AWS SDK Version 3 for .NET
API Reference

AWS services or capabilities described in AWS Documentation may vary by region/location. Click Getting Started with Amazon AWS to see specific differences applicable to the China (Beijing) Region.

Classes

NameDescription
Class AbortMultipartUploadRequest

Container for the parameters to the AbortMultipartUpload operation. This action aborts a multipart upload. After a multipart upload is aborted, no additional parts can be uploaded using that upload ID. The storage consumed by any previously uploaded parts will be freed. However, if any part uploads are currently in progress, those part uploads might or might not succeed. As a result, it might be necessary to abort a given multipart upload multiple times in order to completely free all storage consumed by all parts.

To verify that all parts have been removed, so you don't get charged for the part storage, you should call the ListParts action and ensure that the parts list is empty.

For information about permissions required to use the multipart upload, see Multipart Upload and Permissions.

The following operations are related to AbortMultipartUpload:

Class AbortMultipartUploadResponse

Returns information about the AbortMultipartUpload response metadata. The AbortMultipartUpload operation has a void result type.

Class AccelerateConfiguration

Bucket accelerate configuration.

Class AccessControlTranslation

A container for information about access control for replicas.

Class AnalyticsAndOperator

Class for AnalyticsAndOperator

A conjunction (logical AND) of predicates, which is used in evaluating a metrics filter. The operator must have at least two predicates, and an object must match all of the predicates in order for the filter to apply.

Class AnalyticsConfiguration

Class for AnalyticsConfiguration

Class AnalyticsExportDestination

Class for AnalyticsExportDestination

Class AnalyticsFilter

Filter class for Metrics.

Class AnalyticsFilterPredicate

Filter Predicate abstract class for specific filter types to be derived from.

Class AnalyticsNAryOperator

Abstract class that can be used over logical filter predicates,i.e. AND/OR.

Class AnalyticsPrefixPredicate

Class for AnalyticsPrefixPredicate

The prefix used when evaluating a metrics filter.

Class AnalyticsS3BucketDestination

Class for AnalyticsS3BucketDestination

Class AnalyticsTagPredicate

Class for MetricsTagPredicate

The tag used when evaluating a metrics filter.

Class ByteRange

This class represents the byte range for a range GET from S3.

Class Checksum

Contains all the possible checksum or digest values for an object.

Class CompleteMultipartUploadRequest

Container for the parameters to the CompleteMultipartUpload operation. Completes a multipart upload by assembling previously uploaded parts.

You first initiate the multipart upload and then upload all parts using the UploadPart operation. After successfully uploading all relevant parts of an upload, you call this action to complete the upload. Upon receiving this request, Amazon S3 concatenates all the parts in ascending order by part number to create a new object. In the Complete Multipart Upload request, you must provide the parts list. You must ensure that the parts list is complete. This action concatenates the parts that you provide in the list. For each part in the list, you must provide the part number and the ETag value, returned after that part was uploaded.

Processing of a Complete Multipart Upload request could take several minutes to complete. After Amazon S3 begins processing the request, it sends an HTTP response header that specifies a 200 OK response. While processing is in progress, Amazon S3 periodically sends white space characters to keep the connection from timing out. Because a request could fail after the initial 200 OK response has been sent, it is important that you check the response body to determine whether the request succeeded.

Note that if CompleteMultipartUpload fails, applications should be prepared to retry the failed requests. For more information, see Amazon S3 Error Best Practices.

You cannot use Content-Type: application/x-www-form-urlencode with Complete Multipart Upload requests. It is not allowed by the Amazon S3. Also, if you do not provide a Content-Type header, CompleteMultipartUpload returns a 200 OK response.

For more information about multipart uploads, see Uploading Objects Using Multipart Upload.

For information about permissions required to use the multipart upload API, see Multipart Upload and Permissions.

CompleteMultipartUpload has the following special errors:

  • Error code: EntityTooSmall

    • Description: Your proposed upload is smaller than the minimum allowed object size. Each part must be at least 5 MB in size, except the last part.

    • 400 Bad Request

  • Error code: InvalidPart

    • Description: One or more of the specified parts could not be found. The part might not have been uploaded, or the specified entity tag might not have matched the part's entity tag.

    • 400 Bad Request

  • Error code: InvalidPartOrder

    • Description: The list of parts was not in ascending order. The parts list must be specified in order by part number.

    • 400 Bad Request

  • Error code: NoSuchUpload

    • Description: The specified multipart upload does not exist. The upload ID might be invalid, or the multipart upload might have been aborted or completed.

    • 404 Not Found

The following operations are related to CompleteMultipartUpload:

Class CompleteMultipartUploadResponse

Returns information about the CompleteMultipartUpload response and response metadata.

Class ContinuationEvent

The Continuation Event.

Class CopyObjectRequest

Container for the parameters to the CopyObject operation. Creates a copy of an object that is already stored in Amazon S3.

You can store individual objects of up to 5 TB in Amazon S3. You create a copy of your object up to 5 GB in size in a single atomic action using this API. However, to copy an object greater than 5 GB, you must use the multipart upload Upload Part - Copy API. For more information, see Copy Object Using the REST Multipart Upload API.

All copy requests must be authenticated. Additionally, you must have read access to the source object and write access to the destination bucket. For more information, see REST Authentication. Both the Region that you want to copy the object from and the Region that you want to copy the object to must be enabled for your account.

A copy request might return an error when Amazon S3 receives the copy request or while Amazon S3 is copying the files. If the error occurs before the copy action starts, you receive a standard Amazon S3 error. If the error occurs during the copy operation, the error response is embedded in the 200 OK response. This means that a 200 OK response can contain either a success or an error. Design your application to parse the contents of the response and handle it appropriately.

If the copy is successful, you receive a response with information about the copied object.

If the request is an HTTP 1.1 request, the response is chunk encoded. If it were not, it would not contain the content-length, and you would need to read the entire body.

The copy request charge is based on the storage class and Region that you specify for the destination object. For pricing information, see Amazon S3 pricing.

Amazon S3 transfer acceleration does not support cross-Region copies. If you request a cross-Region copy using a transfer acceleration endpoint, you get a 400

Bad
            Request
error. For more information, see Transfer Acceleration.

Metadata

When copying an object, you can preserve all metadata (default) or specify new metadata. However, the ACL is not preserved and is set to private for the user making the request. To override the default ACL setting, specify a new ACL when generating a copy request. For more information, see Using ACLs.

To specify whether you want the object metadata copied from the source object or replaced with metadata provided in the request, you can optionally add the x-amz-metadata-directive header. When you grant permissions, you can use the s3:x-amz-metadata-directive condition key to enforce certain metadata behavior when objects are uploaded. For more information, see Specifying Conditions in a Policy in the Amazon S3 User Guide. For a complete list of Amazon S3-specific condition keys, see Actions, Resources, and Condition Keys for Amazon S3.

x-amz-copy-source-if Headers

To only copy an object under certain conditions, such as whether the Etag matches or whether the object was modified before or after a specified date, use the following request parameters:

  • x-amz-copy-source-if-match

  • x-amz-copy-source-if-none-match

  • x-amz-copy-source-if-unmodified-since

  • x-amz-copy-source-if-modified-since

If both the x-amz-copy-source-if-match and x-amz-copy-source-if-unmodified-since headers are present in the request and evaluate as follows, Amazon S3 returns

200
            OK
and copies the data:

  • x-amz-copy-source-if-match condition evaluates to true

  • x-amz-copy-source-if-unmodified-since condition evaluates to false

If both the x-amz-copy-source-if-none-match and x-amz-copy-source-if-modified-since headers are present in the request and evaluate as follows, Amazon S3 returns the 412 Precondition Failed response code:

  • x-amz-copy-source-if-none-match condition evaluates to false

  • x-amz-copy-source-if-modified-since condition evaluates to true

All headers with the x-amz- prefix, including x-amz-copy-source, must be signed.

Server-side encryption

When you perform a CopyObject operation, you can optionally use the appropriate encryption-related headers to encrypt the object using server-side encryption with Amazon Web Services managed encryption keys (SSE-S3 or SSE-KMS) or a customer-provided encryption key. With server-side encryption, Amazon S3 encrypts your data as it writes it to disks in its data centers and decrypts the data when you access it. For more information about server-side encryption, see Using Server-Side Encryption.

If a target object uses SSE-KMS, you can enable an S3 Bucket Key for the object. For more information, see Amazon S3 Bucket Keys in the Amazon S3 User Guide.

Access Control List (ACL)-Specific Request Headers

When copying an object, you can optionally use headers to grant ACL-based permissions. By default, all objects are private. Only the owner has full access control. When adding a new object, you can grant permissions to individual Amazon Web Services accounts or to predefined groups defined by Amazon S3. These permissions are then added to the ACL on the object. For more information, see Access Control List (ACL) Overview and Managing ACLs Using the REST API.

If the bucket that you're copying objects to uses the bucket owner enforced setting for S3 Object Ownership, ACLs are disabled and no longer affect permissions. Buckets that use this setting only accept PUT requests that don't specify an ACL or PUT requests that specify bucket owner full control ACLs, such as the bucket-owner-full-control canned ACL or an equivalent form of this ACL expressed in the XML format.

For more information, see Controlling ownership of objects and disabling ACLs in the Amazon S3 User Guide.

If your bucket uses the bucket owner enforced setting for Object Ownership, all objects written to the bucket by any account will be owned by the bucket owner.

Storage Class Options

You can use the CopyObject action to change the storage class of an object that is already stored in Amazon S3 using the StorageClass parameter. For more information, see Storage Classes in the Amazon S3 User Guide.

Versioning

By default, x-amz-copy-source identifies the current version of an object to copy. If the current version is a delete marker, Amazon S3 behaves as if the object was deleted. To copy a different version, use the versionId subresource.

If you enable versioning on the target bucket, Amazon S3 generates a unique version ID for the object being copied. This version ID is different from the version ID of the source object. Amazon S3 returns the version ID of the copied object in the x-amz-version-id response header in the response.

If you do not enable versioning or suspend it on the target bucket, the version ID that Amazon S3 generates is always null.

If the source object's storage class is GLACIER, you must restore a copy of this object before you can use it as a source object for the copy operation. For more information, see RestoreObject.

The following operations are related to CopyObject:

For more information, see Copying Objects.

Class CopyObjectResponse

Returns information about the CopyObject response and response metadata.

Class CopyPartRequest

Container for the parameters to the CopyPart operation.

Uploads a part by copying data from an existing object as data source.

Class CopyPartResponse

Returns information about the CopyPart response and response metadata.

Class CORSConfiguration

A collection of up to 100 cross-origin resource sharing (CORS) rules.

Class CORSRule

C O R S Rule

Class CSVInput

Describes how a CSV-formatted input object is formatted.

Class CSVOutput

Describes how CSV-formatted results are formatted.

Class DefaultRetention

The container element for specifying the default Object Lock retention settings for new objects placed in the specified bucket.

Class DeleteBucketAnalyticsConfigurationRequest

Container for the parameters to the DeleteBucketAnalyticsConfiguration operation.

Deletes an analytics configuration for the bucket (specified by the analytics configuration ID).

Class DeleteBucketAnalyticsConfigurationResponse

Returns information about the DeleteBucketAnalyticsConfiguration response metadata. The DeleteBucketAnalyticsConfiguration operation has a void result type.

Class DeleteBucketEncryptionRequest

Request object for the DeleteBucketEncryption operation. Request Deletes the server-side encryption configuration from the bucket.

Class DeleteBucketEncryptionResponse

Returns information about the DeleteBucketEncryption response metadata. The DeleteBucketEncryption operation has a void result type.

Class DeleteBucketIntelligentTieringConfigurationRequest

Container for the parameters to the DeleteBucketIntelligentTieringConfiguration operation. Deletes the S3 Intelligent-Tiering configuration from the specified bucket.

The S3 Intelligent-Tiering storage class is designed to optimize storage costs by automatically moving data to the most cost-effective storage access tier, without performance impact or operational overhead. S3 Intelligent-Tiering delivers automatic cost savings in three low latency and high throughput access tiers. To get the lowest storage cost on data that can be accessed in minutes to hours, you can choose to activate additional archiving capabilities.

The S3 Intelligent-Tiering storage class is the ideal storage class for data with unknown, changing, or unpredictable access patterns, independent of object size or retention period. If the size of an object is less than 128 KB, it is not monitored and not eligible for auto-tiering. Smaller objects can be stored, but they are always charged at the Frequent Access tier rates in the S3 Intelligent-Tiering storage class.

For more information, see Storage class for automatically optimizing frequently and infrequently accessed objects.

Operations related to DeleteBucketIntelligentTieringConfiguration include:

Class DeleteBucketIntelligentTieringConfigurationResponse

Returns information about the DeleteBucketIntelligentTieringConfiguration response metadata. The DeleteBucketMetricsConfiguration operation has a void result type.

Class DeleteBucketInventoryConfigurationRequest

Container for the parameters to the DeleteInventoryConfiguration operation.

Deletes an inventory configuration (identified by the inventory ID) from the bucket.

