Object Storage is a computer data storage architecture that manages data as objects as opposed to block storage which manages data as blocks within sectors and tracks. Managed Object storage is commonly used to manage large amounts of unstructured data for example storing large datasets like photos, music, or files in online collaboration services. All customers data is encrypted by default using encryption at rest.
Managed Object Storage API commands allow creation, management and deletion of Object Storage devices as well as viewing Object Storage network data usage. Managed Object Storage is fully S3-compliant allowing file and bucket management using existing S3 clients.
API follows JSON Merge Patch semantics. Note when modifying nested structures payload should contain entire array, which in a sense is PUT within PATCH for them. JSON Merge Patch uses null to explicitly indicate property deletion while absent properties are ignored, i.e. not modified.
List services
Returns a list of object storage services.
query Parameters
limitNumber of entries to receive at most.
Schema for a query parameter specifying the maximum number of entries to return (limit).
offsetOffset for retrieved results.
Schema for a query parameter specifying the offset for pagination.
sortOrder of returned results.
Schema for a query parameter specifying the sort field and direction. Prefix with '-' for descending order.
List services › Responses
OK
Response schema for a list of services.
uuidnameregionconfigured_statusoperational_stateStatic website configurations for this service
termination_protectioncreated_atupdated_atCreate service
Creates a new object storage service.
Create service › Request Body
nameregion^[a-zA-Z0-9_-]+$ · requiredA resource name.
configured_statusSchema for the configured status of a property.
Networks to attach to the service. Private networks must reside in the same region as the object storage.
Custom domains to attach to the service.
Labels for classifying the service.
Schema for creating properties with an optional access control origin override.
termination_protectionEnables or disables termination protection for the service. When enabled, the service cannot be deleted or powered down unless this is disabled first.
Create service › Responses
Created
uuidnameregionconfigured_statusoperational_stateStatic website configurations for this service
termination_protectioncreated_atupdated_atGet service details
Returns object storage service details by given {service_uuid}.
path Parameters
service-uuidService UUID
The unique identifier for the service.
Get service details › Responses
OK
uuidnameregionconfigured_statusoperational_stateStatic website configurations for this service
termination_protectioncreated_atupdated_atReplace service
Replaces existing object storage service by given {service_uuid}.
path Parameters
service-uuidService UUID
The unique identifier for the service.
Replace service › Request Body
nameThe name of the service.
configured_statusSchema for the configured status of a property.
termination_protectionEnables or disables termination protection for the service. When enabled, the service cannot be deleted or powered down unless this is disabled first.
Static website configurations for this service. Array replaces all existing configurations.
Schema for creating properties with an optional access control origin override.
Replace service › Responses
OK
uuidnameregionconfigured_statusoperational_stateStatic website configurations for this service
termination_protectioncreated_atupdated_atDelete service
Deletes existing object storage service by given {service_uuid}.
path Parameters
service-uuidService UUID
The unique identifier for the service.
query Parameters
forceIf the parameter is provided, the deletion process starts even if the service is not empty.
Schema for a query parameter specifying whether to force an operation.
Delete service › Responses
No Content
Modify service
Modifies existing object storage service by given {service_uuid}.
path Parameters
service-uuidService UUID
The unique identifier for the service.
Modify service › Request Body
nameconfigured_statusSchema for the configured status of a property.
Static website configurations for this service. Array replaces all existing configurations.
Schema for creating properties with an optional access control origin override.
termination_protectionEnables or disables termination protection for the service. When enabled, the service cannot be deleted or powered down unless this is disabled first.
Modify service › Responses
OK
uuidnameregionconfigured_statusoperational_stateStatic website configurations for this service
termination_protectioncreated_atupdated_atList networks
Returns a list of available service networks by given {service_uuid}.
path Parameters
service-uuidService UUID
The unique identifier for the service.
List networks › Responses
OK
Response schema for a list of network details.
familynametypeuuidCreate network
Creates a new service network by given {service_uuid}.
path Parameters
service-uuidService UUID
The unique identifier for the service.
Create network › Request Body
name^[a-zA-Z0-9_-]+$ · requiredA resource name.
typeEnum for the network type, indicating whether the network is public or private.
familyEnum for the network family, indicating the type of IP address used.
uuidPrivate network uuid. Omit for public networks.
Create network › Responses
Created
familynametypeuuidGet network details
Returns service network details by given {service_uuid} and {network_name}.
path Parameters
service-uuidService UUID
The unique identifier for the service.
network-name^[a-zA-Z0-9_-]+$ · requiredThe name of the network.
A resource name.
Get network details › Responses
OK
familynametypeuuidDelete network
Deletes existing network by given {service_uuid} and {network_name}.
path Parameters
service-uuidService UUID
The unique identifier for the service.
network-name^[a-zA-Z0-9_-]+$ · requiredThe name of the network.
A resource name.
Delete network › Responses
No Content
List custom domains
Returns a list of custom domains attached to a service by given {service_uuid}.
path Parameters
service-uuidService UUID
The unique identifier for the service.
