Amazon Simple Storage Service

Developer Guide (API Version 2006-03-01)

What Is Amazon S3?
Introduction
Making Requests
- Making Requests over IPv6
  - Using Dual-Stack Endpoints
- Making Requests Using the AWS SDKs
- Making Requests Using the REST API
  - Virtual Hosting of Buckets
  - Request Redirection and the REST API
Buckets
- Restrictions and Limitations
- Examples of Creating a Bucket
- Deleting or Emptying a Bucket
- Default Encryption for a Bucket
- Bucket Website Configuration
- Transfer Acceleration
  - Transfer Acceleration Examples
- Requester Pays Buckets
  - Configure with the Console
  - Configure with the REST API
- Access Control
- Billing and Usage Reporting
Objects
- Object Key and Metadata
- Storage Classes
- Subresources
- Versioning
- Object Tagging
  - Managing Object Tags
- Lifecycle Management
- Cross-Origin Resource Sharing (CORS)
  - Enabling CORS
  - Troubleshooting CORS
- Operations on Objects
Storage Class Analysis
Inventory
Managing Access
- Introduction
- Using Bucket Policies and User Policies
- Managing Access with ACLs
  - Access Control List (ACL) Overview
  - Managing ACLs
- Blocking Public Access
Protecting Data
- Data Encryption
  - Server-Side Encryption
  - Client-Side Encryption
- Versioning
- Locking Objects
  - Overview
  - Managing Object Locks
Batch Operations
- The Basics: Amazon S3 Batch Operations Jobs
- Creating a Job
- Managing Jobs
Hosting a Static Website
- Website Endpoints
- Configuring a Bucket for Website Hosting
- Example Walkthroughs
Notifications
- Example Walkthrough 1
- Example Walkthrough 2
- Event Message Structure
Cross-Region Replication
- What Does Amazon S3 Replicate?
- Overview of Setting Up CRR
  - Replication Configuration Overview
  - Setting Up Permissions for CRR
- Additional CRR Configurations
  - CRR Additional Configuration: Changing Replica Owner
  - CRR Additional Configuration: Replicating Encrypted Objects
- CRR Walkthroughs
- CRR: Status Information
- CRR: Troubleshooting
- CRR: Additional Considerations
Request Routing
- Request Redirection and the REST API
- DNS Considerations
Performance Optimization
- Request Rate and Performance Guidelines
- TCP Window Scaling
- TCP Selective Acknowledgement
Monitoring
- Monitoring Tools
- Monitoring Metrics with CloudWatch
- Metrics Configurations for Buckets
- Logging API Calls with AWS CloudTrail
BitTorrent
- How You are Charged for BitTorrent Delivery
- Using BitTorrent to Retrieve Objects Stored in Amazon S3
- Publishing Content Using Amazon S3 and BitTorrent
Error Handling
- The REST Error Response
  - Error Response
- The SOAP Error Response
- Amazon S3 Error Best Practices
Troubleshooting Amazon S3
Server Access Logging
- Enabling Logging Using the Console
- Enabling Logging Programmatically
- Log Format
- Deleting Log Files
AWS SDKs and Explorers
- Setting Up the AWS CLI
- Using the AWS SDK for Java
- Using the AWS SDK for .NET
- Using the AWS SDK for PHP and Running PHP Examples
- Using the AWS SDK for Ruby - Version 3
- Using the AWS SDK for Python (Boto)
- Using the AWS Mobile SDKs for iOS and Android
- Using the AWS Amplify JavaScript Library
Appendices
- Appendix A: Using the SOAP API
- Appendix B: Authenticating Requests (AWS Signature Version 2)
Resources
SQL Reference
- SELECT Command
- Data Types
- Operators
- Reserved Keywords
- SQL Functions
Document History
AWS Glossary

Specifying Server-Side Encryption Using the REST API

At the time of object creation—that is, when you are uploading a new object or making a copy of an existing object—you can specify if you want Amazon S3 to encrypt your data by adding the x-amz-server-side-encryption header to the request. Set the value of the header to the encryption algorithm AES256 that Amazon S3 supports. Amazon S3 confirms that your object is stored using server-side encryption by returning the response header x-amz-server-side-encryption.

The following REST upload APIs accept the x-amz-server-side-encryption request header.

When uploading large objects using the multipart upload API, you can specify server-side encryption by adding the x-amz-server-side-encryption header to the Initiate Multipart Upload request. When you are copying an existing object, regardless of whether the source object is encrypted or not, the destination object is not encrypted unless you explicitly request server-side encryption.

The response headers of the following REST APIs return the x-amz-server-side-encryption header when an object is stored using server-side encryption.

Note

Encryption request headers should not be sent for GET requests and HEAD requests if your object uses SSE-S3 or you’ll get an HTTP 400 BadRequest error.

Warning Javascript is disabled or is unavailable in your browser.

To use the AWS Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

« Previous Next »

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.