Table of Contents

Class AmazonS3Client

Namespace
Amazon.S3
Assembly
AWSSDK.S3.dll

Implementation for accessing S3

public class AmazonS3Client : AmazonServiceClient, IAmazonS3, IDisposable, ICoreAmazonS3, IAmazonService
Inheritance
AmazonS3Client
Implements
ICoreAmazonS3
IAmazonService
Derived

Constructors

AmazonS3Client()

Constructs AmazonS3Client with the credentials loaded from the application's default configuration, and if unsuccessful from the Instance Profile service on an EC2 instance.

Example App.config with credentials set.

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
    <appSettings>
        <add key="AWSProfileName" value="AWS Default"/>
    </appSettings>
</configuration>
public AmazonS3Client()

AmazonS3Client(RegionEndpoint)

Constructs AmazonS3Client with the credentials loaded from the application's default configuration, and if unsuccessful from the Instance Profile service on an EC2 instance.

Example App.config with credentials set.

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
    <appSettings>
        <add key="AWSProfileName" value="AWS Default"/>
    </appSettings>
</configuration>
public AmazonS3Client(RegionEndpoint region)

Parameters

region RegionEndpoint

The region to connect.

AmazonS3Client(AWSCredentials)

Constructs AmazonS3Client with AWS Credentials

public AmazonS3Client(AWSCredentials credentials)

Parameters

credentials AWSCredentials

AWS Credentials

AmazonS3Client(AWSCredentials, RegionEndpoint)

Constructs AmazonS3Client with AWS Credentials

public AmazonS3Client(AWSCredentials credentials, RegionEndpoint region)

Parameters

credentials AWSCredentials

AWS Credentials

region RegionEndpoint

The region to connect.

AmazonS3Client(AWSCredentials, AmazonS3Config)

Constructs AmazonS3Client with AWS Credentials and an AmazonS3Client Configuration object.

public AmazonS3Client(AWSCredentials credentials, AmazonS3Config clientConfig)

Parameters

credentials AWSCredentials

AWS Credentials

clientConfig AmazonS3Config

The AmazonS3Client Configuration Object

AmazonS3Client(AmazonS3Config)

Constructs AmazonS3Client with the credentials loaded from the application's default configuration, and if unsuccessful from the Instance Profile service on an EC2 instance.

Example App.config with credentials set.

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
    <appSettings>
        <add key="AWSProfileName" value="AWS Default"/>
    </appSettings>
</configuration>
public AmazonS3Client(AmazonS3Config config)

Parameters

config AmazonS3Config

The AmazonS3Client Configuration Object

AmazonS3Client(string, string)

Constructs AmazonS3Client with AWS Access Key ID and AWS Secret Key

public AmazonS3Client(string awsAccessKeyId, string awsSecretAccessKey)

Parameters

awsAccessKeyId string

AWS Access Key ID

awsSecretAccessKey string

AWS Secret Access Key

AmazonS3Client(string, string, RegionEndpoint)

Constructs AmazonS3Client with AWS Access Key ID and AWS Secret Key

public AmazonS3Client(string awsAccessKeyId, string awsSecretAccessKey, RegionEndpoint region)

Parameters

awsAccessKeyId string

AWS Access Key ID

awsSecretAccessKey string

AWS Secret Access Key

region RegionEndpoint

The region to connect.

AmazonS3Client(string, string, AmazonS3Config)

Constructs AmazonS3Client with AWS Access Key ID, AWS Secret Key and an AmazonS3Client Configuration object.

public AmazonS3Client(string awsAccessKeyId, string awsSecretAccessKey, AmazonS3Config clientConfig)

Parameters

awsAccessKeyId string

AWS Access Key ID

awsSecretAccessKey string

AWS Secret Access Key

clientConfig AmazonS3Config

The AmazonS3Client Configuration Object

AmazonS3Client(string, string, string)

Constructs AmazonS3Client with AWS Access Key ID and AWS Secret Key

public AmazonS3Client(string awsAccessKeyId, string awsSecretAccessKey, string awsSessionToken)

Parameters

awsAccessKeyId string

AWS Access Key ID

awsSecretAccessKey string

AWS Secret Access Key

awsSessionToken string

AWS Session Token

AmazonS3Client(string, string, string, RegionEndpoint)

Constructs AmazonS3Client with AWS Access Key ID and AWS Secret Key

public AmazonS3Client(string awsAccessKeyId, string awsSecretAccessKey, string awsSessionToken, RegionEndpoint region)

Parameters

awsAccessKeyId string

AWS Access Key ID

awsSecretAccessKey string

AWS Secret Access Key

awsSessionToken string

AWS Session Token

region RegionEndpoint

The region to connect.

AmazonS3Client(string, string, string, AmazonS3Config)

Constructs AmazonS3Client with AWS Access Key ID, AWS Secret Key and an AmazonS3Client Configuration object.

public AmazonS3Client(string awsAccessKeyId, string awsSecretAccessKey, string awsSessionToken, AmazonS3Config clientConfig)

Parameters

awsAccessKeyId string

AWS Access Key ID

awsSecretAccessKey string

AWS Secret Access Key

awsSessionToken string

AWS Session Token

clientConfig AmazonS3Config

The AmazonS3Client Configuration Object

Properties

Paginators

Paginators for the service

public IS3PaginatorFactory Paginators { get; }

Property Value

IS3PaginatorFactory

ServiceMetadata

Capture metadata for the service.

protected override IServiceMetadata ServiceMetadata { get; }

Property Value

IServiceMetadata

Methods

AbortMultipartUploadAsync(AbortMultipartUploadRequest, CancellationToken)

This action aborts a multipart upload. After a multipart upload is aborted, no additional parts can be uploaded using that upload ID. The storage consumed by any previously uploaded parts will be freed. However, if any part uploads are currently in progress, those part uploads might or might not succeed. As a result, it might be necessary to abort a given multipart upload multiple times in order to completely free all storage consumed by all parts.

To verify that all parts have been removed, so you don't get charged for the part storage, you should call the ListParts action and ensure that the parts list is empty.

For information about permissions required to use the multipart upload, see Multipart Upload and Permissions.

The following operations are related to 

AbortMultipartUpload
: 
public virtual Task<AbortMultipartUploadResponse> AbortMultipartUploadAsync(AbortMultipartUploadRequest request, CancellationToken cancellationToken = default)

Parameters

request AbortMultipartUploadRequest

Container for the necessary parameters to execute the AbortMultipartUpload service method.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<AbortMultipartUploadResponse>

The response from the AbortMultipartUpload service method, as returned by S3.

See Also

AbortMultipartUploadAsync(string, string, string, CancellationToken)

This action aborts a multipart upload. After a multipart upload is aborted, no additional parts can be uploaded using that upload ID. The storage consumed by any previously uploaded parts will be freed. However, if any part uploads are currently in progress, those part uploads might or might not succeed. As a result, it might be necessary to abort a given multipart upload multiple times in order to completely free all storage consumed by all parts.

To verify that all parts have been removed, so you don't get charged for the part storage, you should call the ListParts action and ensure that the parts list is empty.

For information about permissions required to use the multipart upload, see Multipart Upload and Permissions.

The following operations are related to 

AbortMultipartUpload
: 
public virtual Task<AbortMultipartUploadResponse> AbortMultipartUploadAsync(string bucketName, string key, string uploadId, CancellationToken cancellationToken = default)

Parameters

bucketName string

The bucket name to which the upload was taking place. When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide. When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form 

AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com
. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts in the Amazon S3 User Guide.
key string

Key of the object for which the multipart upload was initiated.

uploadId string

Upload ID that identifies the multipart upload.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<AbortMultipartUploadResponse>

The response from the AbortMultipartUpload service method, as returned by S3.

See Also

CompleteMultipartUploadAsync(CompleteMultipartUploadRequest, CancellationToken)

Completes a multipart upload by assembling previously uploaded parts.

You first initiate the multipart upload and then upload all parts using the UploadPart operation. After successfully uploading all relevant parts of an upload, you call this action to complete the upload. Upon receiving this request, Amazon S3 concatenates all the parts in ascending order by part number to create a new object. In the Complete Multipart Upload request, you must provide the parts list. You must ensure that the parts list is complete. This action concatenates the parts that you provide in the list. For each part in the list, you must provide the part number and the 

ETag
value, returned after that part was uploaded.

Processing of a Complete Multipart Upload request could take several minutes to complete. After Amazon S3 begins processing the request, it sends an HTTP response header that specifies a 200 OK response. While processing is in progress, Amazon S3 periodically sends white space characters to keep the connection from timing out. A request could fail after the initial 200 OK response has been sent. This means that a 

200
                                                                                    OK
response can contain either a success or an error. If you call the S3 API directly, make sure to design your application to parse the contents of the response and handle it appropriately. If you use Amazon Web Services SDKs, SDKs handle this condition. The SDKs detect the embedded error and apply error handling per your configuration settings (including automatically retrying the request as appropriate). If the condition persists, the SDKs throws an exception (or, for the SDKs that don't use exceptions, they return the error).

Note that if 

CompleteMultipartUpload
fails, applications should be prepared to retry the failed requests. For more information, see Amazon S3 Error Best Practices.

You cannot use 

Content-Type: application/x-www-form-urlencoded
with Complete Multipart Upload requests. Also, if you do not provide a 
Content-Type
header, 
CompleteMultipartUpload
returns a 200 OK response.

For more information about multipart uploads, see Uploading Objects Using Multipart Upload.

For information about permissions required to use the multipart upload API, see Multipart Upload and Permissions. 

CompleteMultipartUpload
has the following special errors:

  • Error code: 

    EntityTooSmall

    • Description: Your proposed upload is smaller than the minimum allowed object size. Each part must be at least 5 MB in size, except the last part.

    • 400 Bad Request

  • Error code: 

    InvalidPart

    • Description: One or more of the specified parts could not be found. The part might not have been uploaded, or the specified entity tag might not have matched the part's entity tag.

    • 400 Bad Request

  • Error code: 

    InvalidPartOrder

    • Description: The list of parts was not in ascending order. The parts list must be specified in order by part number.

    • 400 Bad Request

  • Error code: 

    NoSuchUpload

    • Description: The specified multipart upload does not exist. The upload ID might be invalid, or the multipart upload might have been aborted or completed.

    • 404 Not Found

The following operations are related to 

CompleteMultipartUpload
: 
public virtual Task<CompleteMultipartUploadResponse> CompleteMultipartUploadAsync(CompleteMultipartUploadRequest request, CancellationToken cancellationToken = default)

Parameters

request CompleteMultipartUploadRequest

Container for the necessary parameters to execute the CompleteMultipartUpload service method.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<CompleteMultipartUploadResponse>

The response from the CompleteMultipartUpload service method, as returned by S3.

See Also

CopyObjectAsync(CopyObjectRequest, CancellationToken)

Creates a copy of an object that is already stored in Amazon S3.

note

You can store individual objects of up to 5 TB in Amazon S3. You create a copy of your object up to 5 GB in size in a single atomic action using this API. However, to copy an object greater than 5 GB, you must use the multipart upload Upload Part - Copy (UploadPartCopy) API. For more information, see Copy Object Using the REST Multipart Upload API.

All copy requests must be authenticated. Additionally, you must have read access to the source object and write access to the destination bucket. For more information, see REST Authentication. Both the Region that you want to copy the object from and the Region that you want to copy the object to must be enabled for your account.

A copy request might return an error when Amazon S3 receives the copy request or while Amazon S3 is copying the files. If the error occurs before the copy action starts, you receive a standard Amazon S3 error. If the error occurs during the copy operation, the error response is embedded in the 

200 OK
response. This means that a 
200 OK
response can contain either a success or an error. If you call the S3 API directly, make sure to design your application to parse the contents of the response and handle it appropriately. If you use Amazon Web Services SDKs, SDKs handle this condition. The SDKs detect the embedded error and apply error handling per your configuration settings (including automatically retrying the request as appropriate). If the condition persists, the SDKs throws an exception (or, for the SDKs that don't use exceptions, they return the error).

If the copy is successful, you receive a response with information about the copied object.

note

If the request is an HTTP 1.1 request, the response is chunk encoded. If it were not, it would not contain the content-length, and you would need to read the entire body.

The copy request charge is based on the storage class and Region that you specify for the destination object. For pricing information, see Amazon S3 pricing.

Amazon S3 transfer acceleration does not support cross-Region copies. If you request a cross-Region copy using a transfer acceleration endpoint, you get a 400 

Bad
                                                                                      Request
error. For more information, see Transfer Acceleration.

Metadata

When copying an object, you can preserve all metadata (default) or specify new metadata. However, the ACL is not preserved and is set to private for the user making the request. To override the default ACL setting, specify a new ACL when generating a copy request. For more information, see Using ACLs.

To specify whether you want the object metadata copied from the source object or replaced with metadata provided in the request, you can optionally add the 

x-amz-metadata-directive
header. When you grant permissions, you can use the 
s3:x-amz-metadata-directive
condition key to enforce certain metadata behavior when objects are uploaded. For more information, see Specifying Conditions in a Policy in the Amazon S3 User Guide. For a complete list of Amazon S3-specific condition keys, see Actions, Resources, and Condition Keys for Amazon S3.
note

x-amz-website-redirect-location
is unique to each object and must be specified in the request headers to copy the value.

x-amz-copy-source-if Headers

To only copy an object under certain conditions, such as whether the 

Etag
matches or whether the object was modified before or after a specified date, use the following request parameters: 

  • x-amz-copy-source-if-match

  • x-amz-copy-source-if-none-match

  • x-amz-copy-source-if-unmodified-since

  • x-amz-copy-source-if-modified-since

If both the 

x-amz-copy-source-if-match
and 
x-amz-copy-source-if-unmodified-since
headers are present in the request and evaluate as follows, Amazon S3 returns 
200
                                                                                          OK
and copies the data: 

  • x-amz-copy-source-if-match
    condition evaluates to true 

  • x-amz-copy-source-if-unmodified-since
    condition evaluates to false

If both the 

x-amz-copy-source-if-none-match
and 
x-amz-copy-source-if-modified-since
headers are present in the request and evaluate as follows, Amazon S3 returns the 
412 Precondition Failed
response code: 

  • x-amz-copy-source-if-none-match
    condition evaluates to false 

  • x-amz-copy-source-if-modified-since
    condition evaluates to true
note

All headers with the 

x-amz-
prefix, including 
x-amz-copy-source
, must be signed.

Server-side encryption

Amazon S3 automatically encrypts all new objects that are copied to an S3 bucket. When copying an object, if you don't specify encryption information in your copy request, the encryption setting of the target object is set to the default encryption configuration of the destination bucket. By default, all buckets have a base level of encryption configuration that uses server-side encryption with Amazon S3 managed keys (SSE-S3). If the destination bucket has a default encryption configuration that uses server-side encryption with an Key Management Service (KMS) key (SSE-KMS), or a customer-provided encryption key (SSE-C), Amazon S3 uses the corresponding KMS key, or a customer-provided key to encrypt the target object copy. When you perform a CopyObject operation, if you want to use a different type of encryption setting for the target object, you can use other appropriate encryption-related headers to encrypt the target object with a KMS key, an Amazon S3 managed key, or a customer-provided key. With server-side encryption, Amazon S3 encrypts your data as it writes it to disks in its data centers and decrypts the data when you access it. If the encryption setting in your request is different from the default encryption configuration of the destination bucket, the encryption setting in your request takes precedence. If the source object for the copy is stored in Amazon S3 using SSE-C, you must provide the necessary encryption information in your request so that Amazon S3 can decrypt the object for copying. For more information about server-side encryption, see Using Server-Side Encryption.

If a target object uses SSE-KMS, you can enable an S3 Bucket Key for the object. For more information, see Amazon S3 Bucket Keys in the Amazon S3 User Guide.

Access Control List (ACL)-Specific Request Headers

When copying an object, you can optionally use headers to grant ACL-based permissions. By default, all objects are private. Only the owner has full access control. When adding a new object, you can grant permissions to individual Amazon Web Services accounts or to predefined groups defined by Amazon S3. These permissions are then added to the ACL on the object. For more information, see Access Control List (ACL) Overview and Managing ACLs Using the REST API.

If the bucket that you're copying objects to uses the bucket owner enforced setting for S3 Object Ownership, ACLs are disabled and no longer affect permissions. Buckets that use this setting only accept PUT requests that don't specify an ACL or PUT requests that specify bucket owner full control ACLs, such as the 

bucket-owner-full-control
canned ACL or an equivalent form of this ACL expressed in the XML format.

For more information, see Controlling ownership of objects and disabling ACLs in the Amazon S3 User Guide.

note

If your bucket uses the bucket owner enforced setting for Object Ownership, all objects written to the bucket by any account will be owned by the bucket owner.

Checksums

When copying an object, if it has a checksum, that checksum will be copied to the new object by default. When you copy the object over, you may optionally specify a different checksum algorithm to use with the 

x-amz-checksum-algorithm
header.

Storage Class Options

You can use the 

CopyObject
action to change the storage class of an object that is already stored in Amazon S3 using the 
StorageClass
parameter. For more information, see Storage Classes in the Amazon S3 User Guide.

Versioning

By default, 

x-amz-copy-source
identifies the current version of an object to copy. If the current version is a delete marker, Amazon S3 behaves as if the object was deleted. To copy a different version, use the 
versionId
subresource.

If you enable versioning on the target bucket, Amazon S3 generates a unique version ID for the object being copied. This version ID is different from the version ID of the source object. Amazon S3 returns the version ID of the copied object in the 

x-amz-version-id
response header in the response.

If you do not enable versioning or suspend it on the target bucket, the version ID that Amazon S3 generates is always null.

If the source object's storage class is GLACIER, you must restore a copy of this object before you can use it as a source object for the copy operation. For more information, see RestoreObject.

The following operations are related to 

CopyObject
:

For more information, see Copying Objects. 

public virtual Task<CopyObjectResponse> CopyObjectAsync(CopyObjectRequest request, CancellationToken cancellationToken = default)

Parameters

request CopyObjectRequest

Container for the necessary parameters to execute the CopyObject service method.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<CopyObjectResponse>

The response from the CopyObject service method, as returned by S3.

See Also

CopyObjectAsync(string, string, string, string, string, CancellationToken)

Creates a copy of an object that is already stored in Amazon S3.

note

You can store individual objects of up to 5 TB in Amazon S3. You create a copy of your object up to 5 GB in size in a single atomic action using this API. However, to copy an object greater than 5 GB, you must use the multipart upload Upload Part - Copy (UploadPartCopy) API. For more information, see Copy Object Using the REST Multipart Upload API.

All copy requests must be authenticated. Additionally, you must have read access to the source object and write access to the destination bucket. For more information, see REST Authentication. Both the Region that you want to copy the object from and the Region that you want to copy the object to must be enabled for your account.

A copy request might return an error when Amazon S3 receives the copy request or while Amazon S3 is copying the files. If the error occurs before the copy action starts, you receive a standard Amazon S3 error. If the error occurs during the copy operation, the error response is embedded in the 

200 OK
response. This means that a 
200 OK
response can contain either a success or an error. If you call the S3 API directly, make sure to design your application to parse the contents of the response and handle it appropriately. If you use Amazon Web Services SDKs, SDKs handle this condition. The SDKs detect the embedded error and apply error handling per your configuration settings (including automatically retrying the request as appropriate). If the condition persists, the SDKs throws an exception (or, for the SDKs that don't use exceptions, they return the error).

If the copy is successful, you receive a response with information about the copied object.

note

If the request is an HTTP 1.1 request, the response is chunk encoded. If it were not, it would not contain the content-length, and you would need to read the entire body.

The copy request charge is based on the storage class and Region that you specify for the destination object. For pricing information, see Amazon S3 pricing.

Amazon S3 transfer acceleration does not support cross-Region copies. If you request a cross-Region copy using a transfer acceleration endpoint, you get a 400 

Bad
                                                                                      Request
error. For more information, see Transfer Acceleration.

Metadata

When copying an object, you can preserve all metadata (default) or specify new metadata. However, the ACL is not preserved and is set to private for the user making the request. To override the default ACL setting, specify a new ACL when generating a copy request. For more information, see Using ACLs.

To specify whether you want the object metadata copied from the source object or replaced with metadata provided in the request, you can optionally add the 

x-amz-metadata-directive
header. When you grant permissions, you can use the 
s3:x-amz-metadata-directive
condition key to enforce certain metadata behavior when objects are uploaded. For more information, see Specifying Conditions in a Policy in the Amazon S3 User Guide. For a complete list of Amazon S3-specific condition keys, see Actions, Resources, and Condition Keys for Amazon S3.
note

x-amz-website-redirect-location
is unique to each object and must be specified in the request headers to copy the value.

x-amz-copy-source-if Headers

To only copy an object under certain conditions, such as whether the 

Etag
matches or whether the object was modified before or after a specified date, use the following request parameters: 

  • x-amz-copy-source-if-match

  • x-amz-copy-source-if-none-match

  • x-amz-copy-source-if-unmodified-since

  • x-amz-copy-source-if-modified-since

If both the 

x-amz-copy-source-if-match
and 
x-amz-copy-source-if-unmodified-since
headers are present in the request and evaluate as follows, Amazon S3 returns 
200
                                                                                          OK
and copies the data: 

  • x-amz-copy-source-if-match
    condition evaluates to true 

  • x-amz-copy-source-if-unmodified-since
    condition evaluates to false

If both the 

x-amz-copy-source-if-none-match
and 
x-amz-copy-source-if-modified-since
headers are present in the request and evaluate as follows, Amazon S3 returns the 
412 Precondition Failed
response code: 

  • x-amz-copy-source-if-none-match
    condition evaluates to false 

  • x-amz-copy-source-if-modified-since
    condition evaluates to true
note

All headers with the 

x-amz-
prefix, including 
x-amz-copy-source
, must be signed.

Server-side encryption

Amazon S3 automatically encrypts all new objects that are copied to an S3 bucket. When copying an object, if you don't specify encryption information in your copy request, the encryption setting of the target object is set to the default encryption configuration of the destination bucket. By default, all buckets have a base level of encryption configuration that uses server-side encryption with Amazon S3 managed keys (SSE-S3). If the destination bucket has a default encryption configuration that uses server-side encryption with an Key Management Service (KMS) key (SSE-KMS), or a customer-provided encryption key (SSE-C), Amazon S3 uses the corresponding KMS key, or a customer-provided key to encrypt the target object copy. When you perform a CopyObject operation, if you want to use a different type of encryption setting for the target object, you can use other appropriate encryption-related headers to encrypt the target object with a KMS key, an Amazon S3 managed key, or a customer-provided key. With server-side encryption, Amazon S3 encrypts your data as it writes it to disks in its data centers and decrypts the data when you access it. If the encryption setting in your request is different from the default encryption configuration of the destination bucket, the encryption setting in your request takes precedence. If the source object for the copy is stored in Amazon S3 using SSE-C, you must provide the necessary encryption information in your request so that Amazon S3 can decrypt the object for copying. For more information about server-side encryption, see Using Server-Side Encryption.

If a target object uses SSE-KMS, you can enable an S3 Bucket Key for the object. For more information, see Amazon S3 Bucket Keys in the Amazon S3 User Guide.

Access Control List (ACL)-Specific Request Headers

When copying an object, you can optionally use headers to grant ACL-based permissions. By default, all objects are private. Only the owner has full access control. When adding a new object, you can grant permissions to individual Amazon Web Services accounts or to predefined groups defined by Amazon S3. These permissions are then added to the ACL on the object. For more information, see Access Control List (ACL) Overview and Managing ACLs Using the REST API.

If the bucket that you're copying objects to uses the bucket owner enforced setting for S3 Object Ownership, ACLs are disabled and no longer affect permissions. Buckets that use this setting only accept PUT requests that don't specify an ACL or PUT requests that specify bucket owner full control ACLs, such as the 

bucket-owner-full-control
canned ACL or an equivalent form of this ACL expressed in the XML format.

For more information, see Controlling ownership of objects and disabling ACLs in the Amazon S3 User Guide.

note

If your bucket uses the bucket owner enforced setting for Object Ownership, all objects written to the bucket by any account will be owned by the bucket owner.

Checksums

When copying an object, if it has a checksum, that checksum will be copied to the new object by default. When you copy the object over, you may optionally specify a different checksum algorithm to use with the 

x-amz-checksum-algorithm
header.

Storage Class Options

You can use the 

CopyObject
action to change the storage class of an object that is already stored in Amazon S3 using the 
StorageClass
parameter. For more information, see Storage Classes in the Amazon S3 User Guide.

Versioning

By default, 

x-amz-copy-source
identifies the current version of an object to copy. If the current version is a delete marker, Amazon S3 behaves as if the object was deleted. To copy a different version, use the 
versionId
subresource.

If you enable versioning on the target bucket, Amazon S3 generates a unique version ID for the object being copied. This version ID is different from the version ID of the source object. Amazon S3 returns the version ID of the copied object in the 

x-amz-version-id
response header in the response.

If you do not enable versioning or suspend it on the target bucket, the version ID that Amazon S3 generates is always null.

If the source object's storage class is GLACIER, you must restore a copy of this object before you can use it as a source object for the copy operation. For more information, see RestoreObject.

The following operations are related to 

CopyObject
:

For more information, see Copying Objects. 

public virtual Task<CopyObjectResponse> CopyObjectAsync(string sourceBucket, string sourceKey, string sourceVersionId, string destinationBucket, string destinationKey, CancellationToken cancellationToken = default)

Parameters

sourceBucket string

A property of CopyObjectRequest used to execute the CopyObject service method.

sourceKey string

A property of CopyObjectRequest used to execute the CopyObject service method.

sourceVersionId string

A property of CopyObjectRequest used to execute the CopyObject service method.

destinationBucket string

The name of the destination bucket. When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide. When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form 

AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com
. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts in the Amazon S3 User Guide.
destinationKey string

A property of CopyObjectRequest used to execute the CopyObject service method.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<CopyObjectResponse>

The response from the CopyObject service method, as returned by S3.

See Also

CopyObjectAsync(string, string, string, string, CancellationToken)

Creates a copy of an object that is already stored in Amazon S3.

note

You can store individual objects of up to 5 TB in Amazon S3. You create a copy of your object up to 5 GB in size in a single atomic action using this API. However, to copy an object greater than 5 GB, you must use the multipart upload Upload Part - Copy (UploadPartCopy) API. For more information, see Copy Object Using the REST Multipart Upload API.

