Retrieves objects from Amazon S3. To use GET, you must have READ
access to the object. If you grant READ access to the anonymous user, you can
return the object without using an authorization header.
An Amazon S3 bucket has no directory hierarchy such as you would find in a typical computer
file system. You can, however, create a logical hierarchy by using object key names that
imply a folder structure. For example, instead of naming an object sample.jpg,
you can name it photos/2006/February/sample.jpg.
To get an object from such a logical hierarchy, specify the full key name for the object
in the GET operation. For a virtual hosted-style request example, if you have
the object photos/2006/February/sample.jpg, specify the resource as
/photos/2006/February/sample.jpg. For a path-style request example, if you
have the object photos/2006/February/sample.jpg in the bucket named
examplebucket, specify the resource as
/examplebucket/photos/2006/February/sample.jpg. For more information about
request types, see HTTP Host Header Bucket Specification.
For more information about returning the ACL of an object, see GetObjectAcl.
If the object you are retrieving is stored in the S3 Glacier or
S3 Glacier Deep Archive storage class, or S3 Intelligent-Tiering Archive or
S3 Intelligent-Tiering Deep Archive tiers, before you can retrieve the object you must first restore a
copy using RestoreObject. Otherwise, this action returns an
InvalidObjectStateError error. For information about restoring archived
objects, see Restoring Archived
Objects.
Encryption request headers, like x-amz-server-side-encryption, should not
be sent for GET requests if your object uses server-side encryption with KMS keys (SSE-KMS)
or server-side encryption with Amazon S3–managed encryption keys (SSE-S3). If your
object does use these types of keys, you’ll get an HTTP 400 BadRequest error.
If you encrypt an object by using server-side encryption with customer-provided
encryption keys (SSE-C) when you store the object in Amazon S3, then when you GET the object,
you must use the following headers:
Assuming you have the relevant permission to read object tags, the response also returns the
x-amz-tagging-count header that provides the count of number of tags
associated with the object. You can use GetObjectTagging to retrieve
the tag set associated with an object.
Permissions
You need the relevant read object (or version) permission for this operation. For more
information, see Specifying Permissions
in a Policy. If the object you request does not exist, the error Amazon S3 returns
depends on whether you also have the s3:ListBucket permission.
If you have the s3:ListBucket permission on the bucket, Amazon S3 will
return an HTTP status code 404 ("no such key") error.
If you don’t have the s3:ListBucket permission, Amazon S3 will return an
HTTP status code 403 ("access denied") error.
Versioning
By default, the GET action returns the current version of an object. To return a
different version, use the versionId subresource.
If you supply a versionId, you need the s3:GetObjectVersion permission to
access a specific version of an object. If you request a specific version, you do not need to have
the s3:GetObject permission.
If the current version of the object is a delete marker, Amazon S3 behaves as if the
object was deleted and includes x-amz-delete-marker: true in the
response.
There are times when you want to override certain response header values in a GET
response. For example, you might override the Content-Disposition response
header value in your GET request.
You can override values for a set of response headers using the following query
parameters. These response header values are sent only on a successful request, that is,
when status code 200 OK is returned. The set of headers you can override using these
parameters is a subset of the headers that Amazon S3 accepts when you create an object. The
response headers that you can override for the GET response are Content-Type,
Content-Language, Expires, Cache-Control,
Content-Disposition, and Content-Encoding. To override these
header values in the GET response, you use the following request parameters.
You must sign the request, either using an Authorization header or a presigned URL,
when using these parameters. They cannot be used with an unsigned (anonymous)
request.
response-content-type
response-content-language
response-expires
response-cache-control
response-content-disposition
response-content-encoding
Additional Considerations about Request Headers
If both of the If-Match and If-Unmodified-Since headers are
present in the request as follows: If-Match condition evaluates to
true, and; If-Unmodified-Since condition evaluates to
false; then, S3 returns 200 OK and the data requested.
If both of the If-None-Match and If-Modified-Since headers are
present in the request as follows: If-None-Match condition evaluates to
false, and; If-Modified-Since condition evaluates to
true; then, S3 returns 304 Not Modified response code.
For more information about conditional requests, see RFC 7232.
