Amazon Macie Classic
API Reference
API Version 2017-12-19
Amazon Macie Classic: API Reference
Copyright © Amazon Web Services, Inc. and/or its affiliates. All rights reserved.
Amazon's trademarks and trade dress may not be used in connection with any product or service that is not Amazon's, in any manner that is likely to cause confusion among customers, or in any manner that disparages or discredits Amazon. All other trademarks not owned by Amazon are the property of their respective owners, who may or may not be affiliated with, connected to, or sponsored by Amazon.
Table of Contents
... v
Welcome ... 1
Actions ... 2
AssociateMemberAccount ... 3
Request Syntax ... 3
Request Parameters ... 3
Response Elements ... 3
Errors ... 3
See Also ... 4
AssociateS3Resources ... 5
Request Syntax ... 5
Request Parameters ... 5
Response Syntax ... 5
Response Elements ... 6
Errors ... 6
See Also ... 6
DisassociateMemberAccount ... 8
Request Syntax ... 8
Request Parameters ... 8
Response Elements ... 8
Errors ... 8
See Also ... 8
DisassociateS3Resources ... 10
Request Syntax ... 10
Request Parameters ... 10
Response Syntax ... 10
Response Elements ... 11
Errors ... 11
See Also ... 11
ListMemberAccounts ... 12
Request Syntax ... 12
Request Parameters ... 12
Response Syntax ... 12
Response Elements ... 12
Errors ... 13
See Also ... 13
ListS3Resources ... 14
Request Syntax ... 14
Request Parameters ... 14
Response Syntax ... 14
Response Elements ... 15
Errors ... 15
See Also ... 15
UpdateS3Resources ... 17
Request Syntax ... 17
Request Parameters ... 17
Response Syntax ... 17
Response Elements ... 18
Errors ... 18
See Also ... 18
Data Types ... 20
ClassificationType ... 21
Contents ... 21
See Also ... 21
ClassificationTypeUpdate ... 22
Contents ... 22
See Also ... 22
FailedS3Resource ... 23
Contents ... 23
See Also ... 23
MemberAccount ... 24
Contents ... 24
See Also ... 24
S3Resource ... 25
Contents ... 25
See Also ... 25
S3ResourceClassification ... 26
Contents ... 26
See Also ... 26
S3ResourceClassificationUpdate ... 27
Contents ... 27
See Also ... 27
Common Parameters ... 28
Common Errors ... 30
Amazon Macie Classic has been discontinued and is no longer available. A new Amazon Macie is now available with significant design improvements and additional features, at a lower price and in most AWS Regions. To learn about the new Amazon Macie, see the Amazon Macie User Guide.
Welcome
Amazon Macie Classic has been discontinued and is no longer available.
A new Amazon Macie is now available with significant design improvements and additional features, at a lower price and in most AWS Regions. We encourage you to take advantage of the new and improved features, and benefit from the reduced cost. To learn about features and pricing for the new Macie, see Amazon Macie. To learn how to use the new Macie, see the Amazon Macie User Guide.
This document was last published on March 6, 2022.
Actions
The following actions are supported:
• AssociateMemberAccount (p. 3)
• AssociateS3Resources (p. 5)
• DisassociateMemberAccount (p. 8)
• DisassociateS3Resources (p. 10)
• ListMemberAccounts (p. 12)
• ListS3Resources (p. 14)
• UpdateS3Resources (p. 17)
AssociateMemberAccount
AssociateMemberAccount
(Discontinued) Associates a specified AWS account with Amazon Macie Classic as a member account.
Request Syntax
{
"memberAccountId": "string"
}
Request Parameters
For information about the parameters that are common to all actions, see Common Parameters (p. 28).
The request accepts the following data in JSON format.
memberAccountId (p. 3)
(Discontinued) The ID of the AWS account that you want to associate with Amazon Macie Classic as a member account.
Type: String
Pattern: [0-9]{12}
Required: Yes
Response Elements
If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
Errors
For information about the errors that are common to all actions, see Common Errors (p. 30).
InternalException
(Discontinued) Internal server error.
HTTP Status Code: 500 InvalidInputException
(Discontinued) The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
HTTP Status Code: 400 LimitExceededException
(Discontinued) The request was rejected because it attempted to create resources beyond the current AWS account quotas. The error code describes the quota exceeded.
