Table of Contents

Namespace Amazon.S3.Model

Classes

AbortMultipartUploadRequest

Container for the parameters to the AbortMultipartUpload operation. This action aborts a multipart upload. After a multipart upload is aborted, no additional parts can be uploaded using that upload ID. The storage consumed by any previously uploaded parts will be freed. However, if any part uploads are currently in progress, those part uploads might or might not succeed. As a result, it might be necessary to abort a given multipart upload multiple times in order to completely free all storage consumed by all parts.

To verify that all parts have been removed, so you don't get charged for the part storage, you should call the ListParts action and ensure that the parts list is empty.

For information about permissions required to use the multipart upload, see Multipart Upload and Permissions.

The following operations are related to 

AbortMultipartUpload
:
AbortMultipartUploadResponse

Returns information about the AbortMultipartUpload response metadata. The AbortMultipartUpload operation has a void result type.

AccelerateConfiguration

Bucket accelerate configuration.

AccessControlTranslation

A container for information about access control for replicas.

AnalyticsAndOperator

Class for AnalyticsAndOperator

A conjunction (logical AND) of predicates, which is used in evaluating a metrics filter. The operator must have at least two predicates, and an object must match all of the predicates in order for the filter to apply.

AnalyticsConfiguration

Class for AnalyticsConfiguration

AnalyticsExportDestination

Class for AnalyticsExportDestination

AnalyticsFilter

Filter class for Metrics.

AnalyticsFilterPredicate

Filter Predicate abstract class for specific filter types to be derived from.

AnalyticsNAryOperator

Abstract class that can be used over logical filter predicates,i.e. AND/OR.

AnalyticsPrefixPredicate

Class for AnalyticsPrefixPredicate

The prefix used when evaluating a metrics filter.

AnalyticsS3BucketDestination

Class for AnalyticsS3BucketDestination

AnalyticsTagPredicate

Class for MetricsTagPredicate

The tag used when evaluating a metrics filter.

ByteRange

This class represents the byte range for a range GET from S3.

CORSConfiguration

A collection of up to 100 cross-origin resource sharing (CORS) rules.

CORSRule

C O R S Rule

CSVInput

Describes how a CSV-formatted input object is formatted.

CSVOutput

Describes how CSV-formatted results are formatted.

Checksum

Contains all the possible checksum or digest values for an object.

CompleteMultipartUploadRequest

Container for the parameters to the CompleteMultipartUpload operation. Completes a multipart upload by assembling previously uploaded parts.

You first initiate the multipart upload and then upload all parts using the UploadPart operation. After successfully uploading all relevant parts of an upload, you call this action to complete the upload. Upon receiving this request, Amazon S3 concatenates all the parts in ascending order by part number to create a new object. In the Complete Multipart Upload request, you must provide the parts list. You must ensure that the parts list is complete. This action concatenates the parts that you provide in the list. For each part in the list, you must provide the part number and the 

ETag
value, returned after that part was uploaded.

Processing of a Complete Multipart Upload request could take several minutes to complete. After Amazon S3 begins processing the request, it sends an HTTP response header that specifies a 200 OK response. While processing is in progress, Amazon S3 periodically sends white space characters to keep the connection from timing out. Because a request could fail after the initial 200 OK response has been sent, it is important that you check the response body to determine whether the request succeeded.

Note that if 

CompleteMultipartUpload
fails, applications should be prepared to retry the failed requests. For more information, see Amazon S3 Error Best Practices.

You cannot use 

Content-Type: application/x-www-form-urlencode
with Complete Multipart Upload requests. It is not allowed by the Amazon S3. Also, if you do not provide a 
Content-Type
header, 
CompleteMultipartUpload
returns a 200 OK response.

For more information about multipart uploads, see Uploading Objects Using Multipart Upload.

For information about permissions required to use the multipart upload API, see Multipart Upload and Permissions. 

CompleteMultipartUpload
has the following special errors:

  • Error code: 

    EntityTooSmall

    • Description: Your proposed upload is smaller than the minimum allowed object size. Each part must be at least 5 MB in size, except the last part.

    • 400 Bad Request

  • Error code: 

    InvalidPart

    • Description: One or more of the specified parts could not be found. The part might not have been uploaded, or the specified entity tag might not have matched the part's entity tag.

    • 400 Bad Request

  • Error code: 

    InvalidPartOrder

    • Description: The list of parts was not in ascending order. The parts list must be specified in order by part number.

    • 400 Bad Request

  • Error code: 

    NoSuchUpload

    • Description: The specified multipart upload does not exist. The upload ID might be invalid, or the multipart upload might have been aborted or completed.

    • 404 Not Found

The following operations are related to 

CompleteMultipartUpload
:
CompleteMultipartUploadResponse

Returns information about the CompleteMultipartUpload response and response metadata.

ContinuationEvent

The Continuation Event.

CopyObjectRequest

Container for the parameters to the CopyObject operation. Creates a copy of an object that is already stored in Amazon S3.

note

You can store individual objects of up to 5 TB in Amazon S3. You create a copy of your object up to 5 GB in size in a single atomic action using this API. However, to copy an object greater than 5 GB, you must use the multipart upload Upload Part - Copy API. For more information, see Copy Object Using the REST Multipart Upload API.

All copy requests must be authenticated. Additionally, you must have read access to the source object and write access to the destination bucket. For more information, see REST Authentication. Both the Region that you want to copy the object from and the Region that you want to copy the object to must be enabled for your account.

A copy request might return an error when Amazon S3 receives the copy request or while Amazon S3 is copying the files. If the error occurs before the copy action starts, you receive a standard Amazon S3 error. If the error occurs during the copy operation, the error response is embedded in the 

200 OK
response. This means that a 
200 OK
response can contain either a success or an error. Design your application to parse the contents of the response and handle it appropriately.

If the copy is successful, you receive a response with information about the copied object.

note

If the request is an HTTP 1.1 request, the response is chunk encoded. If it were not, it would not contain the content-length, and you would need to read the entire body.

The copy request charge is based on the storage class and Region that you specify for the destination object. For pricing information, see Amazon S3 pricing.

Amazon S3 transfer acceleration does not support cross-Region copies. If you request a cross-Region copy using a transfer acceleration endpoint, you get a 400 

Bad
                                                                                      Request
error. For more information, see Transfer Acceleration.

Metadata

When copying an object, you can preserve all metadata (default) or specify new metadata. However, the ACL is not preserved and is set to private for the user making the request. To override the default ACL setting, specify a new ACL when generating a copy request. For more information, see Using ACLs.

To specify whether you want the object metadata copied from the source object or replaced with metadata provided in the request, you can optionally add the 

x-amz-metadata-directive
header. When you grant permissions, you can use the 
s3:x-amz-metadata-directive
condition key to enforce certain metadata behavior when objects are uploaded. For more information, see Specifying Conditions in a Policy in the Amazon S3 User Guide. For a complete list of Amazon S3-specific condition keys, see Actions, Resources, and Condition Keys for Amazon S3. 

x-amz-copy-source-if
Headers

To only copy an object under certain conditions, such as whether the 

Etag
matches or whether the object was modified before or after a specified date, use the following request parameters: 

  • x-amz-copy-source-if-match

  • x-amz-copy-source-if-none-match

  • x-amz-copy-source-if-unmodified-since

  • x-amz-copy-source-if-modified-since

If both the 

x-amz-copy-source-if-match
and 
x-amz-copy-source-if-unmodified-since
headers are present in the request and evaluate as follows, Amazon S3 returns 
200
                                                                                          OK
and copies the data: 

  • x-amz-copy-source-if-match
    condition evaluates to true 

  • x-amz-copy-source-if-unmodified-since
    condition evaluates to false

If both the 

x-amz-copy-source-if-none-match
and 
x-amz-copy-source-if-modified-since
headers are present in the request and evaluate as follows, Amazon S3 returns the 
412 Precondition Failed
response code: 

  • x-amz-copy-source-if-none-match
    condition evaluates to false 

  • x-amz-copy-source-if-modified-since
    condition evaluates to true
note

All headers with the 

x-amz-
prefix, including 
x-amz-copy-source
, must be signed.

Server-side encryption

When you perform a CopyObject operation, you can optionally use the appropriate encryption-related headers to encrypt the object using server-side encryption with Amazon Web Services managed encryption keys (SSE-S3 or SSE-KMS) or a customer-provided encryption key. With server-side encryption, Amazon S3 encrypts your data as it writes it to disks in its data centers and decrypts the data when you access it. For more information about server-side encryption, see Using Server-Side Encryption.

If a target object uses SSE-KMS, you can enable an S3 Bucket Key for the object. For more information, see Amazon S3 Bucket Keys in the Amazon S3 User Guide.

Access Control List (ACL)-Specific Request Headers

When copying an object, you can optionally use headers to grant ACL-based permissions. By default, all objects are private. Only the owner has full access control. When adding a new object, you can grant permissions to individual Amazon Web Services accounts or to predefined groups defined by Amazon S3. These permissions are then added to the ACL on the object. For more information, see Access Control List (ACL) Overview and Managing ACLs Using the REST API.

If the bucket that you're copying objects to uses the bucket owner enforced setting for S3 Object Ownership, ACLs are disabled and no longer affect permissions. Buckets that use this setting only accept PUT requests that don't specify an ACL or PUT requests that specify bucket owner full control ACLs, such as the 

bucket-owner-full-control
canned ACL or an equivalent form of this ACL expressed in the XML format.

For more information, see Controlling ownership of objects and disabling ACLs in the Amazon S3 User Guide.

note

If your bucket uses the bucket owner enforced setting for Object Ownership, all objects written to the bucket by any account will be owned by the bucket owner.

Storage Class Options

You can use the 

CopyObject
action to change the storage class of an object that is already stored in Amazon S3 using the 
StorageClass
parameter. For more information, see Storage Classes in the Amazon S3 User Guide.

Versioning

By default, 

x-amz-copy-source
identifies the current version of an object to copy. If the current version is a delete marker, Amazon S3 behaves as if the object was deleted. To copy a different version, use the 
versionId
subresource.

If you enable versioning on the target bucket, Amazon S3 generates a unique version ID for the object being copied. This version ID is different from the version ID of the source object. Amazon S3 returns the version ID of the copied object in the 

x-amz-version-id
response header in the response.

If you do not enable versioning or suspend it on the target bucket, the version ID that Amazon S3 generates is always null.

If the source object's storage class is GLACIER, you must restore a copy of this object before you can use it as a source object for the copy operation. For more information, see RestoreObject.

The following operations are related to 

CopyObject
:

For more information, see Copying Objects.

CopyObjectResponse

Returns information about the CopyObject response and response metadata.

CopyPartRequest

Container for the parameters to the CopyPart operation.

Uploads a part by copying data from an existing object as data source.

CopyPartResponse

Returns information about the CopyPart response and response metadata.

DefaultRetention

The container element for specifying the default Object Lock retention settings for new objects placed in the specified bucket.

DeleteBucketAnalyticsConfigurationRequest

Container for the parameters to the DeleteBucketAnalyticsConfiguration operation.

Deletes an analytics configuration for the bucket (specified by the analytics configuration ID).

DeleteBucketAnalyticsConfigurationResponse

Returns information about the DeleteBucketAnalyticsConfiguration response metadata. The DeleteBucketAnalyticsConfiguration operation has a void result type.

DeleteBucketEncryptionRequest

Request object for the DeleteBucketEncryption operation. Request Deletes the server-side encryption configuration from the bucket.

DeleteBucketEncryptionResponse

Returns information about the DeleteBucketEncryption response metadata. The DeleteBucketEncryption operation has a void result type.

DeleteBucketIntelligentTieringConfigurationRequest

Container for the parameters to the DeleteBucketIntelligentTieringConfiguration operation. Deletes the S3 Intelligent-Tiering configuration from the specified bucket.

The S3 Intelligent-Tiering storage class is designed to optimize storage costs by automatically moving data to the most cost-effective storage access tier, without performance impact or operational overhead. S3 Intelligent-Tiering delivers automatic cost savings in three low latency and high throughput access tiers. To get the lowest storage cost on data that can be accessed in minutes to hours, you can choose to activate additional archiving capabilities.

The S3 Intelligent-Tiering storage class is the ideal storage class for data with unknown, changing, or unpredictable access patterns, independent of object size or retention period. If the size of an object is less than 128 KB, it is not monitored and not eligible for auto-tiering. Smaller objects can be stored, but they are always charged at the Frequent Access tier rates in the S3 Intelligent-Tiering storage class.

For more information, see Storage class for automatically optimizing frequently and infrequently accessed objects.

Operations related to 

DeleteBucketIntelligentTieringConfiguration
include:
DeleteBucketIntelligentTieringConfigurationResponse

Returns information about the DeleteBucketIntelligentTieringConfiguration response metadata. The DeleteBucketMetricsConfiguration operation has a void result type.

DeleteBucketInventoryConfigurationRequest

Container for the parameters to the DeleteInventoryConfiguration operation.

Deletes an inventory configuration (identified by the inventory ID) from the bucket.

DeleteBucketInventoryConfigurationResponse

Returns information about the DeleteInventoryConfiguration response metadata. The DeleteInventoryConfiguration operation has a void result type.

DeleteBucketMetricsConfigurationRequest

Container for the parameters to the DeleteBucketMetricsConfiguration operation.