All copy requests must be authenticated. Additionally, you must have read access to the source object and write access to the destination bucket. For more information, see REST Authentication. Both the Region that you want to copy the object from and the Region that you want to copy the object to must be enabled for your account.

A copy request might return an error when Amazon S3 receives the copy request or while Amazon S3 is copying the files. If the error occurs before the copy action starts, you receive a standard Amazon S3 error. If the error occurs during the copy operation, the error response is embedded in the 

200 OK
response. This means that a 
200 OK
response can contain either a success or an error. If you call the S3 API directly, make sure to design your application to parse the contents of the response and handle it appropriately. If you use Amazon Web Services SDKs, SDKs handle this condition. The SDKs detect the embedded error and apply error handling per your configuration settings (including automatically retrying the request as appropriate). If the condition persists, the SDKs throws an exception (or, for the SDKs that don't use exceptions, they return the error).

If the copy is successful, you receive a response with information about the copied object.

note

If the request is an HTTP 1.1 request, the response is chunk encoded. If it were not, it would not contain the content-length, and you would need to read the entire body.

The copy request charge is based on the storage class and Region that you specify for the destination object. For pricing information, see Amazon S3 pricing.

Amazon S3 transfer acceleration does not support cross-Region copies. If you request a cross-Region copy using a transfer acceleration endpoint, you get a 400 

Bad
                                                                                      Request
error. For more information, see Transfer Acceleration.

Metadata

When copying an object, you can preserve all metadata (default) or specify new metadata. However, the ACL is not preserved and is set to private for the user making the request. To override the default ACL setting, specify a new ACL when generating a copy request. For more information, see Using ACLs.

To specify whether you want the object metadata copied from the source object or replaced with metadata provided in the request, you can optionally add the 

x-amz-metadata-directive
header. When you grant permissions, you can use the 
s3:x-amz-metadata-directive
condition key to enforce certain metadata behavior when objects are uploaded. For more information, see Specifying Conditions in a Policy in the Amazon S3 User Guide. For a complete list of Amazon S3-specific condition keys, see Actions, Resources, and Condition Keys for Amazon S3.
note

x-amz-website-redirect-location
is unique to each object and must be specified in the request headers to copy the value.

x-amz-copy-source-if Headers

To only copy an object under certain conditions, such as whether the 

Etag
matches or whether the object was modified before or after a specified date, use the following request parameters: 

  • x-amz-copy-source-if-match

  • x-amz-copy-source-if-none-match

  • x-amz-copy-source-if-unmodified-since

  • x-amz-copy-source-if-modified-since

If both the 

x-amz-copy-source-if-match
and 
x-amz-copy-source-if-unmodified-since
headers are present in the request and evaluate as follows, Amazon S3 returns 
200
                                                                                          OK
and copies the data: 

  • x-amz-copy-source-if-match
    condition evaluates to true 

  • x-amz-copy-source-if-unmodified-since
    condition evaluates to false

If both the 

x-amz-copy-source-if-none-match
and 
x-amz-copy-source-if-modified-since
headers are present in the request and evaluate as follows, Amazon S3 returns the 
412 Precondition Failed
response code: 

  • x-amz-copy-source-if-none-match
    condition evaluates to false 

  • x-amz-copy-source-if-modified-since
    condition evaluates to true
note

All headers with the 

x-amz-
prefix, including 
x-amz-copy-source
, must be signed.

Server-side encryption

Amazon S3 automatically encrypts all new objects that are copied to an S3 bucket. When copying an object, if you don't specify encryption information in your copy request, the encryption setting of the target object is set to the default encryption configuration of the destination bucket. By default, all buckets have a base level of encryption configuration that uses server-side encryption with Amazon S3 managed keys (SSE-S3). If the destination bucket has a default encryption configuration that uses server-side encryption with an Key Management Service (KMS) key (SSE-KMS), or a customer-provided encryption key (SSE-C), Amazon S3 uses the corresponding KMS key, or a customer-provided key to encrypt the target object copy. When you perform a CopyObject operation, if you want to use a different type of encryption setting for the target object, you can use other appropriate encryption-related headers to encrypt the target object with a KMS key, an Amazon S3 managed key, or a customer-provided key. With server-side encryption, Amazon S3 encrypts your data as it writes it to disks in its data centers and decrypts the data when you access it. If the encryption setting in your request is different from the default encryption configuration of the destination bucket, the encryption setting in your request takes precedence. If the source object for the copy is stored in Amazon S3 using SSE-C, you must provide the necessary encryption information in your request so that Amazon S3 can decrypt the object for copying. For more information about server-side encryption, see Using Server-Side Encryption.

If a target object uses SSE-KMS, you can enable an S3 Bucket Key for the object. For more information, see Amazon S3 Bucket Keys in the Amazon S3 User Guide.

Access Control List (ACL)-Specific Request Headers

When copying an object, you can optionally use headers to grant ACL-based permissions. By default, all objects are private. Only the owner has full access control. When adding a new object, you can grant permissions to individual Amazon Web Services accounts or to predefined groups defined by Amazon S3. These permissions are then added to the ACL on the object. For more information, see Access Control List (ACL) Overview and Managing ACLs Using the REST API.

If the bucket that you're copying objects to uses the bucket owner enforced setting for S3 Object Ownership, ACLs are disabled and no longer affect permissions. Buckets that use this setting only accept PUT requests that don't specify an ACL or PUT requests that specify bucket owner full control ACLs, such as the 

bucket-owner-full-control
canned ACL or an equivalent form of this ACL expressed in the XML format.

For more information, see Controlling ownership of objects and disabling ACLs in the Amazon S3 User Guide.

note

If your bucket uses the bucket owner enforced setting for Object Ownership, all objects written to the bucket by any account will be owned by the bucket owner.

Checksums

When copying an object, if it has a checksum, that checksum will be copied to the new object by default. When you copy the object over, you may optionally specify a different checksum algorithm to use with the 

x-amz-checksum-algorithm
header.

Storage Class Options

You can use the 

CopyObject
action to change the storage class of an object that is already stored in Amazon S3 using the 
StorageClass
parameter. For more information, see Storage Classes in the Amazon S3 User Guide.

Versioning

By default, 

x-amz-copy-source
identifies the current version of an object to copy. If the current version is a delete marker, Amazon S3 behaves as if the object was deleted. To copy a different version, use the 
versionId
subresource.

If you enable versioning on the target bucket, Amazon S3 generates a unique version ID for the object being copied. This version ID is different from the version ID of the source object. Amazon S3 returns the version ID of the copied object in the 

x-amz-version-id
response header in the response.

If you do not enable versioning or suspend it on the target bucket, the version ID that Amazon S3 generates is always null.

If the source object's storage class is GLACIER, you must restore a copy of this object before you can use it as a source object for the copy operation. For more information, see RestoreObject.

The following operations are related to 

CopyObject
:

For more information, see Copying Objects. 

public virtual Task<CopyObjectResponse> CopyObjectAsync(string sourceBucket, string sourceKey, string destinationBucket, string destinationKey, CancellationToken cancellationToken = default)

Parameters

sourceBucket string

A property of CopyObjectRequest used to execute the CopyObject service method.

sourceKey string

A property of CopyObjectRequest used to execute the CopyObject service method.

destinationBucket string

The name of the destination bucket. When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide. When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form 

AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com
. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts in the Amazon S3 User Guide.
destinationKey string

A property of CopyObjectRequest used to execute the CopyObject service method.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<CopyObjectResponse>

The response from the CopyObject service method, as returned by S3.

See Also

CopyPartAsync(CopyPartRequest, CancellationToken) 

public virtual Task<CopyPartResponse> CopyPartAsync(CopyPartRequest request, CancellationToken cancellationToken = default)

Parameters

request CopyPartRequest
cancellationToken CancellationToken

Returns

Task<CopyPartResponse>

CopyPartAsync(string, string, string, string, string, string, CancellationToken) 

public virtual Task<CopyPartResponse> CopyPartAsync(string sourceBucket, string sourceKey, string sourceVersionId, string destinationBucket, string destinationKey, string uploadId, CancellationToken cancellationToken = default)

Parameters

sourceBucket string
sourceKey string
sourceVersionId string
destinationBucket string
destinationKey string
uploadId string
cancellationToken CancellationToken

Returns

Task<CopyPartResponse>

CopyPartAsync(string, string, string, string, string, CancellationToken) 

public virtual Task<CopyPartResponse> CopyPartAsync(string sourceBucket, string sourceKey, string destinationBucket, string destinationKey, string uploadId, CancellationToken cancellationToken = default)

Parameters

sourceBucket string
sourceKey string
destinationBucket string
destinationKey string
uploadId string
cancellationToken CancellationToken

Returns

Task<CopyPartResponse>

CreateSigner()

Creates the signer for the service.

protected override AbstractAWSSigner CreateSigner()

Returns

AbstractAWSSigner

CustomizeRuntimePipeline(RuntimePipeline)

Customizes the runtime pipeline.

protected override void CustomizeRuntimePipeline(RuntimePipeline pipeline)

Parameters

pipeline RuntimePipeline

Runtime pipeline for the current client.

DeleteBucketAnalyticsConfigurationAsync(DeleteBucketAnalyticsConfigurationRequest, CancellationToken)

Deletes an analytics configuration for the bucket (specified by the analytics configuration ID).

To use this operation, you must have permissions to perform the 

s3:PutAnalyticsConfiguration
action. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.

For information about the Amazon S3 analytics feature, see Amazon S3 Analytics – Storage Class Analysis.

The following operations are related to 

DeleteBucketAnalyticsConfiguration
: 
public virtual Task<DeleteBucketAnalyticsConfigurationResponse> DeleteBucketAnalyticsConfigurationAsync(DeleteBucketAnalyticsConfigurationRequest request, CancellationToken cancellationToken = default)

Parameters

request DeleteBucketAnalyticsConfigurationRequest

Container for the necessary parameters to execute the DeleteBucketAnalyticsConfiguration service method.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<DeleteBucketAnalyticsConfigurationResponse>

The response from the DeleteBucketAnalyticsConfiguration service method, as returned by S3.

See Also

DeleteBucketAsync(DeleteBucketRequest, CancellationToken) 

public virtual Task<DeleteBucketResponse> DeleteBucketAsync(DeleteBucketRequest request, CancellationToken cancellationToken = default)

Parameters

request DeleteBucketRequest
cancellationToken CancellationToken

Returns

Task<DeleteBucketResponse>

DeleteBucketAsync(string, CancellationToken) 

public virtual Task<DeleteBucketResponse> DeleteBucketAsync(string bucketName, CancellationToken cancellationToken = default)

Parameters

bucketName string
cancellationToken CancellationToken

Returns

Task<DeleteBucketResponse>

DeleteBucketEncryptionAsync(DeleteBucketEncryptionRequest, CancellationToken) 

public virtual Task<DeleteBucketEncryptionResponse> DeleteBucketEncryptionAsync(DeleteBucketEncryptionRequest request, CancellationToken cancellationToken = default)

Parameters

request DeleteBucketEncryptionRequest
cancellationToken CancellationToken

Returns

Task<DeleteBucketEncryptionResponse>

DeleteBucketIntelligentTieringConfigurationAsync(DeleteBucketIntelligentTieringConfigurationRequest, CancellationToken)

Deletes the S3 Intelligent-Tiering configuration from the specified bucket.

The S3 Intelligent-Tiering storage class is designed to optimize storage costs by automatically moving data to the most cost-effective storage access tier, without performance impact or operational overhead. S3 Intelligent-Tiering delivers automatic cost savings in three low latency and high throughput access tiers. To get the lowest storage cost on data that can be accessed in minutes to hours, you can choose to activate additional archiving capabilities.

The S3 Intelligent-Tiering storage class is the ideal storage class for data with unknown, changing, or unpredictable access patterns, independent of object size or retention period. If the size of an object is less than 128 KB, it is not monitored and not eligible for auto-tiering. Smaller objects can be stored, but they are always charged at the Frequent Access tier rates in the S3 Intelligent-Tiering storage class.

For more information, see Storage class for automatically optimizing frequently and infrequently accessed objects.

Operations related to 

DeleteBucketIntelligentTieringConfiguration
include: 
public virtual Task<DeleteBucketIntelligentTieringConfigurationResponse> DeleteBucketIntelligentTieringConfigurationAsync(DeleteBucketIntelligentTieringConfigurationRequest request, CancellationToken cancellationToken = default)

Parameters

request DeleteBucketIntelligentTieringConfigurationRequest

Container for the necessary parameters to execute the DeleteBucketIntelligentTieringConfiguration service method.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<DeleteBucketIntelligentTieringConfigurationResponse>

The response from the DeleteBucketIntelligentTieringConfiguration service method, as returned by S3.

See Also

DeleteBucketInventoryConfigurationAsync(DeleteBucketInventoryConfigurationRequest, CancellationToken)

Deletes an inventory configuration (identified by the inventory ID) from the bucket.

To use this operation, you must have permissions to perform the 

s3:PutInventoryConfiguration
action. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.

For information about the Amazon S3 inventory feature, see Amazon S3 Inventory.

Operations related to 

DeleteBucketInventoryConfiguration
include: 
public virtual Task<DeleteBucketInventoryConfigurationResponse> DeleteBucketInventoryConfigurationAsync(DeleteBucketInventoryConfigurationRequest request, CancellationToken cancellationToken = default)

Parameters

request DeleteBucketInventoryConfigurationRequest

Container for the necessary parameters to execute the DeleteBucketInventoryConfiguration service method.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<DeleteBucketInventoryConfigurationResponse>

The response from the DeleteBucketInventoryConfiguration service method, as returned by S3.

See Also

DeleteBucketMetricsConfigurationAsync(DeleteBucketMetricsConfigurationRequest, CancellationToken)

Deletes a metrics configuration for the Amazon CloudWatch request metrics (specified by the metrics configuration ID) from the bucket. Note that this doesn't include the daily storage metrics.

To use this operation, you must have permissions to perform the 

s3:PutMetricsConfiguration
action. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.

For information about CloudWatch request metrics for Amazon S3, see Monitoring Metrics with Amazon CloudWatch.

The following operations are related to 

DeleteBucketMetricsConfiguration
: 
public virtual Task<DeleteBucketMetricsConfigurationResponse> DeleteBucketMetricsConfigurationAsync(DeleteBucketMetricsConfigurationRequest request, CancellationToken cancellationToken = default)

Parameters

request DeleteBucketMetricsConfigurationRequest

Container for the necessary parameters to execute the DeleteBucketMetricsConfiguration service method.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<DeleteBucketMetricsConfigurationResponse>

The response from the DeleteBucketMetricsConfiguration service method, as returned by S3.

See Also

DeleteBucketOwnershipControlsAsync(DeleteBucketOwnershipControlsRequest, CancellationToken)

Removes 

OwnershipControls
for an Amazon S3 bucket. To use this operation, you must have the 
s3:PutBucketOwnershipControls
permission. For more information about Amazon S3 permissions, see Specifying Permissions in a Policy.

For information about Amazon S3 Object Ownership, see Using Object Ownership.

The following operations are related to 

DeleteBucketOwnershipControls
: 
public virtual Task<DeleteBucketOwnershipControlsResponse> DeleteBucketOwnershipControlsAsync(DeleteBucketOwnershipControlsRequest request, CancellationToken cancellationToken = default)

Parameters

request DeleteBucketOwnershipControlsRequest

Container for the necessary parameters to execute the DeleteBucketOwnershipControls service method.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<DeleteBucketOwnershipControlsResponse>

The response from the DeleteBucketOwnershipControls service method, as returned by S3.

See Also

DeleteBucketPolicyAsync(DeleteBucketPolicyRequest, CancellationToken)

This implementation of the DELETE action uses the policy subresource to delete the policy of a specified bucket. If you are using an identity other than the root user of the Amazon Web Services account that owns the bucket, the calling identity must have the 

DeleteBucketPolicy
permissions on the specified bucket and belong to the bucket owner's account to use this operation.

If you don't have 

DeleteBucketPolicy
permissions, Amazon S3 returns a 
403 Access Denied
error. If you have the correct permissions, but you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 
405 Method Not Allowed
error.

As a security precaution, the root user of the Amazon Web Services account that owns a bucket can always use this operation, even if the policy explicitly denies the root user the ability to perform this action.

For more information about bucket policies, see Using Bucket Policies and UserPolicies.

The following operations are related to 

DeleteBucketPolicy
public virtual Task<DeleteBucketPolicyResponse> DeleteBucketPolicyAsync(DeleteBucketPolicyRequest request, CancellationToken cancellationToken = default)

Parameters

request DeleteBucketPolicyRequest

Container for the necessary parameters to execute the DeleteBucketPolicy service method.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<DeleteBucketPolicyResponse>

The response from the DeleteBucketPolicy service method, as returned by S3.

See Also

DeleteBucketPolicyAsync(string, CancellationToken)

This implementation of the DELETE action uses the policy subresource to delete the policy of a specified bucket. If you are using an identity other than the root user of the Amazon Web Services account that owns the bucket, the calling identity must have the 

DeleteBucketPolicy
permissions on the specified bucket and belong to the bucket owner's account to use this operation.

If you don't have 

DeleteBucketPolicy
permissions, Amazon S3 returns a 
403 Access Denied
error. If you have the correct permissions, but you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 
405 Method Not Allowed
error.

As a security precaution, the root user of the Amazon Web Services account that owns a bucket can always use this operation, even if the policy explicitly denies the root user the ability to perform this action.

For more information about bucket policies, see Using Bucket Policies and UserPolicies.

The following operations are related to 

DeleteBucketPolicy
public virtual Task<DeleteBucketPolicyResponse> DeleteBucketPolicyAsync(string bucketName, CancellationToken cancellationToken = default)

Parameters

bucketName string

The bucket name.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<DeleteBucketPolicyResponse>

The response from the DeleteBucketPolicy service method, as returned by S3.

See Also

DeleteBucketReplicationAsync(DeleteBucketReplicationRequest, CancellationToken)

Deletes the replication configuration from the bucket.

To use this operation, you must have permissions to perform the 

s3:PutReplicationConfiguration
action. The bucket owner has these permissions by default and can grant it to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.
note

It can take a while for the deletion of a replication configuration to fully propagate.

For information about replication configuration, see Replication in the Amazon S3 User Guide.

The following operations are related to 

DeleteBucketReplication
: 
public virtual Task<DeleteBucketReplicationResponse> DeleteBucketReplicationAsync(DeleteBucketReplicationRequest request, CancellationToken cancellationToken = default)

Parameters

request DeleteBucketReplicationRequest

Container for the necessary parameters to execute the DeleteBucketReplication service method.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<DeleteBucketReplicationResponse>

The response from the DeleteBucketReplication service method, as returned by S3.

See Also

DeleteBucketTaggingAsync(DeleteBucketTaggingRequest, CancellationToken)

Deletes the tags from the bucket.

To use this operation, you must have permission to perform the 

s3:PutBucketTagging
action. By default, the bucket owner has this permission and can grant this permission to others.

The following operations are related to 

DeleteBucketTagging
: 
public virtual Task<DeleteBucketTaggingResponse> DeleteBucketTaggingAsync(DeleteBucketTaggingRequest request, CancellationToken cancellationToken = default)

Parameters

request DeleteBucketTaggingRequest

Container for the necessary parameters to execute the DeleteBucketTagging service method.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<DeleteBucketTaggingResponse>

The response from the DeleteBucketTagging service method, as returned by S3.

See Also

DeleteBucketTaggingAsync(string, CancellationToken)

Deletes the tags from the bucket.

To use this operation, you must have permission to perform the 

s3:PutBucketTagging
action. By default, the bucket owner has this permission and can grant this permission to others.

The following operations are related to 

DeleteBucketTagging
: 
public virtual Task<DeleteBucketTaggingResponse> DeleteBucketTaggingAsync(string bucketName, CancellationToken cancellationToken = default)

Parameters

bucketName string

The bucket that has the tag set to be removed.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<DeleteBucketTaggingResponse>

The response from the DeleteBucketTagging service method, as returned by S3.

See Also

DeleteBucketWebsiteAsync(DeleteBucketWebsiteRequest, CancellationToken)

This action removes the website configuration for a bucket. Amazon S3 returns a 

200
OK
response upon successfully deleting a website configuration on the specified bucket. You will get a 
200 OK
response if the website configuration you are trying to delete does not exist on the bucket. Amazon S3 returns a 
404
response if the bucket specified in the request does not exist.

This DELETE action requires the 

S3:DeleteBucketWebsite
permission. By default, only the bucket owner can delete the website configuration attached to a bucket. However, bucket owners can grant other users permission to delete the website configuration by writing a bucket policy granting them the 
S3:DeleteBucketWebsite
permission.

For more information about hosting websites, see Hosting Websites on Amazon S3.

The following operations are related to 

DeleteBucketWebsite
: 
public virtual Task<DeleteBucketWebsiteResponse> DeleteBucketWebsiteAsync(DeleteBucketWebsiteRequest request, CancellationToken cancellationToken = default)

Parameters

request DeleteBucketWebsiteRequest

Container for the necessary parameters to execute the DeleteBucketWebsite service method.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<DeleteBucketWebsiteResponse>

The response from the DeleteBucketWebsite service method, as returned by S3.

See Also

DeleteBucketWebsiteAsync(string, CancellationToken)

This action removes the website configuration for a bucket. Amazon S3 returns a 

200
OK
response upon successfully deleting a website configuration on the specified bucket. You will get a 
200 OK
response if the website configuration you are trying to delete does not exist on the bucket. Amazon S3 returns a 
404
response if the bucket specified in the request does not exist.

This DELETE action requires the 

S3:DeleteBucketWebsite
permission. By default, only the bucket owner can delete the website configuration attached to a bucket. However, bucket owners can grant other users permission to delete the website configuration by writing a bucket policy granting them the 
S3:DeleteBucketWebsite
permission.

For more information about hosting websites, see Hosting Websites on Amazon S3.

The following operations are related to 

DeleteBucketWebsite
: 
public virtual Task<DeleteBucketWebsiteResponse> DeleteBucketWebsiteAsync(string bucketName, CancellationToken cancellationToken = default)

Parameters

bucketName string

The bucket name for which you want to remove the website configuration.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<DeleteBucketWebsiteResponse>

The response from the DeleteBucketWebsite service method, as returned by S3.

See Also

DeleteCORSConfigurationAsync(DeleteCORSConfigurationRequest, CancellationToken) 

public virtual Task<DeleteCORSConfigurationResponse> DeleteCORSConfigurationAsync(DeleteCORSConfigurationRequest request, CancellationToken cancellationToken = default)

Parameters

request DeleteCORSConfigurationRequest
cancellationToken CancellationToken

Returns

Task<DeleteCORSConfigurationResponse>

DeleteCORSConfigurationAsync(string, CancellationToken) 

public virtual Task<DeleteCORSConfigurationResponse> DeleteCORSConfigurationAsync(string bucketName, CancellationToken cancellationToken = default)

Parameters

bucketName string
cancellationToken CancellationToken

Returns

Task<DeleteCORSConfigurationResponse>

DeleteLifecycleConfigurationAsync(DeleteLifecycleConfigurationRequest, CancellationToken)

Deletes the lifecycle configuration from the specified bucket. Amazon S3 removes all the lifecycle configuration rules in the lifecycle subresource associated with the bucket. Your objects never expire, and Amazon S3 no longer automatically deletes any objects on the basis of rules contained in the deleted lifecycle configuration.

To use this operation, you must have permission to perform the 

s3:PutLifecycleConfiguration
action. By default, the bucket owner has this permission and the bucket owner can grant this permission to others.

There is usually some time lag before lifecycle configuration deletion is fully propagated to all the Amazon S3 systems.

For more information about the object expiration, see Elements to Describe Lifecycle Actions.

Related actions include: 

public virtual Task<DeleteLifecycleConfigurationResponse> DeleteLifecycleConfigurationAsync(DeleteLifecycleConfigurationRequest request, CancellationToken cancellationToken = default)

Parameters

request DeleteLifecycleConfigurationRequest

Container for the necessary parameters to execute the DeleteLifecycleConfiguration service method.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<DeleteLifecycleConfigurationResponse>

The response from the DeleteLifecycleConfiguration service method, as returned by S3.

See Also

DeleteLifecycleConfigurationAsync(string, CancellationToken)

Deletes the lifecycle configuration from the specified bucket. Amazon S3 removes all the lifecycle configuration rules in the lifecycle subresource associated with the bucket. Your objects never expire, and Amazon S3 no longer automatically deletes any objects on the basis of rules contained in the deleted lifecycle configuration.

To use this operation, you must have permission to perform the 

s3:PutLifecycleConfiguration
action. By default, the bucket owner has this permission and the bucket owner can grant this permission to others.

There is usually some time lag before lifecycle configuration deletion is fully propagated to all the Amazon S3 systems.

For more information about the object expiration, see Elements to Describe Lifecycle Actions.

Related actions include: 

public virtual Task<DeleteLifecycleConfigurationResponse> DeleteLifecycleConfigurationAsync(string bucketName, CancellationToken cancellationToken = default)

Parameters

bucketName string

The bucket name of the lifecycle to delete.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<DeleteLifecycleConfigurationResponse>

The response from the DeleteLifecycleConfiguration service method, as returned by S3.

See Also

DeleteObjectAsync(DeleteObjectRequest, CancellationToken)

Removes the null version (if there is one) of an object and inserts a delete marker, which becomes the latest version of the object. If there isn't a null version, Amazon S3 does not remove any objects but will still respond that the command was successful.

To remove a specific version, you must use the version Id subresource. Using this subresource permanently deletes the version. If the object deleted is a delete marker, Amazon S3 sets the response header, 

x-amz-delete-marker
, to true.

If the object you want to delete is in a bucket where the bucket versioning configuration is MFA Delete enabled, you must include the 

x-amz-mfa
request header in the DELETE 
versionId
request. Requests that include 
x-amz-mfa
must use HTTPS.

For more information about MFA Delete, see Using MFA Delete. To see sample requests that use versioning, see Sample Request.

You can delete objects by explicitly calling DELETE Object or configure its lifecycle (PutBucketLifecycle) to enable Amazon S3 to remove them for you. If you want to block users or accounts from removing or deleting objects from your bucket, you must deny them the 

s3:DeleteObject
, 
s3:DeleteObjectVersion
, and 
s3:PutLifeCycleConfiguration
actions.