List custom domains › Responses
OK
Response schema for listing custom domains.
domain_nameCustom domain name. Supports both apex domains and subdomains.
typeEndpoint type for the custom domain.
modePurpose of the domain. 'api' for S3 API access, 'static-website' for static website hosting.
Attach custom domain
Attaches a new custom domain to the service identified by {service_uuid}.
path Parameters
service-uuidService UUID
The unique identifier for the service.
Attach custom domain › Request Body
typeType of the custom domain. At the moment only public is accepted.
domain_nameCustom domain to be added. Supports both apex domains (example.com) and subdomains (objects.example.com).
modePurpose of the domain. 'api' for S3 API access (creates base URL), 'static-website' for static website hosting (no base URL). Cannot be changed after creation.
Attach custom domain › Responses
Created
domain_nameCustom domain name. Supports both apex domains and subdomains.
typeEndpoint type for the custom domain.
modePurpose of the domain. 'api' for S3 API access, 'static-website' for static website hosting.
Get custom domain details
Returns custom domain details by given {service_uuid} and {domain_name}.
path Parameters
service-uuidService UUID
The unique identifier for the service.
custom-domain-nameThe domain name.
A valid hostname for the custom domain. Supports both apex domains (example.com) and subdomains (objects.example.com).
Get custom domain details › Responses
OK
domain_nameCustom domain name. Supports both apex domains and subdomains.
typeEndpoint type for the custom domain.
modePurpose of the domain. 'api' for S3 API access, 'static-website' for static website hosting.
Delete custom domain
Deletes existing custom domain by given {service_uuid} and {domain_name}.
path Parameters
service-uuidService UUID
The unique identifier for the service.
custom-domain-nameThe domain name.
A valid hostname for the custom domain. Supports both apex domains (example.com) and subdomains (objects.example.com).
Delete custom domain › Responses
No Content
Modify custom domain
Modifies existing custom domain by given {service_uuid} and {domain_name}.
path Parameters
service-uuidService UUID
The unique identifier for the service.
custom-domain-nameThe domain name.
A valid hostname for the custom domain. Supports both apex domains (example.com) and subdomains (objects.example.com).
Modify custom domain › Request Body
typeType of the custom domain.
domain_nameNew modified custom domain. Supports both apex domains (example.com) and subdomains (objects.example.com).
Modify custom domain › Responses
OK
domain_nameCustom domain name. Supports both apex domains and subdomains.
typeEndpoint type for the custom domain.
modePurpose of the domain. 'api' for S3 API access, 'static-website' for static website hosting.
List regions
Returns a list of available managed object storage regions.
List regions › Responses
OK
Response schema for listing regions.
nameprimary_zoneGet region details
Returns object storage region details by given {name}.
path Parameters
region-name^[a-zA-Z0-9_-]+$ · requiredThe name of the region.
A resource name.
Get region details › Responses
OK
nameprimary_zoneGet service metrics
Returns object storage metrics by given {service_uuid}.
path Parameters
service-uuidService UUID
The unique identifier for the service.
Get service metrics › Responses
OK
total_objectstotal_size_bytesList bucket metrics
Returns metrics for buckets within a service.
path Parameters
service-uuidService UUID
The unique identifier for the service.
query Parameters
limitNumber of entries to receive at most.
Schema for a query parameter specifying the maximum number of entries to return (limit).
offsetOffset for retrieved results.
Schema for a query parameter specifying the offset for pagination.
List bucket metrics › Responses
OK
Response schema for listing buckets.
nametotal_objectstotal_size_bytesdeletedCreate bucket
Creates a new service bucket by the given {service_uuid}.
path Parameters
service-uuidService UUID
The unique identifier for the service.
Create bucket › Request Body
name^[a-zA-Z0-9.\-_]{1,2… · requiredMust be unique within the service, and should contain only alphanumeric, .,- and _.
Create bucket › Responses
Created
nametotal_objectstotal_size_bytesdeletedDelete bucket
Deletes an existing bucket by given {service_uuid} and {bucket_name}. This API call will remove all objects from the bucket permanently and cannot be reversed.
path Parameters
service-uuidService UUID
The unique identifier for the service.
bucket-name^[a-zA-Z0-9_-]+$ · requiredThe name of the bucket.
A resource name.
Delete bucket › Responses
No Content
List service metrics series
Returns Object Storage instance metrics series by a given {service_uuid}.
path Parameters
service-uuidService UUID
The unique identifier for the service.
query Parameters
fromBeginning of the time range for which to return metrics.
Schema for a query parameter specifying a timestamp.
toEnd of the time range for which to return metrics.
Schema for a query parameter specifying a timestamp.
intervalMetrics aggregation interval.
Schema for a query parameter specifying the time interval.
sortOrder of returned results.
Schema for a query parameter specifying the sort field and direction. Prefix with '-' for descending order.
limitNumber of entries to receive at most.
Schema for a query parameter specifying the maximum number of entries to return (limit).
offsetOffset for retrieved results.
Schema for a query parameter specifying the offset for pagination.