Deletes a metrics configuration (specified by the metrics configuration ID) from the bucket.

DeleteBucketMetricsConfigurationResponse

Returns information about the DeleteBucketMetricsConfiguration response metadata. The DeleteBucketMetricsConfiguration operation has a void result type.

DeleteBucketOwnershipControlsRequest

Container for the parameters to the DeleteBucketOwnershipControlsRequest operation.

DeleteBucketOwnershipControlsResponse

Returns information about the DeleteBucketOwnershipControls response metadata. The DeleteBucketOwnershipControls operation has a void result type.

DeleteBucketPolicyRequest

Container for the parameters to the DeleteBucketPolicy operation. This implementation of the DELETE action uses the policy subresource to delete the policy of a specified bucket. If you are using an identity other than the root user of the Amazon Web Services account that owns the bucket, the calling identity must have the 

DeleteBucketPolicy
permissions on the specified bucket and belong to the bucket owner's account to use this operation.

If you don't have 

DeleteBucketPolicy
permissions, Amazon S3 returns a 
403 Access Denied
error. If you have the correct permissions, but you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 
405 Method Not Allowed
error.

As a security precaution, the root user of the Amazon Web Services account that owns a bucket can always use this operation, even if the policy explicitly denies the root user the ability to perform this action.

For more information about bucket policies, see Using Bucket Policies and UserPolicies.

The following operations are related to 

DeleteBucketPolicy
DeleteBucketPolicyResponse

Returns information about the DeleteBucketPolicy response metadata. The DeleteBucketPolicy operation has a void result type.

DeleteBucketReplicationRequest

Container for the parameters to the DeleteBucketReplication operation. Deletes the replication configuration from the bucket.

To use this operation, you must have permissions to perform the 

s3:PutReplicationConfiguration
action. The bucket owner has these permissions by default and can grant it to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.
note

It can take a while for the deletion of a replication configuration to fully propagate.

For information about replication configuration, see Replication in the Amazon S3 User Guide.

The following operations are related to 

DeleteBucketReplication
:
DeleteBucketReplicationResponse

Returns information about the DeleteBucketReplication response metadata. The DeleteBucketReplication operation has a void result type.

DeleteBucketRequest

Container for the parameters to the DeleteBucket operation.

Deletes the bucket. All objects (including all object versions and Delete Markers) in the bucket must be deleted before the bucket itself can be deleted.

DeleteBucketResponse

Returns information about the DeleteBucket response metadata. The DeleteBucket operation has a void result type.

DeleteBucketTaggingRequest

The parameters to request deletion of a tag set from a bucket.

DeleteBucketTaggingResponse

Returns information about the DeleteBucketTagging response metadata. The DeleteBucketTagging operation has a void result type.

DeleteBucketWebsiteRequest

Container for the parameters to the DeleteBucketWebsite operation.

This operation removes the website configuration from the bucket.

DeleteBucketWebsiteResponse

Returns information about the DeleteBucketWebsite response metadata. The DeleteBucketWebsite operation has a void result type.

DeleteCORSConfigurationRequest

Container for the parameters to the DeleteCORSConfiguration operation.

Deletes the cors configuration information set for the bucket.

DeleteCORSConfigurationResponse

Returns information about the DeleteCORSConfiguration response metadata. The DeleteCORSConfiguration operation has a void result type.

DeleteError

Container for all error elements.

DeleteLifecycleConfigurationRequest

The parameters to request deletion of the lifecycle configuration on a bucket.

DeleteLifecycleConfigurationResponse

Returns information about the DeleteLifecycleConfiguration response metadata. The DeleteLifecycleConfiguration operation has a void result type.

DeleteMarkerReplication

Specifies whether Amazon S3 replicates delete markers. If you specify a 

Filter
in your replication configuration, you must also include a 
DeleteMarkerReplication
element. If your 
Filter
includes a 
Tag
element, the 
DeleteMarkerReplication
Status
must be set to Disabled, because Amazon S3 does not support replicating delete markers for tag-based rules. For an example configuration, see Basic Rule Configuration.

For more information about delete marker replication, see Basic Rule Configuration.

note

If you are using an earlier version of the replication configuration, Amazon S3 handles replication of delete markers differently. For more information, see Backward Compatibility.

DeleteObjectRequest

Container for the parameters to the DeleteObject operation. Removes the null version (if there is one) of an object and inserts a delete marker, which becomes the latest version of the object. If there isn't a null version, Amazon S3 does not remove any objects but will still respond that the command was successful.

To remove a specific version, you must be the bucket owner and you must use the version Id subresource. Using this subresource permanently deletes the version. If the object deleted is a delete marker, Amazon S3 sets the response header, 

x-amz-delete-marker
, to true.

If the object you want to delete is in a bucket where the bucket versioning configuration is MFA Delete enabled, you must include the 

x-amz-mfa
request header in the DELETE 
versionId
request. Requests that include 
x-amz-mfa
must use HTTPS.

For more information about MFA Delete, see Using MFA Delete. To see sample requests that use versioning, see Sample Request.

You can delete objects by explicitly calling DELETE Object or configure its lifecycle (PutBucketLifecycle) to enable Amazon S3 to remove them for you. If you want to block users or accounts from removing or deleting objects from your bucket, you must deny them the 

s3:DeleteObject
, 
s3:DeleteObjectVersion
, and 
s3:PutLifeCycleConfiguration
actions.

The following action is related to 

DeleteObject
:
DeleteObjectResponse

Returns information about the DeleteObject response and response metadata.

DeleteObjectTaggingRequest

Container for the parameters to the DeleteObjectTagging operation. Removes the entire tag set from the specified object. For more information about managing object tags, see Object Tagging.

To use this operation, you must have permission to perform the 

s3:DeleteObjectTagging
action.

To delete tags of a specific object version, add the 

versionId
query parameter in the request. You will need permission for the 
s3:DeleteObjectVersionTagging
action.

The following operations are related to 

DeleteBucketMetricsConfiguration
:
DeleteObjectTaggingResponse

Returns information about the DeleteObjectTagging response and response metadata.

DeleteObjectsRequest

Container for the parameters to the DeleteObjects operation. This action enables you to delete multiple objects from a bucket using a single HTTP request. If you know the object keys that you want to delete, then this action provides a suitable alternative to sending individual delete requests, reducing per-request overhead.

The request contains a list of up to 1000 keys that you want to delete. In the XML, you provide the object key names, and optionally, version IDs if you want to delete a specific version of the object from a versioning-enabled bucket. For each key, Amazon S3 performs a delete action and returns the result of that delete, success, or failure, in the response. Note that if the object specified in the request is not found, Amazon S3 returns the result as deleted.

The action supports two modes for the response: verbose and quiet. By default, the action uses verbose mode in which the response includes the result of deletion of each key in your request. In quiet mode the response includes only keys where the delete action encountered an error. For a successful deletion, the action does not return any information about the delete in the response body.

When performing this action on an MFA Delete enabled bucket, that attempts to delete any versioned objects, you must include an MFA token. If you do not provide one, the entire request will fail, even if there are non-versioned objects you are trying to delete. If you provide an invalid token, whether there are versioned keys in the request or not, the entire Multi-Object Delete request will fail. For information about MFA Delete, see MFA Delete.

Finally, the Content-MD5 header is required for all Multi-Object Delete requests. Amazon S3 uses the header value to ensure that your request body has not been altered in transit.

The following operations are related to 

DeleteObjects
:
DeleteObjectsResponse

Returns information about the DeleteObjects response and response metadata.

DeletePublicAccessBlockRequest

Container for the parameters to the DeletePublicAccessBlock operation. Removes the Public Access Block configuration for an Amazon S3 bucket.

DeletePublicAccessBlockResponse

This is the response object from the DeletePublicAccessBlock operation.

DeletedObject

Contains information about a successful delete operation against a specific S3 object.

EncryptionConfiguration

Specifies encryption-related information for an Amazon S3 bucket that is a destination for replicated objects.

EndEvent

The End Event.

EventBridgeConfiguration

A container for specifying the configuration for Amazon EventBridge.

ExistingObjectReplication

Optional configuration to replicate existing source bucket objects. For more information, see Replicating Existing Objects in the Amazon S3 User Guide.

Expiration

Defines the expiration policy for a given object.

Filter

Bucket Represents a set of filter criteria that limits the objects that can trigger event notifications

FilterRule

Bucket Represents a Filter Rule for a NotificationConfiguration.

GetACLRequest

Container for the parameters to the GetACL operation. This implementation of the 

GET
action uses the 
acl
subresource to return the access control list (ACL) of a bucket. To use 
GET
to return the ACL of the bucket, you must have 
READ_ACP
access to the bucket. If 
READ_ACP
permission is granted to the anonymous user, you can return

the ACL of the bucket without using an authorization header.

note

If your bucket uses the bucket owner enforced setting for S3 Object Ownership, requests to read ACLs are still supported and return the 

bucket-owner-full-control
ACL with the owner being the account that created the bucket. For more information, see Controlling object ownership and disabling ACLs in the Amazon S3 User Guide.

Related Resources

GetACLResponse

Returns information about the GetACL response and response metadata.

GetBucketAccelerateConfigurationRequest

Container for the parameters to the GetBucketAccelerateConfiguration operation.

GetBucketAccelerateConfigurationResponse

The response class for GetBucketAccelerateConfiguration operation.

GetBucketAnalyticsConfigurationRequest

Container for the parameters to the GetBucketAnalyticsConfiguration operation.

Gets an analytics configuration for the bucket (specified by the analytics configuration ID).

GetBucketAnalyticsConfigurationResponse

GetBucketAnalyticsConfigurationResponse Response

GetBucketEncryptionRequest

Container for the parameters to the GetBucketEncryptionRequest operation.

Returns the server-side encryption configuration of a bucket.

GetBucketEncryptionResponse

GetBucketEncryptionResponse Response

GetBucketIntelligentTieringConfigurationRequest

Container for the parameters to the GetBucketIntelligentTieringConfiguration operation. Gets the S3 Intelligent-Tiering configuration from the specified bucket.

The S3 Intelligent-Tiering storage class is designed to optimize storage costs by automatically moving data to the most cost-effective storage access tier, without performance impact or operational overhead. S3 Intelligent-Tiering delivers automatic cost savings in three low latency and high throughput access tiers. To get the lowest storage cost on data that can be accessed in minutes to hours, you can choose to activate additional archiving capabilities.

The S3 Intelligent-Tiering storage class is the ideal storage class for data with unknown, changing, or unpredictable access patterns, independent of object size or retention period. If the size of an object is less than 128 KB, it is not monitored and not eligible for auto-tiering. Smaller objects can be stored, but they are always charged at the Frequent Access tier rates in the S3 Intelligent-Tiering storage class.

For more information, see Storage class for automatically optimizing frequently and infrequently accessed objects.

Operations related to 

GetBucketIntelligentTieringConfiguration
include:
GetBucketIntelligentTieringConfigurationResponse
GetBucketInventoryConfigurationRequest

Container for the parameters to the GetInventoryConfigurationRequest operation.

Returns an inventory configuration (identified by the inventory ID) from the bucket.

GetBucketInventoryConfigurationResponse

GetInventoryConfigurationResponse Response

GetBucketLocationRequest

Container for the parameters to the GetBucketLocation operation. Returns the Region the bucket resides in. You set the bucket's Region using the 

LocationConstraint
request parameter in a 
CreateBucket
request. For more information, see CreateBucket.

To use this implementation of the operation, you must be the bucket owner.

To use this API against an access point, provide the alias of the access point in place of the bucket name.

The following operations are related to 

GetBucketLocation
:
GetBucketLocationResponse

Returns information about the GetBucketLocation response and response metadata.

GetBucketLoggingRequest

Container for the parameters to the GetBucketLogging operation.

Returns the logging status of a bucket and the permissions users have to view and modify that status. To use GET, you must be the bucket owner.

GetBucketLoggingResponse

Returns information about the GetBucketLogging response and response metadata.

GetBucketMetricsConfigurationRequest

Container for the parameters to the GetBucketMetricsConfiguration operation.

Gets a metrics configuration (specified by the metrics configuration ID) from the bucket.

GetBucketMetricsConfigurationResponse

GetBucketMetricsConfiguration Response

GetBucketNotificationRequest

Container for the parameters to the GetBucketNotification operation.

Return the notification configuration of a bucket.

GetBucketNotificationResponse

Returns information about the GetBucketNotification response and response metadata.

GetBucketOwnershipControlsRequest

Container for the parameters to the GetBucketOwnershipControls operation. Retrieves 

OwnershipControls
for an Amazon S3 bucket. To use this operation, you must have the 
s3:GetBucketOwnershipControls
permission. For more information about Amazon S3 permissions, see Specifying permissions in a policy.

For information about Amazon S3 Object Ownership, see Using Object Ownership.

The following operations are related to 

GetBucketOwnershipControls
:
GetBucketOwnershipControlsResponse

Returns information about the GetBucketOwnershipControls response and response metadata.

GetBucketPolicyRequest

Container for the parameters to the GetBucketPolicy operation. Returns the policy of a specified bucket. If you are using an identity other than the root user of the Amazon Web Services account that owns the bucket, the calling identity must have the 

GetBucketPolicy
permissions on the specified bucket and belong to the bucket owner's account in order to use this operation.