The following action is related to 

DeleteObject
: 
public virtual Task<DeleteObjectResponse> DeleteObjectAsync(DeleteObjectRequest request, CancellationToken cancellationToken = default)

Parameters

request DeleteObjectRequest

Container for the necessary parameters to execute the DeleteObject service method.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<DeleteObjectResponse>

The response from the DeleteObject service method, as returned by S3.

See Also

DeleteObjectAsync(string, string, string, CancellationToken)

Removes the null version (if there is one) of an object and inserts a delete marker, which becomes the latest version of the object. If there isn't a null version, Amazon S3 does not remove any objects but will still respond that the command was successful.

To remove a specific version, you must use the version Id subresource. Using this subresource permanently deletes the version. If the object deleted is a delete marker, Amazon S3 sets the response header, 

x-amz-delete-marker
, to true.

If the object you want to delete is in a bucket where the bucket versioning configuration is MFA Delete enabled, you must include the 

x-amz-mfa
request header in the DELETE 
versionId
request. Requests that include 
x-amz-mfa
must use HTTPS.

For more information about MFA Delete, see Using MFA Delete. To see sample requests that use versioning, see Sample Request.

You can delete objects by explicitly calling DELETE Object or configure its lifecycle (PutBucketLifecycle) to enable Amazon S3 to remove them for you. If you want to block users or accounts from removing or deleting objects from your bucket, you must deny them the 

s3:DeleteObject
, 
s3:DeleteObjectVersion
, and 
s3:PutLifeCycleConfiguration
actions.

The following action is related to 

DeleteObject
: 
public virtual Task<DeleteObjectResponse> DeleteObjectAsync(string bucketName, string key, string versionId, CancellationToken cancellationToken = default)

Parameters

bucketName string

The bucket name of the bucket containing the object. When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide. When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form 

AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com
. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts in the Amazon S3 User Guide.
key string

Key name of the object to delete.

versionId string

VersionId used to reference a specific version of the object.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<DeleteObjectResponse>

The response from the DeleteObject service method, as returned by S3.

See Also

DeleteObjectAsync(string, string, CancellationToken)

Removes the null version (if there is one) of an object and inserts a delete marker, which becomes the latest version of the object. If there isn't a null version, Amazon S3 does not remove any objects but will still respond that the command was successful.

To remove a specific version, you must use the version Id subresource. Using this subresource permanently deletes the version. If the object deleted is a delete marker, Amazon S3 sets the response header, 

x-amz-delete-marker
, to true.

If the object you want to delete is in a bucket where the bucket versioning configuration is MFA Delete enabled, you must include the 

x-amz-mfa
request header in the DELETE 
versionId
request. Requests that include 
x-amz-mfa
must use HTTPS.

For more information about MFA Delete, see Using MFA Delete. To see sample requests that use versioning, see Sample Request.

You can delete objects by explicitly calling DELETE Object or configure its lifecycle (PutBucketLifecycle) to enable Amazon S3 to remove them for you. If you want to block users or accounts from removing or deleting objects from your bucket, you must deny them the 

s3:DeleteObject
, 
s3:DeleteObjectVersion
, and 
s3:PutLifeCycleConfiguration
actions.

The following action is related to 

DeleteObject
: 
public virtual Task<DeleteObjectResponse> DeleteObjectAsync(string bucketName, string key, CancellationToken cancellationToken = default)

Parameters

bucketName string

The bucket name of the bucket containing the object. When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide. When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form 

AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com
. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts in the Amazon S3 User Guide.
key string

Key name of the object to delete.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<DeleteObjectResponse>

The response from the DeleteObject service method, as returned by S3.

See Also

DeleteObjectTaggingAsync(DeleteObjectTaggingRequest, CancellationToken)

Removes the entire tag set from the specified object. For more information about managing object tags, see Object Tagging.

To use this operation, you must have permission to perform the 

s3:DeleteObjectTagging
action.

To delete tags of a specific object version, add the 

versionId
query parameter in the request. You will need permission for the 
s3:DeleteObjectVersionTagging
action.

The following operations are related to 

DeleteObjectTagging
: 
public virtual Task<DeleteObjectTaggingResponse> DeleteObjectTaggingAsync(DeleteObjectTaggingRequest request, CancellationToken cancellationToken = default)

Parameters

request DeleteObjectTaggingRequest

Container for the necessary parameters to execute the DeleteObjectTagging service method.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<DeleteObjectTaggingResponse>

The response from the DeleteObjectTagging service method, as returned by S3.

See Also

DeleteObjectsAsync(DeleteObjectsRequest, CancellationToken)

This action enables you to delete multiple objects from a bucket using a single HTTP request. If you know the object keys that you want to delete, then this action provides a suitable alternative to sending individual delete requests, reducing per-request overhead.

The request contains a list of up to 1000 keys that you want to delete. In the XML, you provide the object key names, and optionally, version IDs if you want to delete a specific version of the object from a versioning-enabled bucket. For each key, Amazon S3 performs a delete action and returns the result of that delete, success, or failure, in the response. Note that if the object specified in the request is not found, Amazon S3 returns the result as deleted.

The action supports two modes for the response: verbose and quiet. By default, the action uses verbose mode in which the response includes the result of deletion of each key in your request. In quiet mode the response includes only keys where the delete action encountered an error. For a successful deletion, the action does not return any information about the delete in the response body.

When performing this action on an MFA Delete enabled bucket, that attempts to delete any versioned objects, you must include an MFA token. If you do not provide one, the entire request will fail, even if there are non-versioned objects you are trying to delete. If you provide an invalid token, whether there are versioned keys in the request or not, the entire Multi-Object Delete request will fail. For information about MFA Delete, see MFA Delete.

Finally, the Content-MD5 header is required for all Multi-Object Delete requests. Amazon S3 uses the header value to ensure that your request body has not been altered in transit.

The following operations are related to 

DeleteObjects
: 
public virtual Task<DeleteObjectsResponse> DeleteObjectsAsync(DeleteObjectsRequest request, CancellationToken cancellationToken = default)

Parameters

request DeleteObjectsRequest

Container for the necessary parameters to execute the DeleteObjects service method.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<DeleteObjectsResponse>

The response from the DeleteObjects service method, as returned by S3.

See Also

DeletePublicAccessBlockAsync(DeletePublicAccessBlockRequest, CancellationToken)

Removes the 

PublicAccessBlock
configuration for an Amazon S3 bucket. To use this operation, you must have the 
s3:PutBucketPublicAccessBlock
permission. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.

The following operations are related to 

DeletePublicAccessBlock
: 
public virtual Task<DeletePublicAccessBlockResponse> DeletePublicAccessBlockAsync(DeletePublicAccessBlockRequest request, CancellationToken cancellationToken = default)

Parameters

request DeletePublicAccessBlockRequest

Container for the necessary parameters to execute the DeletePublicAccessBlock service method.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<DeletePublicAccessBlockResponse>

The response from the DeletePublicAccessBlock service method, as returned by S3.

See Also

Dispose(bool)

Disposes the service client.

protected override void Dispose(bool disposing)

Parameters

disposing bool

GetACLAsync(GetACLRequest, CancellationToken) 

public virtual Task<GetACLResponse> GetACLAsync(GetACLRequest request, CancellationToken cancellationToken = default)

Parameters

request GetACLRequest
cancellationToken CancellationToken

Returns

Task<GetACLResponse>

GetACLAsync(string, CancellationToken) 

public virtual Task<GetACLResponse> GetACLAsync(string bucketName, CancellationToken cancellationToken = default)

Parameters

bucketName string
cancellationToken CancellationToken

Returns

Task<GetACLResponse>

GetBucketAccelerateConfigurationAsync(GetBucketAccelerateConfigurationRequest, CancellationToken) 

public virtual Task<GetBucketAccelerateConfigurationResponse> GetBucketAccelerateConfigurationAsync(GetBucketAccelerateConfigurationRequest request, CancellationToken cancellationToken = default)

Parameters

request GetBucketAccelerateConfigurationRequest
cancellationToken CancellationToken

Returns

Task<GetBucketAccelerateConfigurationResponse>

GetBucketAccelerateConfigurationAsync(string, CancellationToken) 

public virtual Task<GetBucketAccelerateConfigurationResponse> GetBucketAccelerateConfigurationAsync(string bucketName, CancellationToken cancellationToken = default)

Parameters

bucketName string
cancellationToken CancellationToken

Returns

Task<GetBucketAccelerateConfigurationResponse>

GetBucketAnalyticsConfigurationAsync(GetBucketAnalyticsConfigurationRequest, CancellationToken) 

public virtual Task<GetBucketAnalyticsConfigurationResponse> GetBucketAnalyticsConfigurationAsync(GetBucketAnalyticsConfigurationRequest request, CancellationToken cancellationToken = default)

Parameters

request GetBucketAnalyticsConfigurationRequest
cancellationToken CancellationToken

Returns

Task<GetBucketAnalyticsConfigurationResponse>

GetBucketEncryptionAsync(GetBucketEncryptionRequest, CancellationToken)

Returns the default encryption configuration for an Amazon S3 bucket. By default, all buckets have a default encryption configuration that uses server-side encryption with Amazon S3 managed keys (SSE-S3). For information about the bucket default encryption feature, see Amazon S3 Bucket Default Encryption in the Amazon S3 User Guide.

To use this operation, you must have permission to perform the 

s3:GetEncryptionConfiguration
action. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.

The following operations are related to 

GetBucketEncryption
: 
public virtual Task<GetBucketEncryptionResponse> GetBucketEncryptionAsync(GetBucketEncryptionRequest request, CancellationToken cancellationToken = default)

Parameters

request GetBucketEncryptionRequest

Container for the necessary parameters to execute the GetBucketEncryption service method.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<GetBucketEncryptionResponse>

The response from the GetBucketEncryption service method, as returned by S3.

See Also

GetBucketIntelligentTieringConfigurationAsync(GetBucketIntelligentTieringConfigurationRequest, CancellationToken)

Gets the S3 Intelligent-Tiering configuration from the specified bucket.

The S3 Intelligent-Tiering storage class is designed to optimize storage costs by automatically moving data to the most cost-effective storage access tier, without performance impact or operational overhead. S3 Intelligent-Tiering delivers automatic cost savings in three low latency and high throughput access tiers. To get the lowest storage cost on data that can be accessed in minutes to hours, you can choose to activate additional archiving capabilities.

The S3 Intelligent-Tiering storage class is the ideal storage class for data with unknown, changing, or unpredictable access patterns, independent of object size or retention period. If the size of an object is less than 128 KB, it is not monitored and not eligible for auto-tiering. Smaller objects can be stored, but they are always charged at the Frequent Access tier rates in the S3 Intelligent-Tiering storage class.

For more information, see Storage class for automatically optimizing frequently and infrequently accessed objects.

Operations related to 

GetBucketIntelligentTieringConfiguration
include: 
public virtual Task<GetBucketIntelligentTieringConfigurationResponse> GetBucketIntelligentTieringConfigurationAsync(GetBucketIntelligentTieringConfigurationRequest request, CancellationToken cancellationToken = default)

Parameters

request GetBucketIntelligentTieringConfigurationRequest

Container for the necessary parameters to execute the GetBucketIntelligentTieringConfiguration service method.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<GetBucketIntelligentTieringConfigurationResponse>

The response from the GetBucketIntelligentTieringConfiguration service method, as returned by S3.

See Also

GetBucketInventoryConfigurationAsync(GetBucketInventoryConfigurationRequest, CancellationToken)

Returns an inventory configuration (identified by the inventory configuration ID) from the bucket.

To use this operation, you must have permissions to perform the 

s3:GetInventoryConfiguration
action. The bucket owner has this permission by default and can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.

For information about the Amazon S3 inventory feature, see Amazon S3 Inventory.

The following operations are related to 

GetBucketInventoryConfiguration
: 
public virtual Task<GetBucketInventoryConfigurationResponse> GetBucketInventoryConfigurationAsync(GetBucketInventoryConfigurationRequest request, CancellationToken cancellationToken = default)

Parameters

request GetBucketInventoryConfigurationRequest

Container for the necessary parameters to execute the GetBucketInventoryConfiguration service method.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<GetBucketInventoryConfigurationResponse>

The response from the GetBucketInventoryConfiguration service method, as returned by S3.

See Also

GetBucketLocationAsync(GetBucketLocationRequest, CancellationToken)

Returns the Region the bucket resides in. You set the bucket's Region using the 

LocationConstraint
request parameter in a 
CreateBucket
request. For more information, see CreateBucket.

To use this implementation of the operation, you must be the bucket owner.

To use this API against an access point, provide the alias of the access point in place of the bucket name.

note

For requests made using Amazon Web Services Signature Version 4 (SigV4), we recommend that you use HeadBucket to return the bucket Region instead of GetBucketLocation.

The following operations are related to 

GetBucketLocation
: 
public virtual Task<GetBucketLocationResponse> GetBucketLocationAsync(GetBucketLocationRequest request, CancellationToken cancellationToken = default)

Parameters

request GetBucketLocationRequest

Container for the necessary parameters to execute the GetBucketLocation service method.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<GetBucketLocationResponse>

The response from the GetBucketLocation service method, as returned by S3.

See Also

GetBucketLocationAsync(string, CancellationToken)

Returns the Region the bucket resides in. You set the bucket's Region using the 

LocationConstraint
request parameter in a 
CreateBucket
request. For more information, see CreateBucket.

To use this implementation of the operation, you must be the bucket owner.

To use this API against an access point, provide the alias of the access point in place of the bucket name.

note

For requests made using Amazon Web Services Signature Version 4 (SigV4), we recommend that you use HeadBucket to return the bucket Region instead of GetBucketLocation.

The following operations are related to 

GetBucketLocation
: 
public virtual Task<GetBucketLocationResponse> GetBucketLocationAsync(string bucketName, CancellationToken cancellationToken = default)

Parameters

bucketName string

The name of the bucket for which to get the location.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<GetBucketLocationResponse>

The response from the GetBucketLocation service method, as returned by S3.

See Also

GetBucketLoggingAsync(GetBucketLoggingRequest, CancellationToken)

Returns the logging status of a bucket and the permissions users have to view and modify that status.

The following operations are related to 

GetBucketLogging
: 
public virtual Task<GetBucketLoggingResponse> GetBucketLoggingAsync(GetBucketLoggingRequest request, CancellationToken cancellationToken = default)

Parameters

request GetBucketLoggingRequest

Container for the necessary parameters to execute the GetBucketLogging service method.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<GetBucketLoggingResponse>

The response from the GetBucketLogging service method, as returned by S3.

See Also

GetBucketLoggingAsync(string, CancellationToken)

Returns the logging status of a bucket and the permissions users have to view and modify that status.

The following operations are related to 

GetBucketLogging
: 
public virtual Task<GetBucketLoggingResponse> GetBucketLoggingAsync(string bucketName, CancellationToken cancellationToken = default)

Parameters

bucketName string

The bucket name for which to get the logging information.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<GetBucketLoggingResponse>

The response from the GetBucketLogging service method, as returned by S3.

See Also

GetBucketMetricsConfigurationAsync(GetBucketMetricsConfigurationRequest, CancellationToken)

Gets a metrics configuration (specified by the metrics configuration ID) from the bucket. Note that this doesn't include the daily storage metrics.

To use this operation, you must have permissions to perform the 

s3:GetMetricsConfiguration
action. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.

For information about CloudWatch request metrics for Amazon S3, see Monitoring Metrics with Amazon CloudWatch.

The following operations are related to 

GetBucketMetricsConfiguration
: 
public virtual Task<GetBucketMetricsConfigurationResponse> GetBucketMetricsConfigurationAsync(GetBucketMetricsConfigurationRequest request, CancellationToken cancellationToken = default)

Parameters

request GetBucketMetricsConfigurationRequest

Container for the necessary parameters to execute the GetBucketMetricsConfiguration service method.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<GetBucketMetricsConfigurationResponse>

The response from the GetBucketMetricsConfiguration service method, as returned by S3.

See Also

GetBucketNotificationAsync(GetBucketNotificationRequest, CancellationToken)

Returns the notification configuration of a bucket.

If notifications are not enabled on the bucket, the action returns an empty 

NotificationConfiguration
element.

By default, you must be the bucket owner to read the notification configuration of a bucket. However, the bucket owner can use a bucket policy to grant permission to other users to read this configuration with the 

s3:GetBucketNotification
permission.

To use this API against an access point, provide the alias of the access point in place of the bucket name.

For more information about setting and reading the notification configuration on a bucket, see Setting Up Notification of Bucket Events. For more information about bucket policies, see Using Bucket Policies.

The following action is related to 

GetBucketNotification
: 
public virtual Task<GetBucketNotificationResponse> GetBucketNotificationAsync(GetBucketNotificationRequest request, CancellationToken cancellationToken = default)

Parameters

request GetBucketNotificationRequest

Container for the necessary parameters to execute the GetBucketNotification service method.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<GetBucketNotificationResponse>

The response from the GetBucketNotification service method, as returned by S3.

See Also

GetBucketNotificationAsync(string, CancellationToken)

Returns the notification configuration of a bucket.

If notifications are not enabled on the bucket, the action returns an empty 

NotificationConfiguration
element.

By default, you must be the bucket owner to read the notification configuration of a bucket. However, the bucket owner can use a bucket policy to grant permission to other users to read this configuration with the 

s3:GetBucketNotification
permission.

To use this API against an access point, provide the alias of the access point in place of the bucket name.

For more information about setting and reading the notification configuration on a bucket, see Setting Up Notification of Bucket Events. For more information about bucket policies, see Using Bucket Policies.

The following action is related to 

GetBucketNotification
: 
public virtual Task<GetBucketNotificationResponse> GetBucketNotificationAsync(string bucketName, CancellationToken cancellationToken = default)

Parameters

bucketName string

The name of the bucket for which to get the notification configuration.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<GetBucketNotificationResponse>

The response from the GetBucketNotification service method, as returned by S3.

See Also

GetBucketOwnershipControlsAsync(GetBucketOwnershipControlsRequest, CancellationToken)

Retrieves 

OwnershipControls
for an Amazon S3 bucket. To use this operation, you must have the 
s3:GetBucketOwnershipControls
permission. For more information about Amazon S3 permissions, see Specifying permissions in a policy.

For information about Amazon S3 Object Ownership, see Using Object Ownership.

The following operations are related to 

GetBucketOwnershipControls
: 
public virtual Task<GetBucketOwnershipControlsResponse> GetBucketOwnershipControlsAsync(GetBucketOwnershipControlsRequest request, CancellationToken cancellationToken = default)

Parameters

request GetBucketOwnershipControlsRequest

Container for the necessary parameters to execute the GetBucketOwnershipControls service method.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<GetBucketOwnershipControlsResponse>

The response from the GetBucketOwnershipControls service method, as returned by S3.

See Also

GetBucketPolicyAsync(GetBucketPolicyRequest, CancellationToken)

Returns the policy of a specified bucket. If you are using an identity other than the root user of the Amazon Web Services account that owns the bucket, the calling identity must have the 

GetBucketPolicy
permissions on the specified bucket and belong to the bucket owner's account in order to use this operation.

If you don't have 

GetBucketPolicy
permissions, Amazon S3 returns a 
403
                                                                                            Access Denied
error. If you have the correct permissions, but you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 
405
                                                                                        Method Not Allowed
error.

As a security precaution, the root user of the Amazon Web Services account that owns a bucket can always use this operation, even if the policy explicitly denies the root user the ability to perform this action.

To use this API against an access point, provide the alias of the access point in place of the bucket name.

For more information about bucket policies, see Using Bucket Policies and User Policies.

The following action is related to 

GetBucketPolicy
: 
public virtual Task<GetBucketPolicyResponse> GetBucketPolicyAsync(GetBucketPolicyRequest request, CancellationToken cancellationToken = default)

Parameters

request GetBucketPolicyRequest

Container for the necessary parameters to execute the GetBucketPolicy service method.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<GetBucketPolicyResponse>

The response from the GetBucketPolicy service method, as returned by S3.

See Also

GetBucketPolicyAsync(string, CancellationToken)

Returns the policy of a specified bucket. If you are using an identity other than the root user of the Amazon Web Services account that owns the bucket, the calling identity must have the 

GetBucketPolicy
permissions on the specified bucket and belong to the bucket owner's account in order to use this operation.

If you don't have 

GetBucketPolicy
permissions, Amazon S3 returns a 
403
                                                                                            Access Denied
error. If you have the correct permissions, but you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 
405
                                                                                        Method Not Allowed
error.

As a security precaution, the root user of the Amazon Web Services account that owns a bucket can always use this operation, even if the policy explicitly denies the root user the ability to perform this action.

To use this API against an access point, provide the alias of the access point in place of the bucket name.

For more information about bucket policies, see Using Bucket Policies and User Policies.

The following action is related to 

GetBucketPolicy
: 
public virtual Task<GetBucketPolicyResponse> GetBucketPolicyAsync(string bucketName, CancellationToken cancellationToken = default)

Parameters

bucketName string

The bucket name for which to get the bucket policy.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<GetBucketPolicyResponse>

The response from the GetBucketPolicy service method, as returned by S3.

See Also

GetBucketPolicyStatusAsync(GetBucketPolicyStatusRequest, CancellationToken)

Retrieves the policy status for an Amazon S3 bucket, indicating whether the bucket is public. In order to use this operation, you must have the 

s3:GetBucketPolicyStatus
permission. For more information about Amazon S3 permissions, see Specifying Permissions in a Policy.

For more information about when Amazon S3 considers a bucket public, see The Meaning of "Public".

The following operations are related to 

GetBucketPolicyStatus
: 
public virtual Task<GetBucketPolicyStatusResponse> GetBucketPolicyStatusAsync(GetBucketPolicyStatusRequest request, CancellationToken cancellationToken = default)

Parameters

request GetBucketPolicyStatusRequest

Container for the necessary parameters to execute the GetBucketPolicyStatus service method.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<GetBucketPolicyStatusResponse>

The response from the GetBucketPolicyStatus service method, as returned by S3.

See Also

GetBucketReplicationAsync(GetBucketReplicationRequest, CancellationToken)

Retrieves the replication configuration for the given Amazon S3 bucket.

public virtual Task<GetBucketReplicationResponse> GetBucketReplicationAsync(GetBucketReplicationRequest request, CancellationToken cancellationToken = default)

Parameters

request GetBucketReplicationRequest

Container for the necessary parameters to execute the GetBucketReplication service method.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<GetBucketReplicationResponse>

The response from the GetBucketReplication service method, as returned by S3.

See Also

GetBucketRequestPaymentAsync(GetBucketRequestPaymentRequest, CancellationToken)

Returns the request payment configuration of a bucket. To use this version of the operation, you must be the bucket owner. For more information, see Requester Pays Buckets.

The following operations are related to 

GetBucketRequestPayment
: 
public virtual Task<GetBucketRequestPaymentResponse> GetBucketRequestPaymentAsync(GetBucketRequestPaymentRequest request, CancellationToken cancellationToken = default)

Parameters

request GetBucketRequestPaymentRequest

Container for the necessary parameters to execute the GetBucketRequestPayment service method.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<GetBucketRequestPaymentResponse>

The response from the GetBucketRequestPayment service method, as returned by S3.

See Also

GetBucketRequestPaymentAsync(string, CancellationToken)

Returns the request payment configuration of a bucket. To use this version of the operation, you must be the bucket owner. For more information, see Requester Pays Buckets.

The following operations are related to 

GetBucketRequestPayment
: 
public virtual Task<GetBucketRequestPaymentResponse> GetBucketRequestPaymentAsync(string bucketName, CancellationToken cancellationToken = default)

Parameters

bucketName string

The name of the bucket for which to get the payment request configuration

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<GetBucketRequestPaymentResponse>

The response from the GetBucketRequestPayment service method, as returned by S3.

See Also

GetBucketTaggingAsync(GetBucketTaggingRequest, CancellationToken)

Returns the tag set associated with the bucket.

To use this operation, you must have permission to perform the 

s3:GetBucketTagging
action. By default, the bucket owner has this permission and can grant this permission to others. 

GetBucketTagging
has the following special error:

  • Error code: 

    NoSuchTagSet

    • Description: There is no tag set associated with the bucket.

The following operations are related to 

GetBucketTagging
: 
public virtual Task<GetBucketTaggingResponse> GetBucketTaggingAsync(GetBucketTaggingRequest request, CancellationToken cancellationToken = default)

Parameters

request GetBucketTaggingRequest

Container for the necessary parameters to execute the GetBucketTagging service method.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<GetBucketTaggingResponse>

The response from the GetBucketTagging service method, as returned by S3.

See Also

GetBucketVersioningAsync(GetBucketVersioningRequest, CancellationToken)

Returns the versioning state of a bucket.

To retrieve the versioning state of a bucket, you must be the bucket owner.

This implementation also returns the MFA Delete status of the versioning state. If the MFA Delete status is 

enabled
, the bucket owner must use an authentication device to change the versioning state of the bucket.

The following operations are related to 

GetBucketVersioning
: 
public virtual Task<GetBucketVersioningResponse> GetBucketVersioningAsync(GetBucketVersioningRequest request, CancellationToken cancellationToken = default)

Parameters

request GetBucketVersioningRequest

Container for the necessary parameters to execute the GetBucketVersioning service method.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<GetBucketVersioningResponse>

The response from the GetBucketVersioning service method, as returned by S3.

See Also

GetBucketVersioningAsync(string, CancellationToken)

Returns the versioning state of a bucket.

To retrieve the versioning state of a bucket, you must be the bucket owner.

This implementation also returns the MFA Delete status of the versioning state. If the MFA Delete status is 

enabled
, the bucket owner must use an authentication device to change the versioning state of the bucket.

The following operations are related to 

GetBucketVersioning
: 
public virtual Task<GetBucketVersioningResponse> GetBucketVersioningAsync(string bucketName, CancellationToken cancellationToken = default)

Parameters

bucketName string

The name of the bucket for which to get the versioning information.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<GetBucketVersioningResponse>

The response from the GetBucketVersioning service method, as returned by S3.

See Also

GetBucketWebsiteAsync(GetBucketWebsiteRequest, CancellationToken)

Returns the website configuration for a bucket. To host website on Amazon S3, you can configure a bucket as website by adding a website configuration. For more information about hosting websites, see Hosting Websites on Amazon S3.

