AWS CLI version 2, the latest major version of AWS CLI, is now stable and recommended for general use. To view this page for the AWS CLI version 2, click here. For more information see the AWS CLI version 2 installation instructions and migration guide.
Passes transformed objects to a GetObject
operation when using Object Lambda access points. For information about Object Lambda access points, see Transforming objects with Object Lambda access points in the Amazon S3 User Guide .
This operation supports metadata that can be returned by GetObject , in addition to RequestRoute
, RequestToken
, StatusCode
, ErrorCode
, and ErrorMessage
. The GetObject
response metadata is supported so that the WriteGetObjectResponse
caller, typically an Lambda function, can provide the same metadata when it internally invokes GetObject
. When WriteGetObjectResponse
is called by a customer-owned Lambda function, the metadata returned to the end user GetObject
call might differ from what Amazon S3 would normally return.
You can include any number of metadata headers. When including a metadata header, it should be prefaced with x-amz-meta
. For example, x-amz-meta-my-custom-header: MyCustomValue
. The primary use case for this is to forward GetObject
metadata.
Amazon Web Services provides some prebuilt Lambda functions that you can use with S3 Object Lambda to detect and redact personally identifiable information (PII) and decompress S3 objects. These Lambda functions are available in the Amazon Web Services Serverless Application Repository, and can be selected through the Amazon Web Services Management Console when you create your Object Lambda access point.
Example 1: PII Access Control - This Lambda function uses Amazon Comprehend, a natural language processing (NLP) service using machine learning to find insights and relationships in text. It automatically detects personally identifiable information (PII) such as names, addresses, dates, credit card numbers, and social security numbers from documents in your Amazon S3 bucket.
Example 2: PII Redaction - This Lambda function uses Amazon Comprehend, a natural language processing (NLP) service using machine learning to find insights and relationships in text. It automatically redacts personally identifiable information (PII) such as names, addresses, dates, credit card numbers, and social security numbers from documents in your Amazon S3 bucket.
Example 3: Decompression - The Lambda function S3ObjectLambdaDecompression, is equipped to decompress objects stored in S3 in one of six compressed file formats including bzip2, gzip, snappy, zlib, zstandard and ZIP.
For information on how to view and use these functions, see Using Amazon Web Services built Lambda functions in the Amazon S3 User Guide .
See also: AWS API Documentation
write-get-object-response
--request-route <value>
--request-token <value>
[--body <value>]
[--status-code <value>]
[--error-code <value>]
[--error-message <value>]
[--accept-ranges <value>]
[--cache-control <value>]
[--content-disposition <value>]
[--content-encoding <value>]
[--content-language <value>]
[--content-length <value>]
[--content-range <value>]
[--content-type <value>]
[--checksum-crc32 <value>]
[--checksum-crc32-c <value>]
[--checksum-sha1 <value>]
[--checksum-sha256 <value>]
[--delete-marker | --no-delete-marker]
[--e-tag <value>]
[--expires <value>]
[--expiration <value>]
[--last-modified <value>]
[--missing-meta <value>]
[--metadata <value>]
[--object-lock-mode <value>]
[--object-lock-legal-hold-status <value>]
[--object-lock-retain-until-date <value>]
[--parts-count <value>]
[--replication-status <value>]
[--request-charged <value>]
[--restore <value>]
[--server-side-encryption <value>]
[--sse-customer-algorithm <value>]
[--ssekms-key-id <value>]
[--sse-customer-key-md5 <value>]
[--storage-class <value>]
[--tag-count <value>]
[--version-id <value>]
[--bucket-key-enabled | --no-bucket-key-enabled]
[--cli-input-json <value>]
[--generate-cli-skeleton <value>]
[--debug]
[--endpoint-url <value>]
[--no-verify-ssl]
[--no-paginate]
[--output <value>]
[--query <value>]
[--profile <value>]
[--region <value>]
[--version <value>]
[--color <value>]
[--no-sign-request]
[--ca-bundle <value>]
[--cli-read-timeout <value>]
[--cli-connect-timeout <value>]
--request-route
(string)
Route prefix to the HTTP URL generated.
--request-token
(string)
A single use encrypted token that mapsWriteGetObjectResponse
to the end userGetObject
request.
--body
(streaming blob)
The object data.