If you don't have 

GetBucketPolicy
permissions, Amazon S3 returns a 
403
                                                                                            Access Denied
error. If you have the correct permissions, but you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 
405
                                                                                        Method Not Allowed
error.

As a security precaution, the root user of the Amazon Web Services account that owns a bucket can always use this operation, even if the policy explicitly denies the root user the ability to perform this action.

For more information about bucket policies, see Using Bucket Policies and User Policies.

The following action is related to 

GetBucketPolicy
:
GetBucketPolicyResponse

Get BucketName Policy Response

GetBucketPolicyStatusRequest

Container for the parameters to the GetBucketPolicyStatus operation. Retrieves the policy status for an Amazon S3 bucket, indicating whether the bucket is public.

GetBucketPolicyStatusResponse

This is the response object from the GetBucketPolicyStatus operation.

GetBucketReplicationRequest

Container for the parameters to the GetBucketReplicationConfiguration operation.

Returns the replication configuration information set on the bucket.

GetBucketReplicationResponse

Returns information about the GetReplicationConfiguration response and response metadata.

GetBucketRequestPaymentRequest

Container for the parameters to the GetBucketRequestPayment operation.

Returns the request payment configuration of a bucket.

GetBucketRequestPaymentResponse

Returns information about the GetBucketRequestPayment response and response metadata.

GetBucketTaggingRequest

Container for the parameters to the GetBucketTagging operation.

Returns the tag set associated with the bucket.

GetBucketTaggingResponse

Returns information about the GetBucketTagging response and response metadata.

GetBucketVersioningRequest

Container for the parameters to the GetBucketVersioning operation.

Returns the versioning state of a bucket.

GetBucketVersioningResponse

Returns information about the GetBucketVersioning response and response metadata.

GetBucketWebsiteRequest

Container for the parameters to the GetBucketWebsite operation.

Returns the website configuration for a bucket.

GetBucketWebsiteResponse

Returns information about the GetBucketWebsite response and response metadata.

GetCORSConfigurationRequest

Container for the parameters to the GetBucketCors operation.

Returns the cors configuration for the bucket.

GetCORSConfigurationResponse

Returns information about the GetBucketCors response and response metadata.

GetLifecycleConfigurationRequest

Container for the parameters to the GetLifecycleConfiguration operation.

Returns the lifecycle configuration information set on the bucket.

GetLifecycleConfigurationResponse

Returns information about the GetLifecycleConfiguration response and response metadata.

GetObjectAttributesParts

A collection of parts associated with a multipart upload.

GetObjectAttributesRequest

Container for the parameters to the GetObjectAttributes operation. Retrieves all the metadata from an object without returning the object iteself. This action is useful if you're only interested in an object's metadata. To use 

GetObjectAttributes
, you must have READ access to the object. 

GetObjectAttributes
combines the functionality of 
GetObjectAcl
, 
GetObjectLegelHold
, 
GetObjectLockConfiguration
, 
GetObjectRetention
, 
GetObjectTagging
, 
HeadObject
, and 
ListParts
. All of the data returned with each of those individual calls can be returned with a single call to 
GetObjectAttributes
.

If you encrypt an object by using server-side encryption with customer-provided encryption keys (SSE-C) when you store the object in Amazon S3, then when you retrieve the metadata from the object, you must use the following headers:

  • x-amz-server-side-encryption-customer-algorithm

  • x-amz-server-side-encryption-customer-key

  • x-amz-server-side-encryption-customer-key-MD5

For more information about SSE-C, see Server-Side Encryption (Using Customer-Provided Encryption Keys).

note

  • Encryption request headers, like 

    x-amz-server-side-encryption
    , should not be sent for GET requests if your object uses server-side encryption with CMKs stored in Amazon Web Services KMS (SSE-KMS) or server-side encryption with Amazon S3–managed encryption keys (SSE-S3). If your object does use these types of keys, you'll get an HTTP 400 BadRequest error.

  • The last modified property in this case is the creation date of the object.

Consider the following when using request headers:

  • Consideration 1 – If both of the 

    If-Match
    and 
    If-Unmodified-Since
    headers are present in the request as follows: 

    • If-Match
      condition evaluates to 
      true
      , and; 

    • If-Unmodified-Since
      condition evaluates to 
      false
      ;

    Then Amazon S3 returns 

    200 OK
    and the data requested.

  • Consideration 2 – If both of the 

    If-None-Match
    and 
    If-Modified-Since
    headers are present in the request as follows: 

    • If-None-Match
      condition evaluates to 
      false
      , and; 

    • If-Modified-Since
      condition evaluates to 
      true
      ;

    Then Amazon S3 returns the 

    304 Not Modified
    response code.

For more information about conditional requests, see RFC 7232.

Permissions

The permissions you need to use this operation depend on whether or not the bucket is versioned. If the bucket is versioned, you need both the 

s3:GetObjectVersion
and 
s3:GetObjectVersionAttributes
permissions for this operation. If the bucket is not versioned, you need the 
s3:GetObject
and 
s3:GetObjectAttributes
permissions. For more information, see Specifying Permissions in a Policy. If the object you request does not exist, the error Amazon S3 returns depends on whether you also have the 
s3:ListBucket
permission.

  • If you have the 

    s3:ListBucket
    permission on the bucket, Amazon S3 returns an HTTP status code 404 ("no such key") error.

  • If you don't have the 

    s3:ListBucket
    permission, Amazon S3 returns an HTTP status code 403 ("access denied") error.

The following actions are related to 

GetObjectAttributes
:
GetObjectAttributesResponse

This is the response object from the GetObjectAttributes operation.

GetObjectLegalHoldRequest

Container for the parameters to the GetObjectLegalHold operation. Gets an object's current Legal Hold status. For more information, see Locking Objects.

This action is not supported by Amazon S3 on Outposts.

The following action is related to 

GetObjectLegalHold
:
GetObjectLegalHoldResponse

This is the response object from the GetObjectLegalHold operation.

GetObjectLockConfigurationRequest

Container for the parameters to the GetObjectLockConfiguration operation. Gets the Object Lock configuration for a bucket. The rule specified in the Object Lock configuration will be applied by default to every new object placed in the specified bucket. For more information, see Locking Objects.

The following action is related to 

GetObjectLockConfiguration
:
GetObjectLockConfigurationResponse

This is the response object from the GetObjectLockConfiguration operation.

GetObjectMetadataRequest

Container for the parameters to the GetObjectMetadata operation. The HEAD action retrieves metadata from an object without returning the object itself. This action is useful if you're only interested in an object's metadata. To use HEAD, you must have READ access to the object.

A 

HEAD
request has the same options as a 
GET
action on an object. The response is identical to the 
GET
response except that there is no response body. Because of this, if the 
HEAD
request generates an error, it returns a generic 
404 Not Found
or 
403 Forbidden
code. It is not possible to retrieve the exact exception beyond these error codes.

If you encrypt an object by using server-side encryption with customer-provided encryption keys (SSE-C) when you store the object in Amazon S3, then when you retrieve the metadata from the object, you must use the following headers:

  • x-amz-server-side-encryption-customer-algorithm

  • x-amz-server-side-encryption-customer-key

  • x-amz-server-side-encryption-customer-key-MD5

For more information about SSE-C, see Server-Side Encryption (Using Customer-Provided Encryption Keys).

note

  • Encryption request headers, like 

    x-amz-server-side-encryption
    , should not be sent for GET requests if your object uses server-side encryption with CMKs stored in Amazon Web Services KMS (SSE-KMS) or server-side encryption with Amazon S3–managed encryption keys (SSE-S3). If your object does use these types of keys, you’ll get an HTTP 400 BadRequest error.

  • The last modified property in this case is the creation date of the object.

Request headers are limited to 8 KB in size. For more information, see Common Request Headers.

Consider the following when using request headers:

  • Consideration 1 – If both of the 

    If-Match
    and 
    If-Unmodified-Since
    headers are present in the request as follows: 

    • If-Match
      condition evaluates to 
      true
      , and; 

    • If-Unmodified-Since
      condition evaluates to 
      false
      ;

    Then Amazon S3 returns 

    200 OK
    and the data requested.

  • Consideration 2 – If both of the 

    If-None-Match
    and 
    If-Modified-Since
    headers are present in the request as follows: 

    • If-None-Match
      condition evaluates to 
      false
      , and; 

    • If-Modified-Since
      condition evaluates to 
      true
      ;

    Then Amazon S3 returns the 

    304 Not Modified
    response code.

For more information about conditional requests, see RFC 7232.

Permissions

You need the relevant read object (or version) permission for this operation. For more information, see Specifying Permissions in a Policy. If the object you request does not exist, the error Amazon S3 returns depends on whether you also have the s3:ListBucket permission.

  • If you have the 

    s3:ListBucket
    permission on the bucket, Amazon S3 returns an HTTP status code 404 ("no such key") error.

  • If you don’t have the 

    s3:ListBucket
    permission, Amazon S3 returns an HTTP status code 403 ("access denied") error.

The following action is related to 

HeadObject
:
GetObjectMetadataResponse

Returns information about the HeadObject response and response metadata.

GetObjectRequest

Container for the parameters to the GetObject operation. Retrieves objects from Amazon S3. To use 

GET
, you must have 
READ
access to the object. If you grant 
READ
access to the anonymous user, you can return the object without using an authorization header.

An Amazon S3 bucket has no directory hierarchy such as you would find in a typical computer file system. You can, however, create a logical hierarchy by using object key names that imply a folder structure. For example, instead of naming an object 

sample.jpg
, you can name it 
photos/2006/February/sample.jpg
.

To get an object from such a logical hierarchy, specify the full key name for the object in the 

GET
operation. For a virtual hosted-style request example, if you have the object 
photos/2006/February/sample.jpg
, specify the resource as 
/photos/2006/February/sample.jpg
. For a path-style request example, if you have the object 
photos/2006/February/sample.jpg
in the bucket named 
examplebucket
, specify the resource as 
/examplebucket/photos/2006/February/sample.jpg
. For more information about request types, see HTTP Host Header Bucket Specification.

To distribute large files to many people, you can save bandwidth costs by using BitTorrent. For more information, see Amazon S3 Torrent. For more information about returning the ACL of an object, see GetObjectAcl.

If the object you are retrieving is stored in the S3 Glacier or S3 Glacier Deep Archive storage class, or S3 Intelligent-Tiering Archive or S3 Intelligent-Tiering Deep Archive tiers, before you can retrieve the object you must first restore a copy using RestoreObject. Otherwise, this action returns an 

InvalidObjectStateError
error. For information about restoring archived objects, see Restoring Archived Objects.

Encryption request headers, like 

x-amz-server-side-encryption
, should not be sent for GET requests if your object uses server-side encryption with KMS keys (SSE-KMS) or server-side encryption with Amazon S3 managed encryption keys (SSE-S3). If your object does use these types of keys, you'll get an HTTP 400 BadRequest error.

If you encrypt an object by using server-side encryption with customer-provided encryption keys (SSE-C) when you store the object in Amazon S3, then when you GET the object, you must use the following headers:

  • x-amz-server-side-encryption-customer-algorithm

  • x-amz-server-side-encryption-customer-key

  • x-amz-server-side-encryption-customer-key-MD5

For more information about SSE-C, see Server-Side Encryption (Using Customer-Provided Encryption Keys).

Assuming you have the relevant permission to read object tags, the response also returns the 

x-amz-tagging-count
header that provides the count of number of tags associated with the object. You can use GetObjectTagging to retrieve the tag set associated with an object.

Permissions

You need the relevant read object (or version) permission for this operation. For more information, see Specifying Permissions in a Policy. If the object you request does not exist, the error Amazon S3 returns depends on whether you also have the 

s3:ListBucket
permission.

  • If you have the 

    s3:ListBucket
    permission on the bucket, Amazon S3 will return an HTTP status code 404 ("no such key") error.

  • If you don’t have the 

    s3:ListBucket
    permission, Amazon S3 will return an HTTP status code 403 ("access denied") error.

Versioning

By default, the GET action returns the current version of an object. To return a different version, use the 

versionId
subresource.
note

  • You need the 

    s3:GetObjectVersion
    permission to access a specific version of an object.

  • If the current version of the object is a delete marker, Amazon S3 behaves as if the object was deleted and includes 

    x-amz-delete-marker: true
    in the response.

For more information about versioning, see PutBucketVersioning.

Overriding Response Header Values

There are times when you want to override certain response header values in a GET response. For example, you might override the Content-Disposition response header value in your GET request.

You can override values for a set of response headers using the following query parameters. These response header values are sent only on a successful request, that is, when status code 200 OK is returned. The set of headers you can override using these parameters is a subset of the headers that Amazon S3 accepts when you create an object. The response headers that you can override for the GET response are 

Content-Type
, 
Content-Language
, 
Expires
, 
Cache-Control
, 
Content-Disposition
, and 
Content-Encoding
. To override these header values in the GET response, you use the following request parameters.
note

You must sign the request, either using an Authorization header or a presigned URL, when using these parameters. They cannot be used with an unsigned (anonymous) request. 

