Module Values.CreateAccessGrantResultSource

Creates an access grant that gives a grantee access to your S3 data. The grantee can be an IAM user or role or a directory user, or group. Before you can create a grant, you must have an S3 Access Grants instance in the same Region as the S3 data. You can create an S3 Access Grants instance using the CreateAccessGrantsInstance. You must also have registered at least one S3 data location in your S3 Access Grants instance using CreateAccessGrantsLocation. Permissions You must have the s3:CreateAccessGrant permission to use this operation. Additional Permissions For any directory identity - sso:DescribeInstance and sso:DescribeApplication For directory users - identitystore:DescribeUser For directory groups - identitystore:DescribeGroup

Sourcetype nonrec t = {
  1. createdAt : CreationTimestamp.t option;
    (*

    The date and time when you created the access grant.

    *)
  2. accessGrantId : AccessGrantId.t option;
    (*

    The ID of the access grant. S3 Access Grants auto-generates this ID when you create the access grant.

    *)
  3. accessGrantArn : AccessGrantArn.t option;
    (*

    The Amazon Resource Name (ARN) of the access grant.

    *)
  4. grantee : Grantee.t option;
    (*

    The user, group, or role to which you are granting access. You can grant access to an IAM user or role. If you have added your corporate directory to Amazon Web Services IAM Identity Center and associated your Identity Center instance with your S3 Access Grants instance, the grantee can also be a corporate directory user or group.

    *)
  5. accessGrantsLocationId : AccessGrantsLocationId.t option;
    (*

    The ID of the registered location to which you are granting access. S3 Access Grants assigns this ID when you register the location. S3 Access Grants assigns the ID default to the default location s3:// and assigns an auto-generated ID to other locations that you register.

    *)
  6. accessGrantsLocationConfiguration : AccessGrantsLocationConfiguration.t option;
    (*

    The configuration options of the grant location. The grant location is the S3 path to the data to which you are granting access.

    *)
  7. permission : Permission.t option;
    (*

    The type of access that you are granting to your S3 data, which can be set to one of the following values: READ – Grant read-only access to the S3 data. WRITE – Grant write-only access to the S3 data. READWRITE – Grant both read and write access to the S3 data.

    *)
  8. applicationArn : IdentityCenterApplicationArn.t option;
    (*

    The Amazon Resource Name (ARN) of an Amazon Web Services IAM Identity Center application associated with your Identity Center instance. If the grant includes an application ARN, the grantee can only access the S3 data through this application.

    *)
  9. grantScope : S3Prefix.t option;
    (*

    The S3 path of the data to which you are granting access. It is the result of appending the Subprefix to the location scope.

    *)
}
Sourcetype nonrec error = [
  1. | `Unknown_operation_error of string * string option
]
Sourceval make : ?createdAt:??? -> ?accessGrantId:??? -> ?accessGrantArn:??? -> ?grantee:??? -> ?accessGrantsLocationId:??? -> ?accessGrantsLocationConfiguration:??? -> ?permission:??? -> ?applicationArn:??? -> ?grantScope:??? -> unit -> t
Sourceval error_of_json : 'a -> Yojson.Safe.t -> [> `Unknown_operation_error of 'a * string option ]
Sourceval error_of_xml : 'a -> Awso.Xml.t -> [> `Unknown_operation_error of 'a * string option ]
Sourceval error_to_json : error -> Yojson.Safe.t
Sourceval to_value : t -> [> `Structure of (string * [> `Enum of string | `String of AccessGrantId.t | `Structure of (string * [> `Enum of string | `String of GranteeIdentifier.t ]) list | `Timestamp of CreationTimestamp.t ]) list ]
Sourceval to_query : t -> Awso.Client.Query.t
Sourceval of_xml : Awso.Xml.t -> t
Sourceval of_string : string -> t
Sourceval of_json : Yojson.Safe.t -> t
Sourceval to_json : t -> Yojson.Safe.t