List service metrics series › Responses
OK
Response schema for listing metrics series.
bytes_createdbytes_deletedbytes_receivedbytes_totalbytes_transmittedend_atobjects_createdobjects_deletedobjects_totalstart_atList labels
Returns a list of available service labels by given {service_uuid}.
path Parameters
service-uuidService UUID
The unique identifier for the service.
List labels › Responses
OK
Response schema for listing labels.
keyvalueCreate label
Creates a new label by given {service_uuid}. Labels are used for service filtering.
path Parameters
service-uuidService UUID
The unique identifier for the service.
Create label › Request Body
key^[\x20-\x5E\x60-\x7E… · requiredThe key of a label.
value\A[\p{L}\p{N}\p{P}\p… · requiredSchema for a label value property, allowing a string or null with specific character constraints.
Create label › Responses
Created
keyvalueGet label details
Returns label details by given {service_uuid} and {key}.
path Parameters
service-uuidService UUID
The unique identifier for the service.
label-key^[\x20-\x5E\x60-\x7E… · requiredThe key of the label.
The key of a label.
Get label details › Responses
OK
keyvalueDelete label
Deletes existing label by given {service_uuid} and {key}.
path Parameters
service-uuidService UUID
The unique identifier for the service.
label-key^[\x20-\x5E\x60-\x7E… · requiredThe key of the label.
The key of a label.
Delete label › Responses
No Content
Modify label
Modifies existing label by given {service_uuid} and {key}.
path Parameters
service-uuidService UUID
The unique identifier for the service.
label-key^[\x20-\x5E\x60-\x7E… · requiredThe key of the label.
The key of a label.
Modify label › Request Body
key^[\x20-\x5E\x60-\x7E…The key of a label.
value\A[\p{L}\p{N}\p{P}\p…Schema for a label value property, allowing a string or null with specific character constraints.
Modify label › Responses
OK
keyvalueList static website configurations
Returns all static website configurations for a service along with available domains.
path Parameters
service-uuidService UUID
The unique identifier for the service.
List static website configurations › Responses
OK
Create static website configuration
Creates a new static website hosting configuration for a domain.
path Parameters
service-uuidService UUID
The unique identifier for the service.
Create static website configuration › Request Body
bucket_name^[a-zA-Z0-9.\-_]+$ · requiredName of the S3/ECS bucket containing the website content. Only alphanumerics, dots, hyphens, and underscores are allowed.
domain_nameCustom domain to use for static website hosting. Must be a custom domain attached to the service. If omitted, the primary static website domain is used.
bucket_prefix^[a-zA-Z0-9/.\-_]*$Optional prefix/subfolder within the bucket. Only alphanumerics, slashes, dots, hyphens, and underscores are allowed.
index_document^[a-zA-Z0-9/.\-_]+$Default document for directories. Only alphanumerics, slashes, dots, hyphens, and underscores are allowed.
spa_modeEnable Single Page Application (SPA) mode. When enabled, all non-file routes serve the index document, allowing client-side routing to handle the URL. Essential for React, Vue, Next.js, and similar frameworks.
enabledWhether the static website configuration should be active. Defaults to true if not specified.
Custom error page configurations for specific HTTP status codes or ranges
Create static website configuration › Responses
Created
domain_nameThe domain this configuration applies to
bucket_name^[a-zA-Z0-9.\-_]*$ · requiredName of the S3/ECS bucket containing the website content. Only alphanumerics, dots, hyphens, and underscores are allowed.
bucket_prefix^[a-zA-Z0-9/.\-_]*$ · requiredOptional prefix/subfolder within the bucket. Only alphanumerics, slashes, dots, hyphens, and underscores are allowed.
index_document^[a-zA-Z0-9/.\-_]+$ · requiredDefault document for directories. Only alphanumerics, slashes, dots, hyphens, and underscores are allowed.
Custom error page configurations for specific HTTP status codes or ranges
enabledWhether the static website configuration is currently active
created_atTimestamp when this configuration was created
updated_atTimestamp when this configuration was last updated
spa_modeEnable Single Page Application (SPA) mode. When enabled, all non-file routes serve the index document, allowing client-side routing to handle the URL. Essential for React, Vue, Next.js, and similar frameworks.
Get static website configuration
Returns a static website configuration for a specific domain.
path Parameters
service-uuidService UUID
The unique identifier for the service.
custom-domain-nameThe domain name.
A valid hostname for the custom domain. Supports both apex domains (example.com) and subdomains (objects.example.com).
Get static website configuration › Responses
OK
domain_nameThe domain this configuration applies to
bucket_name^[a-zA-Z0-9.\-_]*$ · requiredName of the S3/ECS bucket containing the website content. Only alphanumerics, dots, hyphens, and underscores are allowed.
bucket_prefix^[a-zA-Z0-9/.\-_]*$ · requiredOptional prefix/subfolder within the bucket. Only alphanumerics, slashes, dots, hyphens, and underscores are allowed.
index_document^[a-zA-Z0-9/.\-_]+$ · requiredDefault document for directories. Only alphanumerics, slashes, dots, hyphens, and underscores are allowed.