Class DeleteBucketInventoryConfigurationResponse

Returns information about the DeleteInventoryConfiguration response metadata. The DeleteInventoryConfiguration operation has a void result type.

Class DeleteBucketMetricsConfigurationRequest

Container for the parameters to the DeleteBucketMetricsConfiguration operation.

Deletes a metrics configuration (specified by the metrics configuration ID) from the bucket.

Class DeleteBucketMetricsConfigurationResponse

Returns information about the DeleteBucketMetricsConfiguration response metadata. The DeleteBucketMetricsConfiguration operation has a void result type.

Class DeleteBucketOwnershipControlsRequest

Container for the parameters to the DeleteBucketOwnershipControlsRequest operation.

Class DeleteBucketOwnershipControlsResponse

Returns information about the DeleteBucketOwnershipControls response metadata. The DeleteBucketOwnershipControls operation has a void result type.

Class DeleteBucketPolicyRequest

Container for the parameters to the DeleteBucketPolicy operation. This implementation of the DELETE action uses the policy subresource to delete the policy of a specified bucket. If you are using an identity other than the root user of the Amazon Web Services account that owns the bucket, the calling identity must have the DeleteBucketPolicy permissions on the specified bucket and belong to the bucket owner's account to use this operation.

If you don't have DeleteBucketPolicy permissions, Amazon S3 returns a 403 Access Denied error. If you have the correct permissions, but you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 405 Method Not Allowed error.

As a security precaution, the root user of the Amazon Web Services account that owns a bucket can always use this operation, even if the policy explicitly denies the root user the ability to perform this action.

For more information about bucket policies, see Using Bucket Policies and UserPolicies.

The following operations are related to DeleteBucketPolicy

Class DeleteBucketPolicyResponse

Returns information about the DeleteBucketPolicy response metadata. The DeleteBucketPolicy operation has a void result type.

Class DeleteBucketReplicationRequest

Container for the parameters to the DeleteBucketReplication operation. Deletes the replication configuration from the bucket.

To use this operation, you must have permissions to perform the s3:PutReplicationConfiguration action. The bucket owner has these permissions by default and can grant it to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.

It can take a while for the deletion of a replication configuration to fully propagate.

For information about replication configuration, see Replication in the Amazon S3 User Guide.

The following operations are related to DeleteBucketReplication:

Class DeleteBucketReplicationResponse

Returns information about the DeleteBucketReplication response metadata. The DeleteBucketReplication operation has a void result type.

Class DeleteBucketRequest

Container for the parameters to the DeleteBucket operation.

Deletes the bucket. All objects (including all object versions and Delete Markers) in the bucket must be deleted before the bucket itself can be deleted.

Class DeleteBucketResponse

Returns information about the DeleteBucket response metadata. The DeleteBucket operation has a void result type.

Class DeleteBucketTaggingRequest

The parameters to request deletion of a tag set from a bucket.

Class DeleteBucketTaggingResponse

Returns information about the DeleteBucketTagging response metadata. The DeleteBucketTagging operation has a void result type.

Class DeleteBucketWebsiteRequest

Container for the parameters to the DeleteBucketWebsite operation.

This operation removes the website configuration from the bucket.

Class DeleteBucketWebsiteResponse

Returns information about the DeleteBucketWebsite response metadata. The DeleteBucketWebsite operation has a void result type.

Class DeleteCORSConfigurationRequest

Container for the parameters to the DeleteCORSConfiguration operation.

Deletes the cors configuration information set for the bucket.

Class DeleteCORSConfigurationResponse

Returns information about the DeleteCORSConfiguration response metadata. The DeleteCORSConfiguration operation has a void result type.

Class DeletedObject

Contains information about a successful delete operation against a specific S3 object.

Class DeleteError

Contains information about a failed delete operation against a specific S3 object.

Class DeleteLifecycleConfigurationRequest

The parameters to request deletion of the lifecycle configuration on a bucket.

Class DeleteLifecycleConfigurationResponse

Returns information about the DeleteLifecycleConfiguration response metadata. The DeleteLifecycleConfiguration operation has a void result type.

Class DeleteMarkerReplication

Specifies whether Amazon S3 replicates delete markers. If you specify a Filter in your replication configuration, you must also include a DeleteMarkerReplication element. If your Filter includes a Tag element, the DeleteMarkerReplicationStatus must be set to Disabled, because Amazon S3 does not support replicating delete markers for tag-based rules. For an example configuration, see Basic Rule Configuration.

For more information about delete marker replication, see Basic Rule Configuration.

If you are using an earlier version of the replication configuration, Amazon S3 handles replication of delete markers differently. For more information, see Backward Compatibility.

Class DeleteObjectRequest

Container for the parameters to the DeleteObject operation. Removes the null version (if there is one) of an object and inserts a delete marker, which becomes the latest version of the object. If there isn't a null version, Amazon S3 does not remove any objects but will still respond that the command was successful.

To remove a specific version, you must be the bucket owner and you must use the version Id subresource. Using this subresource permanently deletes the version. If the object deleted is a delete marker, Amazon S3 sets the response header, x-amz-delete-marker, to true.

If the object you want to delete is in a bucket where the bucket versioning configuration is MFA Delete enabled, you must include the x-amz-mfa request header in the DELETE versionId request. Requests that include x-amz-mfa must use HTTPS.

For more information about MFA Delete, see Using MFA Delete. To see sample requests that use versioning, see Sample Request.

You can delete objects by explicitly calling DELETE Object or configure its lifecycle (PutBucketLifecycle) to enable Amazon S3 to remove them for you. If you want to block users or accounts from removing or deleting objects from your bucket, you must deny them the s3:DeleteObject, s3:DeleteObjectVersion, and s3:PutLifeCycleConfiguration actions.

The following action is related to DeleteObject:

Class DeleteObjectResponse

Returns information about the DeleteObject response and response metadata.

Class DeleteObjectsRequest

Container for the parameters to the DeleteObjects operation. This action enables you to delete multiple objects from a bucket using a single HTTP request. If you know the object keys that you want to delete, then this action provides a suitable alternative to sending individual delete requests, reducing per-request overhead.

The request contains a list of up to 1000 keys that you want to delete. In the XML, you provide the object key names, and optionally, version IDs if you want to delete a specific version of the object from a versioning-enabled bucket. For each key, Amazon S3 performs a delete action and returns the result of that delete, success, or failure, in the response. Note that if the object specified in the request is not found, Amazon S3 returns the result as deleted.

The action supports two modes for the response: verbose and quiet. By default, the action uses verbose mode in which the response includes the result of deletion of each key in your request. In quiet mode the response includes only keys where the delete action encountered an error. For a successful deletion, the action does not return any information about the delete in the response body.

When performing this action on an MFA Delete enabled bucket, that attempts to delete any versioned objects, you must include an MFA token. If you do not provide one, the entire request will fail, even if there are non-versioned objects you are trying to delete. If you provide an invalid token, whether there are versioned keys in the request or not, the entire Multi-Object Delete request will fail. For information about MFA Delete, see MFA Delete.

Finally, the Content-MD5 header is required for all Multi-Object Delete requests. Amazon S3 uses the header value to ensure that your request body has not been altered in transit.

The following operations are related to DeleteObjects:

Class DeleteObjectsResponse

Returns information about the DeleteObjects response and response metadata.

Class DeleteObjectTaggingRequest

Container for the parameters to the DeleteObjectTagging operation. Removes the entire tag set from the specified object. For more information about managing object tags, see Object Tagging.

To use this operation, you must have permission to perform the s3:DeleteObjectTagging action.

To delete tags of a specific object version, add the versionId query parameter in the request. You will need permission for the s3:DeleteObjectVersionTagging action.

The following operations are related to DeleteBucketMetricsConfiguration:

Class DeleteObjectTaggingResponse

Returns information about the DeleteObjectTagging response and response metadata.

Class DeletePublicAccessBlockRequest

Container for the parameters to the DeletePublicAccessBlock operation. Removes the Public Access Block configuration for an Amazon S3 bucket.

Class DeletePublicAccessBlockResponse

This is the response object from the DeletePublicAccessBlock operation.

Class EncryptionConfiguration

Specifies encryption-related information for an Amazon S3 bucket that is a destination for replicated objects.

Class EndEvent

The End Event.

Class EventBridgeConfiguration

A container for specifying the configuration for Amazon EventBridge.

Class ExistingObjectReplication

Optional configuration to replicate existing source bucket objects. For more information, see Replicating Existing Objects in the Amazon S3 User Guide.

Class Expiration

Defines the expiration policy for a given object.

Class Filter

Bucket Represents a set of filter criteria that limits the objects that can trigger event notifications

Class FilterRule

Bucket Represents a Filter Rule for a NotificationConfiguration.

Class GetACLRequest

Container for the parameters to the GetACL operation. This implementation of the GET action uses the acl subresource to return the access control list (ACL) of a bucket. To use GET to return the ACL of the bucket, you must have READ_ACP access to the bucket. If READ_ACP permission is granted to the anonymous user, you can return the ACL of the bucket without using an authorization header.

If your bucket uses the bucket owner enforced setting for S3 Object Ownership, requests to read ACLs are still supported and return the bucket-owner-full-control ACL with the owner being the account that created the bucket. For more information, see Controlling object ownership and disabling ACLs in the Amazon S3 User Guide.

Related Resources

Class GetACLResponse

Returns information about the GetACL response and response metadata.

Class GetBucketAccelerateConfigurationRequest

Container for the parameters to the GetBucketAccelerateConfiguration operation.

Class GetBucketAccelerateConfigurationResponse

The response class for GetBucketAccelerateConfiguration operation.

Class GetBucketAnalyticsConfigurationRequest

Container for the parameters to the GetBucketAnalyticsConfiguration operation.

Gets an analytics configuration for the bucket (specified by the analytics configuration ID).

Class GetBucketAnalyticsConfigurationResponse

GetBucketAnalyticsConfigurationResponse Response

Class GetBucketEncryptionRequest

Container for the parameters to the GetBucketEncryptionRequest operation.

Returns the server-side encryption configuration of a bucket.

Class GetBucketEncryptionResponse

GetBucketEncryptionResponse Response

Class GetBucketIntelligentTieringConfigurationRequest

Container for the parameters to the GetBucketIntelligentTieringConfiguration operation. Gets the S3 Intelligent-Tiering configuration from the specified bucket.

The S3 Intelligent-Tiering storage class is designed to optimize storage costs by automatically moving data to the most cost-effective storage access tier, without performance impact or operational overhead. S3 Intelligent-Tiering delivers automatic cost savings in three low latency and high throughput access tiers. To get the lowest storage cost on data that can be accessed in minutes to hours, you can choose to activate additional archiving capabilities.

The S3 Intelligent-Tiering storage class is the ideal storage class for data with unknown, changing, or unpredictable access patterns, independent of object size or retention period. If the size of an object is less than 128 KB, it is not monitored and not eligible for auto-tiering. Smaller objects can be stored, but they are always charged at the Frequent Access tier rates in the S3 Intelligent-Tiering storage class.

For more information, see Storage class for automatically optimizing frequently and infrequently accessed objects.

Operations related to GetBucketIntelligentTieringConfiguration include:

Class GetBucketIntelligentTieringConfigurationResponse
Class GetBucketInventoryConfigurationRequest

Container for the parameters to the GetInventoryConfigurationRequest operation.

Returns an inventory configuration (identified by the inventory ID) from the bucket.

Class GetBucketInventoryConfigurationResponse

GetInventoryConfigurationResponse Response

Class GetBucketLocationRequest

Container for the parameters to the GetBucketLocation operation. Returns the Region the bucket resides in. You set the bucket's Region using the LocationConstraint request parameter in a CreateBucket request. For more information, see CreateBucket.

To use this implementation of the operation, you must be the bucket owner.

To use this API against an access point, provide the alias of the access point in place of the bucket name.

The following operations are related to GetBucketLocation:

Class GetBucketLocationResponse

Returns information about the GetBucketLocation response and response metadata.

Class GetBucketLoggingRequest

Container for the parameters to the GetBucketLogging operation.

Returns the logging status of a bucket and the permissions users have to view and modify that status. To use GET, you must be the bucket owner.

Class GetBucketLoggingResponse

Returns information about the GetBucketLogging response and response metadata.

Class GetBucketMetricsConfigurationRequest

Container for the parameters to the GetBucketMetricsConfiguration operation.

Gets a metrics configuration (specified by the metrics configuration ID) from the bucket.

Class GetBucketMetricsConfigurationResponse

GetBucketMetricsConfiguration Response

Class GetBucketNotificationRequest

Container for the parameters to the GetBucketNotification operation.

Return the notification configuration of a bucket.

Class GetBucketNotificationResponse

Returns information about the GetBucketNotification response and response metadata.

Class GetBucketOwnershipControlsRequest

Container for the parameters to the GetBucketOwnershipControls operation. Retrieves OwnershipControls for an Amazon S3 bucket. To use this operation, you must have the s3:GetBucketOwnershipControls permission. For more information about Amazon S3 permissions, see Specifying permissions in a policy.

For information about Amazon S3 Object Ownership, see Using Object Ownership.

