Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What is the s3:GetIpConfiguration IAM Policy Action Used For?

There are several S3 actions in the policy wizards and documentation which appear to be unused.

Specifically: ListBucketByTags, ListObjects, PutIpConfiguration, and GetIpConfiguration.

What API calls are these actions associated with? Are they deprecated? Or never used?

Curious minds want to know!

like image 307
Peter Stephens Avatar asked Oct 28 '22 15:10

Peter Stephens


1 Answers

This is a good question.

The answer (for now) is... yes, it's definitely one of those two things. Or possibly a third thing.

I submitted a docs feedback report several months ago about ListObjects -- which is wrong, as you know, since the operation to list objects is called (somewhat confusingly) ListBucket.

l was disappointed when I received what seemed like a dismissive response explaining what "objects" and "buckets" were and why I might want to "list" them. But there was something else in that response that I didn't appreciate the meaning of, at at the time: I was told that the page I was reporting was an automated page with information provided by the service. (I originally misinterpreted this comment entirely, as though it was telling me something about the documentation feedback system.)

Light bulb moment: I realize, thinking about it now, what the person responding to my feedback must have been saying -- the documentation team doesn't manage most of this page's content. Instead, it is mechanically generated from actual operational metadata retrieved from the service. By implication, it's therefore necessarily correct and authoritative, and so my suggestion that it was wrong could reasonably be summarily dismissed.

I suspect that we can rule out deprecation, mostly because I don't remember seeing any of these things, before, and since I have written a lot of low-level library code for interacting with AWS, so I should have seen it.

That leaves two other options: either they are future features whose existence has leaked out via the automated documentation, or developmental dead-ends, things that don't exist but have vestiges that are still present in some systems (i.e. these operations were "registered" with IAM but S3 doesn't perform them, so policy conditions allowing or denying them will never be tested in the process of handling real requests).

The answer, for now, is uncertain (but some of them are indeed intriguing).

like image 66
Michael - sqlbot Avatar answered Dec 15 '22 00:12

Michael - sqlbot