Custom error page configurations for specific HTTP status codes or ranges
enabledWhether the static website configuration is currently active
created_atTimestamp when this configuration was created
updated_atTimestamp when this configuration was last updated
spa_modeEnable Single Page Application (SPA) mode. When enabled, all non-file routes serve the index document, allowing client-side routing to handle the URL. Essential for React, Vue, Next.js, and similar frameworks.
Delete static website configuration
Deletes a static website configuration.
path Parameters
service-uuidService UUID
The unique identifier for the service.
custom-domain-nameThe domain name.
A valid hostname for the custom domain. Supports both apex domains (example.com) and subdomains (objects.example.com).
Delete static website configuration › Responses
No Content
Modify static website configuration
Updates an existing static website configuration.
path Parameters
service-uuidService UUID
The unique identifier for the service.
custom-domain-nameThe domain name.
A valid hostname for the custom domain. Supports both apex domains (example.com) and subdomains (objects.example.com).
Modify static website configuration › Request Body
bucket_name^[a-zA-Z0-9.\-_]+$Name of the S3/ECS bucket containing the website content. Only alphanumerics, dots, hyphens, and underscores are allowed.
bucket_prefix^[a-zA-Z0-9/.\-_]*$Optional prefix/subfolder within the bucket. Only alphanumerics, slashes, dots, hyphens, and underscores are allowed.
index_document^[a-zA-Z0-9/.\-_]+$Default document for directories. Only alphanumerics, slashes, dots, hyphens, and underscores are allowed.
spa_modeEnable Single Page Application (SPA) mode. When enabled, all non-file routes serve the index document, allowing client-side routing to handle the URL. Essential for React, Vue, Next.js, and similar frameworks.
enabledWhether the static website configuration should be active
Custom error page configurations for specific HTTP status codes or ranges. Replaces the entire set when provided.
Modify static website configuration › Responses
OK
domain_nameThe domain this configuration applies to
bucket_name^[a-zA-Z0-9.\-_]*$ · requiredName of the S3/ECS bucket containing the website content. Only alphanumerics, dots, hyphens, and underscores are allowed.
bucket_prefix^[a-zA-Z0-9/.\-_]*$ · requiredOptional prefix/subfolder within the bucket. Only alphanumerics, slashes, dots, hyphens, and underscores are allowed.
index_document^[a-zA-Z0-9/.\-_]+$ · requiredDefault document for directories. Only alphanumerics, slashes, dots, hyphens, and underscores are allowed.
Custom error page configurations for specific HTTP status codes or ranges
enabledWhether the static website configuration is currently active
created_atTimestamp when this configuration was created
updated_atTimestamp when this configuration was last updated
spa_modeEnable Single Page Application (SPA) mode. When enabled, all non-file routes serve the index document, allowing client-side routing to handle the URL. Essential for React, Vue, Next.js, and similar frameworks.
List service domains
Returns all domains associated with this service (public endpoint, private endpoint, custom domains) along with their static website hosting status.
path Parameters
service-uuidService UUID
The unique identifier for the service.
List service domains › Responses
OK
List of all service domains (public, private, custom) with their static website hosting availability and configuration status
List users
Returns a list of available service users by given {service_uuid}.
path Parameters
service-uuidService UUID
The unique identifier for the service.
List users › Responses
OK
Response schema for listing users.
usernamearncreated_atpermissions_boundarySchema representing a permissions boundary response.
Create user
Creates a new service user by given {service_uuid}.
path Parameters
service-uuidService UUID
The unique identifier for the service.
Create user › Request Body
username[\w+=,.@-]+ · requiredThe name of the user to create.
Create user › Responses
Created
usernamearncreated_atpermissions_boundarySchema representing a permissions boundary response.
Get user details
Returns service user details by given {service_uuid} and {username}.
path Parameters
service-uuidService UUID
The unique identifier for the service.
username^[a-zA-Z0-9_-]+$ · requiredThe name of the user.
A resource name.
Get user details › Responses
OK
usernamearncreated_atpermissions_boundarySchema representing a permissions boundary response.
Delete user
Deletes existing user by given {service_uuid} and {username}.
path Parameters
service-uuidService UUID
The unique identifier for the service.
username^[a-zA-Z0-9_-]+$ · requiredThe name of the user.
A resource name.
Delete user › Responses
No Content
List access keys
Returns a list of available access keys for a user.
path Parameters
service-uuidService UUID
The unique identifier for the service.
username^[a-zA-Z0-9_-]+$ · requiredThe name of the user.
A resource name.
List access keys › Responses
OK
Response schema for listing access keys.
access_key_idcreated_atlast_used_atsecret_access_keyOnly returned upon creation, empty otherwise.
statusCreate access key
Creates a new access key by given {service_uuid} and {username}.
path Parameters
service-uuidService UUID
The unique identifier for the service.
username^[a-zA-Z0-9_-]+$ · requiredThe name of the user.
A resource name.
Create access key › Responses
Created. Note: secret_access_key is returned only on creation.
access_key_idcreated_atlast_used_atsecret_access_keyThis is only returned upon creation.
statusGet access key details
Returns access key details by given {service_uuid}, {username}, and {access-key-id}.
path Parameters
service-uuidService UUID
The unique identifier for the service.
username^[a-zA-Z0-9_-]+$ · requiredThe name of the user.