The following operations are related to GetBucketOwnershipControls:

Class GetBucketOwnershipControlsResponse

Returns information about the GetBucketOwnershipControls response and response metadata.

Class GetBucketPolicyRequest

Container for the parameters to the GetBucketPolicy operation. Returns the policy of a specified bucket. If you are using an identity other than the root user of the Amazon Web Services account that owns the bucket, the calling identity must have the GetBucketPolicy permissions on the specified bucket and belong to the bucket owner's account in order to use this operation.

If you don't have GetBucketPolicy permissions, Amazon S3 returns a

403
            Access Denied
error. If you have the correct permissions, but you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a
405
            Method Not Allowed
error.

As a security precaution, the root user of the Amazon Web Services account that owns a bucket can always use this operation, even if the policy explicitly denies the root user the ability to perform this action.

For more information about bucket policies, see Using Bucket Policies and User Policies.

The following action is related to GetBucketPolicy:

Class GetBucketPolicyResponse

Get BucketName Policy Response

Class GetBucketPolicyStatusRequest

Container for the parameters to the GetBucketPolicyStatus operation. Retrieves the policy status for an Amazon S3 bucket, indicating whether the bucket is public.

Class GetBucketPolicyStatusResponse

This is the response object from the GetBucketPolicyStatus operation.

Class GetBucketReplicationRequest

Container for the parameters to the GetBucketReplicationConfiguration operation.

Returns the replication configuration information set on the bucket.

Class GetBucketReplicationResponse

Returns information about the GetReplicationConfiguration response and response metadata.

Class GetBucketRequestPaymentRequest

Container for the parameters to the GetBucketRequestPayment operation.

Returns the request payment configuration of a bucket.

Class GetBucketRequestPaymentResponse

Returns information about the GetBucketRequestPayment response and response metadata.

Class GetBucketTaggingRequest

Container for the parameters to the GetBucketTagging operation.

Returns the tag set associated with the bucket.

Class GetBucketTaggingResponse

Returns information about the GetBucketTagging response and response metadata.

Class GetBucketVersioningRequest

Container for the parameters to the GetBucketVersioning operation.

Returns the versioning state of a bucket.

Class GetBucketVersioningResponse

Returns information about the GetBucketVersioning response and response metadata.

Class GetBucketWebsiteRequest

Container for the parameters to the GetBucketWebsite operation.

Returns the website configuration for a bucket.

Class GetBucketWebsiteResponse

Returns information about the GetBucketWebsite response and response metadata.

Class GetCORSConfigurationRequest

Container for the parameters to the GetBucketCors operation.

Returns the cors configuration for the bucket.

Class GetCORSConfigurationResponse

Returns information about the GetBucketCors response and response metadata.

Class GetLifecycleConfigurationRequest

Container for the parameters to the GetLifecycleConfiguration operation.

Returns the lifecycle configuration information set on the bucket.

Class GetLifecycleConfigurationResponse

Returns information about the GetLifecycleConfiguration response and response metadata.

Class GetObjectAttributesParts

A collection of parts associated with a multipart upload.

Class GetObjectAttributesRequest

Container for the parameters to the GetObjectAttributes operation. Retrieves all the metadata from an object without returning the object iteself. This action is useful if you're only interested in an object's metadata. To use GetObjectAttributes, you must have READ access to the object.

GetObjectAttributes combines the functionality of GetObjectAcl, GetObjectLegelHold, GetObjectLockConfiguration, GetObjectRetention, GetObjectTagging, HeadObject, and ListParts. All of the data returned with each of those individual calls can be returned with a single call to GetObjectAttributes.

If you encrypt an object by using server-side encryption with customer-provided encryption keys (SSE-C) when you store the object in Amazon S3, then when you retrieve the metadata from the object, you must use the following headers:

  • x-amz-server-side-encryption-customer-algorithm

  • x-amz-server-side-encryption-customer-key

  • x-amz-server-side-encryption-customer-key-MD5

For more information about SSE-C, see Server-Side Encryption (Using Customer-Provided Encryption Keys).

  • Encryption request headers, like x-amz-server-side-encryption, should not be sent for GET requests if your object uses server-side encryption with CMKs stored in Amazon Web Services KMS (SSE-KMS) or server-side encryption with Amazon S3–managed encryption keys (SSE-S3). If your object does use these types of keys, you'll get an HTTP 400 BadRequest error.

  • The last modified property in this case is the creation date of the object.

Consider the following when using request headers:

  • Consideration 1 – If both of the If-Match and If-Unmodified-Since headers are present in the request as follows:

    • If-Match condition evaluates to true, and;

    • If-Unmodified-Since condition evaluates to false;

    Then Amazon S3 returns 200 OK and the data requested.

  • Consideration 2 – If both of the If-None-Match and If-Modified-Since headers are present in the request as follows:

    • If-None-Match condition evaluates to false, and;

    • If-Modified-Since condition evaluates to true;

    Then Amazon S3 returns the 304 Not Modified response code.

For more information about conditional requests, see RFC 7232.

Permissions

The permissions you need to use this operation depend on whether or not the bucket is versioned. If the bucket is versioned, you need both the s3:GetObjectVersion and s3:GetObjectVersionAttributes permissions for this operation. If the bucket is not versioned, you need the s3:GetObject and s3:GetObjectAttributes permissions. For more information, see Specifying Permissions in a Policy. If the object you request does not exist, the error Amazon S3 returns depends on whether you also have the s3:ListBucket permission.

  • If you have the s3:ListBucket permission on the bucket, Amazon S3 returns an HTTP status code 404 ("no such key") error.

  • If you don't have the s3:ListBucket permission, Amazon S3 returns an HTTP status code 403 ("access denied") error.

The following actions are related to GetObjectAttributes:

Class GetObjectAttributesResponse

This is the response object from the GetObjectAttributes operation.

Class GetObjectLegalHoldRequest

Container for the parameters to the GetObjectLegalHold operation. Gets an object's current Legal Hold status. For more information, see Locking Objects.

This action is not supported by Amazon S3 on Outposts.

The following action is related to GetObjectLegalHold:

Class GetObjectLegalHoldResponse

This is the response object from the GetObjectLegalHold operation.

Class GetObjectLockConfigurationRequest

Container for the parameters to the GetObjectLockConfiguration operation. Gets the Object Lock configuration for a bucket. The rule specified in the Object Lock configuration will be applied by default to every new object placed in the specified bucket. For more information, see Locking Objects.

The following action is related to GetObjectLockConfiguration:

Class GetObjectLockConfigurationResponse

This is the response object from the GetObjectLockConfiguration operation.

Class GetObjectMetadataRequest

Container for the parameters to the GetObjectMetadata operation. The HEAD action retrieves metadata from an object without returning the object itself. This action is useful if you're only interested in an object's metadata. To use HEAD, you must have READ access to the object.

A HEAD request has the same options as a GET action on an object. The response is identical to the GET response except that there is no response body. Because of this, if the HEAD request generates an error, it returns a generic 404 Not Found or 403 Forbidden code. It is not possible to retrieve the exact exception beyond these error codes.

If you encrypt an object by using server-side encryption with customer-provided encryption keys (SSE-C) when you store the object in Amazon S3, then when you retrieve the metadata from the object, you must use the following headers:

  • x-amz-server-side-encryption-customer-algorithm

  • x-amz-server-side-encryption-customer-key

  • x-amz-server-side-encryption-customer-key-MD5

For more information about SSE-C, see Server-Side Encryption (Using Customer-Provided Encryption Keys).

  • Encryption request headers, like x-amz-server-side-encryption, should not be sent for GET requests if your object uses server-side encryption with CMKs stored in Amazon Web Services KMS (SSE-KMS) or server-side encryption with Amazon S3–managed encryption keys (SSE-S3). If your object does use these types of keys, you’ll get an HTTP 400 BadRequest error.

  • The last modified property in this case is the creation date of the object.

Request headers are limited to 8 KB in size. For more information, see Common Request Headers.

Consider the following when using request headers:

  • Consideration 1 – If both of the If-Match and If-Unmodified-Since headers are present in the request as follows:

    • If-Match condition evaluates to true, and;

    • If-Unmodified-Since condition evaluates to false;

    Then Amazon S3 returns 200 OK and the data requested.

  • Consideration 2 – If both of the If-None-Match and If-Modified-Since headers are present in the request as follows:

    • If-None-Match condition evaluates to false, and;

    • If-Modified-Since condition evaluates to true;

    Then Amazon S3 returns the 304 Not Modified response code.

For more information about conditional requests, see RFC 7232.

Permissions

You need the relevant read object (or version) permission for this operation. For more information, see Specifying Permissions in a Policy. If the object you request does not exist, the error Amazon S3 returns depends on whether you also have the s3:ListBucket permission.

  • If you have the s3:ListBucket permission on the bucket, Amazon S3 returns an HTTP status code 404 ("no such key") error.

  • If you don’t have the s3:ListBucket permission, Amazon S3 returns an HTTP status code 403 ("access denied") error.

The following action is related to HeadObject:

Class GetObjectMetadataResponse

Returns information about the HeadObject response and response metadata.

Class GetObjectRequest

Container for the parameters to the GetObject operation. Retrieves objects from Amazon S3. To use GET, you must have READ access to the object. If you grant READ access to the anonymous user, you can return the object without using an authorization header.

An Amazon S3 bucket has no directory hierarchy such as you would find in a typical computer file system. You can, however, create a logical hierarchy by using object key names that imply a folder structure. For example, instead of naming an object sample.jpg, you can name it photos/2006/February/sample.jpg.

To get an object from such a logical hierarchy, specify the full key name for the object in the GET operation. For a virtual hosted-style request example, if you have the object photos/2006/February/sample.jpg, specify the resource as /photos/2006/February/sample.jpg. For a path-style request example, if you have the object photos/2006/February/sample.jpg in the bucket named examplebucket, specify the resource as /examplebucket/photos/2006/February/sample.jpg. For more information about request types, see HTTP Host Header Bucket Specification.

To distribute large files to many people, you can save bandwidth costs by using BitTorrent. For more information, see Amazon S3 Torrent. For more information about returning the ACL of an object, see GetObjectAcl.

If the object you are retrieving is stored in the S3 Glacier or S3 Glacier Deep Archive storage class, or S3 Intelligent-Tiering Archive or S3 Intelligent-Tiering Deep Archive tiers, before you can retrieve the object you must first restore a copy using RestoreObject. Otherwise, this action returns an InvalidObjectStateError error. For information about restoring archived objects, see Restoring Archived Objects.

Encryption request headers, like x-amz-server-side-encryption, should not be sent for GET requests if your object uses server-side encryption with KMS keys (SSE-KMS) or server-side encryption with Amazon S3 managed encryption keys (SSE-S3). If your object does use these types of keys, you'll get an HTTP 400 BadRequest error.

If you encrypt an object by using server-side encryption with customer-provided encryption keys (SSE-C) when you store the object in Amazon S3, then when you GET the object, you must use the following headers:

  • x-amz-server-side-encryption-customer-algorithm

  • x-amz-server-side-encryption-customer-key

  • x-amz-server-side-encryption-customer-key-MD5

For more information about SSE-C, see Server-Side Encryption (Using Customer-Provided Encryption Keys).

Assuming you have the relevant permission to read object tags, the response also returns the x-amz-tagging-count header that provides the count of number of tags associated with the object. You can use GetObjectTagging to retrieve the tag set associated with an object.

Permissions

You need the relevant read object (or version) permission for this operation. For more information, see Specifying Permissions in a Policy. If the object you request does not exist, the error Amazon S3 returns depends on whether you also have the s3:ListBucket permission.

  • If you have the s3:ListBucket permission on the bucket, Amazon S3 will return an HTTP status code 404 ("no such key") error.

  • If you don’t have the s3:ListBucket permission, Amazon S3 will return an HTTP status code 403 ("access denied") error.

Versioning

By default, the GET action returns the current version of an object. To return a different version, use the versionId subresource.

  • You need the s3:GetObjectVersion permission to access a specific version of an object.

  • If the current version of the object is a delete marker, Amazon S3 behaves as if the object was deleted and includes x-amz-delete-marker: true in the response.

For more information about versioning, see PutBucketVersioning.

Overriding Response Header Values

There are times when you want to override certain response header values in a GET response. For example, you might override the Content-Disposition response header value in your GET request.

You can override values for a set of response headers using the following query parameters. These response header values are sent only on a successful request, that is, when status code 200 OK is returned. The set of headers you can override using these parameters is a subset of the headers that Amazon S3 accepts when you create an object. The response headers that you can override for the GET response are Content-Type, Content-Language, Expires, Cache-Control, Content-Disposition, and Content-Encoding. To override these header values in the GET response, you use the following request parameters.

You must sign the request, either using an Authorization header or a presigned URL, when using these parameters. They cannot be used with an unsigned (anonymous) request.

  • response-content-type

  • response-content-language

  • response-expires

  • response-cache-control

  • response-content-disposition

  • response-content-encoding

Additional Considerations about Request Headers

If both of the If-Match and If-Unmodified-Since headers are present in the request as follows: If-Match condition evaluates to true, and; If-Unmodified-Since condition evaluates to false; then, S3 returns 200 OK and the data requested.

