpoint policies and * Amazon Web Services Organizations policies.

* *

*
* General purpose bucket permissions - The * s3:PutBucketPolicy permission is required in a policy. For * more information about general purpose buckets bucket policies, see Using Bucket Policies and User Policies in the * Amazon S3 User Guide.
*
*
* Directory bucket permissions - * To grant access to this API operation, you must have the * s3express:PutBucketPolicy permission in * an IAM identity-based policy instead of a bucket policy. Cross-account access to this API operation isn't supported. This operation can only be performed by the Amazon Web Services account that owns the resource. * For more information about directory bucket policies and permissions, see Amazon Web Services Identity and Access Management (IAM) for S3 Express One Zone in the Amazon S3 User Guide.
*

Example bucket policies

* General purpose buckets example bucket policies * - See Bucket policy * examples in the Amazon S3 User Guide.

* Directory bucket example bucket policies * - See Example bucket policies for S3 Express One Zone in the * Amazon S3 User Guide.

HTTP Host header syntax

* Directory buckets - The HTTP Host header syntax is s3express-control.region-code.amazonaws.com.

The following operations are related to PutBucketPolicy:

*
* CreateBucket *
*
*
* DeleteBucket *
*

* @example * Use a bare-bones client and the command you need to make an API call. * ```javascript * import { S3Client, PutBucketPolicyCommand } from "@aws-sdk/client-s3"; // ES Modules import * // const { S3Client, PutBucketPolicyCommand } = require("@aws-sdk/client-s3"); // CommonJS import * const client = new S3Client(config); * const input = { // PutBucketPolicyRequest * Bucket: "STRING_VALUE", // required * ContentMD5: "STRING_VALUE", * ChecksumAlgorithm: "CRC32" || "CRC32C" || "SHA1" || "SHA256" || "CRC64NVME", * ConfirmRemoveSelfBucketAccess: true || false, * Policy: "STRING_VALUE", // required * ExpectedBucketOwner: "STRING_VALUE", * }; * const command = new PutBucketPolicyCommand(input); * const response = await client.send(command); * // {}; * * ``` * * @param PutBucketPolicyCommandInput - {@link PutBucketPolicyCommandInput} * @returns {@link PutBucketPolicyCommandOutput} * @see {@link PutBucketPolicyCommandInput} for command's `input` shape. * @see {@link PutBucketPolicyCommandOutput} for command's `response` shape. * @see {@link S3ClientResolvedConfig | config} for S3Client's `config` shape. * * @throws {@link S3ServiceException} *

Base exception class for all service exceptions from S3 service.

* * * @example Set bucket policy * ```javascript * // The following example sets a permission policy on a bucket. * const input = { * Bucket: "examplebucket", * Policy: `{"Version": "2012-10-17", "Statement": [{ "Sid": "id-1","Effect": "Allow","Principal": {"AWS": "arn:aws:iam::123456789012:root"}, "Action": [ "s3:PutObject","s3:PutObjectAcl"], "Resource": ["arn:aws:s3:::acl3/*" ] } ]}` * }; * const command = new PutBucketPolicyCommand(input); * const response = await client.send(command); * /* response is * { /* metadata only *\/ } * *\/ * ``` * * @public */ export declare class PutBucketPolicyCommand extends PutBucketPolicyCommand_base { /** @internal type navigation helper, not in runtime. */ protected static __types: { api: { input: PutBucketPolicyRequest; output: {}; }; sdk: { input: PutBucketPolicyCommandInput; output: PutBucketPolicyCommandOutput; }; }; }