Adds an object to a bucket. You must have WRITE permissions on a bucket to add an object
to it.
Amazon S3 never adds partial objects; if you receive a success response, Amazon S3 added the
entire object to the bucket.
Amazon S3 is a distributed system. If it receives multiple write requests for the same object
simultaneously, it overwrites all but the last object written. Amazon S3 does not provide object
locking; if you need this, make sure to build it into your application layer or use
versioning instead.
To ensure that data is not corrupted traversing the network, use the
Content-MD5 header. When you use this header, Amazon S3 checks the object
against the provided MD5 value and, if they do not match, returns an error. Additionally,
you can calculate the MD5 while putting an object to Amazon S3 and compare the returned ETag to
the calculated MD5 value.
To successfully complete the PutObject request, you must have the
s3:PutObject in your IAM permissions.
To successfully change the objects acl of your PutObject request,
you must have the s3:PutObjectAcl in your IAM permissions.
The Content-MD5 header is required for any request to upload an object
with a retention period configured using Amazon S3 Object Lock. For more information about
Amazon S3 Object Lock, see Amazon S3 Object Lock Overview
in the Amazon S3 User Guide.
Server-side Encryption
You can optionally request server-side encryption. With server-side encryption, Amazon S3 encrypts
your data as it writes it to disks in its data centers and decrypts the data
when you access it. You have the option to provide your own encryption key or use Amazon Web Services
managed encryption keys (SSE-S3 or SSE-KMS). For more information, see Using Server-Side
Encryption.
If you request server-side encryption using Amazon Web Services Key Management Service (SSE-KMS), you can enable
an S3 Bucket Key at the object-level. For more information, see Amazon S3 Bucket Keys in the
Amazon S3 User Guide.
Access Control List (ACL)-Specific Request
Headers
You can use headers to grant ACL- based permissions. By default, all objects are
private. Only the owner has full access control. When adding a new object, you can grant
permissions to individual Amazon Web Services accounts or to predefined groups defined by Amazon S3. These
permissions are then added to the ACL on the object. For more information, see Access Control List
(ACL) Overview and Managing ACLs Using the REST
API.
If the bucket that you're uploading objects to uses the bucket owner enforced setting
for S3 Object Ownership, ACLs are disabled and no longer affect permissions. Buckets that
use this setting only accept PUT requests that don't specify an ACL or PUT requests that
specify bucket owner full control ACLs, such as the bucket-owner-full-control canned
ACL or an equivalent form of this ACL expressed in the XML format. PUT requests that contain other
ACLs (for example, custom grants to certain Amazon Web Services accounts) fail and return a
400 error with the error code
AccessControlListNotSupported.
If your bucket uses the bucket owner enforced setting for Object Ownership,
all objects written to the bucket by any account will be owned by the bucket owner.
Storage Class Options
By default, Amazon S3 uses the STANDARD Storage Class to store newly created objects. The
STANDARD storage class provides high durability and high availability. Depending on
performance needs, you can specify a different Storage Class. Amazon S3 on Outposts only uses
the OUTPOSTS Storage Class. For more information, see Storage Classes in the
Amazon S3 User Guide.
Versioning
If you enable versioning for a bucket, Amazon S3 automatically generates a unique version ID
for the object being stored. Amazon S3 returns this ID in the response. When you enable
versioning for a bucket, if Amazon S3 receives multiple write requests for the same object
simultaneously, it stores all of the objects.
Adds an object to a bucket. You must have WRITE permissions on a bucket to add an object to it.
Amazon S3 never adds partial objects; if you receive a success response, Amazon S3 added the entire object to the bucket.
Amazon S3 is a distributed system. If it receives multiple write requests for the same object simultaneously, it overwrites all but the last object written. Amazon S3 does not provide object locking; if you need this, make sure to build it into your application layer or use versioning instead.
To ensure that data is not corrupted traversing the network, use the
Content-MD5
header. When you use this header, Amazon S3 checks the object against the provided MD5 value and, if they do not match, returns an error. Additionally, you can calculate the MD5 while putting an object to Amazon S3 and compare the returned ETag to the calculated MD5 value.To successfully complete the
PutObject
request, you must have thes3:PutObject
in your IAM permissions.To successfully change the objects acl of your
PutObject
request, you must have thes3:PutObjectAcl
in your IAM permissions.The
Content-MD5
header is required for any request to upload an object with a retention period configured using Amazon S3 Object Lock. For more information about Amazon S3 Object Lock, see Amazon S3 Object Lock Overview in the Amazon S3 User Guide.Server-side Encryption
You can optionally request server-side encryption. With server-side encryption, Amazon S3 encrypts your data as it writes it to disks in its data centers and decrypts the data when you access it. You have the option to provide your own encryption key or use Amazon Web Services managed encryption keys (SSE-S3 or SSE-KMS). For more information, see Using Server-Side Encryption.
If you request server-side encryption using Amazon Web Services Key Management Service (SSE-KMS), you can enable an S3 Bucket Key at the object-level. For more information, see Amazon S3 Bucket Keys in the Amazon S3 User Guide.
Access Control List (ACL)-Specific Request Headers
You can use headers to grant ACL- based permissions. By default, all objects are private. Only the owner has full access control. When adding a new object, you can grant permissions to individual Amazon Web Services accounts or to predefined groups defined by Amazon S3. These permissions are then added to the ACL on the object. For more information, see Access Control List (ACL) Overview and Managing ACLs Using the REST API.
If the bucket that you're uploading objects to uses the bucket owner enforced setting for S3 Object Ownership, ACLs are disabled and no longer affect permissions. Buckets that use this setting only accept PUT requests that don't specify an ACL or PUT requests that specify bucket owner full control ACLs, such as the
bucket-owner-full-control
canned ACL or an equivalent form of this ACL expressed in the XML format. PUT requests that contain other ACLs (for example, custom grants to certain Amazon Web Services accounts) fail and return a400
error with the error codeAccessControlListNotSupported
.For more information, see Controlling ownership of objects and disabling ACLs in the Amazon S3 User Guide.
If your bucket uses the bucket owner enforced setting for Object Ownership, all objects written to the bucket by any account will be owned by the bucket owner.
Storage Class Options
By default, Amazon S3 uses the STANDARD Storage Class to store newly created objects. The STANDARD storage class provides high durability and high availability. Depending on performance needs, you can specify a different Storage Class. Amazon S3 on Outposts only uses the OUTPOSTS Storage Class. For more information, see Storage Classes in the Amazon S3 User Guide.
Versioning
If you enable versioning for a bucket, Amazon S3 automatically generates a unique version ID for the object being stored. Amazon S3 returns this ID in the response. When you enable versioning for a bucket, if Amazon S3 receives multiple write requests for the same object simultaneously, it stores all of the objects.
For more information about versioning, see Adding Objects to Versioning Enabled Buckets. For information about returning the versioning state of a bucket, see GetBucketVersioning.
Related Resources
CopyObject
DeleteObject
Use a bare-bones client and the command you need to make an API call.
import { S3Client, PutObjectCommand } from "@aws-sdk/client-s3"; // ES Modules import // const { S3Client, PutObjectCommand } = require("@aws-sdk/client-s3"); // CommonJS import const client = new S3Client(config); const command = new PutObjectCommand(input); const response = await client.send(command);
PutObjectCommandInput for command's
input
shape.PutObjectCommandOutput for command's
response
shape.config for S3Client's
config
shape.