If both of the If-None-Match and If-Modified-Since headers are present in the request as follows: If-None-Match condition evaluates to false, and; If-Modified-Since condition evaluates to true; then, S3 returns 304 Not Modified response code.

For more information about conditional requests, see RFC 7232.

The following operations are related to GetObject:

Class GetObjectResponse

Returns information about the GetObject response and response metadata.

Class GetObjectRetentionRequest

Container for the parameters to the GetObjectRetention operation. Retrieves an object's retention settings. For more information, see Locking Objects.

This action is not supported by Amazon S3 on Outposts.

The following action is related to GetObjectRetention:

Class GetObjectRetentionResponse

This is the response object from the GetObjectRetention operation.

Class GetObjectTaggingRequest

Container for the parameters to the GetObjectTagging operation. Returns the tag-set of an object. You send the GET request against the tagging subresource associated with the object.

To use this operation, you must have permission to perform the s3:GetObjectTagging action. By default, the GET action returns information about current version of an object. For a versioned bucket, you can have multiple versions of an object in your bucket. To retrieve tags of any other version, use the versionId query parameter. You also need permission for the s3:GetObjectVersionTagging action.

By default, the bucket owner has this permission and can grant this permission to others.

For information about the Amazon S3 object tagging feature, see Object Tagging.

The following action is related to GetObjectTagging:

Class GetObjectTaggingResponse

Returns information about the GetObjectTagging response and response metadata.

Class GetObjectTorrentRequest

Container for the parameters to the GetObjectTorrent operation.

Return torrent files from a bucket.

Class GetObjectTorrentResponse

Returns information about the GetObjectTorrent response and response metadata.

Class GetPreSignedUrlRequest

The parameters to create a pre-signed URL to a bucket or object.

Class GetPreSignedUrlResponse

The parameters for a pre-signed URL to a bucket or object as a string.

Class GetPublicAccessBlockRequest

Container for the parameters to the GetPublicAccessBlock operation. Retrieves the Public Access Block configuration for an Amazon S3 bucket.

Class GetPublicAccessBlockResponse

This is the response object from the GetPublicAccessBlock operation.

Class HeadersCollection

This class contains the headers for an S3 object.

Class InitiateMultipartUploadRequest

Container for the parameters to the InitiateMultipartUpload operation. This action initiates a multipart upload and returns an upload ID. This upload ID is used to associate all of the parts in the specific multipart upload. You specify this upload ID in each of your subsequent upload part requests (see UploadPart). You also include this upload ID in the final request to either complete or abort the multipart upload request.

For more information about multipart uploads, see Multipart Upload Overview.

If you have configured a lifecycle rule to abort incomplete multipart uploads, the upload must complete within the number of days specified in the bucket lifecycle configuration. Otherwise, the incomplete multipart upload becomes eligible for an abort action and Amazon S3 aborts the multipart upload. For more information, see Aborting Incomplete Multipart Uploads Using a Bucket Lifecycle Policy.

For information about the permissions required to use the multipart upload API, see Multipart Upload and Permissions.

For request signing, multipart upload is just a series of regular requests. You initiate a multipart upload, send one or more requests to upload parts, and then complete the multipart upload process. You sign each request individually. There is nothing special about signing multipart upload requests. For more information about signing, see Authenticating Requests (Amazon Web Services Signature Version 4).

After you initiate a multipart upload and upload one or more parts, to stop being charged for storing the uploaded parts, you must either complete or abort the multipart upload. Amazon S3 frees up the space used to store the parts and stop charging you for storing them only after you either complete or abort a multipart upload.

You can optionally request server-side encryption. For server-side encryption, Amazon S3 encrypts your data as it writes it to disks in its data centers and decrypts it when you access it. You can provide your own encryption key, or use Amazon Web Services Key Management Service (Amazon Web Services KMS) customer master keys (CMKs) or Amazon S3-managed encryption keys. If you choose to provide your own encryption key, the request headers you provide in UploadPart and UploadPartCopy requests must match the headers you used in the request to initiate the upload by using CreateMultipartUpload.

To perform a multipart upload with encryption using an Amazon Web Services KMS CMK, the requester must have permission to the kms:Decrypt and kms:GenerateDataKey* actions on the key. These permissions are required because Amazon S3 must decrypt and read data from the encrypted file parts before it completes the multipart upload. For more information, see Multipart upload API and permissions in the Amazon S3 User Guide.

If your Identity and Access Management (IAM) user or role is in the same Amazon Web Services account as the Amazon Web Services KMS CMK, then you must have these permissions on the key policy. If your IAM user or role belongs to a different account than the key, then you must have the permissions on both the key policy and your IAM user or role.

For more information, see Protecting Data Using Server-Side Encryption.

Access Permissions

When copying an object, you can optionally specify the accounts or groups that should be granted specific permissions on the new object. There are two ways to grant the permissions using the request headers:

  • Specify a canned ACL with the x-amz-acl request header. For more information, see Canned ACL.

  • Specify access permissions explicitly with the x-amz-grant-read, x-amz-grant-read-acp, x-amz-grant-write-acp, and x-amz-grant-full-control headers. These parameters map to the set of permissions that Amazon S3 supports in an ACL. For more information, see Access Control List (ACL) Overview.

You can use either a canned ACL or specify access permissions explicitly. You cannot do both.

Server-Side- Encryption-Specific Request Headers

You can optionally tell Amazon S3 to encrypt data at rest using server-side encryption. Server-side encryption is for data encryption at rest. Amazon S3 encrypts your data as it writes it to disks in its data centers and decrypts it when you access it. The option you use depends on whether you want to use Amazon Web Services managed encryption keys or provide your own encryption key.

  • Use encryption keys managed by Amazon S3 or customer master keys (CMKs) stored in Amazon Web Services Key Management Service (Amazon Web Services KMS) – If you want Amazon Web Services to manage the keys used to encrypt data, specify the following headers in the request.

    • x-amz-server-side-encryption

    • x-amz-server-side-encryption-aws-kms-key-id

    • x-amz-server-side-encryption-context

    If you specify x-amz-server-side-encryption:aws:kms, but don't provide x-amz-server-side-encryption-aws-kms-key-id, Amazon S3 uses the Amazon Web Services managed CMK in Amazon Web Services KMS to protect the data.

    All GET and PUT requests for an object protected by Amazon Web Services KMS fail if you don't make them with SSL or by using SigV4.

    For more information about server-side encryption with CMKs stored in Amazon Web Services KMS (SSE-KMS), see Protecting Data Using Server-Side Encryption with CMKs stored in Amazon Web Services KMS.

  • Use customer-provided encryption keys – If you want to manage your own encryption keys, provide all the following headers in the request.

    • x-amz-server-side-encryption-customer-algorithm

    • x-amz-server-side-encryption-customer-key

    • x-amz-server-side-encryption-customer-key-MD5

    For more information about server-side encryption with CMKs stored in Amazon Web Services KMS (SSE-KMS), see Protecting Data Using Server-Side Encryption with CMKs stored in Amazon Web Services KMS.

Access-Control-List (ACL)-Specific Request Headers

You also can use the following access control–related headers with this operation. By default, all objects are private. Only the owner has full access control. When adding a new object, you can grant permissions to individual Amazon Web Services accounts or to predefined groups defined by Amazon S3. These permissions are then added to the access control list (ACL) on the object. For more information, see Using ACLs. With this operation, you can grant access permissions using one of the following two methods:

  • Specify a canned ACL (x-amz-acl) — Amazon S3 supports a set of predefined ACLs, known as canned ACLs. Each canned ACL has a predefined set of grantees and permissions. For more information, see Canned ACL.

  • Specify access permissions explicitly — To explicitly grant access permissions to specific Amazon Web Services accounts or groups, use the following headers. Each header maps to specific permissions that Amazon S3 supports in an ACL. For more information, see Access Control List (ACL) Overview. In the header, you specify a list of grantees who get the specific permission. To grant permissions explicitly, use:

    • x-amz-grant-read

    • x-amz-grant-write

    • x-amz-grant-read-acp

    • x-amz-grant-write-acp

    • x-amz-grant-full-control

    You specify each grantee as a type=value pair, where the type is one of the following:

    • id – if the value specified is the canonical user ID of an Amazon Web Services account

    • uri – if you are granting permissions to a predefined group

    • emailAddress – if the value specified is the email address of an Amazon Web Services account

      Using email addresses to specify a grantee is only supported in the following Amazon Web Services Regions:

      • US East (N. Virginia)

      • US West (N. California)

      • US West (Oregon)

      • Asia Pacific (Singapore)

      • Asia Pacific (Sydney)

      • Asia Pacific (Tokyo)

      • Europe (Ireland)

      • South America (São Paulo)

      For a list of all the Amazon S3 supported Regions and endpoints, see Regions and Endpoints in the Amazon Web Services General Reference.

    For example, the following x-amz-grant-read header grants the Amazon Web Services accounts identified by account IDs permissions to read object data and its metadata:

    x-amz-grant-read: id="11112222333", id="444455556666"

The following operations are related to CreateMultipartUpload:

Class InitiateMultipartUploadResponse

Returns information about the InitiateMultipartUpload response and response metadata.

Class Initiator

Identifies who initiated the multipart upload.

Class InputSerialization

Describes the serialization format of the object.

Class IntelligentTieringAndOperator

A container for specifying S3 Intelligent-Tiering filters. The filters determine the subset of objects to which the rule applies.

Class IntelligentTieringConfiguration

Specifies the S3 Intelligent-Tiering configuration for an Amazon S3 bucket.

For information about the S3 Intelligent-Tiering storage class, see Storage class for automatically optimizing frequently and infrequently accessed objects.

Class IntelligentTieringFilter

The Filter is used to identify objects that the S3 Intelligent-Tiering configuration applies to.

Class IntelligentTieringFilterPredicate

Filter Predicate abstract class for specific filter types to be derived from.

Class IntelligentTieringNAryOperator

Abstract class that can be used over logical filter predicates,i.e. AND/OR.

Class IntelligentTieringPrefixPredicate

An object key name prefix that identifies the subset of objects to which the configuration applies.

Class IntelligentTieringTagPredicate

All of these tags must exist in the object's tag set in order for the configuration to apply.

Class InventoryConfiguration

Specifies the inventory configuration for an Amazon S3 bucket. For more information, see GET Bucket inventory in the Amazon S3 API Reference.

Class InventoryDestination

Class for InventoryDestination

Class InventoryEncryption

InventoryEncryption class

Class InventoryFilter

Class for InventoryFilter

Class InventoryFilterPredicate

Filter Predicate abstract class for specific filter types to be derived from.

Class InventoryPrefixPredicate

Class for InventoryPrefixPredicate

The prefix that an object must have to be included in the inventory results.

Class InventoryS3BucketDestination
Class InventorySchedule

Class for InventorySchedule

Class JSONInput

Specifies JSON as object's input serialization format.

Class JSONOutput

Specifies JSON as request's output serialization format

Class KeyVersion

Specifies an object key and optional object version.

Class LambdaFunctionConfiguration

This class contains the configuration Amazon S3 uses to figure out what events you want to listen and send the event to an Amazon Lambda cloud function.

Class LifecycleAndOperator

The logical and operator for filtering objects for a Amazon.S3.Model.LifecycleRule

Class LifecycleConfiguration

Lifecycle Configuration

Class LifecycleFilter

Filter identifying one or more objects to which a Amazon.S3.Model.LifecycleRule applies.

Class LifecycleFilterPredicate

Base class for all the different predicates that can be used in a Amazon.S3.Model.LifecycleRule filter.

Class LifecycleNAryOperator

Base class for lifecycle operators.

Class LifecycleObjectSizeGreaterThanPredicate
Class LifecycleObjectSizeLessThanPredicate
Class LifecyclePrefixPredicate

A predicate that filters objects for a Amazon.S3.Model.LifecycleRule by matching a particular prefix.

Class LifecycleRule

Specifies lifecycle rules for an Amazon S3 bucket. For more information, see Put Bucket Lifecycle Configuration in the Amazon S3 API Reference. For examples, see Put Bucket Lifecycle Configuration Examples.

Class LifecycleRuleAbortIncompleteMultipartUpload

Specifies the days since the initiation of an Incomplete Multipart Upload that Lifecycle will wait before permanently removing all parts of the upload.

Class LifecycleRuleExpiration

Expiration

Class LifecycleRuleNoncurrentVersionExpiration

Specifies when noncurrent object versions expire. Upon expiration, Amazon S3 permanently deletes the noncurrent object versions. You set this lifecycle configuration action on a bucket that has versioning enabled (or suspended) to request that Amazon S3 delete noncurrent object versions at a specific period in the object's lifetime.

Class LifecycleRuleNoncurrentVersionTransition

LifecycleTransition defines when and how objects transition.

Class LifecycleTagPredicate

A predicate that filters objects for a Amazon.S3.Model.LifecycleRule by matching a particular Amazon.S3.Model.LifecycleTagPredicate.Tag key and value.