HTTP Status Code: 400
See Also
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface
• AWS SDK for .NET
• AWS SDK for C++
• AWS SDK for Go
• AWS SDK for Java V2
• AWS SDK for JavaScript
• AWS SDK for PHP V3
• AWS SDK for Python
• AWS SDK for Ruby V3
AssociateS3Resources
AssociateS3Resources
(Discontinued) Associates specified S3 resources with Amazon Macie Classic for monitoring and data classification. If memberAccountId isn't specified, the action associates specified S3 resources with Macie Classic for the current Macie Classic administrator account. If memberAccountId is specified, the action associates specified S3 resources with Macie Classic for the specified member account.
Request Syntax
{ "memberAccountId": "string", "s3Resources": [
{
"bucketName": "string", "classificationType": { "continuous": "string", "oneTime": "string"
},
"prefix": "string"
} ]}
Request Parameters
For information about the parameters that are common to all actions, see Common Parameters (p. 28).
The request accepts the following data in JSON format.
memberAccountId (p. 5)
(Discontinued) The ID of the Amazon Macie Classic member account whose resources you want to associate with Macie Classic.
Type: String
Pattern: [0-9]{12}
Required: No s3Resources (p. 5)
(Discontinued) The S3 resources that you want to associate with Amazon Macie Classic for monitoring and data classification.
Type: Array of S3ResourceClassification (p. 26) objects Required: Yes
Response Syntax
{ "failedS3Resources": [ {
"errorCode": "string", "errorMessage": "string",
Response Elements
"failedItem": {
"bucketName": "string", "prefix": "string"
} } ] }
Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
failedS3Resources (p. 5)
(Discontinued) S3 resources that couldn't be associated with Amazon Macie Classic. An error code and an error message are provided for each failed item.
Type: Array of FailedS3Resource (p. 23) objects
Errors
For information about the errors that are common to all actions, see Common Errors (p. 30).
AccessDeniedException
(Discontinued) You do not have required permissions to access the requested resource.
HTTP Status Code: 400 InternalException
(Discontinued) Internal server error.
HTTP Status Code: 500 InvalidInputException
(Discontinued) The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
HTTP Status Code: 400 LimitExceededException
(Discontinued) The request was rejected because it attempted to create resources beyond the current AWS account quotas. The error code describes the quota exceeded.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface
• AWS SDK for .NET
• AWS SDK for C++
See Also
• AWS SDK for Go
• AWS SDK for Java V2
• AWS SDK for JavaScript
• AWS SDK for PHP V3
• AWS SDK for Python
• AWS SDK for Ruby V3
DisassociateMemberAccount
DisassociateMemberAccount
(Discontinued) Removes the specified member account from Amazon Macie Classic.
Request Syntax
{ "memberAccountId": "string"
}
Request Parameters
For information about the parameters that are common to all actions, see Common Parameters (p. 28).
The request accepts the following data in JSON format.
memberAccountId (p. 8)
(Discontinued) The ID of the member account that you want to remove from Amazon Macie Classic.
Type: String
Pattern: [0-9]{12}
Required: Yes
Response Elements
If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
Errors
For information about the errors that are common to all actions, see Common Errors (p. 30).
InternalException
(Discontinued) Internal server error.
HTTP Status Code: 500 InvalidInputException
(Discontinued) The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface
See Also
• AWS SDK for .NET
• AWS SDK for C++
• AWS SDK for Go
• AWS SDK for Java V2
• AWS SDK for JavaScript
• AWS SDK for PHP V3
• AWS SDK for Python
• AWS SDK for Ruby V3
DisassociateS3Resources
DisassociateS3Resources
(Discontinued) Removes specified S3 resources from being monitored by Amazon Macie Classic. If memberAccountId isn't specified, the action removes specified S3 resources from Macie Classic for the current Macie Classic administrator account. If memberAccountId is specified, the action removes specified S3 resources from Macie Classic for the specified member account.
Request Syntax
{ "associatedS3Resources": [ {
"bucketName": "string", "prefix": "string"
} ],
"memberAccountId": "string"
}
Request Parameters
For information about the parameters that are common to all actions, see Common Parameters (p. 28).
The request accepts the following data in JSON format.
associatedS3Resources (p. 10)
(Discontinued) The S3 resources (buckets or prefixes) that you want to remove from being monitored and classified by Amazon Macie Classic.
Type: Array of S3Resource (p. 25) objects Required: Yes
memberAccountId (p. 10)
(Discontinued) The ID of the Amazon Macie Classic member account whose resources you want to remove from being monitored by Macie Classic.