Note
This argument is of type: streaming blob. Its value must be the path to a file (e.g.path/to/file
) and must not be prefixed withfile://
orfileb://
--status-code
(integer)
The integer status code for an HTTP response of a corresponding
GetObject
request. The following is a list of status codes.
200 - OK
206 - Partial Content
304 - Not Modified
400 - Bad Request
401 - Unauthorized
403 - Forbidden
404 - Not Found
405 - Method Not Allowed
409 - Conflict
411 - Length Required
412 - Precondition Failed
416 - Range Not Satisfiable
500 - Internal Server Error
503 - Service Unavailable
--error-code
(string)
A string that uniquely identifies an error condition. Returned in the <Code> tag of the error XML response for a correspondingGetObject
call. Cannot be used with a successfulStatusCode
header or when the transformed object is provided in the body. All error codes from S3 are sentence-cased. The regular expression (regex) value is"^[A-Z][a-zA-Z]+$"
.
--error-message
(string)
Contains a generic description of the error condition. Returned in the <Message> tag of the error XML response for a correspondingGetObject
call. Cannot be used with a successfulStatusCode
header or when the transformed object is provided in body.
--accept-ranges
(string)
Indicates that a range of bytes was specified.
--cache-control
(string)
Specifies caching behavior along the request/reply chain.
--content-disposition
(string)
Specifies presentational information for the object.
--content-encoding
(string)
Specifies what content encodings have been applied to the object and thus what decoding mechanisms must be applied to obtain the media-type referenced by the Content-Type header field.
--content-language
(string)
The language the content is in.
--content-length
(long)
The size of the content body in bytes.
--content-range
(string)
The portion of the object returned in the response.
--content-type
(string)
A standard MIME type describing the format of the object data.
--checksum-crc32
(string)
This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This specifies the base64-encoded, 32-bit CRC-32 checksum of the object returned by the Object Lambda function. This may not match the checksum for the object stored in Amazon S3. Amazon S3 will perform validation of the checksum values only when the original
GetObject
request required checksum validation. For more information about checksums, see Checking object integrity in the Amazon S3 User Guide .Only one checksum header can be specified at a time. If you supply multiple checksum headers, this request will fail.
--checksum-crc32-c
(string)
This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This specifies the base64-encoded, 32-bit CRC-32C checksum of the object returned by the Object Lambda function. This may not match the checksum for the object stored in Amazon S3. Amazon S3 will perform validation of the checksum values only when the original
GetObject
request required checksum validation. For more information about checksums, see Checking object integrity in the Amazon S3 User Guide .Only one checksum header can be specified at a time. If you supply multiple checksum headers, this request will fail.
--checksum-sha1
(string)
This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This specifies the base64-encoded, 160-bit SHA-1 digest of the object returned by the Object Lambda function. This may not match the checksum for the object stored in Amazon S3. Amazon S3 will perform validation of the checksum values only when the original
GetObject
request required checksum validation. For more information about checksums, see Checking object integrity in the Amazon S3 User Guide .Only one checksum header can be specified at a time. If you supply multiple checksum headers, this request will fail.
--checksum-sha256
(string)
This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This specifies the base64-encoded, 256-bit SHA-256 digest of the object returned by the Object Lambda function. This may not match the checksum for the object stored in Amazon S3. Amazon S3 will perform validation of the checksum values only when the original
GetObject
request required checksum validation. For more information about checksums, see Checking object integrity in the Amazon S3 User Guide .Only one checksum header can be specified at a time. If you supply multiple checksum headers, this request will fail.
--delete-marker
| --no-delete-marker
(boolean)
Specifies whether an object stored in Amazon S3 is (true
) or is not (false
) a delete marker.
--e-tag
(string)
An opaque identifier assigned by a web server to a specific version of a resource found at a URL.
--expires
(timestamp)
The date and time at which the object is no longer cacheable.
--expiration
(string)
If the object expiration is configured (see PUT Bucket lifecycle), the response includes this header. It includes theexpiry-date
andrule-id
key-value pairs that provide the object expiration information. The value of therule-id
is URL-encoded.
--last-modified
(timestamp)
The date and time that the object was last modified.
--missing-meta
(integer)
Set to the number of metadata entries not returned inx-amz-meta
headers. This can happen if you create metadata using an API like SOAP that supports more flexible metadata than the REST API. For example, using SOAP, you can create metadata whose values are not legal HTTP headers.