Class LifecycleTransition

LifecycleTransition defines when and how objects transition.

Class ListBucketAnalyticsConfigurationsRequest

Container for the parameters to the ListInventoryConfigurationsRequest operation.

Lists the analytics configurations for the bucket.

Class ListBucketAnalyticsConfigurationsResponse

Returns information about the ListBucketAnalyticsConfigurationsResponse response and response metadata.

Class ListBucketIntelligentTieringConfigurationsRequest

Container for the parameters to the ListBucketIntelligentTieringConfigurations operation. Lists the S3 Intelligent-Tiering configuration from the specified bucket.

The S3 Intelligent-Tiering storage class is designed to optimize storage costs by automatically moving data to the most cost-effective storage access tier, without performance impact or operational overhead. S3 Intelligent-Tiering delivers automatic cost savings in three low latency and high throughput access tiers. To get the lowest storage cost on data that can be accessed in minutes to hours, you can choose to activate additional archiving capabilities.

The S3 Intelligent-Tiering storage class is the ideal storage class for data with unknown, changing, or unpredictable access patterns, independent of object size or retention period. If the size of an object is less than 128 KB, it is not monitored and not eligible for auto-tiering. Smaller objects can be stored, but they are always charged at the Frequent Access tier rates in the S3 Intelligent-Tiering storage class.

For more information, see Storage class for automatically optimizing frequently and infrequently accessed objects.

Operations related to ListBucketIntelligentTieringConfigurations include:

Class ListBucketIntelligentTieringConfigurationsResponse
Class ListBucketInventoryConfigurationsRequest

Container for the parameters to the ListInventoryConfigurationsRequest operation.

Returns a list of inventory configurations for the bucket.

Class ListBucketInventoryConfigurationsResponse

Returns information about the ListInventoryConfigurationsResponse response and response metadata.

Class ListBucketMetricsConfigurationsRequest

Container for the parameters to the ListBucketMetricsConfigurationRequest operation.

Lists the metrics configurations for the bucket.

Class ListBucketMetricsConfigurationsResponse

Returns information about the ListBucketMetricsConfiguration response and response metadata.

Class ListBucketsRequest

Container for the parameters to the ListBuckets operation.

Returns a list of all buckets owned by the authenticated sender of the request.

Class ListBucketsResponse

Returns information about the ListBuckets response and response metadata.

Class ListMultipartUploadsRequest

Container for the parameters to the ListMultipartUploads operation. This action lists in-progress multipart uploads. An in-progress multipart upload is a multipart upload that has been initiated using the Initiate Multipart Upload request, but has not yet been completed or aborted.

This action returns at most 1,000 multipart uploads in the response. 1,000 multipart uploads is the maximum number of uploads a response can include, which is also the default value. You can further limit the number of uploads in a response by specifying the max-uploads parameter in the response. If additional multipart uploads satisfy the list criteria, the response will contain an IsTruncated element with the value true. To list the additional multipart uploads, use the key-marker and upload-id-marker request parameters.

In the response, the uploads are sorted by key. If your application has initiated more than one multipart upload using the same object key, then uploads in the response are first sorted by key. Additionally, uploads are sorted in ascending order within each key by the upload initiation time.

For more information on multipart uploads, see Uploading Objects Using Multipart Upload.

For information on permissions required to use the multipart upload API, see Multipart Upload and Permissions.

The following operations are related to ListMultipartUploads:

Class ListMultipartUploadsResponse

Returns information about the ListMultipartUploads response and response metadata.

Class ListObjectsRequest

Container for the parameters to the ListObjects operation. Returns some or all (up to 1,000) of the objects in a bucket. You can use the request parameters as selection criteria to return a subset of the objects in a bucket. A 200 OK response can contain valid or invalid XML. Be sure to design your application to parse the contents of the response and handle it appropriately.

This action has been revised. We recommend that you use the newer version, ListObjectsV2, when developing applications. For backward compatibility, Amazon S3 continues to support ListObjects.

The following operations are related to ListObjects:

Class ListObjectsResponse

Returns information about the ListObjects response and response metadata.

Class ListObjectsV2Request

Container for the parameters to the ListObjectsV2 operation. Returns some or all (up to 1,000) of the objects in a bucket with each request. You can use the request parameters as selection criteria to return a subset of the objects in a bucket. A 200 OK response can contain valid or invalid XML. Make sure to design your application to parse the contents of the response and handle it appropriately. Objects are returned sorted in an ascending order of the respective key names in the list. For more information about listing objects, see Listing object keys programmatically

To use this operation, you must have READ access to the bucket.

To use this action in an Identity and Access Management (IAM) policy, you must have permissions to perform the s3:ListBucket action. The bucket owner has this permission by default and can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.

This section describes the latest revision of this action. We recommend that you use this revised API for application development. For backward compatibility, Amazon S3 continues to support the prior version of this API, ListObjects.

To get a list of your buckets, see ListBuckets.

The following operations are related to ListObjectsV2:

Class ListObjectsV2Response

Returns information about the ListObjects response and response metadata.

Class ListPartsRequest

Container for the parameters to the ListParts operation. Lists the parts that have been uploaded for a specific multipart upload. This operation must include the upload ID, which you obtain by sending the initiate multipart upload request (see CreateMultipartUpload). This request returns a maximum of 1,000 uploaded parts. The default number of parts returned is 1,000 parts. You can restrict the number of parts returned by specifying the max-parts request parameter. If your multipart upload consists of more than 1,000 parts, the response returns an IsTruncated field with the value of true, and a NextPartNumberMarker element. In subsequent ListParts requests you can include the part-number-marker query string parameter and set its value to the NextPartNumberMarker field value from the previous response.

If the upload was created using a checksum algorithm, you will need to have permission to the kms:Decrypt action for the request to succeed.

For more information on multipart uploads, see Uploading Objects Using Multipart Upload.

For information on permissions required to use the multipart upload API, see Multipart Upload and Permissions.

The following operations are related to ListParts:

Class ListPartsResponse

Returns information about the ListParts response and response metadata.

Class ListVersionsRequest

Container for the parameters to the ListVersions operation.

Returns metadata about all of the versions of objects in a bucket.

Class ListVersionsResponse

Returns information about the ListVersions response and response metadata.

Class MetadataCollection

This class contains the meta data for an S3 object.

Class MetadataEntry

A metadata key-value pair to store with an object.

Class Metrics

A container specifying settings for configuring replication metrics and events.

Class MetricsAccessPointArnPredicate

Class for MetricsAccessPointArnPredicate

The access point arn used when evaluating a metrics filter.

Class MetricsAndOperator

Class for MetricsAndOperatorPredicate

A conjunction (logical AND) of predicates, which is used in evaluating a metrics filter. The operator must have at least two predicates, and an object must match all of the predicates in order for the filter to apply.

Class MetricsConfiguration

Specifies a metrics configuration for the CloudWatch request metrics (specified by the metrics configuration ID) from an Amazon S3 bucket. If you're updating an existing metrics configuration, note that this is a full replacement of the existing metrics configuration. If you don't include the elements you want to keep, they are erased. For more information, see PutBucketMetricsConfiguration.

Class MetricsFilter

Specifies a metrics configuration filter. The metrics configuration only includes objects that meet the filter's criteria. A filter must be a prefix, an object tag, an access point ARN, or a conjunction (MetricsAndOperator). For more information, see PutBucketMetricsConfiguration.

Class MetricsFilterPredicate

Filter Predicate abstract class for specific filter types to be derived from.

Class MetricsNAryOperator

Abstract class that can be used over logical filter predicates,i.e. AND/OR.

Class MetricsPrefixPredicate

Class for MetricsPrefixPredicate

The prefix used when evaluating a metrics filter.

Class MetricsTagPredicate

Class for MetricsTagPredicate

The tag used when evaluating a metrics filter.

Class MfaCodes

This class contains the mfa codes used authentication

Class MultipartUpload

Container for elements related to a particular multipart upload.

Class NotificationConfiguration

An abstract class for all the notification configurations associated with an Amazon S3 bucket.

Class ObjectLockConfiguration

The container element for Object Lock configuration parameters.

Class ObjectLockLegalHold

A Legal Hold configuration for an object.

Class ObjectLockRetention

A Retention configuration for an object.

Class ObjectLockRule

The container element for an Object Lock rule.

Class ObjectPart

Container for elements related to an individual part.

Class OutputLocation

Describes the location where the restore job's output is stored.

Class OutputSerialization

Describes how results of the Select job are serialized.

Class Owner

The owner of an S3 bucket.

Class OwnershipControls

The container element for a bucket's ownership controls

Class OwnershipControlsRule

The container element for an ownership control rule

Class ParameterCollection

This class contains custom querystring parameters for an S3 object, which can then be signed as part of a Pre-signed URL request

Class ParquetInput

Specifies Parquet as object's input serialization format.

Class PartDetail

A container for elements related to a particular part in a multipart operation. A response can contain zero or more Part elements.

Class PartETag

A container holding the part number, etag, and optional checksum used when completing a multipart upload.

Class PolicyStatus

The container element for this bucket's public-policy status.

Class Progress

The Progress event details.

Class ProgressEvent

The Progress Event.

Class PublicAccessBlockConfiguration

The container element for all Public Access Block configuration options. You can enable the configuration options in any combination.

Amazon S3 considers a bucket policy public unless at least one of the following conditions is true:

  1. The policy limits access to a set of CIDRs using aws:SourceIp. For more information on CIDR, see http://www.rfc-editor.org/rfc/rfc4632.txt

  2. The policy grants permissions, not including any "bad actions," to one of the following:

    • A fixed AWS principal, user, role, or service principal

    • A fixed aws:SourceArn

    • A fixed aws:SourceVpc

    • A fixed aws:SourceVpce

    • A fixed aws:SourceOwner

    • A fixed aws:SourceAccount

    • A fixed value of s3:x-amz-server-side-encryption-aws-kms-key-id

    • A fixed value of aws:userid outside the pattern "AROLEID:*"

"Bad actions" are those that could expose the data inside a bucket to reads or writes by the public. These actions are s3:Get*, s3:List*, s3:AbortMultipartUpload, s3:Delete*, s3:Put*, and s3:RestoreObject.

The star notation for bad actions indicates that all matching operations are considered bad actions. For example, because s3:Get* is a bad action, s3:GetObject, s3:GetObjectVersion, and s3:GetObjectAcl are all bad actions.

Class PutACLRequest
Class PutACLResponse

Returns information about the PutObjectAcl response metadata. The PutAcl operation has a void result type.

Class PutBucketAccelerateConfigurationRequest

Container for the parameters to the PutBucketAccelerateConfiguration request.

Class PutBucketAccelerateConfigurationResponse

The response for the PutBucketAccelerateConfiguration operation.

Adds an object to a bucket.

Class PutBucketAnalyticsConfigurationRequest

Container for the parameters to the PutBucketAnalyticsConfiguration operation.

Sets an analytics configuration for the bucket (specified by the analytics configuration ID).

Class PutBucketAnalyticsConfigurationResponse

Returns information about the PutBucketAnalyticsConfigurationResponse response metadata. The PutBucketAnalyticsConfigurationResponse operation has a void result type.

Class PutBucketEncryptionRequest
Class PutBucketIntelligentTieringConfigurationRequest
Class PutBucketIntelligentTieringConfigurationResponse

Returns information about the PutBucketIntelligentTieringConfiguration response metadata. The PutBucketIntelligentTieringConfiguration operation has a void result type.

Class PutBucketInventoryConfigurationRequest

Container for the parameters to the PutBucketInventoryConfiguration operation. This implementation of the PUT action adds an inventory configuration (identified by the inventory ID) to the bucket. You can have up to 1,000 inventory configurations per bucket.

Amazon S3 inventory generates inventories of the objects in the bucket on a daily or weekly basis, and the results are published to a flat file. The bucket that is inventoried is called the source bucket, and the bucket where the inventory flat file is stored is called the destination bucket. The destination bucket must be in the same Amazon Web Services Region as the source bucket.

When you configure an inventory for a source bucket, you specify the destination bucket where you want the inventory to be stored, and whether to generate the inventory daily or weekly. You can also configure what object metadata to include and whether to inventory all object versions or only current versions. For more information, see Amazon S3 Inventory in the Amazon S3 User Guide.

You must create a bucket policy on the destination bucket to grant permissions to Amazon S3 to write objects to the bucket in the defined location. For an example policy, see Granting Permissions for Amazon S3 Inventory and Storage Class Analysis.

To use this operation, you must have permissions to perform the s3:PutInventoryConfiguration action. The bucket owner has this permission by default and can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources in the Amazon S3 User Guide.

Special Errors

  • HTTP 400 Bad Request Error

    • Code: InvalidArgument

    • Cause: Invalid Argument

  • HTTP 400 Bad Request Error

    • Code: TooManyConfigurations

    • Cause: You are attempting to create a new configuration but have already reached the 1,000-configuration limit.

  • HTTP 403 Forbidden Error

    • Code: AccessDenied

    • Cause: You are not the owner of the specified bucket, or you do not have the s3:PutInventoryConfiguration bucket permission to set the configuration on the bucket.