Type: String
Pattern: [0-9]{12}
Required: No
Response Syntax
{ "failedS3Resources": [ {
"errorCode": "string", "errorMessage": "string", "failedItem": {
"bucketName": "string", "prefix": "string"
}
Response Elements
} ]}
Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
failedS3Resources (p. 10)
(Discontinued) S3 resources that couldn't be removed from being monitored and classified by Amazon Macie Classic. An error code and an error message are provided for each failed item.
Type: Array of FailedS3Resource (p. 23) objects
Errors
For information about the errors that are common to all actions, see Common Errors (p. 30).
AccessDeniedException
(Discontinued) You do not have required permissions to access the requested resource.
HTTP Status Code: 400 InternalException
(Discontinued) Internal server error.
HTTP Status Code: 500 InvalidInputException
(Discontinued) The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface
• AWS SDK for .NET
• AWS SDK for C++
• AWS SDK for Go
• AWS SDK for Java V2
• AWS SDK for JavaScript
• AWS SDK for PHP V3
• AWS SDK for Python
• AWS SDK for Ruby V3
ListMemberAccounts
ListMemberAccounts
(Discontinued) Lists all Amazon Macie Classic member accounts for the current Macie Classic administrator account.
Request Syntax
{ "maxResults": number, "nextToken": "string"
}
Request Parameters
For information about the parameters that are common to all actions, see Common Parameters (p. 28).
The request accepts the following data in JSON format.
maxResults (p. 12)
(Discontinued) Use this parameter to indicate the maximum number of items that you want in the response. The default value is 250.
Type: Integer
Valid Range: Maximum value of 250.
Required: No nextToken (p. 12)
(Discontinued) Use this parameter when paginating results. Set the value of this parameter to null on your first call to the ListMemberAccounts action. Subsequent calls to the action fill nextToken in the request with the value of nextToken from the previous response to continue listing data.
Type: String
Length Constraints: Maximum length of 500.
Required: No
Response Syntax
{
"memberAccounts": [ {
"accountId": "string"
} ],
"nextToken": "string"
}
Response Elements
If the action is successful, the service sends back an HTTP 200 response.
Errors
The following data is returned in JSON format by the service.
memberAccounts (p. 12)
(Discontinued) A list of the Amazon Macie Classic member accounts returned by the action. The current Macie Classic administrator account is also included in this list.
Type: Array of MemberAccount (p. 24) objects nextToken (p. 12)
(Discontinued) When a response is generated, if there is more data to be listed, this parameter is present in the response and contains the value to use for the nextToken parameter in a subsequent pagination request. If there is no more data to be listed, this parameter is set to null.
Type: String
Length Constraints: Maximum length of 500.
Errors
For information about the errors that are common to all actions, see Common Errors (p. 30).
InternalException
(Discontinued) Internal server error.
HTTP Status Code: 500 InvalidInputException
(Discontinued) The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface
• AWS SDK for .NET
• AWS SDK for C++
• AWS SDK for Go
• AWS SDK for Java V2
• AWS SDK for JavaScript
• AWS SDK for PHP V3
• AWS SDK for Python
• AWS SDK for Ruby V3
ListS3Resources
ListS3Resources
(Discontinued) Lists all the S3 resources associated with Amazon Macie Classic. If memberAccountId isn't specified, the action lists the S3 resources associated with Macie Classic for the current Macie Classic administrator account. If memberAccountId is specified, the action lists the S3 resources associated with Macie Classic for the specified member account.
Request Syntax
{ "maxResults": number, "memberAccountId": "string", "nextToken": "string"
}
Request Parameters
For information about the parameters that are common to all actions, see Common Parameters (p. 28).
The request accepts the following data in JSON format.
maxResults (p. 14)
(Discontinued) Use this parameter to indicate the maximum number of items that you want in the response. The default value is 250.
Type: Integer
Valid Range: Maximum value of 250.
Required: No
memberAccountId (p. 14)
(Discontinued) The Amazon Macie Classic member account ID whose associated S3 resources you want to list.
Type: String
Pattern: [0-9]{12}
Required: No nextToken (p. 14)
(Discontinued) Use this parameter when paginating results. Set its value to null on your first call to the ListS3Resources action. Subsequent calls to the action fill nextToken in the request with the value of nextToken from the previous response to continue listing data.
Type: String
Length Constraints: Maximum length of 500.
