CAL - AWS S3 Get ACL subflow

  • Release version: Xanadu
  • Updated August 1, 2024
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of CAL - AWS S3 Get ACL subflow

    TheCAL - AWS S3 Get ACL subflowis designed to retrieve the Access Control List (ACL) details for a specified AWS S3 bucket within ServiceNow workflows. This enables you to programmatically check bucket permissions and ownership details to manage access control effectively.

    Show full answer Show less

    This subflow requires an Integration Hub Enterprise or App Engine subscription and appropriate delegated development roles or user assignments. Additionally, the caller must have the s3:GetBucketAcl cloud permission in AWS to successfully execute the subflow.

    Inputs

    • Bucket Name (String): The name of the AWS S3 bucket whose ACL you want to retrieve.
    • Use MID (True/False): Indicates if a MID Server should be used for outbound calls.
    • MID Server (Record): The specific MID Server instance to use for making the request if applicable.
    • Credential Alias (Record): The AWS credential alias to authenticate the API call.

    Outputs

    The subflow returns comprehensive ACL-related information about the bucket, which can be used as inputs for further processing or decision-making in your flows:

    • Is Access Denied (True/False): Indicates if the call was authorized.
    • Bucket Region (String): The AWS data center region hosting the bucket.
    • Error Code (String): Provides client error codes if the call fails.
    • Permissions details including whether the bucket owner, public users, or authenticated AWS users have write, read, list, or full control permissions on the bucket and its ACL.
    • Owner information such as Owner ID (canonical user ID) and Owner Display Name, although for federated login the display name may not be returned.

    Practical Use for ServiceNow Customers

    This subflow empowers you to integrate AWS S3 permission checks directly into your ServiceNow automation processes, improving governance and security oversight. By retrieving detailed ACL data, you can automate validations, compliance checks, or alerts based on bucket access settings, ensuring your cloud storage aligns with organizational policies.

    Subflow that retrieves the Access Control List (ACL) details for the specified Amazon Web Services (AWS) S3 bucket.

    Roles and availability

    Subscription requirements
    To use this subflow in custom flows, you must obtain an Integration Hub Enterprise subscription or an App Engine subscription. For more information, see Request Integration Hub.
    Role requirements
    This subflow requires roles granted by delegated development or assigned to the user. For more information, see User access to Flow Designer.

    Cloud permission

    To execute this subflow, the caller must have the s3:GetBucketAcl cloud permission.

    Inputs

    Provide a value for each input that your action needs. To add dynamic values, you can also select data pills using the pill picker.

    Bucket Name
    Data type: String

    Name of the AWS S3 bucket.

    Use MID
    Data type: True/False

    Selection to indicate whether to use a MID Server to make the outbound calls.

    MID Server
    Data type: Record

    MID Server for making the outbound calls.

    Credential Alias
    Data type: Record

    Credential alias for the AWS credential.

    Outputs

    You can use these outputs as inputs for other actions.

    Is Access Denied
    Data type: True/False
    Server authorization status of the call.
    • True: The server has authorized the call
    • False: The server didn't authorize the call
    Bucket Region
    Data type: String

    Datacenter where the specified AWS S3 bucket is hosted.

    Error Code
    Data type: String

    Client error code returned for the failed call.

    Owner write
    Data type: True/False

    The bucket owner can write into the bucket.

    Owner full control
    Data type: True/False

    The owner has all the permissions for the bucket.

    Owner listing
    Data type: True/False

    The bucket owner can list the contents of the bucket.

    Public write
    Data type: True/False

    Anyone (public access) can write into the bucket.

    Public listing
    Data type: True/False

    Anyone (public access) can list the contents of the bucket.

    Public full control
    Data type: True/False

    Everyone (public access) has all the permissions.

    Auth Users Write
    Data type: True/False

    Authenticated user groups (users with an AWS account) can write into the bucket.

    Auth Users Full Control
    Data type: True/False

    Authenticated user groups (users with an AWS account) have all the permissions for the bucket.

    Owner Read ACL
    Data type: True/False

    Owner of the bucket can read the bucket ACL.

    Owner Write ACL
    Data type: True/False

    Owner of the bucket can write or update the bucket ACL.

    Public Read ACL
    Data type: True/False

    Anyone (public access) can read the bucket ACL.

    Public Write ACL
    Data type: True/False

    Anyone (public access) can write or update the bucket ACL.

    Auth Users Read ACL
    Data type: True/False

    Authenticated user groups (users with an AWS account) can read the bucket ACL.

    Auth Users Write ACL
    Data type: True/False

    Authenticated user groups (users with an AWS account) can write or update the bucket ACL.

    Auth Users Listing
    Data type: True/False

    Authenticated user group (users with an AWS account) can list the contents of the bucket.

    Owner ID
    Data type: String

    Canonical user ID of the AWS account.

    Owner Display Name
    Data type: String

    Display name of the resource owner.

    For federated login, the subflow doesn't return any Owner Display Name.