A resource name.
access-key-idThe ID of the access key.
The public identifier for an access key.
Get access key details › Responses
OK
access_key_idcreated_atlast_used_atsecret_access_keyOnly returned upon creation, empty otherwise.
statusDelete access key
Deletes existing access key by given {service_uuid}, {username}, and {access-key-id}.
path Parameters
service-uuidService UUID
The unique identifier for the service.
username^[a-zA-Z0-9_-]+$ · requiredThe name of the user.
A resource name.
access-key-idThe ID of the access key.
The public identifier for an access key.
Delete access key › Responses
No Content
Modify access key details
Modifies access key details.
path Parameters
service-uuidService UUID
The unique identifier for the service.
username^[a-zA-Z0-9_-]+$ · requiredThe name of the user.
A resource name.
access-key-idThe ID of the access key.
The public identifier for an access key.
Modify access key details › Request Body
statusIndicates if the key is active or inactive.
Modify access key details › Responses
OK
access_key_idcreated_atlast_used_atsecret_access_keyOnly returned upon creation, empty otherwise.
statusList attached user policies
Returns a list of attached user policies for a user.
path Parameters
service-uuidService UUID
The unique identifier for the service.
username^[a-zA-Z0-9_-]+$ · requiredThe name of the user.
A resource name.
List attached user policies › Responses
OK
Response schema for listing policy attachments.
arnnameAttach user policy
Attach a policy to a user.
path Parameters
service-uuidService UUID
The unique identifier for the service.
username^[a-zA-Z0-9_-]+$ · requiredThe name of the user.
A resource name.
Attach user policy › Request Body
name^[a-zA-Z0-9+=,.@_\- … · requiredName of the policy to attach.
Attach user policy › Responses
No Content
Detach user policy
Detach a policy from a user.
path Parameters
service-uuidService UUID
The unique identifier for the service.
username^[a-zA-Z0-9_-]+$ · requiredThe name of the user.
A resource name.
nested-name^[a-zA-Z0-9_-]+$ · requiredThe name of the policy to detach.
A resource name.
Detach user policy › Responses
No Content
Get user inline policy
Get the user inline policy by the given {service_uuid}, {username} and {policy_name}.
path Parameters
service-uuidService UUID
The unique identifier for the service.
username^[a-zA-Z0-9_-]+$ · requiredThe name of the user.
A resource name.
user-policy-name^[a-zA-Z0-9_-]+$ · requiredThe name of the inline policy.
A resource name.
Get user inline policy › Responses
OK
documentnameDelete user inline policy
Deletes the user inline policy by the given {service_uuid}, {username}, and {policy_name}.
path Parameters
service-uuidService UUID
The unique identifier for the service.
username^[a-zA-Z0-9_-]+$ · requiredThe name of the user.
A resource name.
user-policy-name^[a-zA-Z0-9_-]+$ · requiredThe name of the inline policy.
A resource name.
Delete user inline policy › Responses
No Content
List user inline policies
Lists the user inline policies by the given {service_uuid}, and {username}.
path Parameters
service-uuidService UUID
The unique identifier for the service.
username^[a-zA-Z0-9_-]+$ · requiredThe name of the user.
A resource name.
List user inline policies › Responses
OK
Response schema for listing inline policies.
documentnameCreate user inline policy
Creates a user inline policy by the given {service_uuid}, and {username}.
path Parameters
service-uuidService UUID
The unique identifier for the service.
username^[a-zA-Z0-9_-]+$ · requiredThe name of the user.
A resource name.
Create user inline policy › Request Body
nameName of the inline policy.
documentA valid policy document.
Create user inline policy › Responses
Created
documentnameGet user tags
Returns a user's tags by the given {service_uuid}, and {username}.
path Parameters
service-uuidService UUID
The unique identifier for the service.
username^[a-zA-Z0-9_-]+$ · requiredThe name of the user.
A resource name.
Get user tags › Responses
OK
Response schema for listing tags associated with a resource.
keyvalueReplace user tags
Replaces a user's tags by the given {service_uuid}, and {username}.
path Parameters
service-uuidService UUID
The unique identifier for the service.
username^[a-zA-Z0-9_-]+$ · requiredThe name of the user.
A resource name.
Replace user tags › Request Body
Schema for a list of tags to apply to a resource.
keyvalueReplace user tags › Responses
OK
Response schema for listing tags associated with a resource.
keyvalueDelete user tag
Deletes a user's tag by the given {service_uuid}, {username}, and {tag_key}.
path Parameters
service-uuidService UUID
The unique identifier for the service.
username^[a-zA-Z0-9_-]+$ · requiredThe name of the user.
A resource name.
user-tag-keyThe key of the user tag.
The key of a tag.
Delete user tag › Responses
No Content
Create user permissions boundary
Creates a user's permissions boundary by the given {service_uuid}, and {username}.
path Parameters
service-uuidService UUID
The unique identifier for the service.
username^[a-zA-Z0-9_-]+$ · requiredThe name of the user.
A resource name.