Related Resources

Class PutBucketInventoryConfigurationResponse

Returns information about the PutInventoryConfigurationResponse response metadata. The PutInventoryConfigurationResponse operation has a void result type.

Class PutBucketLoggingRequest

Container for the parameters to the PutBucketLogging operation. Set the logging parameters for a bucket and to specify permissions for who can view and modify the logging parameters. All logs are saved to buckets in the same Amazon Web Services Region as the source bucket. To set the logging status of a bucket, you must be the bucket owner.

The bucket owner is automatically granted FULL_CONTROL to all logs. You use the Grantee request element to grant access to other people. The Permissions request element specifies the kind of access the grantee has to the logs.

If the target bucket for log delivery uses the bucket owner enforced setting for S3 Object Ownership, you can't use the Grantee request element to grant access to others. Permissions can only be granted using policies. For more information, see Permissions for server access log delivery in the Amazon S3 User Guide.

Grantee Values

You can specify the person (grantee) to whom you're assigning access rights (using request elements) in the following ways:

  • By the person's ID:

    <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="CanonicalUser"><ID><>ID<></ID><DisplayName><>GranteesEmail<></DisplayName>
                </Grantee>
    

    DisplayName is optional and ignored in the request.

  • By Email address:

    <>Grantees@email.com<>

    The grantee is resolved to the CanonicalUser and, in a response to a GET Object acl request, appears as the CanonicalUser.

  • By URI:

    <>http://acs.amazonaws.com/groups/global/AuthenticatedUsers<>

To enable logging, you use LoggingEnabled and its children request elements. To disable logging, you use an empty BucketLoggingStatus request element:

For more information about server access logging, see Server Access Logging in the Amazon S3 User Guide.

For more information about creating a bucket, see CreateBucket. For more information about returning the logging status of a bucket, see GetBucketLogging.

The following operations are related to PutBucketLogging:

Class PutBucketLoggingResponse

Returns information about the PutBucketLogging response metadata. The EnableBucketLogging operation has a void result type.

Class PutBucketMetricsConfigurationRequest

Container for the parameters to the PutBucketMetricsConfiguration operation. Sets a metrics configuration (specified by the metrics configuration ID) for the bucket. You can have up to 1,000 metrics configurations per bucket. If you're updating an existing metrics configuration, note that this is a full replacement of the existing metrics configuration. If you don't include the elements you want to keep, they are erased.

To use this operation, you must have permissions to perform the s3:PutMetricsConfiguration action. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.

For information about CloudWatch request metrics for Amazon S3, see Monitoring Metrics with Amazon CloudWatch.

The following operations are related to PutBucketMetricsConfiguration:

GetBucketLifecycle has the following special error:

  • Error code: TooManyConfigurations

    • Description: You are attempting to create a new configuration but have already reached the 1,000-configuration limit.

    • HTTP Status Code: HTTP 400 Bad Request

Class PutBucketMetricsConfigurationResponse

Returns information about the PutBucketMetricsConfiguration response metadata. The PutBucketMetricsConfiguration operation has a void result type.

Class PutBucketNotificationRequest

Container for the parameters to the PutBucketNotification operation. Enables notifications of specified events for a bucket. For more information about event notifications, see Configuring Event Notifications.

Using this API, you can replace an existing notification configuration. The configuration is an XML file that defines the event types that you want Amazon S3 to publish and the destination where you want Amazon S3 to publish an event notification when it detects an event of the specified type.

By default, your bucket has no event notifications configured. That is, the notification configuration will be an empty NotificationConfiguration.

This action replaces the existing notification configuration with the configuration you include in the request body.

After Amazon S3 receives this request, it first verifies that any Amazon Simple Notification Service (Amazon SNS) or Amazon Simple Queue Service (Amazon SQS) destination exists, and that the bucket owner has permission to publish to it by sending a test notification. In the case of Lambda destinations, Amazon S3 verifies that the Lambda function permissions grant Amazon S3 permission to invoke the function from the Amazon S3 bucket. For more information, see Configuring Notifications for Amazon S3 Events.

You can disable notifications by adding the empty NotificationConfiguration element.

By default, only the bucket owner can configure notifications on a bucket. However, bucket owners can use a bucket policy to grant permission to other users to set this configuration with s3:PutBucketNotification permission.

The PUT notification is an atomic operation. For example, suppose your notification configuration includes SNS topic, SQS queue, and Lambda function configurations. When you send a PUT request with this configuration, Amazon S3 sends test messages to your SNS topic. If the message fails, the entire PUT action will fail, and Amazon S3 will not add the configuration to your bucket.

Responses

If the configuration in the request body includes only one TopicConfiguration specifying only the s3:ReducedRedundancyLostObject event type, the response will also include the x-amz-sns-test-message-id header containing the message ID of the test notification sent to the topic.

The following action is related to PutBucketNotificationConfiguration:

Class PutBucketNotificationResponse

Returns information about the PutBucketNotification response metadata. The PutBucketNotification operation has a void result type.

Class PutBucketOwnershipControlsRequest

Container for the parameters to the PutBucketOwnershipControls operation. Creates or modifies OwnershipControls for an Amazon S3 bucket. To use this operation, you must have the s3:PutBucketOwnershipControls permission. For more information about Amazon S3 permissions, see Specifying permissions in a policy.

For information about Amazon S3 Object Ownership, see Using object ownership.

The following operations are related to PutBucketOwnershipControls:

Class PutBucketOwnershipControlsResponse

Returns information about the PutBucketOwnershipControls response metadata. The PutBucketOwnershipControls operation has a void result type.

Class PutBucketPolicyRequest

Container for the parameters to the PutBucketPolicy operation. Applies an Amazon S3 bucket policy to an Amazon S3 bucket. If you are using an identity other than the root user of the Amazon Web Services account that owns the bucket, the calling identity must have the PutBucketPolicy permissions on the specified bucket and belong to the bucket owner's account in order to use this operation.

If you don't have PutBucketPolicy permissions, Amazon S3 returns a

403
            Access Denied
error. If you have the correct permissions, but you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a
405
            Method Not Allowed
error.

As a security precaution, the root user of the Amazon Web Services account that owns a bucket can always use this operation, even if the policy explicitly denies the root user the ability to perform this action.

For more information, see Bucket policy examples.

The following operations are related to PutBucketPolicy:

Class PutBucketPolicyResponse

Returns information about the PutBucketPolicy response metadata. The PutBucketPolicy operation has a void result type.

Class PutBucketReplicationRequest

Container for the parameters to the PutBucketReplication operation. Creates a replication configuration or replaces an existing one. For more information, see Replication in the Amazon S3 User Guide.

Specify the replication configuration in the request body. In the replication configuration, you provide the name of the destination bucket or buckets where you want Amazon S3 to replicate objects, the IAM role that Amazon S3 can assume to replicate objects on your behalf, and other relevant information.

A replication configuration must include at least one rule, and can contain a maximum of 1,000. Each rule identifies a subset of objects to replicate by filtering the objects in the source bucket. To choose additional subsets of objects to replicate, add a rule for each subset.

To specify a subset of the objects in the source bucket to apply a replication rule to, add the Filter element as a child of the Rule element. You can filter objects based on an object key prefix, one or more object tags, or both. When you add the Filter element in the configuration, you must also add the following elements: DeleteMarkerReplication, Status, and Priority.

If you are using an earlier version of the replication configuration, Amazon S3 handles replication of delete markers differently. For more information, see Backward Compatibility.

For information about enabling versioning on a bucket, see Using Versioning.

Handling Replication of Encrypted Objects

By default, Amazon S3 doesn't replicate objects that are stored at rest using server-side encryption with CMKs stored in Amazon Web Services KMS. To replicate Amazon Web Services KMS-encrypted objects, add the following: SourceSelectionCriteria, SseKmsEncryptedObjects, Status, EncryptionConfiguration, and ReplicaKmsKeyID. For information about replication configuration, see Replicating Objects Created with SSE Using CMKs stored in Amazon Web Services KMS.

For information on PutBucketReplication errors, see List of replication-related error codes

Permissions

To create a PutBucketReplication request, you must have s3:PutReplicationConfiguration permissions for the bucket.

By default, a resource owner, in this case the Amazon Web Services account that created the bucket, can perform this operation. The resource owner can also grant others permissions to perform the operation. For more information about permissions, see Specifying Permissions in a Policy and Managing Access Permissions to Your Amazon S3 Resources.

To perform this operation, the user or role performing the action must have the iam:PassRole permission.

The following operations are related to PutBucketReplication:

Class PutBucketReplicationResponse

Returns information about the PutBucketReplicationConfiguration response metadata. The PutBucketReplicationConfiguration operation has a void result type.

Class PutBucketRequest

Container for the parameters to the PutBucket operation. Creates a new S3 bucket. To create a bucket, you must register with Amazon S3 and have a valid Amazon Web Services Access Key ID to authenticate requests. Anonymous requests are never allowed to create buckets. By creating the bucket, you become the bucket owner.

Not every string is an acceptable bucket name. For information about bucket naming restrictions, see Bucket naming rules.

If you want to create an Amazon S3 on Outposts bucket, see Create Bucket.

By default, the bucket is created in the US East (N. Virginia) Region. You can optionally specify a Region in the request body. You might choose a Region to optimize latency, minimize costs, or address regulatory requirements. For example, if you reside in Europe, you will probably find it advantageous to create buckets in the Europe (Ireland) Region. For more information, see Accessing a bucket.

If you send your create bucket request to the s3.amazonaws.com endpoint, the request goes to the us-east-1 Region. Accordingly, the signature calculations in Signature Version 4 must use us-east-1 as the Region, even if the location constraint in the request specifies another Region where the bucket is to be created. If you create a bucket in a Region other than US East (N. Virginia), your application must be able to handle 307 redirect. For more information, see Virtual hosting of buckets.

Access control lists (ACLs)

When creating a bucket using this operation, you can optionally configure the bucket ACL to specify the accounts or groups that should be granted specific permissions on the bucket.

If your CreateBucket request includes the BucketOwnerEnforced value for the x-amz-object-ownership header, your request can either not specify an ACL or specify bucket owner full control ACLs, such as the bucket-owner-full-control canned ACL or an equivalent ACL expressed in the XML format. For more information, see Controlling object ownership in the Amazon S3 User Guide.

There are two ways to grant the appropriate permissions using the request headers.

  • Specify a canned ACL using the x-amz-acl request header. Amazon S3 supports a set of predefined ACLs, known as canned ACLs. Each canned ACL has a predefined set of grantees and permissions. For more information, see Canned ACL.

  • Specify access permissions explicitly using the x-amz-grant-read, x-amz-grant-write, x-amz-grant-read-acp, x-amz-grant-write-acp, and x-amz-grant-full-control headers. These headers map to the set of permissions Amazon S3 supports in an ACL. For more information, see Access control list (ACL) overview.

    You specify each grantee as a type=value pair, where the type is one of the following:

    • id – if the value specified is the canonical user ID of an Amazon Web Services account

    • uri – if you are granting permissions to a predefined group

    • emailAddress – if the value specified is the email address of an Amazon Web Services account

      Using email addresses to specify a grantee is only supported in the following Amazon Web Services Regions:

      • US East (N. Virginia)

      • US West (N. California)

      • US West (Oregon)

      • Asia Pacific (Singapore)

      • Asia Pacific (Sydney)

      • Asia Pacific (Tokyo)

      • Europe (Ireland)

      • South America (São Paulo)

      For a list of all the Amazon S3 supported Regions and endpoints, see Regions and Endpoints in the Amazon Web Services General Reference.

    For example, the following x-amz-grant-read header grants the Amazon Web Services accounts identified by account IDs permissions to read object data and its metadata:

    x-amz-grant-read: id="11112222333", id="444455556666"

You can use either a canned ACL or specify access permissions explicitly. You cannot do both.

Permissions

In addition to s3:CreateBucket, the following permissions are required when your CreateBucket includes specific headers:

  • ACLs - If your CreateBucket request specifies ACL permissions and the ACL is public-read, public-read-write, authenticated-read, or if you specify access permissions explicitly through any other ACL, both s3:CreateBucket and s3:PutBucketAcl permissions are needed. If the ACL the CreateBucket request is private or doesn't specify any ACLs, only s3:CreateBucket permission is needed.

  • Object Lock - If ObjectLockEnabledForBucket is set to true in your CreateBucket request, s3:PutBucketObjectLockConfiguration and s3:PutBucketVersioning permissions are required.

  • S3 Object Ownership - If your CreateBucket request includes the the x-amz-object-ownership header, s3:PutBucketOwnershipControls permission is required.

The following operations are related to CreateBucket:

Class PutBucketRequestPaymentRequest

Container for the parameters to the PutBucketRequestPayment operation.

Sets the request payment configuration for a bucket. By default, the bucket owner pays for downloads from the bucket. This configuration parameter enables the bucket owner (only) to specify that the person requesting the download will be charged for the download.

Class PutBucketRequestPaymentResponse

Returns information about the PutBucketRequestPayment response metadata. The PutBucketRequestPayment operation has a void result type.