  • response-content-type

  • response-content-language

  • response-expires

  • response-cache-control

  • response-content-disposition

  • response-content-encoding

Additional Considerations about Request Headers

If both of the 

If-Match
and 
If-Unmodified-Since
headers are present in the request as follows: 
If-Match
condition evaluates to 
true
, and; 
If-Unmodified-Since
condition evaluates to 
false
; then, S3 returns 200 OK and the data requested.

If both of the 

If-None-Match
and 
If-Modified-Since
headers are present in the request as follows:
If-None-Match
condition evaluates to 
false
, and; 
If-Modified-Since
condition evaluates to 
true
; then, S3 returns 304 Not Modified response code.

For more information about conditional requests, see RFC 7232.

The following operations are related to 

GetObject
:
GetObjectResponse

Returns information about the GetObject response and response metadata.

GetObjectRetentionRequest

Container for the parameters to the GetObjectRetention operation. Retrieves an object's retention settings. For more information, see Locking Objects.

This action is not supported by Amazon S3 on Outposts.

The following action is related to 

GetObjectRetention
:
GetObjectRetentionResponse

This is the response object from the GetObjectRetention operation.

GetObjectTaggingRequest

Container for the parameters to the GetObjectTagging operation. Returns the tag-set of an object. You send the GET request against the tagging subresource associated with the object.

To use this operation, you must have permission to perform the 

s3:GetObjectTagging
action. By default, the GET action returns information about current version of an object. For a versioned bucket, you can have multiple versions of an object in your bucket. To retrieve tags of any other version, use the versionId query parameter. You also need permission for the 
s3:GetObjectVersionTagging
action.

By default, the bucket owner has this permission and can grant this permission to others.

For information about the Amazon S3 object tagging feature, see Object Tagging.

The following action is related to 

GetObjectTagging
:
GetObjectTaggingResponse

Returns information about the GetObjectTagging response and response metadata.

GetObjectTorrentRequest

Container for the parameters to the GetObjectTorrent operation.

Return torrent files from a bucket.

GetObjectTorrentResponse

Returns information about the GetObjectTorrent response and response metadata.

GetPreSignedUrlRequest

The parameters to create a pre-signed URL to a bucket or object.

GetPreSignedUrlResponse

The parameters for a pre-signed URL to a bucket or object as a string.

GetPublicAccessBlockRequest

Container for the parameters to the GetPublicAccessBlock operation. Retrieves the Public Access Block configuration for an Amazon S3 bucket.

GetPublicAccessBlockResponse

This is the response object from the GetPublicAccessBlock operation.

HeadersCollection

This class contains the headers for an S3 object.

InitiateMultipartUploadRequest

Container for the parameters to the InitiateMultipartUpload operation. This action initiates a multipart upload and returns an upload ID. This upload ID is used to associate all of the parts in the specific multipart upload. You specify this upload ID in each of your subsequent upload part requests (see UploadPart). You also include this upload ID in the final request to either complete or abort the multipart upload request.

For more information about multipart uploads, see Multipart Upload Overview.

If you have configured a lifecycle rule to abort incomplete multipart uploads, the upload must complete within the number of days specified in the bucket lifecycle configuration. Otherwise, the incomplete multipart upload becomes eligible for an abort action and Amazon S3 aborts the multipart upload. For more information, see Aborting Incomplete Multipart Uploads Using a Bucket Lifecycle Policy.

For information about the permissions required to use the multipart upload API, see Multipart Upload and Permissions.

For request signing, multipart upload is just a series of regular requests. You initiate a multipart upload, send one or more requests to upload parts, and then complete the multipart upload process. You sign each request individually. There is nothing special about signing multipart upload requests. For more information about signing, see Authenticating Requests (Amazon Web Services Signature Version 4).

note

After you initiate a multipart upload and upload one or more parts, to stop being charged for storing the uploaded parts, you must either complete or abort the multipart upload. Amazon S3 frees up the space used to store the parts and stop charging you for storing them only after you either complete or abort a multipart upload.

You can optionally request server-side encryption. For server-side encryption, Amazon S3 encrypts your data as it writes it to disks in its data centers and decrypts it when you access it. You can provide your own encryption key, or use Amazon Web Services Key Management Service (Amazon Web Services KMS) customer master keys (CMKs) or Amazon S3-managed encryption keys. If you choose to provide your own encryption key, the request headers you provide in UploadPart and UploadPartCopy requests must match the headers you used in the request to initiate the upload by using 

CreateMultipartUpload
.

To perform a multipart upload with encryption using an Amazon Web Services KMS CMK, the requester must have permission to the 

kms:Decrypt
and 
kms:GenerateDataKey*
actions on the key. These permissions are required because Amazon S3 must decrypt and read data from the encrypted file parts before it completes the multipart upload. For more information, see Multipart upload API and permissions in the Amazon S3 User Guide.

If your Identity and Access Management (IAM) user or role is in the same Amazon Web Services account as the Amazon Web Services KMS CMK, then you must have these permissions on the key policy. If your IAM user or role belongs to a different account than the key, then you must have the permissions on both the key policy and your IAM user or role.

For more information, see Protecting Data Using Server-Side Encryption.

Access Permissions

When copying an object, you can optionally specify the accounts or groups that should be granted specific permissions on the new object. There are two ways to grant the permissions using the request headers:

  • Specify a canned ACL with the 

    x-amz-acl
    request header. For more information, see Canned ACL.

  • Specify access permissions explicitly with the 

    x-amz-grant-read
    , 
    x-amz-grant-read-acp
    , 
    x-amz-grant-write-acp
    , and 
    x-amz-grant-full-control
    headers. These parameters map to the set of permissions that Amazon S3 supports in an ACL. For more information, see Access Control List (ACL) Overview.

You can use either a canned ACL or specify access permissions explicitly. You cannot do both.

Server-Side- Encryption-Specific Request Headers

You can optionally tell Amazon S3 to encrypt data at rest using server-side encryption. Server-side encryption is for data encryption at rest. Amazon S3 encrypts your data as it writes it to disks in its data centers and decrypts it when you access it. The option you use depends on whether you want to use Amazon Web Services managed encryption keys or provide your own encryption key.

  • Use encryption keys managed by Amazon S3 or customer master keys (CMKs) stored in Amazon Web Services Key Management Service (Amazon Web Services KMS) – If you want Amazon Web Services to manage the keys used to encrypt data, specify the following headers in the request.

    • x-amz-server-side-encryption

    • x-amz-server-side-encryption-aws-kms-key-id

    • x-amz-server-side-encryption-context

    note

    If you specify 

    x-amz-server-side-encryption:aws:kms
    , but don't provide 
    x-amz-server-side-encryption-aws-kms-key-id
    , Amazon S3 uses the Amazon Web Services managed CMK in Amazon Web Services KMS to protect the data.

    All GET and PUT requests for an object protected by Amazon Web Services KMS fail if you don't make them with SSL or by using SigV4.

    For more information about server-side encryption with CMKs stored in Amazon Web Services KMS (SSE-KMS), see Protecting Data Using Server-Side Encryption with CMKs stored in Amazon Web Services KMS.

  • Use customer-provided encryption keys – If you want to manage your own encryption keys, provide all the following headers in the request.

    • x-amz-server-side-encryption-customer-algorithm

    • x-amz-server-side-encryption-customer-key

    • x-amz-server-side-encryption-customer-key-MD5

    For more information about server-side encryption with CMKs stored in Amazon Web Services KMS (SSE-KMS), see Protecting Data Using Server-Side Encryption with CMKs stored in Amazon Web Services KMS.

Access-Control-List (ACL)-Specific Request Headers

You also can use the following access control–related headers with this operation. By default, all objects are private. Only the owner has full access control. When adding a new object, you can grant permissions to individual Amazon Web Services accounts or to predefined groups defined by Amazon S3. These permissions are then added to the access control list (ACL) on the object. For more information, see Using ACLs. With this operation, you can grant access permissions using one of the following two methods:

  • Specify a canned ACL (

    x-amz-acl
    ) — Amazon S3 supports a set of predefined ACLs, known as canned ACLs. Each canned ACL has a predefined set of grantees and permissions. For more information, see Canned ACL.

  • Specify access permissions explicitly — To explicitly grant access permissions to specific Amazon Web Services accounts or groups, use the following headers. Each header maps to specific permissions that Amazon S3 supports in an ACL. For more information, see Access Control List (ACL) Overview. In the header, you specify a list of grantees who get the specific permission. To grant permissions explicitly, use:

    • x-amz-grant-read

    • x-amz-grant-write

    • x-amz-grant-read-acp

    • x-amz-grant-write-acp

    • x-amz-grant-full-control

    You specify each grantee as a type=value pair, where the type is one of the following: 

    • id
      – if the value specified is the canonical user ID of an Amazon Web Services account 

    • uri
      – if you are granting permissions to a predefined group 

    • emailAddress
      – if the value specified is the email address of an Amazon Web Services account
      note

      Using email addresses to specify a grantee is only supported in the following Amazon Web Services Regions:

      • US East (N. Virginia)

      • US West (N. California)

      • US West (Oregon)

      • Asia Pacific (Singapore)

      • Asia Pacific (Sydney)

      • Asia Pacific (Tokyo)

      • Europe (Ireland)

      • South America (São Paulo)

      For a list of all the Amazon S3 supported Regions and endpoints, see Regions and Endpoints in the Amazon Web Services General Reference.

    For example, the following 

    x-amz-grant-read
    header grants the Amazon Web Services accounts identified by account IDs permissions to read object data and its metadata: 

    x-amz-grant-read: id="11112222333", id="444455556666"

The following operations are related to 

CreateMultipartUpload
:
InitiateMultipartUploadResponse

Returns information about the InitiateMultipartUpload response and response metadata.

Initiator

Identifies who initiated the multipart upload.

InputSerialization

Describes the serialization format of the object.

IntelligentTieringAndOperator

A container for specifying S3 Intelligent-Tiering filters. The filters determine the subset of objects to which the rule applies.

IntelligentTieringConfiguration

Specifies the S3 Intelligent-Tiering configuration for an Amazon S3 bucket.

For information about the S3 Intelligent-Tiering storage class, see Storage class for automatically optimizing frequently and infrequently accessed objects.

IntelligentTieringFilter

The 

Filter
is used to identify objects that the S3 Intelligent-Tiering configuration applies to.
IntelligentTieringFilterPredicate

Filter Predicate abstract class for specific filter types to be derived from.

IntelligentTieringNAryOperator

Abstract class that can be used over logical filter predicates,i.e. AND/OR.

IntelligentTieringPrefixPredicate

An object key name prefix that identifies the subset of objects to which the configuration applies.

IntelligentTieringTagPredicate

All of these tags must exist in the object's tag set in order for the configuration to apply.

InventoryConfiguration

Specifies the inventory configuration for an Amazon S3 bucket. For more information, see GET Bucket inventory in the Amazon S3 API Reference.

InventoryDestination

Class for InventoryDestination

InventoryEncryption

InventoryEncryption class

InventoryFilter

Class for InventoryFilter

InventoryFilterPredicate

Filter Predicate abstract class for specific filter types to be derived from.

InventoryPrefixPredicate

Class for InventoryPrefixPredicate

The prefix that an object must have to be included in the inventory results.

InventoryS3BucketDestination
InventorySchedule

Class for InventorySchedule

JSONInput

Specifies JSON as object's input serialization format.

JSONOutput

Specifies JSON as request's output serialization format

KeyVersion

Specifies an object key and optional object version.

LambdaFunctionConfiguration

This class contains the configuration Amazon S3 uses to figure out what events you want to listen and send the event to an Amazon Lambda cloud function.

LifecycleAndOperator

The logical and operator for filtering objects for a LifecycleRule

LifecycleConfiguration

Container for lifecycle rules. You can add as many as 1000 rules.

For more information see, Managing your storage lifecycle in the Amazon S3 User Guide.

LifecycleFilter

Filter identifying one or more objects to which a LifecycleRule applies.

LifecycleFilterPredicate

Base class for all the different predicates that can be used in a LifecycleRule filter.

LifecycleNAryOperator

Base class for lifecycle operators.

LifecycleObjectSizeGreaterThanPredicate
LifecycleObjectSizeLessThanPredicate
LifecyclePrefixPredicate

A predicate that filters objects for a LifecycleRule by matching a particular prefix.

LifecycleRule

A lifecycle rule for individual objects in an Amazon S3 bucket.

For more information see, Managing your storage lifecycle in the Amazon S3 User Guide.

LifecycleRuleAbortIncompleteMultipartUpload

Specifies the days since the initiation of an Incomplete Multipart Upload that Lifecycle will wait before permanently removing all parts of the upload.

LifecycleRuleExpiration

Container for the expiration for the lifecycle of the object.

For more information see, Managing your storage lifecycle in the Amazon S3 User Guide.

LifecycleRuleNoncurrentVersionExpiration

Specifies when noncurrent object versions expire. Upon expiration, Amazon S3 permanently deletes the noncurrent object versions. You set this lifecycle configuration action on a bucket that has versioning enabled (or suspended) to request that Amazon S3 delete noncurrent object versions at a specific period in the object's lifetime.

LifecycleRuleNoncurrentVersionTransition

LifecycleTransition defines when and how objects transition.

LifecycleTagPredicate

A predicate that filters objects for a LifecycleRule by matching a particular Tag key and value.

LifecycleTransition

LifecycleTransition defines when and how objects transition.