This GET action requires the 

S3:GetBucketWebsite
permission. By default, only the bucket owner can read the bucket website configuration. However, bucket owners can allow other users to read the website configuration by writing a bucket policy granting them the 
S3:GetBucketWebsite
permission.

The following operations are related to 

DeleteBucketWebsite
: 
public virtual Task<GetBucketWebsiteResponse> GetBucketWebsiteAsync(GetBucketWebsiteRequest request, CancellationToken cancellationToken = default)

Parameters

request GetBucketWebsiteRequest

Container for the necessary parameters to execute the GetBucketWebsite service method.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<GetBucketWebsiteResponse>

The response from the GetBucketWebsite service method, as returned by S3.

See Also

GetBucketWebsiteAsync(string, CancellationToken)

Returns the website configuration for a bucket. To host website on Amazon S3, you can configure a bucket as website by adding a website configuration. For more information about hosting websites, see Hosting Websites on Amazon S3.

This GET action requires the 

S3:GetBucketWebsite
permission. By default, only the bucket owner can read the bucket website configuration. However, bucket owners can allow other users to read the website configuration by writing a bucket policy granting them the 
S3:GetBucketWebsite
permission.

The following operations are related to 

DeleteBucketWebsite
: 
public virtual Task<GetBucketWebsiteResponse> GetBucketWebsiteAsync(string bucketName, CancellationToken cancellationToken = default)

Parameters

bucketName string

The bucket name for which to get the website configuration.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<GetBucketWebsiteResponse>

The response from the GetBucketWebsite service method, as returned by S3.

See Also

GetCORSConfigurationAsync(GetCORSConfigurationRequest, CancellationToken)

Returns the Cross-Origin Resource Sharing (CORS) configuration information set for the bucket.

To use this operation, you must have permission to perform the 

s3:GetBucketCORS
action. By default, the bucket owner has this permission and can grant it to others.

To use this API against an access point, provide the alias of the access point in place of the bucket name.

For more information about CORS, see Enabling Cross-Origin Resource Sharing.

The following operations are related to 

GetBucketCors
: 
public virtual Task<GetCORSConfigurationResponse> GetCORSConfigurationAsync(GetCORSConfigurationRequest request, CancellationToken cancellationToken = default)

Parameters

request GetCORSConfigurationRequest

Container for the necessary parameters to execute the GetCORSConfiguration service method.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<GetCORSConfigurationResponse>

The response from the GetCORSConfiguration service method, as returned by S3.

See Also

GetCORSConfigurationAsync(string, CancellationToken)

Returns the Cross-Origin Resource Sharing (CORS) configuration information set for the bucket.

To use this operation, you must have permission to perform the 

s3:GetBucketCORS
action. By default, the bucket owner has this permission and can grant it to others.

To use this API against an access point, provide the alias of the access point in place of the bucket name.

For more information about CORS, see Enabling Cross-Origin Resource Sharing.

The following operations are related to 

GetBucketCors
: 
public virtual Task<GetCORSConfigurationResponse> GetCORSConfigurationAsync(string bucketName, CancellationToken cancellationToken = default)

Parameters

bucketName string

The bucket name for which to get the cors configuration.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<GetCORSConfigurationResponse>

The response from the GetCORSConfiguration service method, as returned by S3.

See Also

GetLifecycleConfigurationAsync(GetLifecycleConfigurationRequest, CancellationToken)

note

Bucket lifecycle configuration now supports specifying a lifecycle rule using an object key name prefix, one or more object tags, or a combination of both. Accordingly, this section describes the latest API. The response describes the new filter element that you can use to specify a filter to select a subset of objects to which the rule applies. If you are using a previous version of the lifecycle configuration, it still works. For the earlier action, see GetBucketLifecycle.

Returns the lifecycle configuration information set on the bucket. For information about lifecycle configuration, see Object Lifecycle Management.

To use this operation, you must have permission to perform the 

s3:GetLifecycleConfiguration
action. The bucket owner has this permission, by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources. 

GetBucketLifecycleConfiguration
has the following special error:

  • Error code: 

    NoSuchLifecycleConfiguration

    • Description: The lifecycle configuration does not exist.

    • HTTP Status Code: 404 Not Found

    • SOAP Fault Code Prefix: Client

The following operations are related to 

GetBucketLifecycleConfiguration
: 
public virtual Task<GetLifecycleConfigurationResponse> GetLifecycleConfigurationAsync(GetLifecycleConfigurationRequest request, CancellationToken cancellationToken = default)

Parameters

request GetLifecycleConfigurationRequest

Container for the necessary parameters to execute the GetLifecycleConfiguration service method.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<GetLifecycleConfigurationResponse>

The response from the GetLifecycleConfiguration service method, as returned by S3.

See Also

GetLifecycleConfigurationAsync(string, CancellationToken)

note

Bucket lifecycle configuration now supports specifying a lifecycle rule using an object key name prefix, one or more object tags, or a combination of both. Accordingly, this section describes the latest API. The response describes the new filter element that you can use to specify a filter to select a subset of objects to which the rule applies. If you are using a previous version of the lifecycle configuration, it still works. For the earlier action, see GetBucketLifecycle.

Returns the lifecycle configuration information set on the bucket. For information about lifecycle configuration, see Object Lifecycle Management.

To use this operation, you must have permission to perform the 

s3:GetLifecycleConfiguration
action. The bucket owner has this permission, by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources. 

GetBucketLifecycleConfiguration
has the following special error:

  • Error code: 

    NoSuchLifecycleConfiguration

    • Description: The lifecycle configuration does not exist.

    • HTTP Status Code: 404 Not Found

    • SOAP Fault Code Prefix: Client

The following operations are related to 

GetBucketLifecycleConfiguration
: 
public virtual Task<GetLifecycleConfigurationResponse> GetLifecycleConfigurationAsync(string bucketName, CancellationToken cancellationToken = default)

Parameters

bucketName string

The name of the bucket for which to get the lifecycle information.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<GetLifecycleConfigurationResponse>

The response from the GetLifecycleConfiguration service method, as returned by S3.

See Also

GetObjectAsync(GetObjectRequest, CancellationToken)

Retrieves objects from Amazon S3. To use 

GET
, you must have 
READ
access to the object. If you grant 
READ
access to the anonymous user, you can return the object without using an authorization header.

An Amazon S3 bucket has no directory hierarchy such as you would find in a typical computer file system. You can, however, create a logical hierarchy by using object key names that imply a folder structure. For example, instead of naming an object 

sample.jpg
, you can name it 
photos/2006/February/sample.jpg
.

To get an object from such a logical hierarchy, specify the full key name for the object in the 

GET
operation. For a virtual hosted-style request example, if you have the object 
photos/2006/February/sample.jpg
, specify the resource as 
/photos/2006/February/sample.jpg
. For a path-style request example, if you have the object 
photos/2006/February/sample.jpg
in the bucket named 
examplebucket
, specify the resource as 
/examplebucket/photos/2006/February/sample.jpg
. For more information about request types, see HTTP Host Header Bucket Specification.

For more information about returning the ACL of an object, see GetObjectAcl.

If the object you are retrieving is stored in the S3 Glacier or S3 Glacier Deep Archive storage class, or S3 Intelligent-Tiering Archive or S3 Intelligent-Tiering Deep Archive tiers, before you can retrieve the object you must first restore a copy using RestoreObject. Otherwise, this action returns an 

InvalidObjectState
error. For information about restoring archived objects, see Restoring Archived Objects.

Encryption request headers, like 

x-amz-server-side-encryption
, should not be sent for GET requests if your object uses server-side encryption with KMS keys (SSE-KMS) or server-side encryption with Amazon S3–managed encryption keys (SSE-S3). If your object does use these types of keys, you’ll get an HTTP 400 BadRequest error.

If you encrypt an object by using server-side encryption with customer-provided encryption keys (SSE-C) when you store the object in Amazon S3, then when you GET the object, you must use the following headers:

  • x-amz-server-side-encryption-customer-algorithm

  • x-amz-server-side-encryption-customer-key

  • x-amz-server-side-encryption-customer-key-MD5

For more information about SSE-C, see Server-Side Encryption (Using Customer-Provided Encryption Keys).

Assuming you have the relevant permission to read object tags, the response also returns the 

x-amz-tagging-count
header that provides the count of number of tags associated with the object. You can use GetObjectTagging to retrieve the tag set associated with an object.

Permissions

You need the relevant read object (or version) permission for this operation. For more information, see Specifying Permissions in a Policy. If the object you request does not exist, the error Amazon S3 returns depends on whether you also have the 

s3:ListBucket
permission.

  • If you have the 

    s3:ListBucket
    permission on the bucket, Amazon S3 will return an HTTP status code 404 ("no such key") error.

  • If you don’t have the 

    s3:ListBucket
    permission, Amazon S3 will return an HTTP status code 403 ("access denied") error.

Versioning

By default, the GET action returns the current version of an object. To return a different version, use the 

versionId
subresource.
note

  • If you supply a 

    versionId
    , you need the 
    s3:GetObjectVersion
    permission to access a specific version of an object. If you request a specific version, you do not need to have the 
    s3:GetObject
    permission. If you request the current version without a specific version ID, only 
    s3:GetObject
    permission is required. 
    s3:GetObjectVersion
    permission won't be required.

  • If the current version of the object is a delete marker, Amazon S3 behaves as if the object was deleted and includes 

    x-amz-delete-marker: true
    in the response.

For more information about versioning, see PutBucketVersioning.

Overriding Response Header Values

There are times when you want to override certain response header values in a GET response. For example, you might override the 

Content-Disposition
response header value in your GET request.

You can override values for a set of response headers using the following query parameters. These response header values are sent only on a successful request, that is, when status code 200 OK is returned. The set of headers you can override using these parameters is a subset of the headers that Amazon S3 accepts when you create an object. The response headers that you can override for the GET response are 

Content-Type
, 
Content-Language
, 
Expires
, 
Cache-Control
, 
Content-Disposition
, and 
Content-Encoding
. To override these header values in the GET response, you use the following request parameters.
note

You must sign the request, either using an Authorization header or a presigned URL, when using these parameters. They cannot be used with an unsigned (anonymous) request. 

  • response-content-type

  • response-content-language

  • response-expires

  • response-cache-control

  • response-content-disposition

  • response-content-encoding

Additional Considerations about Request Headers

If both of the 

If-Match
and 
If-Unmodified-Since
headers are present in the request as follows: 
If-Match
condition evaluates to 
true
, and; 
If-Unmodified-Since
condition evaluates to 
false
; then, S3 returns 200 OK and the data requested.

If both of the 

If-None-Match
and 
If-Modified-Since
headers are present in the request as follows:
If-None-Match
condition evaluates to 
false
, and; 
If-Modified-Since
condition evaluates to 
true
; then, S3 returns 304 Not Modified response code.

For more information about conditional requests, see RFC 7232.

The following operations are related to 

GetObject
: 
public virtual Task<GetObjectResponse> GetObjectAsync(GetObjectRequest request, CancellationToken cancellationToken = default)

Parameters

request GetObjectRequest

Container for the necessary parameters to execute the GetObject service method.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<GetObjectResponse>

The response from the GetObject service method, as returned by S3.

See Also

GetObjectAsync(string, string, string, CancellationToken)

Retrieves objects from Amazon S3. To use 

GET
, you must have 
READ
access to the object. If you grant 
READ
access to the anonymous user, you can return the object without using an authorization header.

An Amazon S3 bucket has no directory hierarchy such as you would find in a typical computer file system. You can, however, create a logical hierarchy by using object key names that imply a folder structure. For example, instead of naming an object 

sample.jpg
, you can name it 
photos/2006/February/sample.jpg
.

To get an object from such a logical hierarchy, specify the full key name for the object in the 

GET
operation. For a virtual hosted-style request example, if you have the object 
photos/2006/February/sample.jpg
, specify the resource as 
/photos/2006/February/sample.jpg
. For a path-style request example, if you have the object 
photos/2006/February/sample.jpg
in the bucket named 
examplebucket
, specify the resource as 
/examplebucket/photos/2006/February/sample.jpg
. For more information about request types, see HTTP Host Header Bucket Specification.

For more information about returning the ACL of an object, see GetObjectAcl.

If the object you are retrieving is stored in the S3 Glacier or S3 Glacier Deep Archive storage class, or S3 Intelligent-Tiering Archive or S3 Intelligent-Tiering Deep Archive tiers, before you can retrieve the object you must first restore a copy using RestoreObject. Otherwise, this action returns an 

InvalidObjectState
error. For information about restoring archived objects, see Restoring Archived Objects.

Encryption request headers, like 

x-amz-server-side-encryption
, should not be sent for GET requests if your object uses server-side encryption with KMS keys (SSE-KMS) or server-side encryption with Amazon S3–managed encryption keys (SSE-S3). If your object does use these types of keys, you’ll get an HTTP 400 BadRequest error.

If you encrypt an object by using server-side encryption with customer-provided encryption keys (SSE-C) when you store the object in Amazon S3, then when you GET the object, you must use the following headers:

  • x-amz-server-side-encryption-customer-algorithm

  • x-amz-server-side-encryption-customer-key

  • x-amz-server-side-encryption-customer-key-MD5

For more information about SSE-C, see Server-Side Encryption (Using Customer-Provided Encryption Keys).

Assuming you have the relevant permission to read object tags, the response also returns the 

x-amz-tagging-count
header that provides the count of number of tags associated with the object. You can use GetObjectTagging to retrieve the tag set associated with an object.

Permissions

You need the relevant read object (or version) permission for this operation. For more information, see Specifying Permissions in a Policy. If the object you request does not exist, the error Amazon S3 returns depends on whether you also have the 

s3:ListBucket
permission.

  • If you have the 

    s3:ListBucket
    permission on the bucket, Amazon S3 will return an HTTP status code 404 ("no such key") error.

  • If you don’t have the 

    s3:ListBucket
    permission, Amazon S3 will return an HTTP status code 403 ("access denied") error.

Versioning

By default, the GET action returns the current version of an object. To return a different version, use the 

versionId
subresource.
note

  • If you supply a 

    versionId
    , you need the 
    s3:GetObjectVersion
    permission to access a specific version of an object. If you request a specific version, you do not need to have the 
    s3:GetObject
    permission. If you request the current version without a specific version ID, only 
    s3:GetObject
    permission is required. 
    s3:GetObjectVersion
    permission won't be required.

  • If the current version of the object is a delete marker, Amazon S3 behaves as if the object was deleted and includes 

    x-amz-delete-marker: true
    in the response.

For more information about versioning, see PutBucketVersioning.

Overriding Response Header Values

There are times when you want to override certain response header values in a GET response. For example, you might override the 

Content-Disposition
response header value in your GET request.

You can override values for a set of response headers using the following query parameters. These response header values are sent only on a successful request, that is, when status code 200 OK is returned. The set of headers you can override using these parameters is a subset of the headers that Amazon S3 accepts when you create an object. The response headers that you can override for the GET response are 

Content-Type
, 
Content-Language
, 
Expires
, 
Cache-Control
, 
Content-Disposition
, and 
Content-Encoding
. To override these header values in the GET response, you use the following request parameters.
note

You must sign the request, either using an Authorization header or a presigned URL, when using these parameters. They cannot be used with an unsigned (anonymous) request. 

  • response-content-type

  • response-content-language

  • response-expires

  • response-cache-control

  • response-content-disposition

  • response-content-encoding

Additional Considerations about Request Headers

If both of the 

If-Match
and 
If-Unmodified-Since
headers are present in the request as follows: 
If-Match
condition evaluates to 
true
, and; 
If-Unmodified-Since
condition evaluates to 
false
; then, S3 returns 200 OK and the data requested.

If both of the 

If-None-Match
and 
If-Modified-Since
headers are present in the request as follows:
If-None-Match
condition evaluates to 
false
, and; 
If-Modified-Since
condition evaluates to 
true
; then, S3 returns 304 Not Modified response code.

For more information about conditional requests, see RFC 7232.

The following operations are related to 

GetObject
: 
public virtual Task<GetObjectResponse> GetObjectAsync(string bucketName, string key, string versionId, CancellationToken cancellationToken = default)

Parameters

bucketName string

The bucket name containing the object. When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide. When using an Object Lambda access point the hostname takes the form AccessPointName-AccountId.s3-object-lambda.Region.amazonaws.com. When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form 

AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com
. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts in the Amazon S3 User Guide.
key string

Key of the object to get.

versionId string

VersionId used to reference a specific version of the object.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<GetObjectResponse>

The response from the GetObject service method, as returned by S3.

See Also

GetObjectAsync(string, string, CancellationToken)

Retrieves objects from Amazon S3. To use 

GET
, you must have 
READ
access to the object. If you grant 
READ
access to the anonymous user, you can return the object without using an authorization header.

An Amazon S3 bucket has no directory hierarchy such as you would find in a typical computer file system. You can, however, create a logical hierarchy by using object key names that imply a folder structure. For example, instead of naming an object 

sample.jpg
, you can name it 
photos/2006/February/sample.jpg
.

To get an object from such a logical hierarchy, specify the full key name for the object in the 

GET
operation. For a virtual hosted-style request example, if you have the object 
photos/2006/February/sample.jpg
, specify the resource as 
/photos/2006/February/sample.jpg
. For a path-style request example, if you have the object 
photos/2006/February/sample.jpg
in the bucket named 
examplebucket
, specify the resource as 
/examplebucket/photos/2006/February/sample.jpg
. For more information about request types, see HTTP Host Header Bucket Specification.

For more information about returning the ACL of an object, see GetObjectAcl.

If the object you are retrieving is stored in the S3 Glacier or S3 Glacier Deep Archive storage class, or S3 Intelligent-Tiering Archive or S3 Intelligent-Tiering Deep Archive tiers, before you can retrieve the object you must first restore a copy using RestoreObject. Otherwise, this action returns an 

InvalidObjectState
error. For information about restoring archived objects, see Restoring Archived Objects.

Encryption request headers, like 

x-amz-server-side-encryption
, should not be sent for GET requests if your object uses server-side encryption with KMS keys (SSE-KMS) or server-side encryption with Amazon S3–managed encryption keys (SSE-S3). If your object does use these types of keys, you’ll get an HTTP 400 BadRequest error.

If you encrypt an object by using server-side encryption with customer-provided encryption keys (SSE-C) when you store the object in Amazon S3, then when you GET the object, you must use the following headers:

  • x-amz-server-side-encryption-customer-algorithm

  • x-amz-server-side-encryption-customer-key

  • x-amz-server-side-encryption-customer-key-MD5

For more information about SSE-C, see Server-Side Encryption (Using Customer-Provided Encryption Keys).

Assuming you have the relevant permission to read object tags, the response also returns the 

x-amz-tagging-count
header that provides the count of number of tags associated with the object. You can use GetObjectTagging to retrieve the tag set associated with an object.

Permissions

You need the relevant read object (or version) permission for this operation. For more information, see Specifying Permissions in a Policy. If the object you request does not exist, the error Amazon S3 returns depends on whether you also have the 

s3:ListBucket
permission.

  • If you have the 

    s3:ListBucket
    permission on the bucket, Amazon S3 will return an HTTP status code 404 ("no such key") error.

  • If you don’t have the 

    s3:ListBucket
    permission, Amazon S3 will return an HTTP status code 403 ("access denied") error.

Versioning

By default, the GET action returns the current version of an object. To return a different version, use the 

versionId
subresource.
note

  • If you supply a 

    versionId
    , you need the 
    s3:GetObjectVersion
    permission to access a specific version of an object. If you request a specific version, you do not need to have the 
    s3:GetObject
    permission. If you request the current version without a specific version ID, only 
    s3:GetObject
    permission is required. 
    s3:GetObjectVersion
    permission won't be required.

  • If the current version of the object is a delete marker, Amazon S3 behaves as if the object was deleted and includes 

    x-amz-delete-marker: true
    in the response.

For more information about versioning, see PutBucketVersioning.

Overriding Response Header Values

There are times when you want to override certain response header values in a GET response. For example, you might override the 

Content-Disposition
response header value in your GET request.

You can override values for a set of response headers using the following query parameters. These response header values are sent only on a successful request, that is, when status code 200 OK is returned. The set of headers you can override using these parameters is a subset of the headers that Amazon S3 accepts when you create an object. The response headers that you can override for the GET response are 

Content-Type
, 
Content-Language
, 
Expires
, 
Cache-Control
, 
Content-Disposition
, and 
Content-Encoding
. To override these header values in the GET response, you use the following request parameters.
note

You must sign the request, either using an Authorization header or a presigned URL, when using these parameters. They cannot be used with an unsigned (anonymous) request. 

  • response-content-type

  • response-content-language

  • response-expires

  • response-cache-control

  • response-content-disposition

  • response-content-encoding

Additional Considerations about Request Headers

If both of the 

If-Match
and 
If-Unmodified-Since
headers are present in the request as follows: 
If-Match
condition evaluates to 
true
, and; 
If-Unmodified-Since
condition evaluates to 
false
; then, S3 returns 200 OK and the data requested.

If both of the 

If-None-Match
and 
If-Modified-Since
headers are present in the request as follows:
If-None-Match
condition evaluates to 
false
, and; 
If-Modified-Since
condition evaluates to 
true
; then, S3 returns 304 Not Modified response code.

For more information about conditional requests, see RFC 7232.

The following operations are related to 

GetObject
: 
public virtual Task<GetObjectResponse> GetObjectAsync(string bucketName, string key, CancellationToken cancellationToken = default)

Parameters

bucketName string

The bucket name containing the object. When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide. When using an Object Lambda access point the hostname takes the form AccessPointName-AccountId.s3-object-lambda.Region.amazonaws.com. When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form 

AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com
. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts in the Amazon S3 User Guide.
key string

Key of the object to get.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<GetObjectResponse>

The response from the GetObject service method, as returned by S3.

See Also

GetObjectAttributesAsync(GetObjectAttributesRequest, CancellationToken)

Retrieves all the metadata from an object without returning the object itself. This action is useful if you're interested only in an object's metadata. To use 

GetObjectAttributes
, you must have READ access to the object. 

GetObjectAttributes
combines the functionality of 
HeadObject
and 
ListParts
. All of the data returned with each of those individual calls can be returned with a single call to 
GetObjectAttributes
.

If you encrypt an object by using server-side encryption with customer-provided encryption keys (SSE-C) when you store the object in Amazon S3, then when you retrieve the metadata from the object, you must use the following headers: 

  • x-amz-server-side-encryption-customer-algorithm

  • x-amz-server-side-encryption-customer-key

  • x-amz-server-side-encryption-customer-key-MD5

For more information about SSE-C, see Server-Side Encryption (Using Customer-Provided Encryption Keys) in the Amazon S3 User Guide.

note

  • Encryption request headers, such as 

    x-amz-server-side-encryption
    , should not be sent for GET requests if your object uses server-side encryption with Amazon Web Services KMS keys stored in Amazon Web Services Key Management Service (SSE-KMS) or server-side encryption with Amazon S3 managed keys (SSE-S3). If your object does use these types of keys, you'll get an HTTP 
    400 Bad Request
    error.

  • The last modified property in this case is the creation date of the object.

Consider the following when using request headers:

  • If both of the 

    If-Match
    and 
    If-Unmodified-Since
    headers are present in the request as follows, then Amazon S3 returns the HTTP status code 
    200 OK
    and the data requested: 

    • If-Match
      condition evaluates to 
      true
      . 

    • If-Unmodified-Since
      condition evaluates to 
      false
      .

  • If both of the 

    If-None-Match
    and 
    If-Modified-Since
    headers are present in the request as follows, then Amazon S3 returns the HTTP status code 
    304 Not Modified
    : 

    • If-None-Match
      condition evaluates to 
      false
      . 

    • If-Modified-Since
      condition evaluates to 
      true
      .

For more information about conditional requests, see RFC 7232.

Permissions

The permissions that you need to use this operation depend on whether the bucket is versioned. If the bucket is versioned, you need both the 

s3:GetObjectVersion
and 
s3:GetObjectVersionAttributes
permissions for this operation. If the bucket is not versioned, you need the 
s3:GetObject
and 
s3:GetObjectAttributes
permissions. For more information, see Specifying Permissions in a Policy in the Amazon S3 User Guide. If the object that you request does not exist, the error Amazon S3 returns depends on whether you also have the 
s3:ListBucket
permission.

  • If you have the 

    s3:ListBucket
    permission on the bucket, Amazon S3 returns an HTTP status code 
    404 Not Found
    ("no such key") error.

  • If you don't have the 

    s3:ListBucket
    permission, Amazon S3 returns an HTTP status code 
    403 Forbidden
    ("access denied") error.

The following actions are related to 

GetObjectAttributes
: 
public virtual Task<GetObjectAttributesResponse> GetObjectAttributesAsync(GetObjectAttributesRequest request, CancellationToken cancellationToken = default)

Parameters

request GetObjectAttributesRequest

Container for the necessary parameters to execute the GetObjectAttributes service method.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<GetObjectAttributesResponse>

The response from the GetObjectAttributes service method, as returned by S3.

See Also

GetObjectLegalHoldAsync(GetObjectLegalHoldRequest, CancellationToken)

Gets an object's current legal hold status. For more information, see Locking Objects.

This action is not supported by Amazon S3 on Outposts.

The following action is related to 

GetObjectLegalHold
: 
public virtual Task<GetObjectLegalHoldResponse> GetObjectLegalHoldAsync(GetObjectLegalHoldRequest request, CancellationToken cancellationToken = default)

Parameters

request GetObjectLegalHoldRequest

Container for the necessary parameters to execute the GetObjectLegalHold service method.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<GetObjectLegalHoldResponse>

The response from the GetObjectLegalHold service method, as returned by S3.

See Also

GetObjectLockConfigurationAsync(GetObjectLockConfigurationRequest, CancellationToken)

Gets the Object Lock configuration for a bucket. The rule specified in the Object Lock configuration will be applied by default to every new object placed in the specified bucket. For more information, see Locking Objects.

The following action is related to 

GetObjectLockConfiguration
: 
public virtual Task<GetObjectLockConfigurationResponse> GetObjectLockConfigurationAsync(GetObjectLockConfigurationRequest request, CancellationToken cancellationToken = default)

Parameters

request GetObjectLockConfigurationRequest

Container for the necessary parameters to execute the GetObjectLockConfiguration service method.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<GetObjectLockConfigurationResponse>

The response from the GetObjectLockConfiguration service method, as returned by S3.