Create user permissions boundary › Request Body
policy_nameName of the policy to use as the permissions boundary.
Create user permissions boundary › Responses
OK
Schema representing a permissions boundary response.
Delete user permissions boundary
Deletes a user's permissions boundary by the given {service_uuid}, and {username}.
path Parameters
service-uuidService UUID
The unique identifier for the service.
username^[a-zA-Z0-9_-]+$ · requiredThe name of the user.
A resource name.
Delete user permissions boundary › Responses
No Content
List policy versions
Lists policy versions given by {service_uuid}, and {policy_name}.
path Parameters
service-uuidService UUID
The unique identifier for the service.
policy-name^[a-zA-Z0-9_-]+$ · requiredThe name of the policy.
A resource name.
List policy versions › Responses
OK
Response schema for a list of policy versions.
create_datedocumentis_defaultversion_idCreate policy version
Creates a policy version by the given {service_uuid}, and {policy_name}.
path Parameters
service-uuidService UUID
The unique identifier for the service.
policy-name^[a-zA-Z0-9_-]+$ · requiredThe name of the policy.
A resource name.
Create policy version › Request Body
documentA valid, URL-encoded policy document.
is_defaultSet this version as the default.
Create policy version › Responses
Created
create_datedocumentis_defaultversion_idGet policy version
Get a single policy version by the given {service_uuid}, {policy_name}, and {policy_version}.
path Parameters
service-uuidService UUID
The unique identifier for the service.
policy-name^[a-zA-Z0-9_-]+$ · requiredThe name of the policy.
A resource name.
policy-versionThe version identifier of the policy.
The version identifier of a policy (e.g., v1, v2).
Get policy version › Responses
OK
create_datedocumentis_defaultversion_idDelete a policy version
Deletes a policy version by the given {service_uuid}, {policy_name}, and {policy_version}.
path Parameters
service-uuidService UUID
The unique identifier for the service.
policy-name^[a-zA-Z0-9_-]+$ · requiredThe name of the policy.
A resource name.
policy-versionThe version identifier of the policy.
The version identifier of a policy (e.g., v1, v2).
Delete a policy version › Responses
No Content
Get policy details
Returns service policy details by given {service_uuid} and {policy_name}.
path Parameters
service-uuidService UUID
The unique identifier for the service.
policy-name^[a-zA-Z0-9_-]+$ · requiredThe name of the policy.
A resource name.
Get policy details › Responses
OK
arnattachment_countcreated_atdefault_version_iddescriptiondocumentnamesystemupdated_atDelete policy
Deletes existing policy by given {service_uuid} and {policy_name}.
path Parameters
service-uuidService UUID
The unique identifier for the service.
policy-name^[a-zA-Z0-9_-]+$ · requiredThe name of the policy.
A resource name.
Delete policy › Responses
No Content
Set default policy version
Sets the default version for a policy. Note: This is mapped from ModifyPolicyVersion handler.
path Parameters
service-uuidService UUID
The unique identifier for the service.
policy-name^[a-zA-Z0-9_-]+$ · requiredThe name of the policy.
A resource name.
Set default policy version › Request Body
version_idThe policy version ID to set as default.
Set default policy version › Responses
OK
arnattachment_countcreated_atdefault_version_iddescriptiondocumentnamesystemupdated_atList policies
Returns a list of available service policies by given {service_uuid}.
path Parameters
service-uuidService UUID
The unique identifier for the service.
List policies › Responses
OK
Response schema for listing policies.
arnattachment_countcreated_atdefault_version_iddescriptiondocumentnamesystemupdated_atCreate policy
Creates a new service policy by given {service_uuid}.
path Parameters
service-uuidService UUID
The unique identifier for the service.
Create policy › Request Body
name[\w+=,.@-]+ · requiredUnique name of the policy.
documentA valid, URL-encoded policy document.
descriptionThe policy description.
Create policy › Responses
Created
arnattachment_countcreated_atdefault_version_iddescriptiondocumentnamesystemupdated_atList IAM Group Policies
Lists IAM policies attached to a group.
path Parameters
service-uuidService UUID
The unique identifier for the service.
group-name^[a-zA-Z0-9_-]+$ · requiredThe name of the group.
A resource name.
List IAM Group Policies › Responses
OK
Response schema for listing policy attachments.
arnnameAttach IAM Group Policy
Attaches a policy to a group.
path Parameters
service-uuidService UUID
The unique identifier for the service.
group-name^[a-zA-Z0-9_-]+$ · requiredThe name of the group.
A resource name.
Attach IAM Group Policy › Request Body
name^[a-zA-Z0-9+=,.@_\- … · requiredName of the policy to attach.
Attach IAM Group Policy › Responses
No Content
Detach IAM Group Policy
Detaches a policy from a group.
path Parameters
service-uuidService UUID
The unique identifier for the service.
group-name^[a-zA-Z0-9_-]+$ · requiredThe name of the group.
A resource name.
policy-name^[a-zA-Z0-9_-]+$ · requiredThe name of the policy.
A resource name.
Detach IAM Group Policy › Responses
No Content
List groups
Returns a list of available service groups by given {service_uuid}.
path Parameters
service-uuidService UUID
The unique identifier for the service.