ListBucketAnalyticsConfigurationsRequest

Container for the parameters to the ListInventoryConfigurationsRequest operation.

Lists the analytics configurations for the bucket.

ListBucketAnalyticsConfigurationsResponse

Returns information about the ListBucketAnalyticsConfigurationsResponse response and response metadata.

ListBucketIntelligentTieringConfigurationsRequest

Container for the parameters to the ListBucketIntelligentTieringConfigurations operation. Lists the S3 Intelligent-Tiering configuration from the specified bucket.

The S3 Intelligent-Tiering storage class is designed to optimize storage costs by automatically moving data to the most cost-effective storage access tier, without performance impact or operational overhead. S3 Intelligent-Tiering delivers automatic cost savings in three low latency and high throughput access tiers. To get the lowest storage cost on data that can be accessed in minutes to hours, you can choose to activate additional archiving capabilities.

The S3 Intelligent-Tiering storage class is the ideal storage class for data with unknown, changing, or unpredictable access patterns, independent of object size or retention period. If the size of an object is less than 128 KB, it is not monitored and not eligible for auto-tiering. Smaller objects can be stored, but they are always charged at the Frequent Access tier rates in the S3 Intelligent-Tiering storage class.

For more information, see Storage class for automatically optimizing frequently and infrequently accessed objects.

Operations related to 

ListBucketIntelligentTieringConfigurations
include:
ListBucketIntelligentTieringConfigurationsResponse
ListBucketInventoryConfigurationsRequest

Container for the parameters to the ListInventoryConfigurationsRequest operation.

Returns a list of inventory configurations for the bucket.

ListBucketInventoryConfigurationsResponse

Returns information about the ListInventoryConfigurationsResponse response and response metadata.

ListBucketMetricsConfigurationsRequest

Container for the parameters to the ListBucketMetricsConfigurationRequest operation.

Lists the metrics configurations for the bucket.

ListBucketMetricsConfigurationsResponse

Returns information about the ListBucketMetricsConfiguration response and response metadata.

ListBucketsRequest

Container for the parameters to the ListBuckets operation.

Returns a list of all buckets owned by the authenticated sender of the request.

ListBucketsResponse

Returns information about the ListBuckets response and response metadata.

ListMultipartUploadsRequest

Container for the parameters to the ListMultipartUploads operation. This action lists in-progress multipart uploads. An in-progress multipart upload is a multipart upload that has been initiated using the Initiate Multipart Upload request, but has not yet been completed or aborted.

This action returns at most 1,000 multipart uploads in the response. 1,000 multipart uploads is the maximum number of uploads a response can include, which is also the default value. You can further limit the number of uploads in a response by specifying the 

max-uploads
parameter in the response. If additional multipart uploads satisfy the list criteria, the response will contain an 
IsTruncated
element with the value true. To list the additional multipart uploads, use the 
key-marker
and 
upload-id-marker
request parameters.

In the response, the uploads are sorted by key. If your application has initiated more than one multipart upload using the same object key, then uploads in the response are first sorted by key. Additionally, uploads are sorted in ascending order within each key by the upload initiation time.

For more information on multipart uploads, see Uploading Objects Using Multipart Upload.

For information on permissions required to use the multipart upload API, see Multipart Upload and Permissions.

The following operations are related to 

ListMultipartUploads
:
ListMultipartUploadsResponse

Returns information about the ListMultipartUploads response and response metadata.

ListObjectsRequest

Container for the parameters to the ListObjects operation. Returns some or all (up to 1,000) of the objects in a bucket. You can use the request parameters as selection criteria to return a subset of the objects in a bucket. A 200 OK response can contain valid or invalid XML. Be sure to design your application to parse the contents of the response and handle it appropriately.

This action has been revised. We recommend that you use the newer version, ListObjectsV2, when developing applications. For backward compatibility, Amazon S3 continues to support

ListObjects
.

The following operations are related to 

ListObjects
:
ListObjectsResponse

Returns information about the ListObjects response and response metadata.

ListObjectsV2Request

Container for the parameters to the ListObjectsV2 operation. Returns some or all (up to 1,000) of the objects in a bucket with each request. You can use the request parameters as selection criteria to return a subset of the objects in a bucket. A 

200 OK
response can contain valid or invalid XML. Make sure to design your application to parse the contents of the response and handle it appropriately. Objects are returned sorted in an ascending order of the respective key names in the list. For more information about listing objects, see Listing object keys programmatically

To use this operation, you must have READ access to the bucket.

To use this action in an Identity and Access Management (IAM) policy, you must have permissions to perform the 

s3:ListBucket
action. The bucket owner has this permission by default and can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.

This section describes the latest revision of this action. We recommend that you use this revised API for application development. For backward compatibility, Amazon S3 continues to support the prior version of this API, ListObjects.

To get a list of your buckets, see ListBuckets.

The following operations are related to 

ListObjectsV2
:
ListObjectsV2Response

Returns information about the ListObjects response and response metadata.

ListPartsRequest

Container for the parameters to the ListParts operation. Lists the parts that have been uploaded for a specific multipart upload. This operation must include the upload ID, which you obtain by sending the initiate multipart upload request (see CreateMultipartUpload). This request returns a maximum of 1,000 uploaded parts. The default number of parts returned is 1,000 parts. You can restrict the number of parts returned by specifying the 

max-parts
request parameter. If your multipart upload consists of more than 1,000 parts, the response returns an 
IsTruncated
field with the value of true, and a 
NextPartNumberMarker
element. In subsequent 
ListParts
requests you can include the part-number-marker query string

parameter and set its value to the 

NextPartNumberMarker
field value from the previous response.

If the upload was created using a checksum algorithm, you will need to have permission to the 

kms:Decrypt
action for the request to succeed.

For more information on multipart uploads, see Uploading Objects Using Multipart Upload.

For information on permissions required to use the multipart upload API, see Multipart Upload and Permissions.

The following operations are related to 

ListParts
:
ListPartsResponse

Returns information about the ListParts response and response metadata.

ListVersionsRequest

Container for the parameters to the ListVersions operation.

Returns metadata about all of the versions of objects in a bucket.

ListVersionsResponse

Returns information about the ListVersions response and response metadata.

MetadataCollection

This class contains the meta data for an S3 object.

MetadataEntry

A metadata key-value pair to store with an object.

Metrics

A container specifying settings for configuring replication metrics and events.

MetricsAccessPointArnPredicate

Class for MetricsAccessPointArnPredicate

The access point arn used when evaluating a metrics filter.

MetricsAndOperator

Class for MetricsAndOperatorPredicate

A conjunction (logical AND) of predicates, which is used in evaluating a metrics filter. The operator must have at least two predicates, and an object must match all of the predicates in order for the filter to apply.

MetricsConfiguration

Specifies a metrics configuration for the CloudWatch request metrics (specified by the metrics configuration ID) from an Amazon S3 bucket. If you're updating an existing metrics configuration, note that this is a full replacement of the existing metrics configuration. If you don't include the elements you want to keep, they are erased. For more information, see PutBucketMetricsConfiguration.

MetricsFilter

Specifies a metrics configuration filter. The metrics configuration only includes objects that meet the filter's criteria. A filter must be a prefix, an object tag, an access point ARN, or a conjunction (MetricsAndOperator). For more information, see PutBucketMetricsConfiguration.

MetricsFilterPredicate

Filter Predicate abstract class for specific filter types to be derived from.

MetricsNAryOperator

Abstract class that can be used over logical filter predicates,i.e. AND/OR.

MetricsPrefixPredicate

Class for MetricsPrefixPredicate

The prefix used when evaluating a metrics filter.

MetricsTagPredicate

Class for MetricsTagPredicate

The tag used when evaluating a metrics filter.

MfaCodes

This class contains the mfa codes used authentication

MultipartUpload

Container for elements related to a particular multipart upload.

NotificationConfiguration

An abstract class for all the notification configurations associated with an Amazon S3 bucket.

ObjectLockConfiguration

The container element for Object Lock configuration parameters.

ObjectLockLegalHold

A Legal Hold configuration for an object.

ObjectLockRetention

A Retention configuration for an object.

ObjectLockRule

The container element for an Object Lock rule.

ObjectPart

Container for elements related to an individual part.

OutputLocation

Describes the location where the restore job's output is stored.

OutputSerialization

Describes how results of the Select job are serialized.

Owner

The owner of an S3 bucket.

OwnershipControls

The container element for a bucket's ownership controls

OwnershipControlsRule

The container element for an ownership control rule

ParameterCollection

This class contains custom querystring parameters for an S3 object, which can then be signed as part of a Pre-signed URL request

ParquetInput

Specifies Parquet as object's input serialization format.

PartDetail

A container for elements related to a particular part in a multipart operation. A response can contain zero or more Part elements.

PartETag

A container holding the part number, etag, and optional checksum used when completing a multipart upload.

PolicyStatus

The container element for this bucket's public-policy status.

Progress

The Progress event details.

ProgressEvent

The Progress Event.

PublicAccessBlockConfiguration

The container element for all Public Access Block configuration options. You can enable the configuration options in any combination.

Amazon S3 considers a bucket policy public unless at least one of the following conditions is true:

  1. The policy limits access to a set of CIDRs using 

    aws:SourceIp
    . For more information on CIDR, see http://www.rfc-editor.org/rfc/rfc4632.txt

  2. The policy grants permissions, not including any "bad actions," to one of the following:

    • A fixed AWS principal, user, role, or service principal

    • A fixed 

      aws:SourceArn

    • A fixed 

      aws:SourceVpc

    • A fixed 

      aws:SourceVpce

    • A fixed 

      aws:SourceOwner

    • A fixed 

      aws:SourceAccount

    • A fixed value of 

      s3:x-amz-server-side-encryption-aws-kms-key-id

    • A fixed value of 

      aws:userid
      outside the pattern "
      AROLEID:*
      "

"Bad actions" are those that could expose the data inside a bucket to reads or writes by the public. These actions are 

s3:Get*
, 
s3:List*
, 
s3:AbortMultipartUpload
, 
s3:Delete*
, 
s3:Put*
, and 
s3:RestoreObject
.

The star notation for bad actions indicates that all matching operations are considered bad actions. For example, because 

s3:Get*
is a bad action, 
s3:GetObject
, 
s3:GetObjectVersion
, and 
s3:GetObjectAcl
are all bad actions.
PutACLRequest
PutACLResponse

Returns information about the PutObjectAcl response metadata. The PutAcl operation has a void result type.

PutBucketAccelerateConfigurationRequest

Container for the parameters to the PutBucketAccelerateConfiguration request.

PutBucketAccelerateConfigurationResponse

The response for the PutBucketAccelerateConfiguration operation.

Adds an object to a bucket.

PutBucketAnalyticsConfigurationRequest

Container for the parameters to the PutBucketAnalyticsConfiguration operation.

Sets an analytics configuration for the bucket (specified by the analytics configuration ID).

PutBucketAnalyticsConfigurationResponse

Returns information about the PutBucketAnalyticsConfigurationResponse response metadata. The PutBucketAnalyticsConfigurationResponse operation has a void result type.

PutBucketEncryptionRequest
PutBucketIntelligentTieringConfigurationRequest
PutBucketIntelligentTieringConfigurationResponse

Returns information about the PutBucketIntelligentTieringConfiguration response metadata. The PutBucketIntelligentTieringConfiguration operation has a void result type.

PutBucketInventoryConfigurationRequest

Container for the parameters to the PutBucketInventoryConfiguration operation. This implementation of the 

PUT
action adds an inventory configuration (identified by the inventory ID) to the bucket. You can have up to 1,000 inventory configurations per bucket.

Amazon S3 inventory generates inventories of the objects in the bucket on a daily or weekly basis, and the results are published to a flat file. The bucket that is inventoried is called the source bucket, and the bucket where the inventory flat file is stored is called the destination bucket. The destination bucket must be in the same Amazon Web Services Region as the source bucket.

When you configure an inventory for a source bucket, you specify the destination bucket where you want the inventory to be stored, and whether to generate the inventory daily or weekly. You can also configure what object metadata to include and whether to inventory all object versions or only current versions. For more information, see Amazon S3 Inventory in the Amazon S3 User Guide.

You must create a bucket policy on the destination bucket to grant permissions to Amazon S3 to write objects to the bucket in the defined location. For an example policy, see Granting Permissions for Amazon S3 Inventory and Storage Class Analysis.

To use this operation, you must have permissions to perform the 

s3:PutInventoryConfiguration
action. The bucket owner has this permission by default and can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources in the Amazon S3 User Guide.

Special Errors

  • HTTP 400 Bad Request Error

    • Code: InvalidArgument

    • Cause: Invalid Argument

  • HTTP 400 Bad Request Error

    • Code: TooManyConfigurations

    • Cause: You are attempting to create a new configuration but have already reached the 1,000-configuration limit.

  • HTTP 403 Forbidden Error

    • Code: AccessDenied

    • Cause: You are not the owner of the specified bucket, or you do not have the 

      s3:PutInventoryConfiguration
      bucket permission to set the configuration on the bucket.

Related Resources

PutBucketInventoryConfigurationResponse

Returns information about the PutInventoryConfigurationResponse response metadata. The PutInventoryConfigurationResponse operation has a void result type.