See Also

GetObjectMetadataAsync(GetObjectMetadataRequest, CancellationToken)

The HEAD action retrieves metadata from an object without returning the object itself. This action is useful if you're only interested in an object's metadata. To use HEAD, you must have READ access to the object.

A 

HEAD
request has the same options as a 
GET
action on an object. The response is identical to the 
GET
response except that there is no response body. Because of this, if the 
HEAD
request generates an error, it returns a generic 
400 Bad Request
, 
403 Forbidden
or 
404 Not Found
code. It is not possible to retrieve the exact exception beyond these error codes.

If you encrypt an object by using server-side encryption with customer-provided encryption keys (SSE-C) when you store the object in Amazon S3, then when you retrieve the metadata from the object, you must use the following headers:

  • x-amz-server-side-encryption-customer-algorithm

  • x-amz-server-side-encryption-customer-key

  • x-amz-server-side-encryption-customer-key-MD5

For more information about SSE-C, see Server-Side Encryption (Using Customer-Provided Encryption Keys).

note

  • Encryption request headers, like 

    x-amz-server-side-encryption
    , should not be sent for GET requests if your object uses server-side encryption with KMS keys (SSE-KMS) or server-side encryption with Amazon S3–managed encryption keys (SSE-S3). If your object does use these types of keys, you’ll get an HTTP 400 BadRequest error.

  • The last modified property in this case is the creation date of the object.

Request headers are limited to 8 KB in size. For more information, see Common Request Headers.

Consider the following when using request headers:

  • Consideration 1 – If both of the 

    If-Match
    and 
    If-Unmodified-Since
    headers are present in the request as follows: 

    • If-Match
      condition evaluates to 
      true
      , and; 

    • If-Unmodified-Since
      condition evaluates to 
      false
      ;

    Then Amazon S3 returns 

    200 OK
    and the data requested.

  • Consideration 2 – If both of the 

    If-None-Match
    and 
    If-Modified-Since
    headers are present in the request as follows: 

    • If-None-Match
      condition evaluates to 
      false
      , and; 

    • If-Modified-Since
      condition evaluates to 
      true
      ;

    Then Amazon S3 returns the 

    304 Not Modified
    response code.

For more information about conditional requests, see RFC 7232.

Permissions

You need the relevant read object (or version) permission for this operation. For more information, see Specifying Permissions in a Policy. If the object you request does not exist, the error Amazon S3 returns depends on whether you also have the s3:ListBucket permission.

  • If you have the 

    s3:ListBucket
    permission on the bucket, Amazon S3 returns an HTTP status code 404 ("no such key") error.

  • If you don’t have the 

    s3:ListBucket
    permission, Amazon S3 returns an HTTP status code 403 ("access denied") error.

The following actions are related to 

HeadObject
: 
public virtual Task<GetObjectMetadataResponse> GetObjectMetadataAsync(GetObjectMetadataRequest request, CancellationToken cancellationToken = default)

Parameters

request GetObjectMetadataRequest

Container for the necessary parameters to execute the GetObjectMetadata service method.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<GetObjectMetadataResponse>

The response from the GetObjectMetadata service method, as returned by S3.

See Also

GetObjectMetadataAsync(string, string, string, CancellationToken)

The HEAD action retrieves metadata from an object without returning the object itself. This action is useful if you're only interested in an object's metadata. To use HEAD, you must have READ access to the object.

A 

HEAD
request has the same options as a 
GET
action on an object. The response is identical to the 
GET
response except that there is no response body. Because of this, if the 
HEAD
request generates an error, it returns a generic 
400 Bad Request
, 
403 Forbidden
or 
404 Not Found
code. It is not possible to retrieve the exact exception beyond these error codes.

If you encrypt an object by using server-side encryption with customer-provided encryption keys (SSE-C) when you store the object in Amazon S3, then when you retrieve the metadata from the object, you must use the following headers:

  • x-amz-server-side-encryption-customer-algorithm

  • x-amz-server-side-encryption-customer-key

  • x-amz-server-side-encryption-customer-key-MD5

For more information about SSE-C, see Server-Side Encryption (Using Customer-Provided Encryption Keys).

note

  • Encryption request headers, like 

    x-amz-server-side-encryption
    , should not be sent for GET requests if your object uses server-side encryption with KMS keys (SSE-KMS) or server-side encryption with Amazon S3–managed encryption keys (SSE-S3). If your object does use these types of keys, you’ll get an HTTP 400 BadRequest error.

  • The last modified property in this case is the creation date of the object.

Request headers are limited to 8 KB in size. For more information, see Common Request Headers.

Consider the following when using request headers:

  • Consideration 1 – If both of the 

    If-Match
    and 
    If-Unmodified-Since
    headers are present in the request as follows: 

    • If-Match
      condition evaluates to 
      true
      , and; 

    • If-Unmodified-Since
      condition evaluates to 
      false
      ;

    Then Amazon S3 returns 

    200 OK
    and the data requested.

  • Consideration 2 – If both of the 

    If-None-Match
    and 
    If-Modified-Since
    headers are present in the request as follows: 

    • If-None-Match
      condition evaluates to 
      false
      , and; 

    • If-Modified-Since
      condition evaluates to 
      true
      ;

    Then Amazon S3 returns the 

    304 Not Modified
    response code.

For more information about conditional requests, see RFC 7232.

Permissions

You need the relevant read object (or version) permission for this operation. For more information, see Specifying Permissions in a Policy. If the object you request does not exist, the error Amazon S3 returns depends on whether you also have the s3:ListBucket permission.

  • If you have the 

    s3:ListBucket
    permission on the bucket, Amazon S3 returns an HTTP status code 404 ("no such key") error.

  • If you don’t have the 

    s3:ListBucket
    permission, Amazon S3 returns an HTTP status code 403 ("access denied") error.

The following actions are related to 

HeadObject
: 
public virtual Task<GetObjectMetadataResponse> GetObjectMetadataAsync(string bucketName, string key, string versionId, CancellationToken cancellationToken = default)

Parameters

bucketName string

The name of the bucket containing the object. When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide. When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form 

AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com
. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts in the Amazon S3 User Guide.
key string

The object key.

versionId string

VersionId used to reference a specific version of the object.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<GetObjectMetadataResponse>

The response from the GetObjectMetadata service method, as returned by S3.

See Also

GetObjectMetadataAsync(string, string, CancellationToken)

The HEAD action retrieves metadata from an object without returning the object itself. This action is useful if you're only interested in an object's metadata. To use HEAD, you must have READ access to the object.

A 

HEAD
request has the same options as a 
GET
action on an object. The response is identical to the 
GET
response except that there is no response body. Because of this, if the 
HEAD
request generates an error, it returns a generic 
400 Bad Request
, 
403 Forbidden
or 
404 Not Found
code. It is not possible to retrieve the exact exception beyond these error codes.

If you encrypt an object by using server-side encryption with customer-provided encryption keys (SSE-C) when you store the object in Amazon S3, then when you retrieve the metadata from the object, you must use the following headers:

  • x-amz-server-side-encryption-customer-algorithm

  • x-amz-server-side-encryption-customer-key

  • x-amz-server-side-encryption-customer-key-MD5

For more information about SSE-C, see Server-Side Encryption (Using Customer-Provided Encryption Keys).

note

  • Encryption request headers, like 

    x-amz-server-side-encryption
    , should not be sent for GET requests if your object uses server-side encryption with KMS keys (SSE-KMS) or server-side encryption with Amazon S3–managed encryption keys (SSE-S3). If your object does use these types of keys, you’ll get an HTTP 400 BadRequest error.

  • The last modified property in this case is the creation date of the object.

Request headers are limited to 8 KB in size. For more information, see Common Request Headers.

Consider the following when using request headers:

  • Consideration 1 – If both of the 

    If-Match
    and 
    If-Unmodified-Since
    headers are present in the request as follows: 

    • If-Match
      condition evaluates to 
      true
      , and; 

    • If-Unmodified-Since
      condition evaluates to 
      false
      ;

    Then Amazon S3 returns 

    200 OK
    and the data requested.

  • Consideration 2 – If both of the 

    If-None-Match
    and 
    If-Modified-Since
    headers are present in the request as follows: 

    • If-None-Match
      condition evaluates to 
      false
      , and; 

    • If-Modified-Since
      condition evaluates to 
      true
      ;

    Then Amazon S3 returns the 

    304 Not Modified
    response code.

For more information about conditional requests, see RFC 7232.

Permissions

You need the relevant read object (or version) permission for this operation. For more information, see Specifying Permissions in a Policy. If the object you request does not exist, the error Amazon S3 returns depends on whether you also have the s3:ListBucket permission.

  • If you have the 

    s3:ListBucket
    permission on the bucket, Amazon S3 returns an HTTP status code 404 ("no such key") error.

  • If you don’t have the 

    s3:ListBucket
    permission, Amazon S3 returns an HTTP status code 403 ("access denied") error.

The following actions are related to 

HeadObject
: 
public virtual Task<GetObjectMetadataResponse> GetObjectMetadataAsync(string bucketName, string key, CancellationToken cancellationToken = default)

Parameters

bucketName string

The name of the bucket containing the object. When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide. When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form 

AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com
. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts in the Amazon S3 User Guide.
key string

The object key.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<GetObjectMetadataResponse>

The response from the GetObjectMetadata service method, as returned by S3.

See Also

GetObjectRetentionAsync(GetObjectRetentionRequest, CancellationToken)

Retrieves an object's retention settings. For more information, see Locking Objects.

This action is not supported by Amazon S3 on Outposts.

The following action is related to 

GetObjectRetention
: 
public virtual Task<GetObjectRetentionResponse> GetObjectRetentionAsync(GetObjectRetentionRequest request, CancellationToken cancellationToken = default)

Parameters

request GetObjectRetentionRequest

Container for the necessary parameters to execute the GetObjectRetention service method.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<GetObjectRetentionResponse>

The response from the GetObjectRetention service method, as returned by S3.

See Also

GetObjectTaggingAsync(GetObjectTaggingRequest, CancellationToken)

Returns the tag-set of an object. You send the GET request against the tagging subresource associated with the object.

To use this operation, you must have permission to perform the 

s3:GetObjectTagging
action. By default, the GET action returns information about current version of an object. For a versioned bucket, you can have multiple versions of an object in your bucket. To retrieve tags of any other version, use the versionId query parameter. You also need permission for the 
s3:GetObjectVersionTagging
action.

By default, the bucket owner has this permission and can grant this permission to others.

For information about the Amazon S3 object tagging feature, see Object Tagging.

The following actions are related to 

GetObjectTagging
: 
public virtual Task<GetObjectTaggingResponse> GetObjectTaggingAsync(GetObjectTaggingRequest request, CancellationToken cancellationToken = default)

Parameters

request GetObjectTaggingRequest

Container for the necessary parameters to execute the GetObjectTagging service method.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<GetObjectTaggingResponse>

The response from the GetObjectTagging service method, as returned by S3.

See Also

GetObjectTorrentAsync(GetObjectTorrentRequest, CancellationToken)

Returns torrent files from a bucket. BitTorrent can save you bandwidth when you're distributing large files.

note

You can get torrent only for objects that are less than 5 GB in size, and that are not encrypted using server-side encryption with a customer-provided encryption key.

To use GET, you must have READ access to the object.

This action is not supported by Amazon S3 on Outposts.

The following action is related to 

GetObjectTorrent
: 
public virtual Task<GetObjectTorrentResponse> GetObjectTorrentAsync(GetObjectTorrentRequest request, CancellationToken cancellationToken = default)

Parameters

request GetObjectTorrentRequest

Container for the necessary parameters to execute the GetObjectTorrent service method.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<GetObjectTorrentResponse>

The response from the GetObjectTorrent service method, as returned by S3.

See Also

GetObjectTorrentAsync(string, string, CancellationToken)

Returns torrent files from a bucket. BitTorrent can save you bandwidth when you're distributing large files.

note

You can get torrent only for objects that are less than 5 GB in size, and that are not encrypted using server-side encryption with a customer-provided encryption key.

To use GET, you must have READ access to the object.

This action is not supported by Amazon S3 on Outposts.

The following action is related to 

GetObjectTorrent
: 
public virtual Task<GetObjectTorrentResponse> GetObjectTorrentAsync(string bucketName, string key, CancellationToken cancellationToken = default)

Parameters

bucketName string

The name of the bucket containing the object for which to get the torrent files.

key string

The object key for which to get the information.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<GetObjectTorrentResponse>

The response from the GetObjectTorrent service method, as returned by S3.

See Also

GetPreSignedURL(GetPreSignedUrlRequest)

Create a signed URL allowing access to a resource that would usually require authentication.

public string GetPreSignedURL(GetPreSignedUrlRequest request)

Parameters

request GetPreSignedUrlRequest

The GetPreSignedUrlRequest that defines the parameters of the operation.

Returns

string

A string that is the signed http request.

Remarks

When using query string authentication you create a query, specify an expiration time for the query, sign it with your signature, place the data in an HTTP request, and distribute the request to a user or embed the request in a web page.

A PreSigned URL can be generated for GET, PUT, DELETE and HEAD operations on your bucketName, keys, and versions.

Exceptions

ArgumentException
ArgumentNullException

GetPublicAccessBlockAsync(GetPublicAccessBlockRequest, CancellationToken)

Retrieves the 

PublicAccessBlock
configuration for an Amazon S3 bucket. To use this operation, you must have the 
s3:GetBucketPublicAccessBlock
permission. For more information about Amazon S3 permissions, see Specifying Permissions in a Policy.

When Amazon S3 evaluates the 

PublicAccessBlock
configuration for a bucket or an object, it checks the 
PublicAccessBlock
configuration for both the bucket (or the bucket that contains the object) and the bucket owner's account. If the 
PublicAccessBlock
settings are different between the bucket and the account, Amazon S3 uses the most restrictive combination of the bucket-level and account-level settings.

For more information about when Amazon S3 considers a bucket or an object public, see The Meaning of "Public".

The following operations are related to 

GetPublicAccessBlock
: 
public virtual Task<GetPublicAccessBlockResponse> GetPublicAccessBlockAsync(GetPublicAccessBlockRequest request, CancellationToken cancellationToken = default)

Parameters

request GetPublicAccessBlockRequest

Container for the necessary parameters to execute the GetPublicAccessBlock service method.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<GetPublicAccessBlockResponse>

The response from the GetPublicAccessBlock service method, as returned by S3.

See Also

Initialize()

Specialize the initialize of the client.

protected override void Initialize()

InitiateMultipartUploadAsync(InitiateMultipartUploadRequest, CancellationToken)

This action initiates a multipart upload and returns an upload ID. This upload ID is used to associate all of the parts in the specific multipart upload. You specify this upload ID in each of your subsequent upload part requests (see UploadPart). You also include this upload ID in the final request to either complete or abort the multipart upload request.

For more information about multipart uploads, see Multipart Upload Overview.

If you have configured a lifecycle rule to abort incomplete multipart uploads, the upload must complete within the number of days specified in the bucket lifecycle configuration. Otherwise, the incomplete multipart upload becomes eligible for an abort action and Amazon S3 aborts the multipart upload. For more information, see Aborting Incomplete Multipart Uploads Using a Bucket Lifecycle Policy.

For information about the permissions required to use the multipart upload API, see Multipart Upload and Permissions.

For request signing, multipart upload is just a series of regular requests. You initiate a multipart upload, send one or more requests to upload parts, and then complete the multipart upload process. You sign each request individually. There is nothing special about signing multipart upload requests. For more information about signing, see Authenticating Requests (Amazon Web Services Signature Version 4).

note

After you initiate a multipart upload and upload one or more parts, to stop being charged for storing the uploaded parts, you must either complete or abort the multipart upload. Amazon S3 frees up the space used to store the parts and stop charging you for storing them only after you either complete or abort a multipart upload.

Server-side encryption is for data encryption at rest. Amazon S3 encrypts your data as it writes it to disks in its data centers and decrypts it when you access it. Amazon S3 automatically encrypts all new objects that are uploaded to an S3 bucket. When doing a multipart upload, if you don't specify encryption information in your request, the encryption setting of the uploaded parts is set to the default encryption configuration of the destination bucket. By default, all buckets have a base level of encryption configuration that uses server-side encryption with Amazon S3 managed keys (SSE-S3). If the destination bucket has a default encryption configuration that uses server-side encryption with an Key Management Service (KMS) key (SSE-KMS), or a customer-provided encryption key (SSE-C), Amazon S3 uses the corresponding KMS key, or a customer-provided key to encrypt the uploaded parts. When you perform a CreateMultipartUpload operation, if you want to use a different type of encryption setting for the uploaded parts, you can request that Amazon S3 encrypts the object with a KMS key, an Amazon S3 managed key, or a customer-provided key. If the encryption setting in your request is different from the default encryption configuration of the destination bucket, the encryption setting in your request takes precedence. If you choose to provide your own encryption key, the request headers you provide in UploadPart and UploadPartCopy requests must match the headers you used in the request to initiate the upload by using 

CreateMultipartUpload
. you can request that Amazon S3 save the uploaded parts encrypted with server-side encryption with an Amazon S3 managed key (SSE-S3), an Key Management Service (KMS) key (SSE-KMS), or a customer-provided encryption key (SSE-C).

To perform a multipart upload with encryption by using an Amazon Web Services KMS key, the requester must have permission to the 

kms:Decrypt
and 
kms:GenerateDataKey*
actions on the key. These permissions are required because Amazon S3 must decrypt and read data from the encrypted file parts before it completes the multipart upload. For more information, see Multipart upload API and permissions and Protecting data using server-side encryption with Amazon Web Services KMS in the Amazon S3 User Guide.

If your Identity and Access Management (IAM) user or role is in the same Amazon Web Services account as the KMS key, then you must have these permissions on the key policy. If your IAM user or role belongs to a different account than the key, then you must have the permissions on both the key policy and your IAM user or role.

For more information, see Protecting Data Using Server-Side Encryption.

Access Permissions

When copying an object, you can optionally specify the accounts or groups that should be granted specific permissions on the new object. There are two ways to grant the permissions using the request headers:

  • Specify a canned ACL with the 

    x-amz-acl
    request header. For more information, see Canned ACL.

  • Specify access permissions explicitly with the 

    x-amz-grant-read
    , 
    x-amz-grant-read-acp
    , 
    x-amz-grant-write-acp
    , and 
    x-amz-grant-full-control
    headers. These parameters map to the set of permissions that Amazon S3 supports in an ACL. For more information, see Access Control List (ACL) Overview.

You can use either a canned ACL or specify access permissions explicitly. You cannot do both.

Server-Side- Encryption-Specific Request Headers

Amazon S3 encrypts data by using server-side encryption with an Amazon S3 managed key (SSE-S3) by default. Server-side encryption is for data encryption at rest. Amazon S3 encrypts your data as it writes it to disks in its data centers and decrypts it when you access it. You can request that Amazon S3 encrypts data at rest by using server-side encryption with other key options. The option you use depends on whether you want to use KMS keys (SSE-KMS) or provide your own encryption keys (SSE-C).

  • Use KMS keys (SSE-KMS) that include the Amazon Web Services managed key (

    aws/s3
    ) and KMS customer managed keys stored in Key Management Service (KMS) – If you want Amazon Web Services to manage the keys used to encrypt data, specify the following headers in the request. 

    • x-amz-server-side-encryption

    • x-amz-server-side-encryption-aws-kms-key-id

    • x-amz-server-side-encryption-context
    note

    If you specify 

    x-amz-server-side-encryption:aws:kms
    , but don't provide 
    x-amz-server-side-encryption-aws-kms-key-id
    , Amazon S3 uses the Amazon Web Services managed key (
    aws/s3
    key) in KMS to protect the data.

    All 

    GET
    and 
    PUT
    requests for an object protected by KMS fail if you don't make them by using Secure Sockets Layer (SSL), Transport Layer Security (TLS), or Signature Version 4.

    For more information about server-side encryption with KMS keys (SSE-KMS), see Protecting Data Using Server-Side Encryption with KMS keys.

  • Use customer-provided encryption keys (SSE-C) – If you want to manage your own encryption keys, provide all the following headers in the request. 

    • x-amz-server-side-encryption-customer-algorithm

    • x-amz-server-side-encryption-customer-key

    • x-amz-server-side-encryption-customer-key-MD5

    For more information about server-side encryption with customer-provided encryption keys (SSE-C), see Protecting data using server-side encryption with customer-provided encryption keys (SSE-C).

Access-Control-List (ACL)-Specific Request Headers

You also can use the following access control–related headers with this operation. By default, all objects are private. Only the owner has full access control. When adding a new object, you can grant permissions to individual Amazon Web Services accounts or to predefined groups defined by Amazon S3. These permissions are then added to the access control list (ACL) on the object. For more information, see Using ACLs. With this operation, you can grant access permissions using one of the following two methods:

  • Specify a canned ACL (

    x-amz-acl
    ) — Amazon S3 supports a set of predefined ACLs, known as canned ACLs. Each canned ACL has a predefined set of grantees and permissions. For more information, see Canned ACL.

  • Specify access permissions explicitly — To explicitly grant access permissions to specific Amazon Web Services accounts or groups, use the following headers. Each header maps to specific permissions that Amazon S3 supports in an ACL. For more information, see Access Control List (ACL) Overview. In the header, you specify a list of grantees who get the specific permission. To grant permissions explicitly, use: 

    • x-amz-grant-read

    • x-amz-grant-write

    • x-amz-grant-read-acp

    • x-amz-grant-write-acp

    • x-amz-grant-full-control

    You specify each grantee as a type=value pair, where the type is one of the following: 

    • id
      – if the value specified is the canonical user ID of an Amazon Web Services account 

    • uri
      – if you are granting permissions to a predefined group 

    • emailAddress
      – if the value specified is the email address of an Amazon Web Services account
      note

      Using email addresses to specify a grantee is only supported in the following Amazon Web Services Regions:

      • US East (N. Virginia)

      • US West (N. California)

      • US West (Oregon)

      • Asia Pacific (Singapore)

      • Asia Pacific (Sydney)

      • Asia Pacific (Tokyo)

      • Europe (Ireland)

      • South America (São Paulo)

      For a list of all the Amazon S3 supported Regions and endpoints, see Regions and Endpoints in the Amazon Web Services General Reference.

    For example, the following 

    x-amz-grant-read
    header grants the Amazon Web Services accounts identified by account IDs permissions to read object data and its metadata: 

    x-amz-grant-read: id="11112222333", id="444455556666"

The following operations are related to 

CreateMultipartUpload
: 
public virtual Task<InitiateMultipartUploadResponse> InitiateMultipartUploadAsync(InitiateMultipartUploadRequest request, CancellationToken cancellationToken = default)

Parameters

request InitiateMultipartUploadRequest

Container for the necessary parameters to execute the InitiateMultipartUpload service method.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<InitiateMultipartUploadResponse>

The response from the InitiateMultipartUpload service method, as returned by S3.

See Also

InitiateMultipartUploadAsync(string, string, CancellationToken)

This action initiates a multipart upload and returns an upload ID. This upload ID is used to associate all of the parts in the specific multipart upload. You specify this upload ID in each of your subsequent upload part requests (see UploadPart). You also include this upload ID in the final request to either complete or abort the multipart upload request.

For more information about multipart uploads, see Multipart Upload Overview.

If you have configured a lifecycle rule to abort incomplete multipart uploads, the upload must complete within the number of days specified in the bucket lifecycle configuration. Otherwise, the incomplete multipart upload becomes eligible for an abort action and Amazon S3 aborts the multipart upload. For more information, see Aborting Incomplete Multipart Uploads Using a Bucket Lifecycle Policy.

For information about the permissions required to use the multipart upload API, see Multipart Upload and Permissions.

For request signing, multipart upload is just a series of regular requests. You initiate a multipart upload, send one or more requests to upload parts, and then complete the multipart upload process. You sign each request individually. There is nothing special about signing multipart upload requests. For more information about signing, see Authenticating Requests (Amazon Web Services Signature Version 4).

note

After you initiate a multipart upload and upload one or more parts, to stop being charged for storing the uploaded parts, you must either complete or abort the multipart upload. Amazon S3 frees up the space used to store the parts and stop charging you for storing them only after you either complete or abort a multipart upload.

Server-side encryption is for data encryption at rest. Amazon S3 encrypts your data as it writes it to disks in its data centers and decrypts it when you access it. Amazon S3 automatically encrypts all new objects that are uploaded to an S3 bucket. When doing a multipart upload, if you don't specify encryption information in your request, the encryption setting of the uploaded parts is set to the default encryption configuration of the destination bucket. By default, all buckets have a base level of encryption configuration that uses server-side encryption with Amazon S3 managed keys (SSE-S3). If the destination bucket has a default encryption configuration that uses server-side encryption with an Key Management Service (KMS) key (SSE-KMS), or a customer-provided encryption key (SSE-C), Amazon S3 uses the corresponding KMS key, or a customer-provided key to encrypt the uploaded parts. When you perform a CreateMultipartUpload operation, if you want to use a different type of encryption setting for the uploaded parts, you can request that Amazon S3 encrypts the object with a KMS key, an Amazon S3 managed key, or a customer-provided key. If the encryption setting in your request is different from the default encryption configuration of the destination bucket, the encryption setting in your request takes precedence. If you choose to provide your own encryption key, the request headers you provide in UploadPart and UploadPartCopy requests must match the headers you used in the request to initiate the upload by using 

CreateMultipartUpload
. you can request that Amazon S3 save the uploaded parts encrypted with server-side encryption with an Amazon S3 managed key (SSE-S3), an Key Management Service (KMS) key (SSE-KMS), or a customer-provided encryption key (SSE-C).

To perform a multipart upload with encryption by using an Amazon Web Services KMS key, the requester must have permission to the 

kms:Decrypt
and 
kms:GenerateDataKey*
actions on the key. These permissions are required because Amazon S3 must decrypt and read data from the encrypted file parts before it completes the multipart upload. For more information, see Multipart upload API and permissions and Protecting data using server-side encryption with Amazon Web Services KMS in the Amazon S3 User Guide.