List groups › Responses
OK
Response schema for listing groups.
arncreated_atnameCreate group
Creates an iam group.
path Parameters
service-uuidService UUID
The unique identifier for the service.
Create group › Request Body
name[\w+=,.@-]+ · requiredA valid string to represent the name of the IAM group.
Create group › Responses
Created
arncreated_atnameGet group
Get a single group identified by {service_uuid}, and {group_name}.
path Parameters
service-uuidService UUID
The unique identifier for the service.
group-name^[a-zA-Z0-9_-]+$ · requiredThe name of the group.
A resource name.
Get group › Responses
OK
arncreated_atnameDelete group
Deletes a group identified by {group_name}.
path Parameters
service-uuidService UUID
The unique identifier for the service.
group-name^[a-zA-Z0-9_-]+$ · requiredThe name of the group.
A resource name.
Delete group › Responses
No Content
Attach user to group
Attaches an iam user to a group identified by {group_name}, and {username}.
path Parameters
service-uuidService UUID
The unique identifier for the service.
group-name^[a-zA-Z0-9_-]+$ · requiredThe name of the group.
A resource name.
username^[a-zA-Z0-9_-]+$ · requiredThe name of the user.
A resource name.
Attach user to group › Responses
No Content
Remove user from group
Removes an iam user from the group identified by {group_name}, and {username}.
path Parameters
service-uuidService UUID
The unique identifier for the service.
group-name^[a-zA-Z0-9_-]+$ · requiredThe name of the group.
A resource name.
username^[a-zA-Z0-9_-]+$ · requiredThe name of the user.
A resource name.
Remove user from group › Responses
No Content
List group inline policies
Lists the group inline policies by the given {service_uuid}, and {group_name}.
path Parameters
service-uuidService UUID
The unique identifier for the service.
group-name^[a-zA-Z0-9_-]+$ · requiredThe name of the group.
A resource name.
List group inline policies › Responses
OK
Response schema for listing inline policies.
documentnameCreate group inline policy
Creates a group inline policy by the given {service_uuid}, and {group_name}.
path Parameters
service-uuidService UUID
The unique identifier for the service.
group-name^[a-zA-Z0-9_-]+$ · requiredThe name of the group.
A resource name.
Create group inline policy › Request Body
nameName of the inline policy.
documentA valid policy document.
Create group inline policy › Responses
Created
documentnameGet group inline policy
Get the group inline policy by the given {service_uuid}, {group_name} and {policy_name}.
path Parameters
service-uuidService UUID
The unique identifier for the service.
group-name^[a-zA-Z0-9_-]+$ · requiredThe name of the group.
A resource name.
group-policy-name^[a-zA-Z0-9_-]+$ · requiredThe name of the inline policy.
A resource name.
Get group inline policy › Responses
OK
documentnameDelete group inline policy
Deletes the group inline policy by the given {service_uuid}, {group_name}, and {policy_name}.
path Parameters
service-uuidService UUID
The unique identifier for the service.
group-name^[a-zA-Z0-9_-]+$ · requiredThe name of the group.
A resource name.
group-policy-name^[a-zA-Z0-9_-]+$ · requiredThe name of the inline policy.
A resource name.
Delete group inline policy › Responses
No Content
List Roles
Lists the roles.
path Parameters
service-uuidService UUID
The unique identifier for the service.
List Roles › Responses
OK
Response schema for listing roles.
arnassume_role_policy_documentcreated_atdescriptionmax_session_durationnamepermissions_boundaryCreate Role
Creates a service IAM role.
path Parameters
service-uuidService UUID
The unique identifier for the service.
Create Role › Request Body
name[\w+=,.@-]+ · requiredassume_role_policy_documentThe policy document that grants an entity permission to assume the role.
descriptionDescription of the role.
max_session_durationMaximum session duration in seconds.
permissions_boundaryPolicy name to set as the permissions boundary.
Tags to attach to the role (max 50).
Create Role › Responses
Created
arnassume_role_policy_documentcreated_atdescriptionmax_session_durationnamepermissions_boundaryGet Role
Get a single role identified by {service_uuid}, and {role_name}.
path Parameters
service-uuidService UUID
The unique identifier for the service.
role-name^[a-zA-Z0-9_-]+$ · requiredThe name of the role.
A resource name.
Get Role › Responses
OK
arnassume_role_policy_documentcreated_atdescriptionmax_session_durationnamepermissions_boundaryDelete Role
Deletes a service's IAM role.
path Parameters
service-uuidService UUID
The unique identifier for the service.
role-name^[a-zA-Z0-9_-]+$ · requiredThe name of the role.
A resource name.
Delete Role › Responses
No Content
Update Role
Updates a service's IAM role.
path Parameters
service-uuidService UUID
The unique identifier for the service.
role-name^[a-zA-Z0-9_-]+$ · requiredThe name of the role.
A resource name.
Update Role › Request Body
descriptionNew description for the role.
max_session_durationNew maximum session duration in seconds.