PutBucketLoggingRequest

Container for the parameters to the PutBucketLogging operation. Set the logging parameters for a bucket and to specify permissions for who can view and modify the logging parameters. All logs are saved to buckets in the same Amazon Web Services Region as the source bucket. To set the logging status of a bucket, you must be the bucket owner.

The bucket owner is automatically granted FULL_CONTROL to all logs. You use the 

Grantee
request element to grant access to other people. The 
Permissions
request element specifies the kind of access the grantee has to the logs.

If the target bucket for log delivery uses the bucket owner enforced setting for S3 Object Ownership, you can't use the 

Grantee
request element to grant access to others. Permissions can only be granted using policies. For more information, see Permissions for server access log delivery in the Amazon S3 User Guide.

Grantee Values

You can specify the person (grantee) to whom you're assigning access rights (using request elements) in the following ways:

  • By the person's ID: 

    <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="CanonicalUser"><ID><>ID<></ID><DisplayName><>GranteesEmail<></DisplayName>
                   </Grantee>

    DisplayName is optional and ignored in the request.

  • By Email address: 

    <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="AmazonCustomerByEmail"><EmailAddress><>Grantees@email.com<></EmailAddress></Grantee>

    The grantee is resolved to the CanonicalUser and, in a response to a GET Object acl request, appears as the CanonicalUser.

  • By URI: 

    <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="Group"><URI><>http://acs.amazonaws.com/groups/global/AuthenticatedUsers<></URI></Grantee>

To enable logging, you use LoggingEnabled and its children request elements. To disable logging, you use an empty BucketLoggingStatus request element: 

<BucketLoggingStatus xmlns="http://doc.s3.amazonaws.com/2006-03-01" />

For more information about server access logging, see Server Access Logging in the Amazon S3 User Guide.

For more information about creating a bucket, see CreateBucket. For more information about returning the logging status of a bucket, see GetBucketLogging.

The following operations are related to 

PutBucketLogging
:
PutBucketLoggingResponse

Returns information about the PutBucketLogging response metadata. The EnableBucketLogging operation has a void result type.

PutBucketMetricsConfigurationRequest

Container for the parameters to the PutBucketMetricsConfiguration operation. Sets a metrics configuration (specified by the metrics configuration ID) for the bucket. You can have up to 1,000 metrics configurations per bucket. If you're updating an existing metrics configuration, note that this is a full replacement of the existing metrics configuration. If you don't include the elements you want to keep, they are erased.

To use this operation, you must have permissions to perform the 

s3:PutMetricsConfiguration
action. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.

For information about CloudWatch request metrics for Amazon S3, see Monitoring Metrics with Amazon CloudWatch.

The following operations are related to 

PutBucketMetricsConfiguration
: 

GetBucketLifecycle
has the following special error:

  • Error code: 

    TooManyConfigurations

    • Description: You are attempting to create a new configuration but have already reached the 1,000-configuration limit.

    • HTTP Status Code: HTTP 400 Bad Request

PutBucketMetricsConfigurationResponse

Returns information about the PutBucketMetricsConfiguration response metadata. The PutBucketMetricsConfiguration operation has a void result type.

PutBucketNotificationRequest

Container for the parameters to the PutBucketNotification operation. Enables notifications of specified events for a bucket. For more information about event notifications, see Configuring Event Notifications.

Using this API, you can replace an existing notification configuration. The configuration is an XML file that defines the event types that you want Amazon S3 to publish and the destination where you want Amazon S3 to publish an event notification when it detects an event of the specified type.

By default, your bucket has no event notifications configured. That is, the notification configuration will be an empty 

NotificationConfiguration
. 

<NotificationConfiguration>

</NotificationConfiguration>

This action replaces the existing notification configuration with the configuration you include in the request body.

After Amazon S3 receives this request, it first verifies that any Amazon Simple Notification Service (Amazon SNS) or Amazon Simple Queue Service (Amazon SQS) destination exists, and that the bucket owner has permission to publish to it by sending a test notification. In the case of Lambda destinations, Amazon S3 verifies that the Lambda function permissions grant Amazon S3 permission to invoke the function from the Amazon S3 bucket. For more information, see Configuring Notifications for Amazon S3 Events.

You can disable notifications by adding the empty NotificationConfiguration element.

By default, only the bucket owner can configure notifications on a bucket. However, bucket owners can use a bucket policy to grant permission to other users to set this configuration with 

s3:PutBucketNotification
permission.
note

The PUT notification is an atomic operation. For example, suppose your notification configuration includes SNS topic, SQS queue, and Lambda function configurations. When you send a PUT request with this configuration, Amazon S3 sends test messages to your SNS topic. If the message fails, the entire PUT action will fail, and Amazon S3 will not add the configuration to your bucket.

Responses

If the configuration in the request body includes only one 

TopicConfiguration
specifying only the 
s3:ReducedRedundancyLostObject
event type, the response will also include the 
x-amz-sns-test-message-id
header containing the message ID of the test notification sent to the topic.

The following action is related to 

PutBucketNotificationConfiguration
:
PutBucketNotificationResponse

Returns information about the PutBucketNotification response metadata. The PutBucketNotification operation has a void result type.

PutBucketOwnershipControlsRequest

Container for the parameters to the PutBucketOwnershipControls operation. Creates or modifies 

OwnershipControls
for an Amazon S3 bucket. To use this operation, you must have the 
s3:PutBucketOwnershipControls
permission. For more information about Amazon S3 permissions, see Specifying permissions in a policy.

For information about Amazon S3 Object Ownership, see Using object ownership.

The following operations are related to 

PutBucketOwnershipControls
:
PutBucketOwnershipControlsResponse

Returns information about the PutBucketOwnershipControls response metadata. The PutBucketOwnershipControls operation has a void result type.

PutBucketPolicyRequest

Container for the parameters to the PutBucketPolicy operation. Applies an Amazon S3 bucket policy to an Amazon S3 bucket. If you are using an identity other than the root user of the Amazon Web Services account that owns the bucket, the calling identity must have the 

PutBucketPolicy
permissions on the specified bucket and belong to the bucket owner's account in order to use this operation.

If you don't have 

PutBucketPolicy
permissions, Amazon S3 returns a 
403
                                                                                            Access Denied
error. If you have the correct permissions, but you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 
405
                                                                                        Method Not Allowed
error.

As a security precaution, the root user of the Amazon Web Services account that owns a bucket can always use this operation, even if the policy explicitly denies the root user the ability to perform this action.

For more information, see Bucket policy examples.

The following operations are related to 

PutBucketPolicy
:
PutBucketPolicyResponse

Returns information about the PutBucketPolicy response metadata. The PutBucketPolicy operation has a void result type.

PutBucketReplicationRequest

Container for the parameters to the PutBucketReplication operation. Creates a replication configuration or replaces an existing one. For more information, see Replication in the Amazon S3 User Guide.

Specify the replication configuration in the request body. In the replication configuration, you provide the name of the destination bucket or buckets where you want Amazon S3 to replicate objects, the IAM role that Amazon S3 can assume to replicate objects on your behalf, and other relevant information.

A replication configuration must include at least one rule, and can contain a maximum of 1,000. Each rule identifies a subset of objects to replicate by filtering the objects in the source bucket. To choose additional subsets of objects to replicate, add a rule for each subset.

To specify a subset of the objects in the source bucket to apply a replication rule to, add the Filter element as a child of the Rule element. You can filter objects based on an object key prefix, one or more object tags, or both. When you add the Filter element in the configuration, you must also add the following elements: 

DeleteMarkerReplication
, 
Status
, and 
Priority
.
note

If you are using an earlier version of the replication configuration, Amazon S3 handles replication of delete markers differently. For more information, see Backward Compatibility.

For information about enabling versioning on a bucket, see Using Versioning.

Handling Replication of Encrypted Objects

By default, Amazon S3 doesn't replicate objects that are stored at rest using server-side encryption with CMKs stored in Amazon Web Services KMS. To replicate Amazon Web Services KMS-encrypted objects, add the following: 

SourceSelectionCriteria
, 
SseKmsEncryptedObjects
, 
Status
, 
EncryptionConfiguration
, and 
ReplicaKmsKeyID
. For information about replication configuration, see Replicating Objects Created with SSE Using CMKs stored in Amazon Web Services KMS.

For information on 

PutBucketReplication
errors, see List of replication-related error codes

Permissions

To create a 

PutBucketReplication
request, you must have 
s3:PutReplicationConfiguration
permissions for the bucket.

By default, a resource owner, in this case the Amazon Web Services account that created the bucket, can perform this operation. The resource owner can also grant others permissions to perform the operation. For more information about permissions, see Specifying Permissions in a Policy and Managing Access Permissions to Your Amazon S3 Resources.

note

To perform this operation, the user or role performing the action must have the iam:PassRole permission.

The following operations are related to 

PutBucketReplication
:
PutBucketReplicationResponse

Returns information about the PutBucketReplicationConfiguration response metadata. The PutBucketReplicationConfiguration operation has a void result type.

PutBucketRequest

Container for the parameters to the PutBucket operation. Creates a new S3 bucket. To create a bucket, you must register with Amazon S3 and have a valid Amazon Web Services Access Key ID to authenticate requests. Anonymous requests are never allowed to create buckets. By creating the bucket, you become the bucket owner.

Not every string is an acceptable bucket name. For information about bucket naming restrictions, see Bucket naming rules.

If you want to create an Amazon S3 on Outposts bucket, see Create Bucket.

By default, the bucket is created in the US East (N. Virginia) Region. You can optionally specify a Region in the request body. You might choose a Region to optimize latency, minimize costs, or address regulatory requirements. For example, if you reside in Europe, you will probably find it advantageous to create buckets in the Europe (Ireland) Region. For more information, see Accessing a bucket.

note

If you send your create bucket request to the 

s3.amazonaws.com
endpoint, the request goes to the us-east-1 Region. Accordingly, the signature calculations in Signature Version 4 must use us-east-1 as the Region, even if the location constraint in the request specifies another Region where the bucket is to be created. If you create a bucket in a Region other than US East (N. Virginia), your application must be able to handle 307 redirect. For more information, see Virtual hosting of buckets.

Access control lists (ACLs)

When creating a bucket using this operation, you can optionally configure the bucket ACL to specify the accounts or groups that should be granted specific permissions on the bucket.

If your CreateBucket request includes the 

BucketOwnerEnforced
value for the 
x-amz-object-ownership
header, your request can either not specify an ACL or specify bucket owner full control ACLs, such as the 
bucket-owner-full-control
canned ACL or an equivalent ACL expressed in the XML format. For more information, see Controlling object ownership in the Amazon S3 User Guide.

There are two ways to grant the appropriate permissions using the request headers.

  • Specify a canned ACL using the 

    x-amz-acl
    request header. Amazon S3 supports a set of predefined ACLs, known as canned ACLs. Each canned ACL has a predefined set of grantees and permissions. For more information, see Canned ACL.

  • Specify access permissions explicitly using the 

    x-amz-grant-read
    , 
    x-amz-grant-write
    , 
    x-amz-grant-read-acp
    , 
    x-amz-grant-write-acp
    , and 
    x-amz-grant-full-control
    headers. These headers map to the set of permissions Amazon S3 supports in an ACL. For more information, see Access control list (ACL) overview.

    You specify each grantee as a type=value pair, where the type is one of the following: 

    • id
      – if the value specified is the canonical user ID of an Amazon Web Services account 

    • uri
      – if you are granting permissions to a predefined group 

    • emailAddress
      – if the value specified is the email address of an Amazon Web Services account
      note

      Using email addresses to specify a grantee is only supported in the following Amazon Web Services Regions:

      • US East (N. Virginia)

      • US West (N. California)

      • US West (Oregon)

      • Asia Pacific (Singapore)

      • Asia Pacific (Sydney)

      • Asia Pacific (Tokyo)

      • Europe (Ireland)

      • South America (São Paulo)

      For a list of all the Amazon S3 supported Regions and endpoints, see Regions and Endpoints in the Amazon Web Services General Reference.

    For example, the following 

    x-amz-grant-read
    header grants the Amazon Web Services accounts identified by account IDs permissions to read object data and its metadata: 

    x-amz-grant-read: id="11112222333", id="444455556666"
note

You can use either a canned ACL or specify access permissions explicitly. You cannot do both.

Permissions

In addition to 

s3:CreateBucket
, the following permissions are required when your CreateBucket includes specific headers:

  • ACLs - If your 

    CreateBucket
    request specifies ACL permissions and the ACL is public-read, public-read-write, authenticated-read, or if you specify access permissions explicitly through any other ACL, both 
    s3:CreateBucket
    and 
    s3:PutBucketAcl
    permissions are needed. If the ACL the 
    CreateBucket
    request is private or doesn't specify any ACLs, only 
    s3:CreateBucket
    permission is needed.

  • Object Lock - If 

    ObjectLockEnabledForBucket
    is set to true in your 
    CreateBucket
    request, 
    s3:PutBucketObjectLockConfiguration
    and 
    s3:PutBucketVersioning
    permissions are required.

  • S3 Object Ownership - If your CreateBucket request includes the the 

    x-amz-object-ownership
    header, 
    s3:PutBucketOwnershipControls
    permission is required.

The following operations are related to 

CreateBucket
:
PutBucketRequestPaymentRequest

Container for the parameters to the PutBucketRequestPayment operation.