If your Identity and Access Management (IAM) user or role is in the same Amazon Web Services account as the KMS key, then you must have these permissions on the key policy. If your IAM user or role belongs to a different account than the key, then you must have the permissions on both the key policy and your IAM user or role.

For more information, see Protecting Data Using Server-Side Encryption.

Access Permissions

When copying an object, you can optionally specify the accounts or groups that should be granted specific permissions on the new object. There are two ways to grant the permissions using the request headers:

  • Specify a canned ACL with the 

    x-amz-acl
    request header. For more information, see Canned ACL.

  • Specify access permissions explicitly with the 

    x-amz-grant-read
    , 
    x-amz-grant-read-acp
    , 
    x-amz-grant-write-acp
    , and 
    x-amz-grant-full-control
    headers. These parameters map to the set of permissions that Amazon S3 supports in an ACL. For more information, see Access Control List (ACL) Overview.

You can use either a canned ACL or specify access permissions explicitly. You cannot do both.

Server-Side- Encryption-Specific Request Headers

Amazon S3 encrypts data by using server-side encryption with an Amazon S3 managed key (SSE-S3) by default. Server-side encryption is for data encryption at rest. Amazon S3 encrypts your data as it writes it to disks in its data centers and decrypts it when you access it. You can request that Amazon S3 encrypts data at rest by using server-side encryption with other key options. The option you use depends on whether you want to use KMS keys (SSE-KMS) or provide your own encryption keys (SSE-C).

  • Use KMS keys (SSE-KMS) that include the Amazon Web Services managed key (

    aws/s3
    ) and KMS customer managed keys stored in Key Management Service (KMS) – If you want Amazon Web Services to manage the keys used to encrypt data, specify the following headers in the request. 

    • x-amz-server-side-encryption

    • x-amz-server-side-encryption-aws-kms-key-id

    • x-amz-server-side-encryption-context
    note

    If you specify 

    x-amz-server-side-encryption:aws:kms
    , but don't provide 
    x-amz-server-side-encryption-aws-kms-key-id
    , Amazon S3 uses the Amazon Web Services managed key (
    aws/s3
    key) in KMS to protect the data.

    All 

    GET
    and 
    PUT
    requests for an object protected by KMS fail if you don't make them by using Secure Sockets Layer (SSL), Transport Layer Security (TLS), or Signature Version 4.

    For more information about server-side encryption with KMS keys (SSE-KMS), see Protecting Data Using Server-Side Encryption with KMS keys.

  • Use customer-provided encryption keys (SSE-C) – If you want to manage your own encryption keys, provide all the following headers in the request. 

    • x-amz-server-side-encryption-customer-algorithm

    • x-amz-server-side-encryption-customer-key

    • x-amz-server-side-encryption-customer-key-MD5

    For more information about server-side encryption with customer-provided encryption keys (SSE-C), see Protecting data using server-side encryption with customer-provided encryption keys (SSE-C).

Access-Control-List (ACL)-Specific Request Headers

You also can use the following access control–related headers with this operation. By default, all objects are private. Only the owner has full access control. When adding a new object, you can grant permissions to individual Amazon Web Services accounts or to predefined groups defined by Amazon S3. These permissions are then added to the access control list (ACL) on the object. For more information, see Using ACLs. With this operation, you can grant access permissions using one of the following two methods:

  • Specify a canned ACL (

    x-amz-acl
    ) — Amazon S3 supports a set of predefined ACLs, known as canned ACLs. Each canned ACL has a predefined set of grantees and permissions. For more information, see Canned ACL.

  • Specify access permissions explicitly — To explicitly grant access permissions to specific Amazon Web Services accounts or groups, use the following headers. Each header maps to specific permissions that Amazon S3 supports in an ACL. For more information, see Access Control List (ACL) Overview. In the header, you specify a list of grantees who get the specific permission. To grant permissions explicitly, use: 

    • x-amz-grant-read

    • x-amz-grant-write

    • x-amz-grant-read-acp

    • x-amz-grant-write-acp

    • x-amz-grant-full-control

    You specify each grantee as a type=value pair, where the type is one of the following: 

    • id
      – if the value specified is the canonical user ID of an Amazon Web Services account 

    • uri
      – if you are granting permissions to a predefined group 

    • emailAddress
      – if the value specified is the email address of an Amazon Web Services account
      note

      Using email addresses to specify a grantee is only supported in the following Amazon Web Services Regions:

      • US East (N. Virginia)

      • US West (N. California)

      • US West (Oregon)

      • Asia Pacific (Singapore)

      • Asia Pacific (Sydney)

      • Asia Pacific (Tokyo)

      • Europe (Ireland)

      • South America (São Paulo)

      For a list of all the Amazon S3 supported Regions and endpoints, see Regions and Endpoints in the Amazon Web Services General Reference.

    For example, the following 

    x-amz-grant-read
    header grants the Amazon Web Services accounts identified by account IDs permissions to read object data and its metadata: 

    x-amz-grant-read: id="11112222333", id="444455556666"

The following operations are related to 

CreateMultipartUpload
: 
public virtual Task<InitiateMultipartUploadResponse> InitiateMultipartUploadAsync(string bucketName, string key, CancellationToken cancellationToken = default)

Parameters

bucketName string

The name of the bucket to which to initiate the upload When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide. When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form 

AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com
. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts in the Amazon S3 User Guide.
key string

Object key for which the multipart upload is to be initiated.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<InitiateMultipartUploadResponse>

The response from the InitiateMultipartUpload service method, as returned by S3.

See Also

ListBucketAnalyticsConfigurationsAsync(ListBucketAnalyticsConfigurationsRequest, CancellationToken)

Lists the analytics configurations for the bucket. You can have up to 1,000 analytics configurations per bucket.

This action supports list pagination and does not return more than 100 configurations at a time. You should always check the 

IsTruncated
element in the response. If there are no more configurations to list, 
IsTruncated
is set to false. If there are more configurations to list, 
IsTruncated
is set to true, and there will be a value in 
NextContinuationToken
. You use the 
NextContinuationToken
value to continue the pagination of the list by passing the value in continuation-token in the request to 
GET
the next page.

To use this operation, you must have permissions to perform the 

s3:GetAnalyticsConfiguration
action. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.

For information about Amazon S3 analytics feature, see Amazon S3 Analytics – Storage Class Analysis.

The following operations are related to 

ListBucketAnalyticsConfigurations
: 
public virtual Task<ListBucketAnalyticsConfigurationsResponse> ListBucketAnalyticsConfigurationsAsync(ListBucketAnalyticsConfigurationsRequest request, CancellationToken cancellationToken = default)

Parameters

request ListBucketAnalyticsConfigurationsRequest

Container for the necessary parameters to execute the ListBucketAnalyticsConfigurations service method.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<ListBucketAnalyticsConfigurationsResponse>

The response from the ListBucketAnalyticsConfigurations service method, as returned by S3.

See Also

ListBucketIntelligentTieringConfigurationsAsync(ListBucketIntelligentTieringConfigurationsRequest, CancellationToken)

Lists the S3 Intelligent-Tiering configuration from the specified bucket.

The S3 Intelligent-Tiering storage class is designed to optimize storage costs by automatically moving data to the most cost-effective storage access tier, without performance impact or operational overhead. S3 Intelligent-Tiering delivers automatic cost savings in three low latency and high throughput access tiers. To get the lowest storage cost on data that can be accessed in minutes to hours, you can choose to activate additional archiving capabilities.

The S3 Intelligent-Tiering storage class is the ideal storage class for data with unknown, changing, or unpredictable access patterns, independent of object size or retention period. If the size of an object is less than 128 KB, it is not monitored and not eligible for auto-tiering. Smaller objects can be stored, but they are always charged at the Frequent Access tier rates in the S3 Intelligent-Tiering storage class.

For more information, see Storage class for automatically optimizing frequently and infrequently accessed objects.

Operations related to 

ListBucketIntelligentTieringConfigurations
include: 
public virtual Task<ListBucketIntelligentTieringConfigurationsResponse> ListBucketIntelligentTieringConfigurationsAsync(ListBucketIntelligentTieringConfigurationsRequest request, CancellationToken cancellationToken = default)

Parameters

request ListBucketIntelligentTieringConfigurationsRequest

Container for the necessary parameters to execute the ListBucketIntelligentTieringConfigurations service method.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<ListBucketIntelligentTieringConfigurationsResponse>

The response from the ListBucketIntelligentTieringConfigurations service method, as returned by S3.

See Also

ListBucketInventoryConfigurationsAsync(ListBucketInventoryConfigurationsRequest, CancellationToken)

Returns a list of inventory configurations for the bucket. You can have up to 1,000 analytics configurations per bucket.

This action supports list pagination and does not return more than 100 configurations at a time. Always check the 

IsTruncated
element in the response. If there are no more configurations to list, 
IsTruncated
is set to false. If there are more configurations to list, 
IsTruncated
is set to true, and there is a value in 
NextContinuationToken
. You use the 
NextContinuationToken
value to continue the pagination of the list by passing the value in continuation-token in the request to 
GET
the next page.

To use this operation, you must have permissions to perform the 

s3:GetInventoryConfiguration
action. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.

For information about the Amazon S3 inventory feature, see Amazon S3 Inventory

The following operations are related to 

ListBucketInventoryConfigurations
: 
public virtual Task<ListBucketInventoryConfigurationsResponse> ListBucketInventoryConfigurationsAsync(ListBucketInventoryConfigurationsRequest request, CancellationToken cancellationToken = default)

Parameters

request ListBucketInventoryConfigurationsRequest

Container for the necessary parameters to execute the ListBucketInventoryConfigurations service method.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<ListBucketInventoryConfigurationsResponse>

The response from the ListBucketInventoryConfigurations service method, as returned by S3.

See Also

ListBucketMetricsConfigurationsAsync(ListBucketMetricsConfigurationsRequest, CancellationToken)

Lists the metrics configurations for the bucket. The metrics configurations are only for the request metrics of the bucket and do not provide information on daily storage metrics. You can have up to 1,000 configurations per bucket.

This action supports list pagination and does not return more than 100 configurations at a time. Always check the 

IsTruncated
element in the response. If there are no more configurations to list, 
IsTruncated
is set to false. If there are more configurations to list, 
IsTruncated
is set to true, and there is a value in 
NextContinuationToken
. You use the 
NextContinuationToken
value to continue the pagination of the list by passing the value in 
continuation-token
in the request to 
GET
the next page.

To use this operation, you must have permissions to perform the 

s3:GetMetricsConfiguration
action. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.

For more information about metrics configurations and CloudWatch request metrics, see Monitoring Metrics with Amazon CloudWatch.

The following operations are related to 

ListBucketMetricsConfigurations
: 
public virtual Task<ListBucketMetricsConfigurationsResponse> ListBucketMetricsConfigurationsAsync(ListBucketMetricsConfigurationsRequest request, CancellationToken cancellationToken = default)

Parameters

request ListBucketMetricsConfigurationsRequest

Container for the necessary parameters to execute the ListBucketMetricsConfigurations service method.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<ListBucketMetricsConfigurationsResponse>

The response from the ListBucketMetricsConfigurations service method, as returned by S3.

See Also

ListBucketsAsync(ListBucketsRequest, CancellationToken)

Returns a list of all buckets owned by the authenticated sender of the request. To use this operation, you must have the 

s3:ListAllMyBuckets
permission.

For information about Amazon S3 buckets, see Creating, configuring, and working with Amazon S3 buckets. 

public virtual Task<ListBucketsResponse> ListBucketsAsync(ListBucketsRequest request, CancellationToken cancellationToken = default)

Parameters

request ListBucketsRequest

Container for the necessary parameters to execute the ListBuckets service method.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<ListBucketsResponse>

The response from the ListBuckets service method, as returned by S3.

See Also

ListBucketsAsync(CancellationToken)

Returns a list of all buckets owned by the authenticated sender of the request. To use this operation, you must have the 

s3:ListAllMyBuckets
permission.

For information about Amazon S3 buckets, see Creating, configuring, and working with Amazon S3 buckets. 

public virtual Task<ListBucketsResponse> ListBucketsAsync(CancellationToken cancellationToken = default)

Parameters

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<ListBucketsResponse>

The response from the ListBuckets service method, as returned by S3.

See Also

ListMultipartUploadsAsync(ListMultipartUploadsRequest, CancellationToken)

This action lists in-progress multipart uploads. An in-progress multipart upload is a multipart upload that has been initiated using the Initiate Multipart Upload request, but has not yet been completed or aborted.

This action returns at most 1,000 multipart uploads in the response. 1,000 multipart uploads is the maximum number of uploads a response can include, which is also the default value. You can further limit the number of uploads in a response by specifying the 

max-uploads
parameter in the response. If additional multipart uploads satisfy the list criteria, the response will contain an 
IsTruncated
element with the value true. To list the additional multipart uploads, use the 
key-marker
and 
upload-id-marker
request parameters.

In the response, the uploads are sorted by key. If your application has initiated more than one multipart upload using the same object key, then uploads in the response are first sorted by key. Additionally, uploads are sorted in ascending order within each key by the upload initiation time.

For more information on multipart uploads, see Uploading Objects Using Multipart Upload.

For information on permissions required to use the multipart upload API, see Multipart Upload and Permissions.

The following operations are related to 

ListMultipartUploads
: 
public virtual Task<ListMultipartUploadsResponse> ListMultipartUploadsAsync(ListMultipartUploadsRequest request, CancellationToken cancellationToken = default)

Parameters

request ListMultipartUploadsRequest

Container for the necessary parameters to execute the ListMultipartUploads service method.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<ListMultipartUploadsResponse>

The response from the ListMultipartUploads service method, as returned by S3.

See Also

ListMultipartUploadsAsync(string, string, CancellationToken)

This action lists in-progress multipart uploads. An in-progress multipart upload is a multipart upload that has been initiated using the Initiate Multipart Upload request, but has not yet been completed or aborted.

This action returns at most 1,000 multipart uploads in the response. 1,000 multipart uploads is the maximum number of uploads a response can include, which is also the default value. You can further limit the number of uploads in a response by specifying the 

max-uploads
parameter in the response. If additional multipart uploads satisfy the list criteria, the response will contain an 
IsTruncated
element with the value true. To list the additional multipart uploads, use the 
key-marker
and 
upload-id-marker
request parameters.

In the response, the uploads are sorted by key. If your application has initiated more than one multipart upload using the same object key, then uploads in the response are first sorted by key. Additionally, uploads are sorted in ascending order within each key by the upload initiation time.

For more information on multipart uploads, see Uploading Objects Using Multipart Upload.

For information on permissions required to use the multipart upload API, see Multipart Upload and Permissions.

The following operations are related to 

ListMultipartUploads
: 
public virtual Task<ListMultipartUploadsResponse> ListMultipartUploadsAsync(string bucketName, string prefix, CancellationToken cancellationToken = default)

Parameters

bucketName string

The name of the bucket to which the multipart upload was initiated. When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide. When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form 

AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com
. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts in the Amazon S3 User Guide.
prefix string

Lists in-progress uploads only for those keys that begin with the specified prefix. You can use prefixes to separate a bucket into different grouping of keys. (You can think of using prefix to make groups in the same way you'd use a folder in a file system.)

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<ListMultipartUploadsResponse>

The response from the ListMultipartUploads service method, as returned by S3.

See Also

ListMultipartUploadsAsync(string, CancellationToken)

This action lists in-progress multipart uploads. An in-progress multipart upload is a multipart upload that has been initiated using the Initiate Multipart Upload request, but has not yet been completed or aborted.

This action returns at most 1,000 multipart uploads in the response. 1,000 multipart uploads is the maximum number of uploads a response can include, which is also the default value. You can further limit the number of uploads in a response by specifying the 

max-uploads
parameter in the response. If additional multipart uploads satisfy the list criteria, the response will contain an 
IsTruncated
element with the value true. To list the additional multipart uploads, use the 
key-marker
and 
upload-id-marker
request parameters.

In the response, the uploads are sorted by key. If your application has initiated more than one multipart upload using the same object key, then uploads in the response are first sorted by key. Additionally, uploads are sorted in ascending order within each key by the upload initiation time.

For more information on multipart uploads, see Uploading Objects Using Multipart Upload.

For information on permissions required to use the multipart upload API, see Multipart Upload and Permissions.

The following operations are related to 

ListMultipartUploads
: 
public virtual Task<ListMultipartUploadsResponse> ListMultipartUploadsAsync(string bucketName, CancellationToken cancellationToken = default)

Parameters

bucketName string

The name of the bucket to which the multipart upload was initiated. When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide. When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form 

AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com
. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts in the Amazon S3 User Guide.
cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<ListMultipartUploadsResponse>

The response from the ListMultipartUploads service method, as returned by S3.

See Also

ListObjectsAsync(ListObjectsRequest, CancellationToken)

Returns some or all (up to 1,000) of the objects in a bucket. You can use the request parameters as selection criteria to return a subset of the objects in a bucket. A 200 OK response can contain valid or invalid XML. Be sure to design your application to parse the contents of the response and handle it appropriately.

This action has been revised. We recommend that you use the newer version, ListObjectsV2, when developing applications. For backward compatibility, Amazon S3 continues to support

ListObjects
.

The following operations are related to 

ListObjects
: 
public virtual Task<ListObjectsResponse> ListObjectsAsync(ListObjectsRequest request, CancellationToken cancellationToken = default)

Parameters

request ListObjectsRequest

Container for the necessary parameters to execute the ListObjects service method.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<ListObjectsResponse>

The response from the ListObjects service method, as returned by S3.

See Also

ListObjectsAsync(string, string, CancellationToken)

Returns some or all (up to 1,000) of the objects in a bucket. You can use the request parameters as selection criteria to return a subset of the objects in a bucket. A 200 OK response can contain valid or invalid XML. Be sure to design your application to parse the contents of the response and handle it appropriately.

This action has been revised. We recommend that you use the newer version, ListObjectsV2, when developing applications. For backward compatibility, Amazon S3 continues to support

ListObjects
.

The following operations are related to 

ListObjects
: 
public virtual Task<ListObjectsResponse> ListObjectsAsync(string bucketName, string prefix, CancellationToken cancellationToken = default)

Parameters

bucketName string

The name of the bucket containing the objects. When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide. When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form 

AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com
. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts in the Amazon S3 User Guide.
prefix string

Limits the response to keys that begin with the specified prefix.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<ListObjectsResponse>

The response from the ListObjects service method, as returned by S3.

See Also

ListObjectsAsync(string, CancellationToken)

Returns some or all (up to 1,000) of the objects in a bucket. You can use the request parameters as selection criteria to return a subset of the objects in a bucket. A 200 OK response can contain valid or invalid XML. Be sure to design your application to parse the contents of the response and handle it appropriately.

This action has been revised. We recommend that you use the newer version, ListObjectsV2, when developing applications. For backward compatibility, Amazon S3 continues to support

ListObjects
.

The following operations are related to 

ListObjects
: 
public virtual Task<ListObjectsResponse> ListObjectsAsync(string bucketName, CancellationToken cancellationToken = default)

Parameters

bucketName string

The name of the bucket containing the objects. When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide. When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form 

AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com
. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts in the Amazon S3 User Guide.
cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<ListObjectsResponse>

The response from the ListObjects service method, as returned by S3.

See Also

ListObjectsV2Async(ListObjectsV2Request, CancellationToken)

Returns some or all (up to 1,000) of the objects in a bucket with each request. You can use the request parameters as selection criteria to return a subset of the objects in a bucket. A 

200 OK
response can contain valid or invalid XML. Make sure to design your application to parse the contents of the response and handle it appropriately. Objects are returned sorted in an ascending order of the respective key names in the list. For more information about listing objects, see Listing object keys programmatically

To use this operation, you must have READ access to the bucket.

To use this action in an Identity and Access Management (IAM) policy, you must have permissions to perform the 

s3:ListBucket
action. The bucket owner has this permission by default and can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.

This section describes the latest revision of this action. We recommend that you use this revised API for application development. For backward compatibility, Amazon S3 continues to support the prior version of this API, ListObjects.

To get a list of your buckets, see ListBuckets.

The following operations are related to 

ListObjectsV2
: 
public virtual Task<ListObjectsV2Response> ListObjectsV2Async(ListObjectsV2Request request, CancellationToken cancellationToken = default)

Parameters

request ListObjectsV2Request

Container for the necessary parameters to execute the ListObjectsV2 service method.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<ListObjectsV2Response>

The response from the ListObjectsV2 service method, as returned by S3.

See Also

ListPartsAsync(ListPartsRequest, CancellationToken)

Lists the parts that have been uploaded for a specific multipart upload. This operation must include the upload ID, which you obtain by sending the initiate multipart upload request (see CreateMultipartUpload). This request returns a maximum of 1,000 uploaded parts. The default number of parts returned is 1,000 parts. You can restrict the number of parts returned by specifying the 

max-parts
request parameter. If your multipart upload consists of more than 1,000 parts, the response returns an 
IsTruncated
field with the value of true, and a 
NextPartNumberMarker
element. In subsequent 
ListParts
requests you can include the part-number-marker query string

parameter and set its value to the 

NextPartNumberMarker
field value from the previous response.

If the upload was created using a checksum algorithm, you will need to have permission to the 

kms:Decrypt
action for the request to succeed.

For more information on multipart uploads, see Uploading Objects Using Multipart Upload.

For information on permissions required to use the multipart upload API, see Multipart Upload and Permissions.

The following operations are related to 

ListParts
: 
public virtual Task<ListPartsResponse> ListPartsAsync(ListPartsRequest request, CancellationToken cancellationToken = default)

Parameters

request ListPartsRequest

Container for the necessary parameters to execute the ListParts service method.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<ListPartsResponse>

The response from the ListParts service method, as returned by S3.

See Also

ListPartsAsync(string, string, string, CancellationToken)

Lists the parts that have been uploaded for a specific multipart upload. This operation must include the upload ID, which you obtain by sending the initiate multipart upload request (see CreateMultipartUpload). This request returns a maximum of 1,000 uploaded parts. The default number of parts returned is 1,000 parts. You can restrict the number of parts returned by specifying the 

max-parts
request parameter. If your multipart upload consists of more than 1,000 parts, the response returns an 
IsTruncated
field with the value of true, and a 
NextPartNumberMarker
element. In subsequent 
ListParts
requests you can include the part-number-marker query string

parameter and set its value to the 

NextPartNumberMarker
field value from the previous response.

If the upload was created using a checksum algorithm, you will need to have permission to the 

kms:Decrypt
action for the request to succeed.

For more information on multipart uploads, see Uploading Objects Using Multipart Upload.

For information on permissions required to use the multipart upload API, see Multipart Upload and Permissions.

The following operations are related to 

ListParts
: 
public virtual Task<ListPartsResponse> ListPartsAsync(string bucketName, string key, string uploadId, CancellationToken cancellationToken = default)

Parameters

bucketName string

The name of the bucket to which the parts are being uploaded. When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide. When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form 

AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com
. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts in the Amazon S3 User Guide.
key string

Object key for which the multipart upload was initiated.

uploadId string

Upload ID identifying the multipart upload whose parts are being listed.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<ListPartsResponse>

The response from the ListParts service method, as returned by S3.

See Also

ListVersionsAsync(ListVersionsRequest, CancellationToken)

Returns metadata about all versions of the objects in a bucket. You can also use request parameters as selection criteria to return metadata about a subset of all the object versions.

To use this operation, you must have permissions to perform the 

s3:ListBucketVersions
action. Be aware of the name difference.

note

A 200 OK response can contain valid or invalid XML. Make sure to design your application to parse the contents of the response and handle it appropriately.

To use this operation, you must have READ access to the bucket.

This action is not supported by Amazon S3 on Outposts.

The following operations are related to 

ListObjectVersions
: 
public virtual Task<ListVersionsResponse> ListVersionsAsync(ListVersionsRequest request, CancellationToken cancellationToken = default)

Parameters

request ListVersionsRequest

Container for the necessary parameters to execute the ListVersions service method.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<ListVersionsResponse>

The response from the ListVersions service method, as returned by S3.

See Also

ListVersionsAsync(string, string, CancellationToken)

Returns metadata about all versions of the objects in a bucket. You can also use request parameters as selection criteria to return metadata about a subset of all the object versions.

To use this operation, you must have permissions to perform the 

s3:ListBucketVersions
action. Be aware of the name difference.

note

A 200 OK response can contain valid or invalid XML. Make sure to design your application to parse the contents of the response and handle it appropriately.

To use this operation, you must have READ access to the bucket.

This action is not supported by Amazon S3 on Outposts.

The following operations are related to 

ListObjectVersions
: 
public virtual Task<ListVersionsResponse> ListVersionsAsync(string bucketName, string prefix, CancellationToken cancellationToken = default)

Parameters

bucketName string

The bucket name that contains the objects.

prefix string

Use this parameter to select only those keys that begin with the specified prefix. You can use prefixes to separate a bucket into different groupings of keys. (You can think of using prefix to make groups in the same way you'd use a folder in a file system.) You can use prefix with delimiter to roll up numerous objects into a single result under CommonPrefixes.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<ListVersionsResponse>

The response from the ListVersions service method, as returned by S3.

See Also

ListVersionsAsync(string, CancellationToken)

Returns metadata about all versions of the objects in a bucket. You can also use request parameters as selection criteria to return metadata about a subset of all the object versions.

To use this operation, you must have permissions to perform the 

s3:ListBucketVersions
action. Be aware of the name difference.

note

A 200 OK response can contain valid or invalid XML. Make sure to design your application to parse the contents of the response and handle it appropriately.

To use this operation, you must have READ access to the bucket.

This action is not supported by Amazon S3 on Outposts.

The following operations are related to 

ListObjectVersions
: 
public virtual Task<ListVersionsResponse> ListVersionsAsync(string bucketName, CancellationToken cancellationToken = default)

Parameters

bucketName string

The bucket name that contains the objects.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<ListVersionsResponse>

The response from the ListVersions service method, as returned by S3.

See Also

PutACLAsync(PutACLRequest, CancellationToken) 

public virtual Task<PutACLResponse> PutACLAsync(PutACLRequest request, CancellationToken cancellationToken = default)

Parameters

request PutACLRequest
cancellationToken CancellationToken

Returns

Task<PutACLResponse>

PutBucketAccelerateConfigurationAsync(PutBucketAccelerateConfigurationRequest, CancellationToken)

Sets the accelerate configuration of an existing bucket. Amazon S3 Transfer Acceleration is a bucket-level feature that enables you to perform faster data transfers to Amazon S3.