Required: No
Response Syntax
{
Response Elements
"nextToken": "string", "s3Resources": [ {
"bucketName": "string", "classificationType": { "continuous": "string", "oneTime": "string"
},
"prefix": "string"
} ] }
Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
nextToken (p. 14)
(Discontinued) When a response is generated, if there is more data to be listed, this parameter is present in the response and contains the value to use for the nextToken parameter in a subsequent pagination request. If there is no more data to be listed, this parameter is set to null.
Type: String
Length Constraints: Maximum length of 500.
s3Resources (p. 14)
(Discontinued) A list of the associated S3 resources returned by the action.
Type: Array of S3ResourceClassification (p. 26) objects
Errors
For information about the errors that are common to all actions, see Common Errors (p. 30).
AccessDeniedException
(Discontinued) You do not have required permissions to access the requested resource.
HTTP Status Code: 400 InternalException
(Discontinued) Internal server error.
HTTP Status Code: 500 InvalidInputException
(Discontinued) The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
See Also
• AWS Command Line Interface
• AWS SDK for .NET
• AWS SDK for C++
• AWS SDK for Go
• AWS SDK for Java V2
• AWS SDK for JavaScript
• AWS SDK for PHP V3
• AWS SDK for Python
• AWS SDK for Ruby V3
UpdateS3Resources
UpdateS3Resources
(Discontinued) Updates the classification types for the specified S3 resources. If memberAccountId isn't specified, the action updates the classification types of the S3 resources associated with Amazon Macie Classic for the current Macie Classic administrator account. If memberAccountId is specified, the action updates the classification types of the S3 resources associated with Macie Classic for the specified member account.
Request Syntax
{
"memberAccountId": "string", "s3ResourcesUpdate": [ {
"bucketName": "string", "classificationTypeUpdate": { "continuous": "string", "oneTime": "string"
},
"prefix": "string"
} ]}
Request Parameters
For information about the parameters that are common to all actions, see Common Parameters (p. 28).
The request accepts the following data in JSON format.
memberAccountId (p. 17)
(Discontinued) The AWS account ID of the Amazon Macie Classic member account whose S3 resources' classification types you want to update.
Type: String
Pattern: [0-9]{12}
Required: No
s3ResourcesUpdate (p. 17)
(Discontinued) The S3 resources whose classification types you want to update.
Type: Array of S3ResourceClassificationUpdate (p. 27) objects Required: Yes
Response Syntax
{ "failedS3Resources": [ {
"errorCode": "string", "errorMessage": "string",
Response Elements
"failedItem": {
"bucketName": "string", "prefix": "string"
} } ] }
Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
failedS3Resources (p. 17)
(Discontinued) The S3 resources whose classification types can't be updated. An error code and an error message are provided for each failed item.
Type: Array of FailedS3Resource (p. 23) objects
Errors
For information about the errors that are common to all actions, see Common Errors (p. 30).
AccessDeniedException
(Discontinued) You do not have required permissions to access the requested resource.
HTTP Status Code: 400 InternalException
(Discontinued) Internal server error.
HTTP Status Code: 500 InvalidInputException
(Discontinued) The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface
• AWS SDK for .NET
• AWS SDK for C++
• AWS SDK for Go
• AWS SDK for Java V2
• AWS SDK for JavaScript
• AWS SDK for PHP V3
• AWS SDK for Python
See Also
• AWS SDK for Ruby V3
Data Types
The Amazon Macie API contains several data types that various actions use. This section describes each data type in detail.
Note
The order of each element in a data type structure is not guaranteed. Applications should not assume a particular order.
The following data types are supported:
• ClassificationType (p. 21)
• ClassificationTypeUpdate (p. 22)
• FailedS3Resource (p. 23)
• MemberAccount (p. 24)
• S3Resource (p. 25)
• S3ResourceClassification (p. 26)
• S3ResourceClassificationUpdate (p. 27)
ClassificationType
ClassificationType
(Discontinued) The classification type that Amazon Macie Classic applies to the associated S3 resources.
Contents
continuous
(Discontinued) A continuous classification of the objects that are added to a specified S3 bucket.
Amazon Macie Classic begins performing continuous classification after a bucket is successfully associated with Macie Classic.
Type: String Valid Values: FULL Required: Yes oneTime
(Discontinued) A one-time classification of all of the existing objects in a specified S3 bucket.