Sets the request payment configuration for a bucket. By default, the bucket owner pays for downloads from the bucket. This configuration parameter enables the bucket owner (only) to specify that the person requesting the download will be charged for the download.

PutBucketRequestPaymentResponse

Returns information about the PutBucketRequestPayment response metadata. The PutBucketRequestPayment operation has a void result type.

PutBucketResponse

Returns information about the PutBucket response and response metadata.

PutBucketTaggingRequest

Container for the parameters to the PutBucketTagging operation. Sets the tags for a bucket.

Use tags to organize your Amazon Web Services bill to reflect your own cost structure. To do this, sign up to get your Amazon Web Services account bill with tag key values included. Then, to see the cost of combined resources, organize your billing information according to resources with the same tag key values. For example, you can tag several resources with a specific application name, and then organize your billing information to see the total cost of that application across several services. For more information, see Cost Allocation and Tagging and Using Cost Allocation in Amazon S3 Bucket Tags.

note

When this operation sets the tags for a bucket, it will overwrite any current tags the bucket already has. You cannot use this operation to add tags to an existing list of tags.

To use this operation, you must have permissions to perform the 

s3:PutBucketTagging
action. The bucket owner has this permission by default and can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources. 

PutBucketTagging
has the following special errors:

  • Error code: 

    InvalidTagError

  • Error code: 

    MalformedXMLError

    • Description: The XML provided does not match the schema.

  • Error code: 

    OperationAbortedError

    • Description: A conflicting conditional action is currently in progress against this resource. Please try again.

  • Error code: 

    InternalError

    • Description: The service was unable to apply the provided tag to the bucket.

The following operations are related to 

PutBucketTagging
:
PutBucketTaggingResponse

Returns information about the PutBucketTagging response metadata. The PutBucketTagging operation has a void result type.

PutBucketVersioningRequest
PutBucketVersioningResponse

Returns information about the PutBucketVersioning response metadata. The PutBucketVersioning operation has a void result type.

PutBucketWebsiteRequest

Container for the parameters to the PutBucketWebsite operation.

Set the website configuration for a bucket.

PutBucketWebsiteResponse

Returns information about the PutBucketWebsite response metadata. The PutBucketWebsite operation has a void result type.

PutCORSConfigurationRequest

Container for the parameters to the PutCORSConfiguration operation.

Sets the cors configuration for a bucket.

PutCORSConfigurationResponse

Returns information about the PutCORSConfiguration response metadata. The PutCORSConfiguration operation has a void result type.

PutLifecycleConfigurationRequest

Container for the parameters to the PutLifecycleConfiguration operation. Creates a new lifecycle configuration for the bucket or replaces an existing lifecycle configuration. For information about lifecycle configuration, see Managing your storage lifecycle.

note

Bucket lifecycle configuration now supports specifying a lifecycle rule using an object key name prefix, one or more object tags, or a combination of both. Accordingly, this section describes the latest API. The previous version of the API supported filtering based only on an object key name prefix, which is supported for backward compatibility. For the related API description, see PutBucketLifecycle.

Rules

You specify the lifecycle configuration in your request body. The lifecycle configuration is specified as XML consisting of one or more rules. An Amazon S3 Lifecycle configuration can have up to 1,000 rules. This limit is not adjustable. Each rule consists of the following:

  • Filter identifying a subset of objects to which the rule applies. The filter can be based on a key name prefix, object tags, or a combination of both.

  • Status whether the rule is in effect.

  • One or more lifecycle transition and expiration actions that you want Amazon S3 to perform on the objects identified by the filter. If the state of your bucket is versioning-enabled or versioning-suspended, you can have many versions of the same object (one current version and zero or more noncurrent versions). Amazon S3 provides predefined actions that you can specify for current and noncurrent object versions.

For more information, see Object Lifecycle Management and Lifecycle Configuration Elements.

Permissions

By default, all Amazon S3 resources are private, including buckets, objects, and related subresources (for example, lifecycle configuration and website configuration). Only the resource owner (that is, the Amazon Web Services account that created it) can access the resource. The resource owner can optionally grant access permissions to others by writing an access policy. For this operation, a user must get the s3:PutLifecycleConfiguration permission.

You can also explicitly deny permissions. Explicit deny also supersedes any other permissions. If you want to block users or accounts from removing or deleting objects from your bucket, you must deny them permissions for the following actions:

  • s3:DeleteObject

  • s3:DeleteObjectVersion

  • s3:PutLifecycleConfiguration

For more information about permissions, see Managing Access Permissions to Your Amazon S3 Resources.

The following are related to 

PutBucketLifecycleConfiguration
:
PutLifecycleConfigurationResponse

Returns information about the PutLifecycleConfiguration response metadata. The PutLifecycleConfiguration operation has a void result type.

PutObjectLegalHoldRequest

Container for the parameters to the PutObjectLegalHold operation. Applies a Legal Hold configuration to the specified object. For more information, see Locking Objects.

This action is not supported by Amazon S3 on Outposts.

PutObjectLegalHoldResponse

This is the response object from the PutObjectLegalHold operation.

PutObjectLockConfigurationRequest

Container for the parameters to the PutObjectLockConfiguration operation. Places an Object Lock configuration on the specified bucket. The rule specified in the Object Lock configuration will be applied by default to every new object placed in the specified bucket. For more information, see Locking Objects.

note

  • The 

    DefaultRetention
    settings require both a mode and a period.

  • The 

    DefaultRetention
    period can be either 
    Days
    or 
    Years
    but you must select one. You cannot specify 
    Days
    and 
    Years
    at the same time.

  • You can only enable Object Lock for new buckets. If you want to turn on Object Lock for an existing bucket, contact Amazon Web Services Support.

PutObjectLockConfigurationResponse

This is the response object from the PutObjectLockConfiguration operation.

PutObjectRequest
PutObjectResponse

Returns information about the PutObject response and response metadata.

PutObjectRetentionRequest

Container for the parameters to the PutObjectRetention operation. Places an Object Retention configuration on an object. For more information, see Locking Objects. Users or accounts require the 

s3:PutObjectRetention
permission in order to place an Object Retention configuration on objects. Bypassing a Governance Retention configuration requires the 
s3:BypassGovernanceRetention
permission.

This action is not supported by Amazon S3 on Outposts.

Permissions

When the Object Lock retention mode is set to compliance, you need 

s3:PutObjectRetention
and 
s3:BypassGovernanceRetention
permissions. For other requests to 
PutObjectRetention
, only 
s3:PutObjectRetention
permissions are required.
PutObjectRetentionResponse

This is the response object from the PutObjectRetention operation.

PutObjectTaggingRequest
PutObjectTaggingResponse

Returns information about the PutObjectTagging response and response metadata.

PutPublicAccessBlockRequest

Container for the parameters to the PutPublicAccessBlock operation. Creates or modifies the Public Access Block configuration for an Amazon S3 bucket.

PutPublicAccessBlockResponse

This is the response object from the PutPublicAccessBlock operation.

PutWithACLRequest

Base class for put operations that can also put an ACL.

QueueConfiguration

This class contains the configuration Amazon S3 uses to figure out what events you want to listen and send the event to an Amazon SQS queue.

The queue's policy must allow S3 to send messages to it. The utility method Amazon.SQS.AmazonSQSClient.AuthorizeS3ToSendMessage(string,string) can be used to help setup the queue policy.

RecordsEvent

The Records Event

ReplicaModifications

A filter that you can specify for selection for modifications on replicas. Amazon S3 doesn't replicate replica modifications by default. In the latest version of replication configuration (when 

Filter
is specified), you can specify this element and set the status to 
Enabled
to replicate modifications on replicas.
note

If you don't specify the 

Filter
element, Amazon S3 assumes that the replication configuration is the earlier version, V1. In the earlier version, this element is not allowed.
ReplicationConfiguration

This class defines the configuration for replication.

ReplicationDestination

Specifies information about where to publish analysis or configuration results for an Amazon S3 bucket and S3 Replication Time Control (S3 RTC).

ReplicationRule

Rule that specifies the replication configuration.

ReplicationRuleAndOperator
ReplicationRuleFilter

Filter that identifies subset of objects to which the replication rule applies. A 

Filter
must specify exactly one 
Prefix
, 
Tag
, or an 
And
child element.
ReplicationTime

A container specifying the time when all objects and operations on objects are replicated. Must be specified together with a 

Metrics
block.
ReplicationTimeValue

A container specifying the time value.

RequestPaymentConfiguration

Request Payment Configuration

ResponseHeaderOverrides

Container for values of the response headers that will be set on a response from a GetObject request. These values override any headers that were set when the object was uploaded to S3.

RestoreObjectRequest

Container for the parameters to the RestoreObject operation. Restores an archived copy of an object back into Amazon S3

This action is not supported by Amazon S3 on Outposts.

This action performs the following types of requests: 

  • select
    - Perform a select query on an archived object 

  • restore an archive
    - Restore an archived object

To use this operation, you must have permissions to perform the 

s3:RestoreObject
action. The bucket owner has this permission by default and can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources in the Amazon S3 User Guide.

Querying Archives with Select Requests

You use a select type of request to perform SQL queries on archived objects. The archived objects that are being queried by the select request must be formatted as uncompressed comma-separated values (CSV) files. You can run queries and custom analytics on your archived data without having to restore your data to a hotter Amazon S3 tier. For an overview about select requests, see Querying Archived Objects in the Amazon S3 User Guide.

When making a select request, do the following:

  • Define an output location for the select query's output. This must be an Amazon S3 bucket in the same Amazon Web Services Region as the bucket that contains the archive object that is being queried. The Amazon Web Services account that initiates the job must have permissions to write to the S3 bucket. You can specify the storage class and encryption for the output objects stored in the bucket. For more information about output, see Querying Archived Objects in the Amazon S3 User Guide.

    For more information about the 

    S3
    structure in the request body, see the following:

  • Define the SQL expression for the 

    SELECT
    type of restoration for your query in the request body's 
    SelectParameters
    structure. You can use expressions like the following examples.

    • The following expression returns all records from the specified object. 

      SELECT * FROM Object

    • Assuming that you are not using any headers for data stored in the object, you can specify columns with positional headers. 

      SELECT s._1, s._2 FROM Object s WHERE s._3 > 100

    • If you have headers and you set the 

      fileHeaderInfo
      in the 
      CSV
      structure in the request body to 
      USE
      , you can specify headers in the query. (If you set the 
      fileHeaderInfo
      field to 
      IGNORE
      , the first row is skipped for the query.) You cannot mix ordinal positions with header column names. 

      SELECT s.Id, s.FirstName, s.SSN FROM S3Object s

For more information about using SQL with S3 Glacier Select restore, see SQL Reference for Amazon S3 Select and S3 Glacier Select in the Amazon S3 User Guide.

When making a select request, you can also do the following:

  • To expedite your queries, specify the 

    Expedited
    tier. For more information about tiers, see "Restoring Archives," later in this topic.

  • Specify details about the data serialization format of both the input object that is being queried and the serialization of the CSV-encoded query results.

The following are additional important facts about the select feature:

  • The output results are new Amazon S3 objects. Unlike archive retrievals, they are stored until explicitly deleted-manually or through a lifecycle policy.

  • You can issue more than one select request on the same Amazon S3 object. Amazon S3 doesn't deduplicate requests, so avoid issuing duplicate requests.

  • Amazon S3 accepts a select request even if the object has already been restored. A select request doesn’t return error response 

    409
    .

Restoring objects

Objects that you archive to the S3 Glacier or S3 Glacier Deep Archive storage class, and S3 Intelligent-Tiering Archive or S3 Intelligent-Tiering Deep Archive tiers are not accessible in real time. For objects in Archive Access or Deep Archive Access tiers you must first initiate a restore request, and then wait until the object is moved into the Frequent Access tier. For objects in S3 Glacier or S3 Glacier Deep Archive storage classes you must first initiate a restore request, and then wait until a temporary copy of the object is available. To access an archived object, you must restore the object for the duration (number of days) that you specify.

To restore a specific object version, you can provide a version ID. If you don't provide a version ID, Amazon S3 restores the current version.

When restoring an archived object (or using a select request), you can specify one of the following data access tier options in the 

Tier
element of the request body: 

  • Expedited
    - Expedited retrievals allow you to quickly access your data stored in the S3 Glacier storage class or S3 Intelligent-Tiering Archive tier when occasional urgent requests for a subset of archives are required. For all but the largest archived objects (250 MB+), data accessed using Expedited retrievals is typically made available within 1–5 minutes. Provisioned capacity ensures that retrieval capacity for Expedited retrievals is available when you need it. Expedited retrievals and provisioned capacity are not available for objects stored in the S3 Glacier Deep Archive storage class or S3 Intelligent-Tiering Deep Archive tier. 

  • Standard
    - Standard retrievals allow you to access any of your archived objects within several hours. This is the default option for retrieval requests that do not specify the retrieval option. Standard retrievals typically finish within 3–5 hours for objects stored in the S3 Glacier storage class or S3 Intelligent-Tiering Archive tier. They typically finish within 12 hours for objects stored in the S3 Glacier Deep Archive storage class or S3 Intelligent-Tiering Deep Archive tier. Standard retrievals are free for objects stored in S3 Intelligent-Tiering. 

