AWS services or capabilities described in AWS Documentation may vary by region/location. Click Getting Started with Amazon AWS to see specific differences applicable to the China (Beijing) Region.
Retrieves all the metadata from an object without returning the object itself. This operation is useful if you're interested only in an object's metadata.
GetObjectAttributes
combines the functionality of HeadObject
and ListParts
.
All of the data returned with each of those individual calls can be returned with
a single call to GetObjectAttributes
.
Directory buckets - For directory buckets, you must make requests for this
API operation to the Zonal endpoint. These endpoints support virtual-hosted-style
requests in the format https://bucket-name.s3express-zone-id.region-code.amazonaws.com/key-name
. Path-style requests are not supported. For more information about endpoints
in Availability Zones, see Regional
and Zonal endpoints for directory buckets in Availability Zones in the Amazon
S3 User Guide. For more information about endpoints in Local Zones, see Available
Local Zone for directory buckets in the Amazon S3 User Guide.
General purpose bucket permissions - To use GetObjectAttributes
, you
must have READ access to the object. The permissions that you need to use this operation
depend on whether the bucket is versioned. If the bucket is versioned, you need both
the s3:GetObjectVersion
and s3:GetObjectVersionAttributes
permissions
for this operation. If the bucket is not versioned, you need the s3:GetObject
and s3:GetObjectAttributes
permissions. For more information, see Specifying
Permissions in a Policy in the Amazon S3 User Guide. If the object that
you request does not exist, the error Amazon S3 returns depends on whether you also
have the s3:ListBucket
permission.
If you have the s3:ListBucket
permission on the bucket, Amazon S3 returns an
HTTP status code 404 Not Found
("no such key") error.
If you don't have the s3:ListBucket
permission, Amazon S3 returns an HTTP status
code 403 Forbidden
("access denied") error.
Directory bucket permissions - To grant access to this API operation on a
directory bucket, we recommend that you use the CreateSession
API operation for session-based authorization. Specifically,
you grant the s3express:CreateSession
permission to the directory bucket in
a bucket policy or an IAM identity-based policy. Then, you make the CreateSession
API call on the bucket to obtain a session token. With the session token in your request
header, you can make API requests to this operation. After the session token expires,
you make another CreateSession
API call to generate a new session token for
use. Amazon Web Services CLI or SDKs create session and refresh the session token
automatically to avoid service interruptions when a session expires. For more information
about authorization, see CreateSession
.
If the object is encrypted with SSE-KMS, you must also have the kms:GenerateDataKey
and kms:Decrypt
permissions in IAM identity-based policies and KMS key policies
for the KMS key.
Encryption request headers, like x-amz-server-side-encryption
, should not be
sent for HEAD
requests if your object uses server-side encryption with Key
Management Service (KMS) keys (SSE-KMS), dual-layer server-side encryption with Amazon
Web Services KMS keys (DSSE-KMS), or server-side encryption with Amazon S3 managed
encryption keys (SSE-S3). The x-amz-server-side-encryption
header is used when
you PUT
an object to S3 and want to specify the encryption method. If you include
this header in a GET
request for an object that uses these types of keys, you’ll
get an HTTP 400 Bad Request
error. It's because the encryption method can't
be changed when you retrieve the object.
If you encrypt an object by using server-side encryption with customer-provided encryption keys (SSE-C) when you store the object in Amazon S3, then when you retrieve the metadata from the object, you must use the following headers to provide the encryption key for the server to be able to retrieve the object's metadata. The headers are:
x-amz-server-side-encryption-customer-algorithm
x-amz-server-side-encryption-customer-key
x-amz-server-side-encryption-customer-key-MD5
For more information about SSE-C, see Server-Side Encryption (Using Customer-Provided Encryption Keys) in the Amazon S3 User Guide.
Directory bucket permissions - For directory buckets, there are only two supported
options for server-side encryption: server-side encryption with Amazon S3 managed
keys (SSE-S3) (AES256
) and server-side encryption with KMS keys (SSE-KMS) (aws:kms
).
We recommend that the bucket's default encryption uses the desired encryption configuration
and you don't override the bucket default encryption in your CreateSession
requests or PUT
object requests. Then, new objects are automatically encrypted
with the desired encryption settings. For more information, see Protecting
data with server-side encryption in the Amazon S3 User Guide. For more
information about the encryption overriding behaviors in directory buckets, see Specifying
server-side encryption with KMS for new object uploads.
Directory buckets - S3 Versioning isn't enabled and supported for directory
buckets. For this API operation, only the null
value of the version ID is supported
by directory buckets. You can only specify null
to the versionId
query
parameter in the request.
Consider the following when using request headers:
If both of the If-Match
and If-Unmodified-Since
headers are present
in the request as follows, then Amazon S3 returns the HTTP status code 200 OK
and the data requested:
If-Match
condition evaluates to true
.
If-Unmodified-Since
condition evaluates to false
.
For more information about conditional requests, see RFC 7232.
If both of the If-None-Match
and If-Modified-Since
headers are present
in the request as follows, then Amazon S3 returns the HTTP status code 304 Not
Modified
:
If-None-Match
condition evaluates to false
.
If-Modified-Since
condition evaluates to true
.
For more information about conditional requests, see RFC 7232.
Directory buckets - The HTTP Host header syntax is Bucket-name.s3express-zone-id.region-code.amazonaws.com
.
The following actions are related to GetObjectAttributes
:
For .NET Core this operation is only available in asynchronous form. Please refer to GetObjectAttributesAsync.
Namespace: Amazon.S3
Assembly: AWSSDK.S3.dll
Version: 3.x.y.z
public virtual GetObjectAttributesResponse GetObjectAttributes( GetObjectAttributesRequest request )
Container for the necessary parameters to execute the GetObjectAttributes service method.
.NET Framework:
Supported in: 4.5 and newer, 3.5