Class PutBucketResponse

Returns information about the PutBucket response and response metadata.

Class PutBucketTaggingRequest

Container for the parameters to the PutBucketTagging operation. Sets the tags for a bucket.

Use tags to organize your Amazon Web Services bill to reflect your own cost structure. To do this, sign up to get your Amazon Web Services account bill with tag key values included. Then, to see the cost of combined resources, organize your billing information according to resources with the same tag key values. For example, you can tag several resources with a specific application name, and then organize your billing information to see the total cost of that application across several services. For more information, see Cost Allocation and Tagging and Using Cost Allocation in Amazon S3 Bucket Tags.

When this operation sets the tags for a bucket, it will overwrite any current tags the bucket already has. You cannot use this operation to add tags to an existing list of tags.

To use this operation, you must have permissions to perform the s3:PutBucketTagging action. The bucket owner has this permission by default and can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.

PutBucketTagging has the following special errors:

  • Error code: InvalidTagError

  • Error code: MalformedXMLError

    • Description: The XML provided does not match the schema.

  • Error code: OperationAbortedError

    • Description: A conflicting conditional action is currently in progress against this resource. Please try again.

  • Error code: InternalError

    • Description: The service was unable to apply the provided tag to the bucket.

The following operations are related to PutBucketTagging:

Class PutBucketTaggingResponse

Returns information about the PutBucketTagging response metadata. The PutBucketTagging operation has a void result type.

Class PutBucketVersioningRequest
Class PutBucketVersioningResponse

Returns information about the PutBucketVersioning response metadata. The PutBucketVersioning operation has a void result type.

Class PutBucketWebsiteRequest

Container for the parameters to the PutBucketWebsite operation.

Set the website configuration for a bucket.

Class PutBucketWebsiteResponse

Returns information about the PutBucketWebsite response metadata. The PutBucketWebsite operation has a void result type.

Class PutCORSConfigurationRequest

Container for the parameters to the PutCORSConfiguration operation.

Sets the cors configuration for a bucket.

Class PutCORSConfigurationResponse

Returns information about the PutCORSConfiguration response metadata. The PutCORSConfiguration operation has a void result type.

Class PutLifecycleConfigurationRequest

Container for the parameters to the PutLifecycleConfiguration operation. Creates a new lifecycle configuration for the bucket or replaces an existing lifecycle configuration. For information about lifecycle configuration, see Managing your storage lifecycle.

Bucket lifecycle configuration now supports specifying a lifecycle rule using an object key name prefix, one or more object tags, or a combination of both. Accordingly, this section describes the latest API. The previous version of the API supported filtering based only on an object key name prefix, which is supported for backward compatibility. For the related API description, see PutBucketLifecycle.

Rules

You specify the lifecycle configuration in your request body. The lifecycle configuration is specified as XML consisting of one or more rules. An Amazon S3 Lifecycle configuration can have up to 1,000 rules. This limit is not adjustable. Each rule consists of the following:

  • Filter identifying a subset of objects to which the rule applies. The filter can be based on a key name prefix, object tags, or a combination of both.

  • Status whether the rule is in effect.

  • One or more lifecycle transition and expiration actions that you want Amazon S3 to perform on the objects identified by the filter. If the state of your bucket is versioning-enabled or versioning-suspended, you can have many versions of the same object (one current version and zero or more noncurrent versions). Amazon S3 provides predefined actions that you can specify for current and noncurrent object versions.

For more information, see Object Lifecycle Management and Lifecycle Configuration Elements.

Permissions

By default, all Amazon S3 resources are private, including buckets, objects, and related subresources (for example, lifecycle configuration and website configuration). Only the resource owner (that is, the Amazon Web Services account that created it) can access the resource. The resource owner can optionally grant access permissions to others by writing an access policy. For this operation, a user must get the s3:PutLifecycleConfiguration permission.

You can also explicitly deny permissions. Explicit deny also supersedes any other permissions. If you want to block users or accounts from removing or deleting objects from your bucket, you must deny them permissions for the following actions:

  • s3:DeleteObject

  • s3:DeleteObjectVersion

  • s3:PutLifecycleConfiguration

For more information about permissions, see Managing Access Permissions to Your Amazon S3 Resources.

The following are related to PutBucketLifecycleConfiguration:

Class PutLifecycleConfigurationResponse

Returns information about the PutLifecycleConfiguration response metadata. The PutLifecycleConfiguration operation has a void result type.

Class PutObjectLegalHoldRequest

Container for the parameters to the PutObjectLegalHold operation. Applies a Legal Hold configuration to the specified object. For more information, see Locking Objects.

This action is not supported by Amazon S3 on Outposts.

Class PutObjectLegalHoldResponse

This is the response object from the PutObjectLegalHold operation.

Class PutObjectLockConfigurationRequest

Container for the parameters to the PutObjectLockConfiguration operation. Places an Object Lock configuration on the specified bucket. The rule specified in the Object Lock configuration will be applied by default to every new object placed in the specified bucket. For more information, see Locking Objects.

  • The DefaultRetention settings require both a mode and a period.

  • The DefaultRetention period can be either Days or Years but you must select one. You cannot specify Days and Years at the same time.

  • You can only enable Object Lock for new buckets. If you want to turn on Object Lock for an existing bucket, contact Amazon Web Services Support.

Class PutObjectLockConfigurationResponse

This is the response object from the PutObjectLockConfiguration operation.

Class PutObjectRequest
Class PutObjectResponse

Returns information about the PutObject response and response metadata.

Class PutObjectRetentionRequest

Container for the parameters to the PutObjectRetention operation. Places an Object Retention configuration on an object. For more information, see Locking Objects. Users or accounts require the s3:PutObjectRetention permission in order to place an Object Retention configuration on objects. Bypassing a Governance Retention configuration requires the s3:BypassGovernanceRetention permission.

This action is not supported by Amazon S3 on Outposts.

Permissions

When the Object Lock retention mode is set to compliance, you need s3:PutObjectRetention and s3:BypassGovernanceRetention permissions. For other requests to PutObjectRetention, only s3:PutObjectRetention permissions are required.

Class PutObjectRetentionResponse

This is the response object from the PutObjectRetention operation.

Class PutObjectTaggingRequest
Class PutObjectTaggingResponse

Returns information about the PutObjectTagging response and response metadata.

Class PutPublicAccessBlockRequest

Container for the parameters to the PutPublicAccessBlock operation. Creates or modifies the Public Access Block configuration for an Amazon S3 bucket.

Class PutPublicAccessBlockResponse

This is the response object from the PutPublicAccessBlock operation.

Class PutWithACLRequest

Base class for put operations that can also put an ACL.

Class QueueConfiguration

This class contains the configuration Amazon S3 uses to figure out what events you want to listen and send the event to an Amazon SQS queue.

The queue's policy must allow S3 to send messages to it. The utility method Amazon.SQS.AmazonSQSClient.AuthorizeS3ToSendMessage(string,string) can be used to help setup the queue policy.

Class RecordsEvent

The Records Event

Class ReplicaModifications

A filter that you can specify for selection for modifications on replicas. Amazon S3 doesn't replicate replica modifications by default. In the latest version of replication configuration (when Filter is specified), you can specify this element and set the status to Enabled to replicate modifications on replicas.

If you don't specify the Filter element, Amazon S3 assumes that the replication configuration is the earlier version, V1. In the earlier version, this element is not allowed.

Class ReplicationConfiguration

This class defines the configuration for replication.

Class ReplicationDestination

Specifies information about where to publish analysis or configuration results for an Amazon S3 bucket and S3 Replication Time Control (S3 RTC).

Class ReplicationRule

Rule that specifies the replication configuration.

Class ReplicationRuleAndOperator

Class ReplicationRuleFilter

Filter that identifies subset of objects to which the replication rule applies. A Filter must specify exactly one Prefix, Tag, or an And child element.

Class ReplicationTime

A container specifying the time when all objects and operations on objects are replicated. Must be specified together with a Metrics block.

Class ReplicationTimeValue

A container specifying the time value.

Class RequestPaymentConfiguration

Request Payment Configuration

Class ResponseHeaderOverrides

Container for values of the response headers that will be set on a response from a GetObject request. These values override any headers that were set when the object was uploaded to S3.

Class RestoreObjectRequest

Container for the parameters to the RestoreObject operation. Restores an archived copy of an object back into Amazon S3

This action is not supported by Amazon S3 on Outposts.

This action performs the following types of requests:

  • select - Perform a select query on an archived object

  • restore an archive - Restore an archived object

To use this operation, you must have permissions to perform the s3:RestoreObject action. The bucket owner has this permission by default and can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources in the Amazon S3 User Guide.

Querying Archives with Select Requests

You use a select type of request to perform SQL queries on archived objects. The archived objects that are being queried by the select request must be formatted as uncompressed comma-separated values (CSV) files. You can run queries and custom analytics on your archived data without having to restore your data to a hotter Amazon S3 tier. For an overview about select requests, see Querying Archived Objects in the Amazon S3 User Guide.

When making a select request, do the following:

  • Define an output location for the select query's output. This must be an Amazon S3 bucket in the same Amazon Web Services Region as the bucket that contains the archive object that is being queried. The Amazon Web Services account that initiates the job must have permissions to write to the S3 bucket. You can specify the storage class and encryption for the output objects stored in the bucket. For more information about output, see Querying Archived Objects in the Amazon S3 User Guide.

    For more information about the S3 structure in the request body, see the following:

  • Define the SQL expression for the SELECT type of restoration for your query in the request body's SelectParameters structure. You can use expressions like the following examples.

    • The following expression returns all records from the specified object.

      SELECT * FROM Object

    • Assuming that you are not using any headers for data stored in the object, you can specify columns with positional headers.

      SELECT s._1, s._2 FROM Object s WHERE s._3 > 100

    • If you have headers and you set the fileHeaderInfo in the CSV structure in the request body to USE, you can specify headers in the query. (If you set the fileHeaderInfo field to IGNORE, the first row is skipped for the query.) You cannot mix ordinal positions with header column names.

      SELECT s.Id, s.FirstName, s.SSN FROM S3Object s

For more information about using SQL with S3 Glacier Select restore, see SQL Reference for Amazon S3 Select and S3 Glacier Select in the Amazon S3 User Guide.

When making a select request, you can also do the following:

  • To expedite your queries, specify the Expedited tier. For more information about tiers, see "Restoring Archives," later in this topic.

  • Specify details about the data serialization format of both the input object that is being queried and the serialization of the CSV-encoded query results.

The following are additional important facts about the select feature:

  • The output results are new Amazon S3 objects. Unlike archive retrievals, they are stored until explicitly deleted-manually or through a lifecycle policy.

  • You can issue more than one select request on the same Amazon S3 object. Amazon S3 doesn't deduplicate requests, so avoid issuing duplicate requests.

  • Amazon S3 accepts a select request even if the object has already been restored. A select request doesn’t return error response 409.

Restoring objects

Objects that you archive to the S3 Glacier or S3 Glacier Deep Archive storage class, and S3 Intelligent-Tiering Archive or S3 Intelligent-Tiering Deep Archive tiers are not accessible in real time. For objects in Archive Access or Deep Archive Access tiers you must first initiate a restore request, and then wait until the object is moved into the Frequent Access tier. For objects in S3 Glacier or S3 Glacier Deep Archive storage classes you must first initiate a restore request, and then wait until a temporary copy of the object is available. To access an archived object, you must restore the object for the duration (number of days) that you specify.

To restore a specific object version, you can provide a version ID. If you don't provide a version ID, Amazon S3 restores the current version.

When restoring an archived object (or using a select request), you can specify one of the following data access tier options in the Tier element of the request body:

  • Expedited - Expedited retrievals allow you to quickly access your data stored in the S3 Glacier storage class or S3 Intelligent-Tiering Archive tier when occasional urgent requests for a subset of archives are required. For all but the largest archived objects (250 MB+), data accessed using Expedited retrievals is typically made available within 1–5 minutes. Provisioned capacity ensures that retrieval capacity for Expedited retrievals is available when you need it. Expedited retrievals and provisioned capacity are not available for objects stored in the S3 Glacier Deep Archive storage class or S3 Intelligent-Tiering Deep Archive tier.

  • Standard - Standard retrievals allow you to access any of your archived objects within several hours. This is the default option for retrieval requests that do not specify the retrieval option. Standard retrievals typically finish within 3–5 hours for objects stored in the S3 Glacier storage class or S3 Intelligent-Tiering Archive tier. They typically finish within 12 hours for objects stored in the S3 Glacier Deep Archive storage class or S3 Intelligent-Tiering Deep Archive tier. Standard retrievals are free for objects stored in S3 Intelligent-Tiering.

  • Bulk - Bulk retrievals are the lowest-cost retrieval option in S3 Glacier, enabling you to retrieve large amounts, even petabytes, of data inexpensively. Bulk retrievals typically finish within 5–12 hours for objects stored in the S3 Glacier storage class or S3 Intelligent-Tiering Archive tier. They typically finish within 48 hours for objects stored in the S3 Glacier Deep Archive storage class or S3 Intelligent-Tiering Deep Archive tier. Bulk retrievals are free for objects stored in S3 Intelligent-Tiering.