  • Bulk
    - Bulk retrievals are the lowest-cost retrieval option in S3 Glacier, enabling you to retrieve large amounts, even petabytes, of data inexpensively. Bulk retrievals typically finish within 5–12 hours for objects stored in the S3 Glacier storage class or S3 Intelligent-Tiering Archive tier. They typically finish within 48 hours for objects stored in the S3 Glacier Deep Archive storage class or S3 Intelligent-Tiering Deep Archive tier. Bulk retrievals are free for objects stored in S3 Intelligent-Tiering.

For more information about archive retrieval options and provisioned capacity for 

Expedited
data access, see Restoring Archived Objects in the Amazon S3 User Guide.

You can use Amazon S3 restore speed upgrade to change the restore speed to a faster speed while it is in progress. For more information, see Upgrading the speed of an in-progress restore in the Amazon S3 User Guide.

To get the status of object restoration, you can send a 

HEAD
request. Operations return the 
x-amz-restore
header, which provides information about the restoration status, in the response. You can use Amazon S3 event notifications to notify you when a restore is initiated or completed. For more information, see Configuring Amazon S3 Event Notifications in the Amazon S3 User Guide.

After restoring an archived object, you can update the restoration period by reissuing the request with a new period. Amazon S3 updates the restoration period relative to the current time and charges only for the request-there are no data transfer charges. You cannot update the restoration period when Amazon S3 is actively processing your current restore request for the object.

If your bucket has a lifecycle configuration with a rule that includes an expiration action, the object expiration overrides the life span that you specify in a restore request. For example, if you restore an object copy for 10 days, but the object is scheduled to expire in 3 days, Amazon S3 deletes the object in 3 days. For more information about lifecycle configuration, see PutBucketLifecycleConfiguration and Object Lifecycle Management in Amazon S3 User Guide.

Responses

A successful action returns either the 

200 OK
or 
202 Accepted
status code.

  • If the object is not previously restored, then Amazon S3 returns 

    202 Accepted
    in the response.

  • If the object is previously restored, Amazon S3 returns 

    200 OK
    in the response.

Special Errors

    • Code: RestoreAlreadyInProgress

    • Cause: Object restore is already in progress. (This error does not apply to SELECT type requests.)

    • HTTP Status Code: 409 Conflict

    • SOAP Fault Code Prefix: Client

    • Code: GlacierExpeditedRetrievalNotAvailable

    • Cause: expedited retrievals are currently not available. Try again later. (Returned if there is insufficient capacity to process the Expedited request. This error applies only to Expedited retrievals and not to S3 Standard or Bulk retrievals.)

    • HTTP Status Code: 503

    • SOAP Fault Code Prefix: N/A

Related Resources

RestoreObjectResponse

Returns information about the RestoreObject response metadata. The RestoreObject operation has a void result type.

RoutingRule

Routing Rule

RoutingRuleCondition

A container for describing a condition that must be met for the specified redirect to apply. For example, 1. If request is for pages in the /docs folder, redirect to the /documents folder. 2. If request results in HTTP error 4xx, redirect request to another host where you might process the error.

RoutingRuleRedirect

Container for redirect information. You can redirect requests to another host, to another page, or with another protocol. In the event of an error, you can can specify a different error code to return.

S3AccessControlList

Represents an access control list (ACL) for S3. An AccessControlList is represented by an Owner, and a List of Grants, where each Grant is a Grantee and a Permission.

S3Bucket

In terms of implementation, a Bucket is a resource. An Amazon S3 bucket name is globally unique, and the namespace is shared by all Amazon Web Services accounts.

S3BucketLoggingConfig

Describes where logs are stored and the prefix that Amazon S3 assigns to all log object keys for a bucket. For more information, see PUT Bucket logging in the Amazon S3 API Reference.

S3BucketVersioningConfig

Describes the versioning state of an Amazon S3 bucket. For more information, see PUT Bucket versioning in the Amazon S3 API Reference.

S3Encryption

Describes the server-side encryption that will be applied to the restore results.

S3EventStreamException

Modeled Exception that either comes over the stream from the service model, or wraps other exceptions for the purpose of raising events. If it is modelled, it will be a subclass.

S3Grant

Container for granting information.

Buckets that use the bucket owner enforced setting for Object Ownership don't support target grants. For more information, see Permissions server access log delivery in the Amazon S3 User Guide.

S3Grantee

Grantee

S3KeyFilter

Filter criteria that allows for event notification filtering based on an S3 Object's key name.

S3Location

Describes an S3 location that will receive the results of the restore request.

S3Object

Represents an S3 Object. Contains all attributes that an S3 Object has. For more information about S3 Objects refer: http://docs.amazonwebservices.com/AmazonS3/latest/UsingObjects.html

S3ObjectVersion

Represents a version of an object in an S3 Bucket. An S3 object version is an S3 object that also has a version identifier, an indication of whether this is the latest version of the object and whether it's a DeleteMarker or not.

S3PaginatorFactory

Paginators for the S3 service

SSEKMS

SSEKMS class

SSES3

SSES3 class

ScanRange

Specifies the byte range of the object to get the records from. A record is processed when its first byte is contained by the range.

SelectObjectContentEventStream

A Stream of Events returned by the SelectObjectContent operation. Events can be retrieved from this stream by either

  • attaching handlers to listen events, and then call StartProcessing or
  • enumerating over the events.

These options should be treaded as mutually exclusive.
SelectObjectContentRequest
SelectObjectContentResponse

Contains the response Payload for the SelectObjectContent request

SelectParameters

Describes the parameters for Select job types.

ServerSideEncryptionByDefault

Describes the default server-side encryption to apply to new objects in the bucket. If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied. For more information, see PUT Bucket encryption in the Amazon S3 API Reference.

ServerSideEncryptionConfiguration

ServerSideEncryptionConfiguration class

ServerSideEncryptionRule

ServerSideEncryptionRule class

SourceSelectionCriteria

A container that describes additional filters for identifying the source objects that you want to replicate. You can choose to enable or disable the replication of these objects. Currently, Amazon S3 supports only the filter that you can specify for objects created with server-side encryption using a customer managed key stored in Amazon Web Services Key Management Service (SSE-KMS).

SseKmsEncryptedObjects

A container for filter information for the selection of S3 objects encrypted with Amazon Web Services KMS.

Stats

The Stats event details.

StatsEvent

The Stats Event.

StorageClassAnalysis

Class for StorageClassAnalysis

StorageClassAnalysisDataExport

Class for StorageClassAnalysisDataExport

StreamResponse

Base class for responses that return a stream.

StreamSizeMismatchException

The exception that is thrown when the size of a stream does not match it's expected size.

Tag

Tag is a key-value pair of metadata associated with an S3Object

Tagging

Structure that contains list of Tags

Tiering

The S3 Intelligent-Tiering storage class is designed to optimize storage costs by automatically moving data to the most cost-effective storage access tier, without additional operational overhead.

TopicConfiguration

This class contains the configuration Amazon S3 uses to figure out what events you want to listen and send the event to an Amazon SNS topic.

The topic's policy must allow S3 to publish messages to it. The utility method Amazon.SimpleNotificationService.AmazonSimpleNotificationServiceClient.AuthorizeS3ToPublish(string,string) can be used to help setup the topic policy.

TransferProgressArgs

Arguments containing event details for an in-flight transfer.

UnknownEventStreamEvent

This Event is returned if an event is retrieved from the event stream, but a generator function for the event is not defined.

UploadPartRequest

Container for the parameters to the UploadPart operation. Uploads a part in a multipart upload.

note

In this operation, you provide part data in your request. However, you have an option to specify your existing Amazon S3 object as a data source for the part you are uploading. To upload a part from an existing object, you use the UploadPartCopy operation.

You must initiate a multipart upload (see CreateMultipartUpload) before you can upload any part. In response to your initiate request, Amazon S3 returns an upload ID, a unique identifier, that you must include in your upload part request.

Part numbers can be any number from 1 to 10,000, inclusive. A part number uniquely identifies a part and also defines its position within the object being created. If you upload a new part using the same part number that was used with a previous part, the previously uploaded part is overwritten.

For information about maximum and minimum part sizes and other multipart upload specifications, see Multipart upload limits in the Amazon S3 User Guide.

To ensure that data is not corrupted when traversing the network, specify the 

Content-MD5
header in the upload part request. Amazon S3 checks the part data against the provided MD5 value. If they do not match, Amazon S3 returns an error.

If the upload request is signed with Signature Version 4, then Amazon Web Services S3 uses the 

x-amz-content-sha256
header as a checksum instead of 
Content-MD5
. For more information see Authenticating Requests: Using the Authorization Header (Amazon Web Services Signature Version 4).

Note: After you initiate multipart upload and upload one or more parts, you must either complete or abort multipart upload in order to stop getting charged for storage of the uploaded parts. Only after you either complete or abort multipart upload, Amazon S3 frees up the parts storage and stops charging you for the parts storage.

For more information on multipart uploads, go to Multipart Upload Overview in the Amazon S3 User Guide .

For information on the permissions required to use the multipart upload API, go to Multipart Upload and Permissions in the Amazon S3 User Guide.

You can optionally request server-side encryption where Amazon S3 encrypts your data as it writes it to disks in its data centers and decrypts it for you when you access it. You have the option of providing your own encryption key, or you can use the Amazon Web Services managed encryption keys. If you choose to provide your own encryption key, the request headers you provide in the request must match the headers you used in the request to initiate the upload by using CreateMultipartUpload. For more information, go to Using Server-Side Encryption in the Amazon S3 User Guide.

Server-side encryption is supported by the S3 Multipart Upload actions. Unless you are using a customer-provided encryption key, you don't need to specify the encryption parameters in each UploadPart request. Instead, you only need to specify the server-side encryption parameters in the initial Initiate Multipart request. For more information, see CreateMultipartUpload.

If you requested server-side encryption using a customer-provided encryption key in your initiate multipart upload request, you must provide identical encryption information in each part upload using the following headers.

  • x-amz-server-side-encryption-customer-algorithm

  • x-amz-server-side-encryption-customer-key

  • x-amz-server-side-encryption-customer-key-MD5

Special Errors

    • Code: NoSuchUpload

    • Cause: The specified multipart upload does not exist. The upload ID might be invalid, or the multipart upload might have been aborted or completed.

    • HTTP Status Code: 404 Not Found

    • SOAP Fault Code Prefix: Client

Related Resources

UploadPartResponse

Returns information about the UploadPart response and response metadata.

WebsiteConfiguration

Website Configuration

WriteGetObjectResponseRequest

Container for the parameters to the WriteGetObjectResponse operation. Passes transformed objects to a 

GetObject
operation when using Object Lambda Access Points. For information about Object Lambda Access Points, see Transforming objects with Object Lambda Access Points in the Amazon S3 User Guide.

This operation supports metadata that can be returned by GetObject, in addition to 

RequestRoute
, 
RequestToken
, 
StatusCode
, 
ErrorCode
, and 
ErrorMessage
. The 
GetObject
response metadata is supported so that the 
WriteGetObjectResponse
caller, typically an Lambda function, can provide the same metadata when it internally invokes 
GetObject
. When 
WriteGetObjectResponse
is called by a customer-owned Lambda function, the metadata returned to the end user 
GetObject
call might differ from what Amazon S3 would normally return.

You can include any number of metadata headers. When including a metadata header, it should be prefaced with 

x-amz-meta
. For example, 
x-amz-meta-my-custom-header:
                                                                             MyCustomValue
. The primary use case for this is to forward 
GetObject
metadata.

Amazon Web Services provides some prebuilt Lambda functions that you can use with S3 Object Lambda to detect and redact personally identifiable information (PII) and decompress S3 objects. These Lambda functions are available in the Amazon Web Services Serverless Application Repository, and can be selected through the Amazon Web Services Management Console when you create your Object Lambda Access Point.

Example 1: PII Access Control - This Lambda function uses Amazon Comprehend, a natural language processing (NLP) service using machine learning to find insights and relationships in text. It automatically detects personally identifiable information (PII) such as names, addresses, dates, credit card numbers, and social security numbers from documents in your Amazon S3 bucket.

Example 2: PII Redaction - This Lambda function uses Amazon Comprehend, a natural language processing (NLP) service using machine learning to find insights and relationships in text. It automatically redacts personally identifiable information (PII) such as names, addresses, dates, credit card numbers, and social security numbers from documents in your Amazon S3 bucket.

Example 3: Decompression - The Lambda function S3ObjectLambdaDecompression, is equipped to decompress objects stored in S3 in one of six compressed file formats including bzip2, gzip, snappy, zlib, zstandard and ZIP.

For information on how to view and use these functions, see Using Amazon Web Services built Lambda functions in the Amazon S3 User Guide.

WriteGetObjectResponseResponse
WriteObjectProgressArgs

Encapsulates the information needed to provide download progress for the Write Object Event.

Interfaces

IListMultipartUploadsPaginator

Paginator for the ListMultipartUploads operation

IListObjectsPaginator

Paginator for the ListObjects operation

IListObjectsV2Paginator

Paginator for the ListObjectsV2 operation

IListPartsPaginator

Paginator for the ListParts operation

IListVersionsPaginator

Paginator for the ListVersions operation

IS3Event

Common Contract for S3 Events.

IS3PaginatorFactory

Paginators for the S3 service

ISelectObjectContentEventStream

The contract for the SelectObjectContentEventStream.