Type: String
Valid Values: FULL | NONE Required: Yes
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++
• AWS SDK for Go
• AWS SDK for Java V2
• AWS SDK for Ruby V3
ClassificationTypeUpdate
ClassificationTypeUpdate
(Discontinued) The classification type that Amazon Macie Classic applies to the associated S3 resources.
At least one of the classification types (oneTime or continuous) must be specified.
Contents
continuous
(Discontinued) A continuous classification of the objects that are added to a specified S3 bucket.
Amazon Macie Classic begins performing continuous classification after a bucket is successfully associated with Macie Classic.
Type: String Valid Values: FULL Required: No oneTime
(Discontinued) A one-time classification of all of the existing objects in a specified S3 bucket.
Type: String
Valid Values: FULL | NONE Required: No
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++
• AWS SDK for Go
• AWS SDK for Java V2
• AWS SDK for Ruby V3
FailedS3Resource
FailedS3Resource
(Discontinued) Includes details about the failed S3 resources.
Contents
errorCode
(Discontinued) The status code of a failed item.
Type: String
Length Constraints: Maximum length of 10.
Required: No errorMessage
(Discontinued) The error message of a failed item.
Type: String
Length Constraints: Maximum length of 10000.
Required: No failedItem
(Discontinued) The failed S3 resources.
Type: S3Resource (p. 25) object Required: No
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++
• AWS SDK for Go
• AWS SDK for Java V2
• AWS SDK for Ruby V3
MemberAccount
MemberAccount
(Discontinued) Contains information about the Amazon Macie Classic member account.
Contents
accountId
(Discontinued) The AWS account ID of the Amazon Macie Classic member account.
Type: String
Pattern: [0-9]{12}
Required: No
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++
• AWS SDK for Go
• AWS SDK for Java V2
• AWS SDK for Ruby V3
S3Resource
S3Resource
(Discontinued) Contains information about the S3 resource. This data type is used as a request
parameter in the DisassociateS3Resources action and can be used as a response parameter in the AssociateS3Resources and UpdateS3Resources actions.
Contents
bucketName
(Discontinued) The name of the S3 bucket.
Type: String
Length Constraints: Maximum length of 500.
Required: Yes prefix
(Discontinued) The prefix of the S3 bucket.
Type: String
Length Constraints: Maximum length of 10000.
Required: No
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++
• AWS SDK for Go
• AWS SDK for Java V2
• AWS SDK for Ruby V3
S3ResourceClassification
S3ResourceClassification
(Discontinued) The S3 resources that you want to associate with Amazon Macie Classic for monitoring and data classification. This data type is used as a request parameter in the AssociateS3Resources action and a response parameter in the ListS3Resources action.
Contents
bucketName
(Discontinued) The name of the S3 bucket that you want to associate with Amazon Macie Classic.
Type: String
Length Constraints: Maximum length of 500.
Required: Yes classificationType
(Discontinued) The classification type that you want to specify for the resource associated with Amazon Macie Classic.
Type: ClassificationType (p. 21) object Required: Yes
prefix
(Discontinued) The prefix of the S3 bucket that you want to associate with Amazon Macie Classic.
Type: String
Length Constraints: Maximum length of 10000.
Required: No
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++
• AWS SDK for Go
• AWS SDK for Java V2
• AWS SDK for Ruby V3
S3ResourceClassificationUpdate
S3ResourceClassificationUpdate
(Discontinued) The S3 resources whose classification types you want to update. This data type is used as a request parameter in the UpdateS3Resources action.
Contents
bucketName
(Discontinued) The name of the S3 bucket whose classification types you want to update.
Type: String
Length Constraints: Maximum length of 500.
Required: Yes
classificationTypeUpdate
(Discontinued) The classification type that you want to update for the resource associated with Amazon Macie Classic.
Type: ClassificationTypeUpdate (p. 22) object Required: Yes
prefix
(Discontinued) The prefix of the S3 bucket whose classification types you want to update.
Type: String
Length Constraints: Maximum length of 10000.
Required: No
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++
• AWS SDK for Go
• AWS SDK for Java V2
• AWS SDK for Ruby V3
Common Parameters
The following list contains the parameters that all actions use for signing Signature Version 4 requests with a query string. Any action-specific parameters are listed in the topic for that action. For more information about Signature Version 4, see Signature Version 4 Signing Process in the Amazon Web Services General Reference.
Action
The action to be performed.