To use this operation, you must have permission to perform the 

s3:PutAccelerateConfiguration
action. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.

The Transfer Acceleration state of a bucket can be set to one of the following two values:

  • Enabled – Enables accelerated data transfers to the bucket.

  • Suspended – Disables accelerated data transfers to the bucket.

The GetBucketAccelerateConfiguration action returns the transfer acceleration state of a bucket.

After setting the Transfer Acceleration state of a bucket to Enabled, it might take up to thirty minutes before the data transfer rates to the bucket increase.

The name of the bucket used for Transfer Acceleration must be DNS-compliant and must not contain periods (".").

For more information about transfer acceleration, see Transfer Acceleration.

The following operations are related to 

PutBucketAccelerateConfiguration
: 
public virtual Task<PutBucketAccelerateConfigurationResponse> PutBucketAccelerateConfigurationAsync(PutBucketAccelerateConfigurationRequest request, CancellationToken cancellationToken = default)

Parameters

request PutBucketAccelerateConfigurationRequest

Container for the necessary parameters to execute the PutBucketAccelerateConfiguration service method.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<PutBucketAccelerateConfigurationResponse>

The response from the PutBucketAccelerateConfiguration service method, as returned by S3.

See Also

PutBucketAnalyticsConfigurationAsync(PutBucketAnalyticsConfigurationRequest, CancellationToken) 

public virtual Task<PutBucketAnalyticsConfigurationResponse> PutBucketAnalyticsConfigurationAsync(PutBucketAnalyticsConfigurationRequest request, CancellationToken cancellationToken = default)

Parameters

request PutBucketAnalyticsConfigurationRequest
cancellationToken CancellationToken

Returns

Task<PutBucketAnalyticsConfigurationResponse>

PutBucketAsync(PutBucketRequest, CancellationToken)

Creates a new S3 bucket. To create a bucket, you must register with Amazon S3 and have a valid Amazon Web Services Access Key ID to authenticate requests. Anonymous requests are never allowed to create buckets. By creating the bucket, you become the bucket owner.

Not every string is an acceptable bucket name. For information about bucket naming restrictions, see Bucket naming rules.

If you want to create an Amazon S3 on Outposts bucket, see Create Bucket.

By default, the bucket is created in the US East (N. Virginia) Region. You can optionally specify a Region in the request body. You might choose a Region to optimize latency, minimize costs, or address regulatory requirements. For example, if you reside in Europe, you will probably find it advantageous to create buckets in the Europe (Ireland) Region. For more information, see Accessing a bucket.

note

If you send your create bucket request to the 

s3.amazonaws.com
endpoint, the request goes to the us-east-1 Region. Accordingly, the signature calculations in Signature Version 4 must use us-east-1 as the Region, even if the location constraint in the request specifies another Region where the bucket is to be created. If you create a bucket in a Region other than US East (N. Virginia), your application must be able to handle 307 redirect. For more information, see Virtual hosting of buckets.

Access control lists (ACLs)

When creating a bucket using this operation, you can optionally configure the bucket ACL to specify the accounts or groups that should be granted specific permissions on the bucket.

If your CreateBucket request sets bucket owner enforced for S3 Object Ownership and specifies a bucket ACL that provides access to an external Amazon Web Services account, your request fails with a 

400
error and returns the 
InvalidBucketAclWithObjectOwnership
error code. For more information, see Controlling object ownership in the Amazon S3 User Guide.

There are two ways to grant the appropriate permissions using the request headers.

  • Specify a canned ACL using the 

    x-amz-acl
    request header. Amazon S3 supports a set of predefined ACLs, known as canned ACLs. Each canned ACL has a predefined set of grantees and permissions. For more information, see Canned ACL.

  • Specify access permissions explicitly using the 

    x-amz-grant-read
    , 
    x-amz-grant-write
    , 
    x-amz-grant-read-acp
    , 
    x-amz-grant-write-acp
    , and 
    x-amz-grant-full-control
    headers. These headers map to the set of permissions Amazon S3 supports in an ACL. For more information, see Access control list (ACL) overview.

    You specify each grantee as a type=value pair, where the type is one of the following: 

    • id
      – if the value specified is the canonical user ID of an Amazon Web Services account 

    • uri
      – if you are granting permissions to a predefined group 

    • emailAddress
      – if the value specified is the email address of an Amazon Web Services account
      note

      Using email addresses to specify a grantee is only supported in the following Amazon Web Services Regions:

      • US East (N. Virginia)

      • US West (N. California)

      • US West (Oregon)

      • Asia Pacific (Singapore)

      • Asia Pacific (Sydney)

      • Asia Pacific (Tokyo)

      • Europe (Ireland)

      • South America (São Paulo)

      For a list of all the Amazon S3 supported Regions and endpoints, see Regions and Endpoints in the Amazon Web Services General Reference.

    For example, the following 

    x-amz-grant-read
    header grants the Amazon Web Services accounts identified by account IDs permissions to read object data and its metadata: 

    x-amz-grant-read: id="11112222333", id="444455556666"
note

You can use either a canned ACL or specify access permissions explicitly. You cannot do both.

Permissions

In addition to 

s3:CreateBucket
, the following permissions are required when your CreateBucket includes specific headers:

  • ACLs - If your 

    CreateBucket
    request specifies ACL permissions and the ACL is public-read, public-read-write, authenticated-read, or if you specify access permissions explicitly through any other ACL, both 
    s3:CreateBucket
    and 
    s3:PutBucketAcl
    permissions are needed. If the ACL the 
    CreateBucket
    request is private or doesn't specify any ACLs, only 
    s3:CreateBucket
    permission is needed.

  • Object Lock - If 

    ObjectLockEnabledForBucket
    is set to true in your 
    CreateBucket
    request, 
    s3:PutBucketObjectLockConfiguration
    and 
    s3:PutBucketVersioning
    permissions are required.

  • S3 Object Ownership - If your CreateBucket request includes the the 

    x-amz-object-ownership
    header, 
    s3:PutBucketOwnershipControls
    permission is required.

The following operations are related to 

CreateBucket
: 
public virtual Task<PutBucketResponse> PutBucketAsync(PutBucketRequest request, CancellationToken cancellationToken = default)

Parameters

request PutBucketRequest

Container for the necessary parameters to execute the PutBucket service method.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<PutBucketResponse>

The response from the PutBucket service method, as returned by S3.

See Also

PutBucketAsync(string, CancellationToken)

Creates a new S3 bucket. To create a bucket, you must register with Amazon S3 and have a valid Amazon Web Services Access Key ID to authenticate requests. Anonymous requests are never allowed to create buckets. By creating the bucket, you become the bucket owner.

Not every string is an acceptable bucket name. For information about bucket naming restrictions, see Bucket naming rules.

If you want to create an Amazon S3 on Outposts bucket, see Create Bucket.

By default, the bucket is created in the US East (N. Virginia) Region. You can optionally specify a Region in the request body. You might choose a Region to optimize latency, minimize costs, or address regulatory requirements. For example, if you reside in Europe, you will probably find it advantageous to create buckets in the Europe (Ireland) Region. For more information, see Accessing a bucket.

note

If you send your create bucket request to the 

s3.amazonaws.com
endpoint, the request goes to the us-east-1 Region. Accordingly, the signature calculations in Signature Version 4 must use us-east-1 as the Region, even if the location constraint in the request specifies another Region where the bucket is to be created. If you create a bucket in a Region other than US East (N. Virginia), your application must be able to handle 307 redirect. For more information, see Virtual hosting of buckets.

Access control lists (ACLs)

When creating a bucket using this operation, you can optionally configure the bucket ACL to specify the accounts or groups that should be granted specific permissions on the bucket.

If your CreateBucket request sets bucket owner enforced for S3 Object Ownership and specifies a bucket ACL that provides access to an external Amazon Web Services account, your request fails with a 

400
error and returns the 
InvalidBucketAclWithObjectOwnership
error code. For more information, see Controlling object ownership in the Amazon S3 User Guide.

There are two ways to grant the appropriate permissions using the request headers.

  • Specify a canned ACL using the 

    x-amz-acl
    request header. Amazon S3 supports a set of predefined ACLs, known as canned ACLs. Each canned ACL has a predefined set of grantees and permissions. For more information, see Canned ACL.

  • Specify access permissions explicitly using the 

    x-amz-grant-read
    , 
    x-amz-grant-write
    , 
    x-amz-grant-read-acp
    , 
    x-amz-grant-write-acp
    , and 
    x-amz-grant-full-control
    headers. These headers map to the set of permissions Amazon S3 supports in an ACL. For more information, see Access control list (ACL) overview.

    You specify each grantee as a type=value pair, where the type is one of the following: 

    • id
      – if the value specified is the canonical user ID of an Amazon Web Services account 

    • uri
      – if you are granting permissions to a predefined group 

    • emailAddress
      – if the value specified is the email address of an Amazon Web Services account
      note

      Using email addresses to specify a grantee is only supported in the following Amazon Web Services Regions:

      • US East (N. Virginia)

      • US West (N. California)

      • US West (Oregon)

      • Asia Pacific (Singapore)

      • Asia Pacific (Sydney)

      • Asia Pacific (Tokyo)

      • Europe (Ireland)

      • South America (São Paulo)

      For a list of all the Amazon S3 supported Regions and endpoints, see Regions and Endpoints in the Amazon Web Services General Reference.

    For example, the following 

    x-amz-grant-read
    header grants the Amazon Web Services accounts identified by account IDs permissions to read object data and its metadata: 

    x-amz-grant-read: id="11112222333", id="444455556666"
note

You can use either a canned ACL or specify access permissions explicitly. You cannot do both.

Permissions

In addition to 

s3:CreateBucket
, the following permissions are required when your CreateBucket includes specific headers:

  • ACLs - If your 

    CreateBucket
    request specifies ACL permissions and the ACL is public-read, public-read-write, authenticated-read, or if you specify access permissions explicitly through any other ACL, both 
    s3:CreateBucket
    and 
    s3:PutBucketAcl
    permissions are needed. If the ACL the 
    CreateBucket
    request is private or doesn't specify any ACLs, only 
    s3:CreateBucket
    permission is needed.

  • Object Lock - If 

    ObjectLockEnabledForBucket
    is set to true in your 
    CreateBucket
    request, 
    s3:PutBucketObjectLockConfiguration
    and 
    s3:PutBucketVersioning
    permissions are required.

  • S3 Object Ownership - If your CreateBucket request includes the the 

    x-amz-object-ownership
    header, 
    s3:PutBucketOwnershipControls
    permission is required.

The following operations are related to 

CreateBucket
: 
public virtual Task<PutBucketResponse> PutBucketAsync(string bucketName, CancellationToken cancellationToken = default)

Parameters

bucketName string

The name of the bucket to create.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<PutBucketResponse>

The response from the PutBucket service method, as returned by S3.

See Also

PutBucketEncryptionAsync(PutBucketEncryptionRequest, CancellationToken) 

public virtual Task<PutBucketEncryptionResponse> PutBucketEncryptionAsync(PutBucketEncryptionRequest request, CancellationToken cancellationToken = default)

Parameters

request PutBucketEncryptionRequest
cancellationToken CancellationToken

Returns

Task<PutBucketEncryptionResponse>

PutBucketIntelligentTieringConfigurationAsync(PutBucketIntelligentTieringConfigurationRequest, CancellationToken) 

public virtual Task<PutBucketIntelligentTieringConfigurationResponse> PutBucketIntelligentTieringConfigurationAsync(PutBucketIntelligentTieringConfigurationRequest request, CancellationToken cancellationToken = default)

Parameters

request PutBucketIntelligentTieringConfigurationRequest
cancellationToken CancellationToken

Returns

Task<PutBucketIntelligentTieringConfigurationResponse>

PutBucketInventoryConfigurationAsync(PutBucketInventoryConfigurationRequest, CancellationToken) 

public virtual Task<PutBucketInventoryConfigurationResponse> PutBucketInventoryConfigurationAsync(PutBucketInventoryConfigurationRequest request, CancellationToken cancellationToken = default)

Parameters

request PutBucketInventoryConfigurationRequest
cancellationToken CancellationToken

Returns

Task<PutBucketInventoryConfigurationResponse>

PutBucketLoggingAsync(PutBucketLoggingRequest, CancellationToken)

Set the logging parameters for a bucket and to specify permissions for who can view and modify the logging parameters. All logs are saved to buckets in the same Amazon Web Services Region as the source bucket. To set the logging status of a bucket, you must be the bucket owner.

The bucket owner is automatically granted FULL_CONTROL to all logs. You use the 

Grantee
request element to grant access to other people. The 
Permissions
request element specifies the kind of access the grantee has to the logs.

If the target bucket for log delivery uses the bucket owner enforced setting for S3 Object Ownership, you can't use the 

Grantee
request element to grant access to others. Permissions can only be granted using policies. For more information, see Permissions for server access log delivery in the Amazon S3 User Guide.

Grantee Values

You can specify the person (grantee) to whom you're assigning access rights (using request elements) in the following ways:

  • By the person's ID: 

    <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="CanonicalUser"><ID><>ID<></ID><DisplayName><>GranteesEmail<></DisplayName>
                   </Grantee>

    DisplayName is optional and ignored in the request.

  • By Email address: 

    <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="AmazonCustomerByEmail"><EmailAddress><>Grantees@email.com<></EmailAddress></Grantee>

    The grantee is resolved to the CanonicalUser and, in a response to a GET Object acl request, appears as the CanonicalUser.

  • By URI: 

    <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="Group"><URI><>http://acs.amazonaws.com/groups/global/AuthenticatedUsers<></URI></Grantee>

To enable logging, you use LoggingEnabled and its children request elements. To disable logging, you use an empty BucketLoggingStatus request element: 

<BucketLoggingStatus xmlns="http://doc.s3.amazonaws.com/2006-03-01" />

For more information about server access logging, see Server Access Logging in the Amazon S3 User Guide.

For more information about creating a bucket, see CreateBucket. For more information about returning the logging status of a bucket, see GetBucketLogging.

The following operations are related to 

PutBucketLogging
: 
public virtual Task<PutBucketLoggingResponse> PutBucketLoggingAsync(PutBucketLoggingRequest request, CancellationToken cancellationToken = default)

Parameters

request PutBucketLoggingRequest

Container for the necessary parameters to execute the PutBucketLogging service method.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<PutBucketLoggingResponse>

The response from the PutBucketLogging service method, as returned by S3.

See Also

PutBucketMetricsConfigurationAsync(PutBucketMetricsConfigurationRequest, CancellationToken)

Sets a metrics configuration (specified by the metrics configuration ID) for the bucket. You can have up to 1,000 metrics configurations per bucket. If you're updating an existing metrics configuration, note that this is a full replacement of the existing metrics configuration. If you don't include the elements you want to keep, they are erased.

To use this operation, you must have permissions to perform the 

s3:PutMetricsConfiguration
action. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.

For information about CloudWatch request metrics for Amazon S3, see Monitoring Metrics with Amazon CloudWatch.

The following operations are related to 

PutBucketMetricsConfiguration
: 

GetBucketLifecycle
has the following special error:

  • Error code: 

    TooManyConfigurations

    • Description: You are attempting to create a new configuration but have already reached the 1,000-configuration limit.

    • HTTP Status Code: HTTP 400 Bad Request 

public virtual Task<PutBucketMetricsConfigurationResponse> PutBucketMetricsConfigurationAsync(PutBucketMetricsConfigurationRequest request, CancellationToken cancellationToken = default)

Parameters

request PutBucketMetricsConfigurationRequest

Container for the necessary parameters to execute the PutBucketMetricsConfiguration service method.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<PutBucketMetricsConfigurationResponse>

The response from the PutBucketMetricsConfiguration service method, as returned by S3.

See Also

PutBucketNotificationAsync(PutBucketNotificationRequest, CancellationToken)

Enables notifications of specified events for a bucket. For more information about event notifications, see Configuring Event Notifications.

Using this API, you can replace an existing notification configuration. The configuration is an XML file that defines the event types that you want Amazon S3 to publish and the destination where you want Amazon S3 to publish an event notification when it detects an event of the specified type.

By default, your bucket has no event notifications configured. That is, the notification configuration will be an empty 

NotificationConfiguration
. 

<NotificationConfiguration>

</NotificationConfiguration>

This action replaces the existing notification configuration with the configuration you include in the request body.

After Amazon S3 receives this request, it first verifies that any Amazon Simple Notification Service (Amazon SNS) or Amazon Simple Queue Service (Amazon SQS) destination exists, and that the bucket owner has permission to publish to it by sending a test notification. In the case of Lambda destinations, Amazon S3 verifies that the Lambda function permissions grant Amazon S3 permission to invoke the function from the Amazon S3 bucket. For more information, see Configuring Notifications for Amazon S3 Events.

You can disable notifications by adding the empty NotificationConfiguration element.

For more information about the number of event notification configurations that you can create per bucket, see Amazon S3 service quotas in Amazon Web Services General Reference.

By default, only the bucket owner can configure notifications on a bucket. However, bucket owners can use a bucket policy to grant permission to other users to set this configuration with 

s3:PutBucketNotification
permission.
note

The PUT notification is an atomic operation. For example, suppose your notification configuration includes SNS topic, SQS queue, and Lambda function configurations. When you send a PUT request with this configuration, Amazon S3 sends test messages to your SNS topic. If the message fails, the entire PUT action will fail, and Amazon S3 will not add the configuration to your bucket.

Responses

If the configuration in the request body includes only one 

TopicConfiguration
specifying only the 
s3:ReducedRedundancyLostObject
event type, the response will also include the 
x-amz-sns-test-message-id
header containing the message ID of the test notification sent to the topic.

The following action is related to 

PutBucketNotificationConfiguration
: 
public virtual Task<PutBucketNotificationResponse> PutBucketNotificationAsync(PutBucketNotificationRequest request, CancellationToken cancellationToken = default)

Parameters

request PutBucketNotificationRequest

Container for the necessary parameters to execute the PutBucketNotification service method.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<PutBucketNotificationResponse>

The response from the PutBucketNotification service method, as returned by S3.

See Also

PutBucketOwnershipControlsAsync(PutBucketOwnershipControlsRequest, CancellationToken)

Creates or modifies 

OwnershipControls
for an Amazon S3 bucket. To use this operation, you must have the 
s3:PutBucketOwnershipControls
permission. For more information about Amazon S3 permissions, see Specifying permissions in a policy.

For information about Amazon S3 Object Ownership, see Using object ownership.

The following operations are related to 

PutBucketOwnershipControls
: 
public virtual Task<PutBucketOwnershipControlsResponse> PutBucketOwnershipControlsAsync(PutBucketOwnershipControlsRequest request, CancellationToken cancellationToken = default)

Parameters

request PutBucketOwnershipControlsRequest

Container for the necessary parameters to execute the PutBucketOwnershipControls service method.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<PutBucketOwnershipControlsResponse>

The response from the PutBucketOwnershipControls service method, as returned by S3.

See Also

PutBucketPolicyAsync(PutBucketPolicyRequest, CancellationToken)

Applies an Amazon S3 bucket policy to an Amazon S3 bucket. If you are using an identity other than the root user of the Amazon Web Services account that owns the bucket, the calling identity must have the 

PutBucketPolicy
permissions on the specified bucket and belong to the bucket owner's account in order to use this operation.

If you don't have 

PutBucketPolicy
permissions, Amazon S3 returns a 
403
                                                                                            Access Denied
error. If you have the correct permissions, but you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 
405
                                                                                        Method Not Allowed
error.

As a security precaution, the root user of the Amazon Web Services account that owns a bucket can always use this operation, even if the policy explicitly denies the root user the ability to perform this action.

For more information, see Bucket policy examples.

The following operations are related to 

PutBucketPolicy
: 
public virtual Task<PutBucketPolicyResponse> PutBucketPolicyAsync(PutBucketPolicyRequest request, CancellationToken cancellationToken = default)

Parameters

request PutBucketPolicyRequest

Container for the necessary parameters to execute the PutBucketPolicy service method.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<PutBucketPolicyResponse>

The response from the PutBucketPolicy service method, as returned by S3.

See Also

PutBucketPolicyAsync(string, string, string, CancellationToken)

Applies an Amazon S3 bucket policy to an Amazon S3 bucket. If you are using an identity other than the root user of the Amazon Web Services account that owns the bucket, the calling identity must have the 

PutBucketPolicy
permissions on the specified bucket and belong to the bucket owner's account in order to use this operation.

If you don't have 

PutBucketPolicy
permissions, Amazon S3 returns a 
403
                                                                                            Access Denied
error. If you have the correct permissions, but you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 
405
                                                                                        Method Not Allowed
error.

As a security precaution, the root user of the Amazon Web Services account that owns a bucket can always use this operation, even if the policy explicitly denies the root user the ability to perform this action.

For more information, see Bucket policy examples.

The following operations are related to 

PutBucketPolicy
: 
public virtual Task<PutBucketPolicyResponse> PutBucketPolicyAsync(string bucketName, string policy, string contentMD5, CancellationToken cancellationToken = default)

Parameters

bucketName string

The name of the bucket.

policy string

The bucket policy as a JSON document.

contentMD5 string

The MD5 hash of the request body. For requests made using the Amazon Web Services Command Line Interface (CLI) or Amazon Web Services SDKs, this field is calculated automatically.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<PutBucketPolicyResponse>

The response from the PutBucketPolicy service method, as returned by S3.

See Also

PutBucketPolicyAsync(string, string, CancellationToken)

Applies an Amazon S3 bucket policy to an Amazon S3 bucket. If you are using an identity other than the root user of the Amazon Web Services account that owns the bucket, the calling identity must have the 

PutBucketPolicy
permissions on the specified bucket and belong to the bucket owner's account in order to use this operation.

If you don't have 

PutBucketPolicy
permissions, Amazon S3 returns a 
403
                                                                                            Access Denied
error. If you have the correct permissions, but you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 
405
                                                                                        Method Not Allowed
error.

As a security precaution, the root user of the Amazon Web Services account that owns a bucket can always use this operation, even if the policy explicitly denies the root user the ability to perform this action.

For more information, see Bucket policy examples.

The following operations are related to 

PutBucketPolicy
: 
public virtual Task<PutBucketPolicyResponse> PutBucketPolicyAsync(string bucketName, string policy, CancellationToken cancellationToken = default)

Parameters

bucketName string

The name of the bucket.

policy string

The bucket policy as a JSON document.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<PutBucketPolicyResponse>

The response from the PutBucketPolicy service method, as returned by S3.

See Also

PutBucketReplicationAsync(PutBucketReplicationRequest, CancellationToken)

Creates a replication configuration or replaces an existing one. For more information, see Replication in the Amazon S3 User Guide.

Specify the replication configuration in the request body. In the replication configuration, you provide the name of the destination bucket or buckets where you want Amazon S3 to replicate objects, the IAM role that Amazon S3 can assume to replicate objects on your behalf, and other relevant information.

A replication configuration must include at least one rule, and can contain a maximum of 1,000. Each rule identifies a subset of objects to replicate by filtering the objects in the source bucket. To choose additional subsets of objects to replicate, add a rule for each subset.

To specify a subset of the objects in the source bucket to apply a replication rule to, add the Filter element as a child of the Rule element. You can filter objects based on an object key prefix, one or more object tags, or both. When you add the Filter element in the configuration, you must also add the following elements: 

DeleteMarkerReplication
, 
Status
, and 
Priority
.
note

If you are using an earlier version of the replication configuration, Amazon S3 handles replication of delete markers differently. For more information, see Backward Compatibility.

For information about enabling versioning on a bucket, see Using Versioning.

Handling Replication of Encrypted Objects

By default, Amazon S3 doesn't replicate objects that are stored at rest using server-side encryption with KMS keys. To replicate Amazon Web Services KMS-encrypted objects, add the following: 

SourceSelectionCriteria
, 
SseKmsEncryptedObjects
, 
Status
, 
EncryptionConfiguration
, and 
ReplicaKmsKeyID
. For information about replication configuration, see Replicating Objects Created with SSE Using KMS keys.

For information on 

PutBucketReplication
errors, see List of replication-related error codes

Permissions

To create a 

PutBucketReplication
request, you must have 
s3:PutReplicationConfiguration
permissions for the bucket.

By default, a resource owner, in this case the Amazon Web Services account that created the bucket, can perform this operation. The resource owner can also grant others permissions to perform the operation. For more information about permissions, see Specifying Permissions in a Policy and Managing Access Permissions to Your Amazon S3 Resources.

note

To perform this operation, the user or role performing the action must have the iam:PassRole permission.

The following operations are related to 

PutBucketReplication
: 
public virtual Task<PutBucketReplicationResponse> PutBucketReplicationAsync(PutBucketReplicationRequest request, CancellationToken cancellationToken = default)

Parameters

request PutBucketReplicationRequest

Container for the necessary parameters to execute the PutBucketReplication service method.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<PutBucketReplicationResponse>

The response from the PutBucketReplication service method, as returned by S3.

See Also

PutBucketRequestPaymentAsync(PutBucketRequestPaymentRequest, CancellationToken)

Sets the request payment configuration for a bucket. By default, the bucket owner pays for downloads from the bucket. This configuration parameter enables the bucket owner (only) to specify that the person requesting the download will be charged for the download. For more information, see Requester Pays Buckets.

The following operations are related to 

PutBucketRequestPayment
: 
public virtual Task<PutBucketRequestPaymentResponse> PutBucketRequestPaymentAsync(PutBucketRequestPaymentRequest request, CancellationToken cancellationToken = default)

Parameters

request PutBucketRequestPaymentRequest

Container for the necessary parameters to execute the PutBucketRequestPayment service method.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<PutBucketRequestPaymentResponse>

The response from the PutBucketRequestPayment service method, as returned by S3.

See Also

PutBucketRequestPaymentAsync(string, RequestPaymentConfiguration, CancellationToken)

Sets the request payment configuration for a bucket. By default, the bucket owner pays for downloads from the bucket. This configuration parameter enables the bucket owner (only) to specify that the person requesting the download will be charged for the download. For more information, see Requester Pays Buckets.