Update Role › Responses
OK
arnassume_role_policy_documentcreated_atdescriptionmax_session_durationnamepermissions_boundaryList Role Inline Policies
Returns a list of role inline policies by the given {service_uuid}, and {role_name}.
path Parameters
service-uuidService UUID
The unique identifier for the service.
role-name^[a-zA-Z0-9_-]+$ · requiredThe name of the role.
A resource name.
List Role Inline Policies › Responses
OK
Response schema for listing inline policies.
documentnameCreate role inline policy
Creates a role inline policy by the given {service_uuid}, and {role_name}.
path Parameters
service-uuidService UUID
The unique identifier for the service.
role-name^[a-zA-Z0-9_-]+$ · requiredThe name of the role.
A resource name.
Create role inline policy › Request Body
nameName of the inline policy.
documentA valid policy document.
Create role inline policy › Responses
Created
documentnameGet Role Inline Policy
Returns a role's inline policy by the given {service_uuid}, {role_name}, and {policy_name}.
path Parameters
service-uuidService UUID
The unique identifier for the service.
role-name^[a-zA-Z0-9_-]+$ · requiredThe name of the role.
A resource name.
role-policy-name^[a-zA-Z0-9_-]+$ · requiredThe name of the inline policy.
A resource name.
Get Role Inline Policy › Responses
OK
documentnameDelete role inline policy
Delete a role inline policy by the given {service_uuid}, {role_name} and {policy_name}.
path Parameters
service-uuidService UUID
The unique identifier for the service.
role-name^[a-zA-Z0-9_-]+$ · requiredThe name of the role.
A resource name.
role-policy-name^[a-zA-Z0-9_-]+$ · requiredThe name of the inline policy.
A resource name.
Delete role inline policy › Responses
No Content
Create role permissions boundary
Creates a role policy's permissions boundary by the given {service_uuid}, and {role_name}.
path Parameters
service-uuidService UUID
The unique identifier for the service.
role-name^[a-zA-Z0-9_-]+$ · requiredThe name of the role.
A resource name.
Create role permissions boundary › Request Body
policy_nameName of the policy to use as the permissions boundary.
Create role permissions boundary › Responses
OK
Schema representing a permissions boundary response.
Delete role permissions boundary
Deletes a role permissions boundary by the given {service_uuid}, and {role_name}.
path Parameters
service-uuidService UUID
The unique identifier for the service.
role-name^[a-zA-Z0-9_-]+$ · requiredThe name of the role.
A resource name.
Delete role permissions boundary › Responses
No Content
Assume Role Policy
Assume a role policy by the given {service_uuid}, and {role_name}.
path Parameters
service-uuidService UUID
The unique identifier for the service.
role-name^[a-zA-Z0-9_-]+$ · requiredThe name of the role.
A resource name.
Assume Role Policy › Request Body
documentThe assume role policy document that grants an entity permission to assume the role.
Assume Role Policy › Responses
OK
documentList Attached Role Policies
Lists all policies attached to a service's IAM role.
path Parameters
service-uuidService UUID
The unique identifier for the service.
role-name^[a-zA-Z0-9_-]+$ · requiredThe name of the role.
A resource name.
List Attached Role Policies › Responses
OK
Response schema for listing policy attachments.
arnnameAttach Policy To Role
Attaches a policy to a service's IAM role.
path Parameters
service-uuidService UUID
The unique identifier for the service.
role-name^[a-zA-Z0-9_-]+$ · requiredThe name of the role.
A resource name.
Attach Policy To Role › Request Body
name^[a-zA-Z0-9+=,.@_\- … · requiredName of the policy to attach.
Attach Policy To Role › Responses
No Content
Detach Policy From Role
Detaches a policy from a service's IAM role.
path Parameters
service-uuidService UUID
The unique identifier for the service.
role-name^[a-zA-Z0-9_-]+$ · requiredThe name of the role.
A resource name.
role-policy-name^[a-zA-Z0-9_-]+$ · requiredThe name of the inline policy.
A resource name.
Detach Policy From Role › Responses
No Content
Get role tags
Returns a role's tags by the given {service_uuid}, and {role_name}.
path Parameters
service-uuidService UUID
The unique identifier for the service.
role-name^[a-zA-Z0-9_-]+$ · requiredThe name of the role.
A resource name.
Get role tags › Responses
OK
Response schema for listing tags associated with a resource.
keyvalueReplace role tags
Replaces a role's tags by the given {service_uuid}, and {role_name}.
path Parameters
service-uuidService UUID
The unique identifier for the service.
role-name^[a-zA-Z0-9_-]+$ · requiredThe name of the role.
A resource name.
Replace role tags › Request Body
Schema for a list of tags to apply to a resource.
keyvalueReplace role tags › Responses
OK
Response schema for listing tags associated with a resource.
keyvalueDelete role tag
Deletes a role's tag by the given {service_uuid}, {role_name}, and {tag_key}.
path Parameters
service-uuidService UUID
The unique identifier for the service.
role-name^[a-zA-Z0-9_-]+$ · requiredThe name of the role.
A resource name.
role-tag-keyThe key of the role tag.
The key of a tag.
Delete role tag › Responses
No Content