The following operations are related to GetObject:
// The following example retrieves an object for an S3 bucket. The request specifies the range header to retrieve a specific byte range. constinput = { "Bucket":"examplebucket", "Key":"SampleFile.txt", "Range":"bytes=0-9" }; constcommand = newGetObjectCommand(input); constresponse = awaitclient.send(command); /* response == { "AcceptRanges": "bytes", "ContentLength": "10", "ContentRange": "bytes 0-9/43", "ContentType": "text/plain", "ETag": "\"0d94420ffd0bc68cd3d152506b97a9cc\"", "LastModified": "Thu, 09 Oct 2014 22:57:28 GMT", "Metadata": {}, "VersionId": "null" } */ // example id: to-retrieve-a-byte-range-of-an-object--1481832674603
Example
To retrieve an object
// The following example retrieves an object for an S3 bucket. constinput = { "Bucket":"examplebucket", "Key":"HappyFace.jpg" }; constcommand = newGetObjectCommand(input); constresponse = awaitclient.send(command); /* response == { "AcceptRanges": "bytes", "ContentLength": "3191", "ContentType": "image/jpeg", "ETag": "\"6805f2cfc46c0f04559748bb039d69ae\"", "LastModified": "Thu, 15 Dec 2016 01:19:41 GMT", "Metadata": {}, "TagCount": 2, "VersionId": "null" } */ // example id: to-retrieve-an-object-1481827837012
Retrieves objects from Amazon S3. To use
GET, you must haveREADaccess to the object. If you grantREADaccess to the anonymous user, you can return the object without using an authorization header.An Amazon S3 bucket has no directory hierarchy such as you would find in a typical computer file system. You can, however, create a logical hierarchy by using object key names that imply a folder structure. For example, instead of naming an object
sample.jpg, you can name itphotos/2006/February/sample.jpg.To get an object from such a logical hierarchy, specify the full key name for the object in the
GEToperation. For a virtual hosted-style request example, if you have the objectphotos/2006/February/sample.jpg, specify the resource as/photos/2006/February/sample.jpg. For a path-style request example, if you have the objectphotos/2006/February/sample.jpgin the bucket namedexamplebucket, specify the resource as/examplebucket/photos/2006/February/sample.jpg. For more information about request types, see HTTP Host Header Bucket Specification.For more information about returning the ACL of an object, see GetObjectAcl.
If the object you are retrieving is stored in the S3 Glacier or S3 Glacier Deep Archive storage class, or S3 Intelligent-Tiering Archive or S3 Intelligent-Tiering Deep Archive tiers, before you can retrieve the object you must first restore a copy using RestoreObject. Otherwise, this action returns an
InvalidObjectStateErrorerror. For information about restoring archived objects, see Restoring Archived Objects.Encryption request headers, like
x-amz-server-side-encryption, should not be sent for GET requests if your object uses server-side encryption with KMS keys (SSE-KMS) or server-side encryption with Amazon S3–managed encryption keys (SSE-S3). If your object does use these types of keys, you’ll get an HTTP 400 BadRequest error.If you encrypt an object by using server-side encryption with customer-provided encryption keys (SSE-C) when you store the object in Amazon S3, then when you GET the object, you must use the following headers:
x-amz-server-side-encryption-customer-algorithm
x-amz-server-side-encryption-customer-key
x-amz-server-side-encryption-customer-key-MD5
For more information about SSE-C, see Server-Side Encryption (Using Customer-Provided Encryption Keys).
Assuming you have the relevant permission to read object tags, the response also returns the
x-amz-tagging-countheader that provides the count of number of tags associated with the object. You can use GetObjectTagging to retrieve the tag set associated with an object.Permissions
You need the relevant read object (or version) permission for this operation. For more information, see Specifying Permissions in a Policy. If the object you request does not exist, the error Amazon S3 returns depends on whether you also have the
s3:ListBucketpermission.If you have the
s3:ListBucketpermission on the bucket, Amazon S3 will return an HTTP status code 404 ("no such key") error.If you don’t have the
s3:ListBucketpermission, Amazon S3 will return an HTTP status code 403 ("access denied") error.Versioning
By default, the GET action returns the current version of an object. To return a different version, use the
versionIdsubresource.If you supply a
versionId, you need thes3:GetObjectVersionpermission to access a specific version of an object. If you request a specific version, you do not need to have thes3:GetObjectpermission.If the current version of the object is a delete marker, Amazon S3 behaves as if the object was deleted and includes
x-amz-delete-marker: truein the response.For more information about versioning, see PutBucketVersioning.
Overriding Response Header Values
There are times when you want to override certain response header values in a GET response. For example, you might override the
Content-Dispositionresponse header value in your GET request.You can override values for a set of response headers using the following query parameters. These response header values are sent only on a successful request, that is, when status code 200 OK is returned. The set of headers you can override using these parameters is a subset of the headers that Amazon S3 accepts when you create an object. The response headers that you can override for the GET response are
Content-Type,Content-Language,Expires,Cache-Control,Content-Disposition, andContent-Encoding. To override these header values in the GET response, you use the following request parameters.You must sign the request, either using an Authorization header or a presigned URL, when using these parameters. They cannot be used with an unsigned (anonymous) request.
response-content-typeresponse-content-languageresponse-expiresresponse-cache-controlresponse-content-dispositionresponse-content-encodingAdditional Considerations about Request Headers
If both of the
If-MatchandIf-Unmodified-Sinceheaders are present in the request as follows:If-Matchcondition evaluates totrue, and;If-Unmodified-Sincecondition evaluates tofalse; then, S3 returns 200 OK and the data requested.If both of the
If-None-MatchandIf-Modified-Sinceheaders are present in the request as follows:If-None-Matchcondition evaluates tofalse, and;If-Modified-Sincecondition evaluates totrue; then, S3 returns 304 Not Modified response code.For more information about conditional requests, see RFC 7232.
The following operations are related to
GetObject:ListBuckets
GetObjectAcl
Example
Use a bare-bones client and the command you need to make an API call.
Param
GetObjectCommandInput
Returns
GetObjectCommandOutput
See
inputshape.responseshape.configshape.Throws
InvalidObjectState (client fault)
Object is archived and inaccessible until restored.
Throws
NoSuchKey (client fault)
The specified key does not exist.
Example
To retrieve a byte range of an object
Example
To retrieve an object