Posted On: Sep 24, 2024
Amazon S3 Access Grants now support ListCallerAccessGrants, a new API that allows Amazon Identity and Access Management (IAM) principals and Amazon IAM Identity Center end users to list all S3 buckets, prefixes, and objects they can access, as defined by their S3 Access Grants. Customers can use ListCallerAccessGrants to build applications that identify and then take action on data that is accessible to specific end users.
S3 Access Grants map identities in Amazon IAM or Identity Providers (IdPs) to your datasets in S3. When customers call the ListCallerAccessGrants action, S3 identifies the IAM principal or IAM Identity Center user and their associated groups. The API then returns the S3 Access Grants for the end user and their groups based on group membership in Amazon IAM or an IdP.
The ListCallerAccessGrants API is available in all Amazon Web Services Regions where Amazon IAM Identity Center is available, including the Amazon Web Services China (Beijing) Region, operated by Sinnet, and the Amazon Web Services China (Ningxia) Region, operated by NWCD. For pricing details, visit Amazon S3 pricing. To learn more about S3 Access Grants, visit the S3 User Guide.