Amazon S3 Access Grants now support ListCallerAccessGrants, a new API that allows AWS Identity and Access Management (IAM) principals and AWS IAM Identity Center end users to list all S3 buckets, prefixes, and objects they can access, as defined by their S3 Access Grants. Customers can use ListCallerAccessGrants to build applications that identify and then take action on data that is accessible to specific end users. For example, the Storage Browser for Amazon S3, an open source UI component that customers can add to their applications to provide end users with a simple interface for data stored in S3, uses ListCallerAccessGrants to present end users with the data that they have access to in S3, based on their S3 Access Grants.
S3 Access Grants map identities in AWS IAM or Identity Providers (IdPs) to your datasets in S3. When customers call the ListCallerAccessGrants action, S3 identifies the IAM principal or IAM Identity Center user and their associated groups. The API then returns the S3 Access Grants for the end user and their groups based on group membership in AWS IAM or an IdP.
The ListCallerAccessGrants API is available in all AWS Regions where AWS IAM Identity Center is available. For pricing details, visit Amazon S3 pricing. To learn more about S3 Access Grants, visit the S3 User Guide.
Source:: Amazon AWS