The following operations are related to 

PutBucketRequestPayment
: 
public virtual Task<PutBucketRequestPaymentResponse> PutBucketRequestPaymentAsync(string bucketName, RequestPaymentConfiguration requestPaymentConfiguration, CancellationToken cancellationToken = default)

Parameters

bucketName string

The bucket name.

requestPaymentConfiguration RequestPaymentConfiguration

Container for Payer.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<PutBucketRequestPaymentResponse>

The response from the PutBucketRequestPayment service method, as returned by S3.

See Also

PutBucketTaggingAsync(PutBucketTaggingRequest, CancellationToken)

Sets the tags for a bucket.

Use tags to organize your Amazon Web Services bill to reflect your own cost structure. To do this, sign up to get your Amazon Web Services account bill with tag key values included. Then, to see the cost of combined resources, organize your billing information according to resources with the same tag key values. For example, you can tag several resources with a specific application name, and then organize your billing information to see the total cost of that application across several services. For more information, see Cost Allocation and Tagging and Using Cost Allocation in Amazon S3 Bucket Tags.

note

When this operation sets the tags for a bucket, it will overwrite any current tags the bucket already has. You cannot use this operation to add tags to an existing list of tags.

To use this operation, you must have permissions to perform the 

s3:PutBucketTagging
action. The bucket owner has this permission by default and can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources. 

PutBucketTagging
has the following special errors:

  • Error code: 

    InvalidTagError

  • Error code: 

    MalformedXMLError

    • Description: The XML provided does not match the schema.

  • Error code: 

    OperationAbortedError

    • Description: A conflicting conditional action is currently in progress against this resource. Please try again.

  • Error code: 

    InternalError

    • Description: The service was unable to apply the provided tag to the bucket.

The following operations are related to 

PutBucketTagging
: 
public virtual Task<PutBucketTaggingResponse> PutBucketTaggingAsync(PutBucketTaggingRequest request, CancellationToken cancellationToken = default)

Parameters

request PutBucketTaggingRequest

Container for the necessary parameters to execute the PutBucketTagging service method.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<PutBucketTaggingResponse>

The response from the PutBucketTagging service method, as returned by S3.

See Also

PutBucketTaggingAsync(string, List<Tag>, CancellationToken)

Sets the tags for a bucket.

Use tags to organize your Amazon Web Services bill to reflect your own cost structure. To do this, sign up to get your Amazon Web Services account bill with tag key values included. Then, to see the cost of combined resources, organize your billing information according to resources with the same tag key values. For example, you can tag several resources with a specific application name, and then organize your billing information to see the total cost of that application across several services. For more information, see Cost Allocation and Tagging and Using Cost Allocation in Amazon S3 Bucket Tags.

note

When this operation sets the tags for a bucket, it will overwrite any current tags the bucket already has. You cannot use this operation to add tags to an existing list of tags.

To use this operation, you must have permissions to perform the 

s3:PutBucketTagging
action. The bucket owner has this permission by default and can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources. 

PutBucketTagging
has the following special errors:

  • Error code: 

    InvalidTagError

  • Error code: 

    MalformedXMLError

    • Description: The XML provided does not match the schema.

  • Error code: 

    OperationAbortedError

    • Description: A conflicting conditional action is currently in progress against this resource. Please try again.

  • Error code: 

    InternalError

    • Description: The service was unable to apply the provided tag to the bucket.

The following operations are related to 

PutBucketTagging
: 
public virtual Task<PutBucketTaggingResponse> PutBucketTaggingAsync(string bucketName, List<Tag> tagSet, CancellationToken cancellationToken = default)

Parameters

bucketName string

The bucket name.

tagSet List<Tag>

A property of PutBucketTaggingRequest used to execute the PutBucketTagging service method.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<PutBucketTaggingResponse>

The response from the PutBucketTagging service method, as returned by S3.

See Also

PutBucketVersioningAsync(PutBucketVersioningRequest, CancellationToken) 

public virtual Task<PutBucketVersioningResponse> PutBucketVersioningAsync(PutBucketVersioningRequest request, CancellationToken cancellationToken = default)

Parameters

request PutBucketVersioningRequest
cancellationToken CancellationToken

Returns

Task<PutBucketVersioningResponse>

PutBucketWebsiteAsync(PutBucketWebsiteRequest, CancellationToken)

Sets the configuration of the website that is specified in the 

website
subresource. To configure a bucket as a website, you can add this subresource on the bucket with website configuration information such as the file name of the index document and any redirect rules. For more information, see Hosting Websites on Amazon S3.

This PUT action requires the 

S3:PutBucketWebsite
permission. By default, only the bucket owner can configure the website attached to a bucket; however, bucket owners can allow other users to set the website configuration by writing a bucket policy that grants them the 
S3:PutBucketWebsite
permission.

To redirect all website requests sent to the bucket's website endpoint, you add a website configuration with the following elements. Because all requests are sent to another website, you don't need to provide index document name for the bucket. 

  • WebsiteConfiguration

  • RedirectAllRequestsTo

  • HostName

  • Protocol

If you want granular control over redirects, you can use the following elements to add routing rules that describe conditions for redirecting requests and information about the redirect destination. In this case, the website configuration must provide an index document for the bucket, because some requests might not be redirected. 

  • WebsiteConfiguration

  • IndexDocument

  • Suffix

  • ErrorDocument

  • Key

  • RoutingRules

  • RoutingRule

  • Condition

  • HttpErrorCodeReturnedEquals

  • KeyPrefixEquals

  • Redirect

  • Protocol

  • HostName

  • ReplaceKeyPrefixWith

  • ReplaceKeyWith

  • HttpRedirectCode

Amazon S3 has a limitation of 50 routing rules per website configuration. If you require more than 50 routing rules, you can use object redirect. For more information, see Configuring an Object Redirect in the Amazon S3 User Guide. 

public virtual Task<PutBucketWebsiteResponse> PutBucketWebsiteAsync(PutBucketWebsiteRequest request, CancellationToken cancellationToken = default)

Parameters

request PutBucketWebsiteRequest

Container for the necessary parameters to execute the PutBucketWebsite service method.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<PutBucketWebsiteResponse>

The response from the PutBucketWebsite service method, as returned by S3.

See Also

PutBucketWebsiteAsync(string, WebsiteConfiguration, CancellationToken)

Sets the configuration of the website that is specified in the 

website
subresource. To configure a bucket as a website, you can add this subresource on the bucket with website configuration information such as the file name of the index document and any redirect rules. For more information, see Hosting Websites on Amazon S3.

This PUT action requires the 

S3:PutBucketWebsite
permission. By default, only the bucket owner can configure the website attached to a bucket; however, bucket owners can allow other users to set the website configuration by writing a bucket policy that grants them the 
S3:PutBucketWebsite
permission.

To redirect all website requests sent to the bucket's website endpoint, you add a website configuration with the following elements. Because all requests are sent to another website, you don't need to provide index document name for the bucket. 

  • WebsiteConfiguration

  • RedirectAllRequestsTo

  • HostName

  • Protocol

If you want granular control over redirects, you can use the following elements to add routing rules that describe conditions for redirecting requests and information about the redirect destination. In this case, the website configuration must provide an index document for the bucket, because some requests might not be redirected. 

  • WebsiteConfiguration

  • IndexDocument

  • Suffix

  • ErrorDocument

  • Key

  • RoutingRules

  • RoutingRule

  • Condition

  • HttpErrorCodeReturnedEquals

  • KeyPrefixEquals

  • Redirect

  • Protocol

  • HostName

  • ReplaceKeyPrefixWith

  • ReplaceKeyWith

  • HttpRedirectCode

Amazon S3 has a limitation of 50 routing rules per website configuration. If you require more than 50 routing rules, you can use object redirect. For more information, see Configuring an Object Redirect in the Amazon S3 User Guide. 

public virtual Task<PutBucketWebsiteResponse> PutBucketWebsiteAsync(string bucketName, WebsiteConfiguration websiteConfiguration, CancellationToken cancellationToken = default)

Parameters

bucketName string

The bucket name.

websiteConfiguration WebsiteConfiguration

Container for the request.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<PutBucketWebsiteResponse>

The response from the PutBucketWebsite service method, as returned by S3.

See Also

PutCORSConfigurationAsync(PutCORSConfigurationRequest, CancellationToken) 

public virtual Task<PutCORSConfigurationResponse> PutCORSConfigurationAsync(PutCORSConfigurationRequest request, CancellationToken cancellationToken = default)

Parameters

request PutCORSConfigurationRequest
cancellationToken CancellationToken

Returns

Task<PutCORSConfigurationResponse>

PutCORSConfigurationAsync(string, CORSConfiguration, CancellationToken) 

public virtual Task<PutCORSConfigurationResponse> PutCORSConfigurationAsync(string bucketName, CORSConfiguration configuration, CancellationToken cancellationToken = default)

Parameters

bucketName string
configuration CORSConfiguration
cancellationToken CancellationToken

Returns

Task<PutCORSConfigurationResponse>

PutLifecycleConfigurationAsync(PutLifecycleConfigurationRequest, CancellationToken)

Creates a new lifecycle configuration for the bucket or replaces an existing lifecycle configuration. Keep in mind that this will overwrite an existing lifecycle configuration, so if you want to retain any configuration details, they must be included in the new lifecycle configuration. For information about lifecycle configuration, see Managing your storage lifecycle.

note

Bucket lifecycle configuration now supports specifying a lifecycle rule using an object key name prefix, one or more object tags, or a combination of both. Accordingly, this section describes the latest API. The previous version of the API supported filtering based only on an object key name prefix, which is supported for backward compatibility. For the related API description, see PutBucketLifecycle.

Rules

You specify the lifecycle configuration in your request body. The lifecycle configuration is specified as XML consisting of one or more rules. An Amazon S3 Lifecycle configuration can have up to 1,000 rules. This limit is not adjustable. Each rule consists of the following:

  • Filter identifying a subset of objects to which the rule applies. The filter can be based on a key name prefix, object tags, or a combination of both.

  • Status whether the rule is in effect.

  • One or more lifecycle transition and expiration actions that you want Amazon S3 to perform on the objects identified by the filter. If the state of your bucket is versioning-enabled or versioning-suspended, you can have many versions of the same object (one current version and zero or more noncurrent versions). Amazon S3 provides predefined actions that you can specify for current and noncurrent object versions.

For more information, see Object Lifecycle Management and Lifecycle Configuration Elements.

Permissions

By default, all Amazon S3 resources are private, including buckets, objects, and related subresources (for example, lifecycle configuration and website configuration). Only the resource owner (that is, the Amazon Web Services account that created it) can access the resource. The resource owner can optionally grant access permissions to others by writing an access policy. For this operation, a user must get the 

s3:PutLifecycleConfiguration
permission.

You can also explicitly deny permissions. Explicit deny also supersedes any other permissions. If you want to block users or accounts from removing or deleting objects from your bucket, you must deny them permissions for the following actions: 

  • s3:DeleteObject

  • s3:DeleteObjectVersion

  • s3:PutLifecycleConfiguration

For more information about permissions, see Managing Access Permissions to Your Amazon S3 Resources.

The following are related to 

PutBucketLifecycleConfiguration
: 
public virtual Task<PutLifecycleConfigurationResponse> PutLifecycleConfigurationAsync(PutLifecycleConfigurationRequest request, CancellationToken cancellationToken = default)

Parameters

request PutLifecycleConfigurationRequest

Container for the necessary parameters to execute the PutLifecycleConfiguration service method.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<PutLifecycleConfigurationResponse>

The response from the PutLifecycleConfiguration service method, as returned by S3.

See Also

PutLifecycleConfigurationAsync(string, LifecycleConfiguration, CancellationToken)

Creates a new lifecycle configuration for the bucket or replaces an existing lifecycle configuration. Keep in mind that this will overwrite an existing lifecycle configuration, so if you want to retain any configuration details, they must be included in the new lifecycle configuration. For information about lifecycle configuration, see Managing your storage lifecycle.

note

Bucket lifecycle configuration now supports specifying a lifecycle rule using an object key name prefix, one or more object tags, or a combination of both. Accordingly, this section describes the latest API. The previous version of the API supported filtering based only on an object key name prefix, which is supported for backward compatibility. For the related API description, see PutBucketLifecycle.

Rules

You specify the lifecycle configuration in your request body. The lifecycle configuration is specified as XML consisting of one or more rules. An Amazon S3 Lifecycle configuration can have up to 1,000 rules. This limit is not adjustable. Each rule consists of the following:

  • Filter identifying a subset of objects to which the rule applies. The filter can be based on a key name prefix, object tags, or a combination of both.

  • Status whether the rule is in effect.

  • One or more lifecycle transition and expiration actions that you want Amazon S3 to perform on the objects identified by the filter. If the state of your bucket is versioning-enabled or versioning-suspended, you can have many versions of the same object (one current version and zero or more noncurrent versions). Amazon S3 provides predefined actions that you can specify for current and noncurrent object versions.

For more information, see Object Lifecycle Management and Lifecycle Configuration Elements.

Permissions

By default, all Amazon S3 resources are private, including buckets, objects, and related subresources (for example, lifecycle configuration and website configuration). Only the resource owner (that is, the Amazon Web Services account that created it) can access the resource. The resource owner can optionally grant access permissions to others by writing an access policy. For this operation, a user must get the 

s3:PutLifecycleConfiguration
permission.

You can also explicitly deny permissions. Explicit deny also supersedes any other permissions. If you want to block users or accounts from removing or deleting objects from your bucket, you must deny them permissions for the following actions: 

  • s3:DeleteObject

  • s3:DeleteObjectVersion

  • s3:PutLifecycleConfiguration

For more information about permissions, see Managing Access Permissions to Your Amazon S3 Resources.

The following are related to 

PutBucketLifecycleConfiguration
: 
public virtual Task<PutLifecycleConfigurationResponse> PutLifecycleConfigurationAsync(string bucketName, LifecycleConfiguration configuration, CancellationToken cancellationToken = default)

Parameters

bucketName string

The name of the bucket for which to set the configuration.

configuration LifecycleConfiguration

A property of PutLifecycleConfigurationRequest used to execute the PutLifecycleConfiguration service method.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<PutLifecycleConfigurationResponse>

The response from the PutLifecycleConfiguration service method, as returned by S3.

See Also

PutObjectAsync(PutObjectRequest, CancellationToken)

Adds an object to a bucket. You must have WRITE permissions on a bucket to add an object to it.

note

Amazon S3 never adds partial objects; if you receive a success response, Amazon S3 added the entire object to the bucket. You cannot use 

PutObject
to only update a single piece of metadata for an existing object. You must put the entire object with updated metadata if you want to update some values.

Amazon S3 is a distributed system. If it receives multiple write requests for the same object simultaneously, it overwrites all but the last object written. To prevent objects from being deleted or overwritten, you can use Amazon S3 Object Lock.

To ensure that data is not corrupted traversing the network, use the 

Content-MD5
header. When you use this header, Amazon S3 checks the object against the provided MD5 value and, if they do not match, returns an error. Additionally, you can calculate the MD5 while putting an object to Amazon S3 and compare the returned ETag to the calculated MD5 value.
note

  • To successfully complete the 

    PutObject
    request, you must have the 
    s3:PutObject
    in your IAM permissions.

  • To successfully change the objects acl of your 

    PutObject
    request, you must have the 
    s3:PutObjectAcl
    in your IAM permissions.

  • To successfully set the tag-set with your 

    PutObject
    request, you must have the 
    s3:PutObjectTagging
    in your IAM permissions.

  • The 

    Content-MD5
    header is required for any request to upload an object with a retention period configured using Amazon S3 Object Lock. For more information about Amazon S3 Object Lock, see Amazon S3 Object Lock Overview in the Amazon S3 User Guide.

You have three mutually exclusive options to protect data using server-side encryption in Amazon S3, depending on how you choose to manage the encryption keys. Specifically, the encryption key options are Amazon S3 managed keys (SSE-S3), Amazon Web Services KMS keys (SSE-KMS), and customer-provided keys (SSE-C). Amazon S3 encrypts data with server-side encryption by using Amazon S3 managed keys (SSE-S3) by default. You can optionally tell Amazon S3 to encrypt data at by rest using server-side encryption with other key options. For more information, see Using Server-Side Encryption.

When adding a new object, you can use headers to grant ACL-based permissions to individual Amazon Web Services accounts or to predefined groups defined by Amazon S3. These permissions are then added to the ACL on the object. By default, all objects are private. Only the owner has full access control. For more information, see Access Control List (ACL) Overview and Managing ACLs Using the REST API.

If the bucket that you're uploading objects to uses the bucket owner enforced setting for S3 Object Ownership, ACLs are disabled and no longer affect permissions. Buckets that use this setting only accept PUT requests that don't specify an ACL or PUT requests that specify bucket owner full control ACLs, such as the 

bucket-owner-full-control
canned ACL or an equivalent form of this ACL expressed in the XML format. PUT requests that contain other ACLs (for example, custom grants to certain Amazon Web Services accounts) fail and return a 
400
error with the error code 
AccessControlListNotSupported
. For more information, see Controlling ownership of objects and disabling ACLs in the Amazon S3 User Guide.
note

If your bucket uses the bucket owner enforced setting for Object Ownership, all objects written to the bucket by any account will be owned by the bucket owner.

By default, Amazon S3 uses the STANDARD Storage Class to store newly created objects. The STANDARD storage class provides high durability and high availability. Depending on performance needs, you can specify a different Storage Class. Amazon S3 on Outposts only uses the OUTPOSTS Storage Class. For more information, see Storage Classes in the Amazon S3 User Guide.

If you enable versioning for a bucket, Amazon S3 automatically generates a unique version ID for the object being stored. Amazon S3 returns this ID in the response. When you enable versioning for a bucket, if Amazon S3 receives multiple write requests for the same object simultaneously, it stores all of the objects. For more information about versioning, see Adding Objects to Versioning Enabled Buckets. For information about returning the versioning state of a bucket, see GetBucketVersioning.

For more information about related Amazon S3 APIs, see the following: 

public virtual Task<PutObjectResponse> PutObjectAsync(PutObjectRequest request, CancellationToken cancellationToken = default)

Parameters

request PutObjectRequest

Container for the necessary parameters to execute the PutObject service method.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<PutObjectResponse>

The response from the PutObject service method, as returned by S3.

See Also

PutObjectLegalHoldAsync(PutObjectLegalHoldRequest, CancellationToken)

Applies a legal hold configuration to the specified object. For more information, see Locking Objects.

This action is not supported by Amazon S3 on Outposts. 

public virtual Task<PutObjectLegalHoldResponse> PutObjectLegalHoldAsync(PutObjectLegalHoldRequest request, CancellationToken cancellationToken = default)

Parameters

request PutObjectLegalHoldRequest

Container for the necessary parameters to execute the PutObjectLegalHold service method.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<PutObjectLegalHoldResponse>

The response from the PutObjectLegalHold service method, as returned by S3.

See Also

PutObjectLockConfigurationAsync(PutObjectLockConfigurationRequest, CancellationToken)

Places an Object Lock configuration on the specified bucket. The rule specified in the Object Lock configuration will be applied by default to every new object placed in the specified bucket. For more information, see Locking Objects.

note

  • The 

    DefaultRetention
    settings require both a mode and a period.

  • The 

    DefaultRetention
    period can be either 
    Days
    or 
    Years
    but you must select one. You cannot specify 
    Days
    and 
    Years
    at the same time.

  • You can only enable Object Lock for new buckets. If you want to turn on Object Lock for an existing bucket, contact Amazon Web Services Support. 

public virtual Task<PutObjectLockConfigurationResponse> PutObjectLockConfigurationAsync(PutObjectLockConfigurationRequest request, CancellationToken cancellationToken = default)

Parameters

request PutObjectLockConfigurationRequest

Container for the necessary parameters to execute the PutObjectLockConfiguration service method.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<PutObjectLockConfigurationResponse>

The response from the PutObjectLockConfiguration service method, as returned by S3.

See Also

PutObjectRetentionAsync(PutObjectRetentionRequest, CancellationToken)

Places an Object Retention configuration on an object. For more information, see Locking Objects. Users or accounts require the 

s3:PutObjectRetention
permission in order to place an Object Retention configuration on objects. Bypassing a Governance Retention configuration requires the 
s3:BypassGovernanceRetention
permission.

This action is not supported by Amazon S3 on Outposts. 

public virtual Task<PutObjectRetentionResponse> PutObjectRetentionAsync(PutObjectRetentionRequest request, CancellationToken cancellationToken = default)

Parameters

request PutObjectRetentionRequest

Container for the necessary parameters to execute the PutObjectRetention service method.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<PutObjectRetentionResponse>

The response from the PutObjectRetention service method, as returned by S3.

See Also

PutObjectTaggingAsync(PutObjectTaggingRequest, CancellationToken) 

public virtual Task<PutObjectTaggingResponse> PutObjectTaggingAsync(PutObjectTaggingRequest request, CancellationToken cancellationToken = default)

Parameters

request PutObjectTaggingRequest
cancellationToken CancellationToken

Returns

Task<PutObjectTaggingResponse>

PutPublicAccessBlockAsync(PutPublicAccessBlockRequest, CancellationToken) 

public virtual Task<PutPublicAccessBlockResponse> PutPublicAccessBlockAsync(PutPublicAccessBlockRequest request, CancellationToken cancellationToken = default)

Parameters

request PutPublicAccessBlockRequest
cancellationToken CancellationToken

Returns

Task<PutPublicAccessBlockResponse>

RestoreObjectAsync(RestoreObjectRequest, CancellationToken) 

public virtual Task<RestoreObjectResponse> RestoreObjectAsync(RestoreObjectRequest request, CancellationToken cancellationToken = default)

Parameters

request RestoreObjectRequest
cancellationToken CancellationToken

Returns

Task<RestoreObjectResponse>

RestoreObjectAsync(string, string, int, CancellationToken) 

public virtual Task<RestoreObjectResponse> RestoreObjectAsync(string bucketName, string key, int days, CancellationToken cancellationToken = default)

Parameters

bucketName string
key string
days int
cancellationToken CancellationToken

Returns

Task<RestoreObjectResponse>

RestoreObjectAsync(string, string, string, int, CancellationToken) 

public virtual Task<RestoreObjectResponse> RestoreObjectAsync(string bucketName, string key, string versionId, int days, CancellationToken cancellationToken = default)

Parameters

bucketName string
key string
versionId string
days int
cancellationToken CancellationToken

Returns

Task<RestoreObjectResponse>

RestoreObjectAsync(string, string, string, CancellationToken) 

public virtual Task<RestoreObjectResponse> RestoreObjectAsync(string bucketName, string key, string versionId, CancellationToken cancellationToken = default)

Parameters

bucketName string
key string
versionId string
cancellationToken CancellationToken

Returns

Task<RestoreObjectResponse>

RestoreObjectAsync(string, string, CancellationToken) 

public virtual Task<RestoreObjectResponse> RestoreObjectAsync(string bucketName, string key, CancellationToken cancellationToken = default)

Parameters

bucketName string
key string
cancellationToken CancellationToken

Returns

Task<RestoreObjectResponse>

SelectObjectContentAsync(SelectObjectContentRequest, CancellationToken) 

public virtual Task<SelectObjectContentResponse> SelectObjectContentAsync(SelectObjectContentRequest request, CancellationToken cancellationToken = default)

Parameters

request SelectObjectContentRequest
cancellationToken CancellationToken

Returns

Task<SelectObjectContentResponse>

UploadPartAsync(UploadPartRequest, CancellationToken) 

public virtual Task<UploadPartResponse> UploadPartAsync(UploadPartRequest request, CancellationToken cancellationToken = default)

Parameters

request UploadPartRequest
cancellationToken CancellationToken

Returns

Task<UploadPartResponse>

WriteGetObjectResponseAsync(WriteGetObjectResponseRequest, CancellationToken)

Passes transformed objects to a 

GetObject
operation when using Object Lambda access points. For information about Object Lambda access points, see Transforming objects with Object Lambda access points in the Amazon S3 User Guide.

This operation supports metadata that can be returned by GetObject, in addition to 

RequestRoute
, 
RequestToken
, 
StatusCode
, 
ErrorCode
, and 
ErrorMessage
. The 
GetObject
response metadata is supported so that the 
WriteGetObjectResponse
caller, typically an Lambda function, can provide the same metadata when it internally invokes 
GetObject
. When 
WriteGetObjectResponse
is called by a customer-owned Lambda function, the metadata returned to the end user 
GetObject
call might differ from what Amazon S3 would normally return.

You can include any number of metadata headers. When including a metadata header, it should be prefaced with 

x-amz-meta
. For example, 
x-amz-meta-my-custom-header:
                                                                             MyCustomValue
. The primary use case for this is to forward 
GetObject
metadata.

Amazon Web Services provides some prebuilt Lambda functions that you can use with S3 Object Lambda to detect and redact personally identifiable information (PII) and decompress S3 objects. These Lambda functions are available in the Amazon Web Services Serverless Application Repository, and can be selected through the Amazon Web Services Management Console when you create your Object Lambda access point.

Example 1: PII Access Control - This Lambda function uses Amazon Comprehend, a natural language processing (NLP) service using machine learning to find insights and relationships in text. It automatically detects personally identifiable information (PII) such as names, addresses, dates, credit card numbers, and social security numbers from documents in your Amazon S3 bucket.

Example 2: PII Redaction - This Lambda function uses Amazon Comprehend, a natural language processing (NLP) service using machine learning to find insights and relationships in text. It automatically redacts personally identifiable information (PII) such as names, addresses, dates, credit card numbers, and social security numbers from documents in your Amazon S3 bucket.

Example 3: Decompression - The Lambda function S3ObjectLambdaDecompression, is equipped to decompress objects stored in S3 in one of six compressed file formats including bzip2, gzip, snappy, zlib, zstandard and ZIP.

For information on how to view and use these functions, see Using Amazon Web Services built Lambda functions in the Amazon S3 User Guide. 

public virtual Task<WriteGetObjectResponseResponse> WriteGetObjectResponseAsync(WriteGetObjectResponseRequest request, CancellationToken cancellationToken = default)

Parameters

request WriteGetObjectResponseRequest

Container for the necessary parameters to execute the WriteGetObjectResponse service method.

cancellationToken CancellationToken

A cancellation token that can be used by other objects or threads to receive notice of cancellation.

Returns

Task<WriteGetObjectResponseResponse>

The response from the WriteGetObjectResponse service method, as returned by S3.

See Also