--metadata
(map)
A map of metadata to store with the object in S3.
key -> (string)
value -> (string)
Shorthand Syntax:
KeyName1=string,KeyName2=string
JSON Syntax:
{"string": "string"
...}
--object-lock-mode
(string)
Indicates whether an object stored in Amazon S3 has Object Lock enabled. For more information about S3 Object Lock, see Object Lock .
Possible values:
GOVERNANCE
COMPLIANCE
--object-lock-legal-hold-status
(string)
Indicates whether an object stored in Amazon S3 has an active legal hold.
Possible values:
ON
OFF
--object-lock-retain-until-date
(timestamp)
The date and time when Object Lock is configured to expire.
--parts-count
(integer)
The count of parts this object has.
--replication-status
(string)
Indicates if request involves bucket that is either a source or destination in a Replication rule. For more information about S3 Replication, see Replication .
Possible values:
COMPLETE
PENDING
FAILED
REPLICA
COMPLETED
--request-charged
(string)
If present, indicates that the requester was successfully charged for the request.
Note
This functionality is not supported for directory buckets.Possible values:
requester
--restore
(string)
Provides information about object restoration operation and expiration time of the restored object copy.
--server-side-encryption
(string)
The server-side encryption algorithm used when storing requested object in Amazon S3 (for example, AES256,
aws:kms
).Possible values:
AES256
aws:kms
aws:kms:dsse
--sse-customer-algorithm
(string)
Encryption algorithm used if server-side encryption with a customer-provided encryption key was specified for object stored in Amazon S3.
--ssekms-key-id
(string)
If present, specifies the ID (Key ID, Key ARN, or Key Alias) of the Amazon Web Services Key Management Service (Amazon Web Services KMS) symmetric encryption customer managed key that was used for stored in Amazon S3 object.
--sse-customer-key-md5
(string)
128-bit MD5 digest of customer-provided encryption key used in Amazon S3 to encrypt data stored in S3. For more information, see Protecting data using server-side encryption with customer-provided encryption keys (SSE-C) .
--storage-class
(string)
Provides storage class information of the object. Amazon S3 returns this header for all objects except for S3 Standard storage class objects.
For more information, see Storage Classes .
Possible values:
STANDARD
REDUCED_REDUNDANCY
STANDARD_IA
ONEZONE_IA
INTELLIGENT_TIERING
GLACIER
DEEP_ARCHIVE
OUTPOSTS
GLACIER_IR
SNOW
EXPRESS_ONEZONE
--tag-count
(integer)
The number of tags, if any, on the object.
--version-id
(string)
An ID used to reference a specific version of the object.
--bucket-key-enabled
| --no-bucket-key-enabled
(boolean)
Indicates whether the object stored in Amazon S3 uses an S3 bucket key for server-side encryption with Amazon Web Services KMS (SSE-KMS).
--cli-input-json
(string)
Performs service operation based on the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton
. If other arguments are provided on the command line, the CLI values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally.
--generate-cli-skeleton
(string)
Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input
, prints a sample input JSON that can be used as an argument for --cli-input-json
. If provided with the value output
, it validates the command inputs and returns a sample output JSON for that command.
--debug
(boolean)
Turn on debug logging.
--endpoint-url
(string)
Override command's default URL with the given URL.
--no-verify-ssl
(boolean)
By default, the AWS CLI uses SSL when communicating with AWS services. For each SSL connection, the AWS CLI will verify SSL certificates. This option overrides the default behavior of verifying SSL certificates.
--no-paginate
(boolean)
Disable automatic pagination. If automatic pagination is disabled, the AWS CLI will only make one call, for the first page of results.
--output
(string)
The formatting style for command output.
--query
(string)
A JMESPath query to use in filtering the response data.
--profile
(string)
Use a specific profile from your credential file.
--region
(string)
The region to use. Overrides config/env settings.
--version
(string)
Display the version of this tool.
--color
(string)
Turn on/off color output.
--no-sign-request
(boolean)
Do not sign requests. Credentials will not be loaded if this argument is provided.
--ca-bundle
(string)
The CA certificate bundle to use when verifying SSL certificates. Overrides config/env settings.
--cli-read-timeout
(int)
The maximum socket read time in seconds. If the value is set to 0, the socket read will be blocking and not timeout. The default value is 60 seconds.
--cli-connect-timeout
(int)
The maximum socket connect time in seconds. If the value is set to 0, the socket connect will be blocking and not timeout. The default value is 60 seconds.
None