Type: string Required: Yes Version
The API version that the request is written for, expressed in the format YYYY-MM-DD.
Type: string Required: Yes X-Amz-Algorithm
The hash algorithm that you used to create the request signature.
Condition: Specify this parameter when you include authentication information in a query string instead of in the HTTP authorization header.
Type: string
Valid Values: AWS4-HMAC-SHA256 Required: Conditional
X-Amz-Credential
The credential scope value, which is a string that includes your access key, the date, the region you are targeting, the service you are requesting, and a termination string ("aws4_request"). The value is expressed in the following format: access_key/YYYYMMDD/region/service/aws4_request.
For more information, see Task 2: Create a String to Sign for Signature Version 4 in the Amazon Web Services General Reference.
Condition: Specify this parameter when you include authentication information in a query string instead of in the HTTP authorization header.
Type: string
Required: Conditional X-Amz-Date
The date that is used to create the signature. The format must be ISO 8601 basic format (YYYYMMDD'T'HHMMSS'Z'). For example, the following date time is a valid X-Amz-Date value:
20120325T120000Z.
Condition: X-Amz-Date is optional for all requests; it can be used to override the date used for signing requests. If the Date header is specified in the ISO 8601 basic format, X-Amz-Date is
not required. When X-Amz-Date is used, it always overrides the value of the Date header. For more information, see Handling Dates in Signature Version 4 in the Amazon Web Services General Reference.
Type: string
Required: Conditional X-Amz-Security-Token
The temporary security token that was obtained through a call to AWS Security Token Service (AWS STS). For a list of services that support temporary security credentials from AWS Security Token Service, go to AWS Services That Work with IAM in the IAM User Guide.
Condition: If you're using temporary security credentials from the AWS Security Token Service, you must include the security token.
Type: string
Required: Conditional X-Amz-Signature
Specifies the hex-encoded signature that was calculated from the string to sign and the derived signing key.
Condition: Specify this parameter when you include authentication information in a query string instead of in the HTTP authorization header.
Type: string
Required: Conditional X-Amz-SignedHeaders
Specifies all the HTTP headers that were included as part of the canonical request. For more information about specifying signed headers, see Task 1: Create a Canonical Request For Signature Version 4 in the Amazon Web Services General Reference.
Condition: Specify this parameter when you include authentication information in a query string instead of in the HTTP authorization header.
Type: string
Required: Conditional
Common Errors
This section lists the errors common to the API actions of all AWS services. For errors specific to an API action for this service, see the topic for that API action.
AccessDeniedException
You do not have sufficient access to perform this action.
HTTP Status Code: 400 IncompleteSignature
The request signature does not conform to AWS standards.
HTTP Status Code: 400 InternalFailure
The request processing has failed because of an unknown error, exception or failure.
HTTP Status Code: 500 InvalidAction
The action or operation requested is invalid. Verify that the action is typed correctly.
HTTP Status Code: 400 InvalidClientTokenId
The X.509 certificate or AWS access key ID provided does not exist in our records.
HTTP Status Code: 403 InvalidParameterCombination
Parameters that must not be used together were used together.
HTTP Status Code: 400 InvalidParameterValue
An invalid or out-of-range value was supplied for the input parameter.
HTTP Status Code: 400 InvalidQueryParameter
The AWS query string is malformed or does not adhere to AWS standards.
HTTP Status Code: 400 MalformedQueryString
The query string contains a syntax error.
HTTP Status Code: 404 MissingAction
The request is missing an action or a required parameter.
HTTP Status Code: 400
MissingAuthenticationToken
The request must contain either a valid (registered) AWS access key ID or X.509 certificate.
HTTP Status Code: 403 MissingParameter
A required parameter for the specified action is not supplied.
HTTP Status Code: 400 NotAuthorized
You do not have permission to perform this action.
HTTP Status Code: 400 OptInRequired
The AWS access key ID needs a subscription for the service.
HTTP Status Code: 403 RequestExpired
The request reached the service more than 15 minutes after the date stamp on the request or more than 15 minutes after the request expiration date (such as for pre-signed URLs), or the date stamp on the request is more than 15 minutes in the future.
HTTP Status Code: 400 ServiceUnavailable
The request has failed due to a temporary failure of the server.
HTTP Status Code: 503 ThrottlingException
The request was denied due to request throttling.
HTTP Status Code: 400 ValidationError
The input fails to satisfy the constraints specified by an AWS service.
HTTP Status Code: 400
