Amazon Simple Storage Service
Console User Guide (API Version 2006-03-01)

Uploading Objects into Amazon S3

When you upload a folder, Amazon S3 uploads all the files and subfolders from the specified folder to your bucket. It then assigns a key value that is a combination of the uploaded file name and the folder name. For example, if you upload a folder /images containing two files, sample1.jpg and sample2.jpg, Amazon S3 uploads the files and then assigns the corresponding object key names images/sample1.jpg, and images/sample2.jpg. Note that the key names include the folder name as a prefix.

If you upload one or more files that are not in a folder, Amazon S3 uploads the files and assigns the file names as the key values for the objects created.

This section explains how to use the AWS Management Console to upload one or more files or entire folders into Amazon S3. Amazon S3 stores all files in the specified bucket.

To upload files and folders into Amazon S3

  1. Sign in to the AWS Management Console and open the Amazon S3 console at

  2. In the buckets list, click the name of bucket where you want to upload an object and then click Upload.

  3. (Optional) In the Upload - Select Files wizard, if you want to upload an entire folder, click Enable Enhanced Uploader to install the necessary Java applet. After you choose the Enhanced Uploader, if the uploader is not ready to use after two minutes, you might need to change your platform (Windows or Mac) or browser configuration to get the Java applet to work. For instructions on changing your platform and browser configuration, see Using the Enhanced Uploader.

    You only need to do this step once per console session. After you click Enable Enhanced Uploader and then don't want to use it, you can either refresh the browser, or close and reopen the browser to reset the uploader to the default.

    The Enhanced Uploader uses a Java applet.


    If you are behind a firewall, you will need to install your organization's supported proxy client for the Java applet to work.

  4. Click Add Files.

  5. In the dialog box that appears, click the file or files that you want to upload, and then click Open.

    • If you enabled the advanced uploader in step 2, you see a Java dialog box titled Select files and folders to upload, as shown.

    • If not, you see the File Upload dialog box associated with your operating system.

  6. If you are ready to upload the object immediately, without providing further details about the object, click Start Upload. Otherwise, click Set Details.

  7. The Set Details dialog box gives you the options to set the storage class and choose whether to encrypt your object with server side encryption (SSE).

    Each object in Amazon S3 has a storage class associated with it. For information on Amazon S3 storage classes, see Storage Classes in the Amazon Simple Storage Service Developer Guide.

    When using server-side encryption (SSE) Amazon S3 encrypts your data at the object level as it writes it to disks in its data centers and decrypts it for you when you access it. For more information about using SSE in Amazon S3 go to Protecting Data Using Server-Side Encryption in the Amazon Simple Storage Service Developer Guide.

    1. If you select Use Server Side Encryption you have two SSE options; Use the Amazon S3 service master key or Use an AWS Key Management Service master key.

      Selecting the AWS Key Management Service option enables you to select the Master Key from a dropdown list with the following options:

      • aws/s3 (default)— This is the default AWS KMS master key.

      • Enter a key ARN— You can give external accounts the ability to use this object protected by a AWS KMS key. To do this, you'll need to provide the Amazon Resource Name (ARN) for the external account in the ARN / ID field. Administrators of an external account that have usage permissions to an object protected by your AWS KMS key can further restrict access by creating a resource-level IAM policy. The other options in this dropdown list are all AWS KMS master keys that you have previously created. For more information about creating a AWS KMS key, go to Creating Keys in the AWS Key Management Service Developer Guide.


      Only keys in the same region as this bucket are available for encrypting objects in this bucket.

    2. When you've finished setting the object details, click Set Permissions.

  8. In the Set Permissions dialog box, do the following:

    • Select (the default) or clear the Grant me full control check box.

    • To grant read access to anonymous requests, select the Make everything public check box on the Upload - Set Permissions panel. By default, the check box is cleared, so no access is granted.


    By default, the owner of the upload has full control over all uploaded objects.

  9. To grant access to other users and groups for the objects you are uploading, click Add more permissions.

    In the grantee row that appears:

    • For each permission you grant, an entry is made in the object's Access Control List (ACL). For more information, see Using ACLs in the Amazon Simple Storage Service Developer Guide.

    • If you click Add more permissions, a new Grantee row appears. Each Grantee row maps to a grant in the Access Control List (For more information, see Using ACLs) associated with the object. You can grant permission to a user or one of the predefined Amazon S3 groups.

  10. There are built-in groups that you can choose from the Grantee box:

    • Everyone—Use this group to grant anonymous access.

    • Authenticated Users—This group consists of any user that has an Amazon AWS Account. When you grant the Authenticated User group permission, any valid signed request can perform the appropriate action. The request can be signed by either an AWS Account or IAM User.

    • Log Delivery—This group grants write access to your bucket when the bucket is used to store server access logs. For more information, see Managing Bucket Logging.

    • Me—This group refers to your AWS root account, and not an IAM user.

    You can grant permission to an AWS account by entering the accounts canonical user ID or email address in the Grantee field. The email address must be the same one they used when signing up for an AWS account. You can grant a grantee any of the following permissions:

    • Open/Download—Enables the account to access the object when they are logged in

    • View Permissions—Can view the permissions associated with the object

    • Edit Permissions—Can edit the permissions associated with the object

  11. To set metadata, click Set Metadata.

    In the Upload - Set Metadata do the following:

    1. If you want the Amazon S3 to infer the content type of the uploaded objects, select the Figure out content types automatically check box (default).

    2. To add custom metadata, click Add more metadata and enter the key-value pairs that you want.

    Amazon S3 object metadata is represented by a key-value pair. User metadata is stored with the object and returned when you download the object. Amazon S3 does not process custom metadata. Custom metadata can be as large as 2 KB, and both the keys and their values must conform to US-ASCII standards. Any metadata starting with prefix x-amz-meta- is treated as user-defined metadata. When you add user-defined metadata, select x-amz-meta- from the Key box and then append the metadata name to it.

  12. Click Start Upload.

    You can watch the progress of the upload from within the Transfers panel.


    To hide the Transfer panel, click None. To open it again, click Transfers.

    When objects upload successfully to Amazon S3, they appear in the Objects and Folders list.

To view file content and properties

  • Do either or both of the following:

    • To view the file content, in the Objects and Folders list, double-click the object.

    • To view object properties, in the Objects and Folders list, choose the object and then choose Properties.


      By default your Amazon S3 resources are private. Only the object owner can click the object link and view the object. If you share this link with others, for example add this link to your web pages, Amazon S3 will deny access. The clickable links on your webpage will work only if you make the object public (see Editing Object Permissions) or you use a pre-signed URL for the clickable link. For more information about pre-signed URL, go to Share an Object with Others in the Amazon Simple Storage Service Developer Guide.