For more information about archive retrieval options and provisioned capacity for Expedited data access, see Restoring Archived Objects in the Amazon S3 User Guide.

You can use Amazon S3 restore speed upgrade to change the restore speed to a faster speed while it is in progress. For more information, see Upgrading the speed of an in-progress restore in the Amazon S3 User Guide.

To get the status of object restoration, you can send a HEAD request. Operations return the x-amz-restore header, which provides information about the restoration status, in the response. You can use Amazon S3 event notifications to notify you when a restore is initiated or completed. For more information, see Configuring Amazon S3 Event Notifications in the Amazon S3 User Guide.

After restoring an archived object, you can update the restoration period by reissuing the request with a new period. Amazon S3 updates the restoration period relative to the current time and charges only for the request-there are no data transfer charges. You cannot update the restoration period when Amazon S3 is actively processing your current restore request for the object.

If your bucket has a lifecycle configuration with a rule that includes an expiration action, the object expiration overrides the life span that you specify in a restore request. For example, if you restore an object copy for 10 days, but the object is scheduled to expire in 3 days, Amazon S3 deletes the object in 3 days. For more information about lifecycle configuration, see PutBucketLifecycleConfiguration and Object Lifecycle Management in Amazon S3 User Guide.

Responses

A successful action returns either the 200 OK or 202 Accepted status code.

  • If the object is not previously restored, then Amazon S3 returns 202 Accepted in the response.

  • If the object is previously restored, Amazon S3 returns 200 OK in the response.

Special Errors

    • Code: RestoreAlreadyInProgress

    • Cause: Object restore is already in progress. (This error does not apply to SELECT type requests.)

    • HTTP Status Code: 409 Conflict

    • SOAP Fault Code Prefix: Client

    • Code: GlacierExpeditedRetrievalNotAvailable

    • Cause: expedited retrievals are currently not available. Try again later. (Returned if there is insufficient capacity to process the Expedited request. This error applies only to Expedited retrievals and not to S3 Standard or Bulk retrievals.)

    • HTTP Status Code: 503

    • SOAP Fault Code Prefix: N/A

Related Resources

Class RestoreObjectResponse

Returns information about the RestoreObject response metadata. The RestoreObject operation has a void result type.

Class RoutingRule

Routing Rule

Class RoutingRuleCondition

A container for describing a condition that must be met for the specified redirect to apply. For example, 1. If request is for pages in the /docs folder, redirect to the /documents folder. 2. If request results in HTTP error 4xx, redirect request to another host where you might process the error.

Class RoutingRuleRedirect

Container for redirect information. You can redirect requests to another host, to another page, or with another protocol. In the event of an error, you can can specify a different error code to return.

Class S3AccessControlList

Represents an access control list (ACL) for S3. An AccessControlList is represented by an Owner, and a List of Grants, where each Grant is a Grantee and a Permission.

Class S3Bucket

In terms of implementation, a Bucket is a resource. An Amazon S3 bucket name is globally unique, and the namespace is shared by all Amazon Web Services accounts.

Class S3BucketLoggingConfig

Describes where logs are stored and the prefix that Amazon S3 assigns to all log object keys for a bucket. For more information, see PUT Bucket logging in the Amazon S3 API Reference.

Class S3BucketVersioningConfig

Describes the versioning state of an Amazon S3 bucket. For more information, see PUT Bucket versioning in the Amazon S3 API Reference.

Class S3Encryption

Describes the server-side encryption that will be applied to the restore results.

Class S3EventStreamException

Modeled Exception that either comes over the stream from the service model, or wraps other exceptions for the purpose of raising events. If it is modelled, it will be a subclass.

Class S3Grant

Container for granting information.

Buckets that use the bucket owner enforced setting for Object Ownership don't support target grants. For more information, see Permissions server access log delivery in the Amazon S3 User Guide.

Class S3Grantee

Grantee

Class S3KeyFilter

Filter criteria that allows for event notification filtering based on an S3 Object's key name.

Class S3Location

Describes an S3 location that will receive the results of the restore request.

Class S3Object

Represents an S3 Object. Contains all attributes that an S3 Object has. For more information about S3 Objects refer: http://docs.amazonwebservices.com/AmazonS3/latest/UsingObjects.html

Class S3ObjectVersion

Represents a version of an object in an S3 Bucket. An S3 object version is an S3 object that also has a version identifier, an indication of whether this is the latest version of the object and whether it's a DeleteMarker or not.

Class S3PaginatorFactory

Paginators for the S3 service

Class ScanRange

Specifies the byte range of the object to get the records from. A record is processed when its first byte is contained by the range.

Class SelectObjectContentEventStream

A Stream of Events returned by the SelectObjectContent operation. Events can be retrieved from this stream by either attaching handlers to listen events, and then call StartProcessing orenumerating over the events.

These options should be treaded as mutually exclusive.

Class SelectObjectContentRequest
Class SelectObjectContentResponse

Contains the response Payload for the SelectObjectContent request

Class SelectParameters

Describes the parameters for Select job types.

Class ServerSideEncryptionByDefault

Describes the default server-side encryption to apply to new objects in the bucket. If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied. For more information, see PUT Bucket encryption in the Amazon S3 API Reference.

Class ServerSideEncryptionConfiguration

ServerSideEncryptionConfiguration class

Class ServerSideEncryptionRule

ServerSideEncryptionRule class

Class SourceSelectionCriteria

A container that describes additional filters for identifying the source objects that you want to replicate. You can choose to enable or disable the replication of these objects. Currently, Amazon S3 supports only the filter that you can specify for objects created with server-side encryption using a customer managed key stored in Amazon Web Services Key Management Service (SSE-KMS).

Class SSEKMS

SSEKMS class

Class SseKmsEncryptedObjects

A container for filter information for the selection of S3 objects encrypted with Amazon Web Services KMS.

Class SSES3

SSES3 class

Class Stats

The Stats event details.

Class StatsEvent

The Stats Event.

Class StorageClassAnalysis

Class for StorageClassAnalysis

Class StorageClassAnalysisDataExport

Class for StorageClassAnalysisDataExport

Class StreamResponse

Base class for responses that return a stream.

Class StreamSizeMismatchException

The exception that is thrown when the size of a stream does not match it's expected size.

Class Tag

Tag is a key-value pair of metadata associated with an S3Object

Class Tagging

Structure that contains list of Tags

Class Tiering

The S3 Intelligent-Tiering storage class is designed to optimize storage costs by automatically moving data to the most cost-effective storage access tier, without additional operational overhead.

Class TopicConfiguration

This class contains the configuration Amazon S3 uses to figure out what events you want to listen and send the event to an Amazon SNS topic.

The topic's policy must allow S3 to publish messages to it. The utility method Amazon.SimpleNotificationService.AmazonSimpleNotificationServiceClient.AuthorizeS3ToPublish(string,string) can be used to help setup the topic policy.

Class TransferProgressArgs

Arguments containing event details for an in-flight transfer.

Class UnknownEventStreamEvent

This Event is returned if an event is retrieved from the event stream, but a generator function for the event is not defined.

Class UploadPartRequest

Container for the parameters to the UploadPart operation. Uploads a part in a multipart upload.

In this operation, you provide part data in your request. However, you have an option to specify your existing Amazon S3 object as a data source for the part you are uploading. To upload a part from an existing object, you use the UploadPartCopy operation.

You must initiate a multipart upload (see CreateMultipartUpload) before you can upload any part. In response to your initiate request, Amazon S3 returns an upload ID, a unique identifier, that you must include in your upload part request.

Part numbers can be any number from 1 to 10,000, inclusive. A part number uniquely identifies a part and also defines its position within the object being created. If you upload a new part using the same part number that was used with a previous part, the previously uploaded part is overwritten.

For information about maximum and minimum part sizes and other multipart upload specifications, see Multipart upload limits in the Amazon S3 User Guide.

To ensure that data is not corrupted when traversing the network, specify the Content-MD5 header in the upload part request. Amazon S3 checks the part data against the provided MD5 value. If they do not match, Amazon S3 returns an error.

If the upload request is signed with Signature Version 4, then Amazon Web Services S3 uses the x-amz-content-sha256 header as a checksum instead of Content-MD5. For more information see Authenticating Requests: Using the Authorization Header (Amazon Web Services Signature Version 4).

Note: After you initiate multipart upload and upload one or more parts, you must either complete or abort multipart upload in order to stop getting charged for storage of the uploaded parts. Only after you either complete or abort multipart upload, Amazon S3 frees up the parts storage and stops charging you for the parts storage.

For more information on multipart uploads, go to Multipart Upload Overview in the Amazon S3 User Guide .

For information on the permissions required to use the multipart upload API, go to Multipart Upload and Permissions in the Amazon S3 User Guide.

You can optionally request server-side encryption where Amazon S3 encrypts your data as it writes it to disks in its data centers and decrypts it for you when you access it. You have the option of providing your own encryption key, or you can use the Amazon Web Services managed encryption keys. If you choose to provide your own encryption key, the request headers you provide in the request must match the headers you used in the request to initiate the upload by using CreateMultipartUpload. For more information, go to Using Server-Side Encryption in the Amazon S3 User Guide.

Server-side encryption is supported by the S3 Multipart Upload actions. Unless you are using a customer-provided encryption key, you don't need to specify the encryption parameters in each UploadPart request. Instead, you only need to specify the server-side encryption parameters in the initial Initiate Multipart request. For more information, see CreateMultipartUpload.

If you requested server-side encryption using a customer-provided encryption key in your initiate multipart upload request, you must provide identical encryption information in each part upload using the following headers.

  • x-amz-server-side-encryption-customer-algorithm

  • x-amz-server-side-encryption-customer-key

  • x-amz-server-side-encryption-customer-key-MD5

Special Errors

    • Code: NoSuchUpload

    • Cause: The specified multipart upload does not exist. The upload ID might be invalid, or the multipart upload might have been aborted or completed.

    • HTTP Status Code: 404 Not Found

    • SOAP Fault Code Prefix: Client

Related Resources

Class UploadPartResponse

Returns information about the UploadPart response and response metadata.

Class WebsiteConfiguration

Website Configuration

Class WriteGetObjectResponseRequest

Container for the parameters to the WriteGetObjectResponse operation. Passes transformed objects to a GetObject operation when using Object Lambda Access Points. For information about Object Lambda Access Points, see Transforming objects with Object Lambda Access Points in the Amazon S3 User Guide.

This operation supports metadata that can be returned by GetObject, in addition to RequestRoute, RequestToken, StatusCode, ErrorCode, and ErrorMessage. The GetObject response metadata is supported so that the WriteGetObjectResponse caller, typically an Lambda function, can provide the same metadata when it internally invokes GetObject. When WriteGetObjectResponse is called by a customer-owned Lambda function, the metadata returned to the end user GetObject call might differ from what Amazon S3 would normally return.

You can include any number of metadata headers. When including a metadata header, it should be prefaced with x-amz-meta. For example,

x-amz-meta-my-custom-header:
            MyCustomValue
. The primary use case for this is to forward GetObject metadata.

Amazon Web Services provides some prebuilt Lambda functions that you can use with S3 Object Lambda to detect and redact personally identifiable information (PII) and decompress S3 objects. These Lambda functions are available in the Amazon Web Services Serverless Application Repository, and can be selected through the Amazon Web Services Management Console when you create your Object Lambda Access Point.

Example 1: PII Access Control - This Lambda function uses Amazon Comprehend, a natural language processing (NLP) service using machine learning to find insights and relationships in text. It automatically detects personally identifiable information (PII) such as names, addresses, dates, credit card numbers, and social security numbers from documents in your Amazon S3 bucket.

Example 2: PII Redaction - This Lambda function uses Amazon Comprehend, a natural language processing (NLP) service using machine learning to find insights and relationships in text. It automatically redacts personally identifiable information (PII) such as names, addresses, dates, credit card numbers, and social security numbers from documents in your Amazon S3 bucket.

Example 3: Decompression - The Lambda function S3ObjectLambdaDecompression, is equipped to decompress objects stored in S3 in one of six compressed file formats including bzip2, gzip, snappy, zlib, zstandard and ZIP.

For information on how to view and use these functions, see Using Amazon Web Services built Lambda functions in the Amazon S3 User Guide.

Class WriteGetObjectResponseResponse
Class WriteObjectProgressArgs

Encapsulates the information needed to provide download progress for the Write Object Event.

Interfaces

NameDescription
Interface IListMultipartUploadsPaginator

Paginator for the ListMultipartUploads operation

Interface IListObjectsPaginator

Paginator for the ListObjects operation

Interface IListObjectsV2Paginator

Paginator for the ListObjectsV2 operation

Interface IListPartsPaginator

Paginator for the ListParts operation

Interface IListVersionsPaginator

Paginator for the ListVersions operation

Interface IS3Event

Common Contract for S3 Events.

Interface IS3PaginatorFactory

Paginators for the S3 service

Interface ISelectObjectContentEventStream

The contract for the SelectObjectContentEventStream.