Amazon Simple Storage Service

Developer Guide (API Version 2006-03-01)

What Is Amazon S3?
Introduction
Making Requests
- Making Requests over IPv6
  - Using Dual-Stack Endpoints
- Making Requests Using the AWS SDKs
- Making Requests Using the REST API
  - Virtual Hosting of Buckets
  - Request Redirection and the REST API
Buckets
- Restrictions and Limitations
- Examples of Creating a Bucket
- Deleting or Emptying a Bucket
- Bucket Website Configuration
- Transfer Acceleration
  - Transfer Acceleration Examples
- Requester Pays Buckets
  - Configure with the Console
  - Configure with the REST API
- Access Control
- Billing and Usage Reporting
Objects
- Object Key and Metadata
- Storage Classes
- Subresources
- Versioning
- Object Tagging
  - Managing Object Tags
- Lifecycle Management
- Cross-Origin Resource Sharing (CORS)
  - Enabling CORS
  - Troubleshooting CORS
- Operations on Objects
Storage Class Analysis
Inventory
Managing Access
- Introduction
- Using Bucket Policies and User Policies
- Managing Access with ACLs
  - Access Control List (ACL) Overview
  - Managing ACLs
Protecting Data
- Data Encryption
  - Server-Side Encryption
  - Client-Side Encryption
    - Option 1 Example: Using an AWS KMS–Managed Customer Master Key
    - Option 2 Examples: Using a Client-Side Master Key
      - Client-Side Symmetric Master Key
      - Client-Side Asymmetric Master Key
- Reduced Redundancy Storage
  - Setting the Storage Class of an Object You Upload
  - Changing the Storage Class of an Object in Amazon S3
    - Return Code for Lost Data
- Versioning
Hosting a Static Website
- Website Endpoints
- Configuring a Bucket for Website Hosting
- Example Walkthroughs
Notifications
- Example Walkthrough 1
- Example Walkthrough 2
- Event Message Structure
Cross-Region Replication
- What Is and Is Not Replicated
- How to Set Up
- Replication Status Information
- Troubleshooting
- Replication and Other Bucket Configurations
Request Routing
- Request Redirection and the REST API
- DNS Considerations
Performance Optimization
- Request Rate and Performance Considerations
- TCP Window Scaling
- TCP Selective Acknowledgement
Monitoring
- Monitoring Tools
- Monitoring Metrics with CloudWatch
- Metrics Configurations for Buckets
- Logging API Calls with AWS CloudTrail
BitTorrent
- How You are Charged for BitTorrent Delivery
- Using BitTorrent to Retrieve Objects Stored in Amazon S3
- Publishing Content Using Amazon S3 and BitTorrent
Amazon DevPay
- Amazon S3 Customer Data Isolation
- Amazon DevPay Token Mechanism
- Amazon S3 and Amazon DevPay Authentication
- Amazon S3 Bucket Limitation
- Amazon S3 and Amazon DevPay Process
- Additional Information
Error Handling
- The REST Error Response
  - Error Response
- The SOAP Error Response
- Amazon S3 Error Best Practices
Troubleshooting Amazon S3
Server Access Logging
- Enabling Logging Using the Console
- Enabling Logging Programmatically
- Log Format
- Deleting Log Files
AWS SDKs and Explorers
- Set Up the AWS CLI
- Using the AWS SDK for Java
- Using the AWS SDK for .NET
- Using the AWS SDK for PHP and Running PHP Examples
- Using the AWS SDK for Ruby - Version 2
- Using the AWS SDK for Python (Boto)
Appendices
- Appendix A: Using the SOAP API
- Appendix B: Authenticating Requests (AWS Signature Version 2)
Resources
Document History
AWS Glossary

Specifying Server-Side Encryption Using the REST API

At the time of object creation—that is, when you are uploading a new object or making a copy of an existing object—you can specify if you want Amazon S3 to encrypt your data by adding the x-amz-server-side-encryption header to the request. Set the value of the header to the encryption algorithm AES256 that Amazon S3 supports. Amazon S3 confirms that your object is stored using server-side encryption by returning the response header x-amz-server-side-encryption.

The following REST upload APIs accept the x-amz-server-side-encryption request header.

When uploading large objects using the multipart upload API, you can specify server-side encryption by adding the x-amz-server-side-encryption header to the Initiate Multipart Upload request. When copying an existing object, regardless of whether the source object is encrypted or not, the destination object is not encrypted unless you explicitly request server-side encryption.

The response headers of the following REST APIs return the x-amz-server-side-encryption header when an object is stored using server-side encryption.

Note

Encryption request headers should not be sent for GET requests and HEAD requests if your object uses SSE-S3 or you’ll get an HTTP 400 BadRequest error.

Document Conventions

« Previous Next »

© 2017, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Warning

Javascript is disabled or is unavailable in your browser.
To use the AWS Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.