PutObjectRequest

If this value is set to true then the stream used with this request will be closed when all the content is read from the stream. Default: true.

If this value is set to true then the stream will be seeked back to the start before being read for upload. Default: true.

Gets and sets the property BucketKeyEnabled.

Specifies whether Amazon S3 should use an S3 Bucket Key for object encryption with server-side encryption using Key Management Service (KMS) keys (SSE-KMS).

General purpose buckets - Setting this header to true causes Amazon S3 to use an S3 Bucket Key for object encryption with SSE-KMS. Also, specifying this header with a PUT action doesn't affect bucket-level settings for S3 Bucket Key.

Directory buckets - S3 Bucket Keys are always enabled for GET and PUT operations in a directory bucket and can't be disabled. S3 Bucket Keys aren't supported, when you copy SSE-KMS encrypted objects from general purpose buckets to directory buckets, from directory buckets to general purpose buckets, or between directory buckets, through CopyObject, UploadPartCopy, the Copy operation in Batch Operations, or the import jobs. In this case, Amazon S3 makes a call to KMS every time a copy request is made for a KMS-encrypted object.

Gets and sets the property BucketName.

The bucket name to which the PUT action was initiated.

Directory buckets - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. Path-style requests are not supported. Directory bucket names must be unique in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide.

Access points - When you use this action with an access point, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.

S3 on Outposts - When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts? in the Amazon S3 User Guide.

Gets or sets whether the Content-MD5 header should be calculated for upload.

The base64-encoded 128-bit MD5 digest of the message (without the headers) according to RFC 1864. This header can be used as a message integrity check to verify that the data is the same data that was originally sent. Although it is optional, we recommend using the Content-MD5 mechanism as an end-to-end integrity check. For more information about REST request authentication, see REST Authentication.

Gets and sets the property CannedACL.

The canned ACL to apply to the object. For more information, see Canned ACL in the Amazon S3 User Guide.

When adding a new object, you can use headers to grant ACL-based permissions to individual Amazon Web Services accounts or to predefined groups defined by Amazon S3. These permissions are then added to the ACL on the object. By default, all objects are private. Only the owner has full access control. For more information, see Access Control List (ACL) Overview and Managing ACLs Using the REST API in the Amazon S3 User Guide.

If the bucket that you're uploading objects to uses the bucket owner enforced setting for S3 Object Ownership, ACLs are disabled and no longer affect permissions. Buckets that use this setting only accept PUT requests that don't specify an ACL or PUT requests that specify bucket owner full control ACLs, such as the bucket-owner-full-control canned ACL or an equivalent form of this ACL expressed in the XML format. PUT requests that contain other ACLs (for example, custom grants to certain Amazon Web Services accounts) fail and return a 400 error with the error code AccessControlListNotSupported. For more information, see Controlling ownership of objects and disabling ACLs in the Amazon S3 User Guide.

Gets and sets the property ChecksumAlgorithm.

Indicates the algorithm used to create the checksum for the object when you use the SDK. This header will not provide any additional functionality if you don't use the SDK. When you send this header, there must be a corresponding x-amz-checksum-algorithm or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the HTTP status code 400 Bad Request.

For the x-amz-checksum-algorithm header, replace algorithm with the supported algorithm from the following list:

• CRC32

• CRC32C

• SHA1

• SHA256

For more information, see Checking object integrity in the Amazon S3 User Guide.

If the individual checksum value you provide through x-amz-checksum-algorithm doesn't match the checksum algorithm you set through x-amz-sdk-checksum-algorithm, Amazon S3 ignores any provided ChecksumAlgorithm parameter and uses the checksum algorithm that matches the provided value in x-amz-checksum-algorithm.

Gets and sets the property ChecksumCRC32.

This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This specifies the base64-encoded, 32-bit CRC32 checksum of the object. For more information, see Checking object integrity in the Amazon S3 User Guide.

Gets and sets the property ChecksumCRC32C.

This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This specifies the base64-encoded, 32-bit CRC32C checksum of the object. For more information, see Checking object integrity in the Amazon S3 User Guide.

Gets and sets the property ChecksumSHA1.

This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This specifies the base64-encoded, 160-bit SHA-1 digest of the object. For more information, see Checking object integrity in the Amazon S3 User Guide.

Gets and sets the property ChecksumSHA256.

This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This specifies the base64-encoded, 256-bit SHA-256 digest of the object. For more information, see Checking object integrity in the Amazon S3 User Guide.

Text content to be uploaded. Use this property if you want to upload plaintext to S3. The content type will be set to 'text/plain'.

This is a convenience property for Headers.ContentType.

WARNING: Setting DisableDefaultChecksumValidation to true disables the default data integrity check on upload requests.

When true, checksum verification will not be used in upload requests. This may increase upload performance under high CPU loads. Setting DisableDefaultChecksumValidation sets the deprecated property DisableMD5Stream to the same value. The default value is false. Set this value to true to disable the default checksum validation used in all S3 upload requests or override this value per request by setting the DisableDefaultChecksumValidation property on Amazon.S3.Model.PutObjectRequest, Amazon.S3.Model.UploadPartRequest, or Amazon.S3.Transfer.TransferUtilityUploadRequest.

Checksums, SigV4 payload signing, and HTTPS each provide some data integrity verification. If DisableDefaultChecksumValidation is true and DisablePayloadSigning is true, then the possibility of data corruption is completely dependent on HTTPS being the only remaining source of data integrity verification.

This flag is a rename of the Amazon.S3.Model.PutObjectRequest.DisableMD5Stream property

WARNING: Setting DisableMD5Stream to true disables the MD5 data integrity check on upload requests.This property has been deprecated in favor of Amazon.S3.Model.PutObjectRequest.DisableDefaultChecksumValidation Setting the value of DisableMD5Stream will set DisableDefaultChecksumValidation to the same value and vice versa. This property was left here for backwards compatibility.

When true, MD5Stream will not be used in upload requests. This may increase upload performance under high CPU loads. The default value is false. Set this value to true to disable MD5Stream use in all S3 upload requests or override this value per request by setting the DisableMD5Stream property on PutObjectRequest, UploadPartRequest, or TransferUtilityUploadRequest.

MD5Stream, SigV4 payload signing, and HTTPS each provide some data integrity verification. If DisableMD5Stream is true and DisablePayloadSigning is true, then the possibility of data corruption is completely dependant on HTTPS being the only remaining source of data integrity verification.

WARNING: Setting DisablePayloadSigning to true disables the SigV4 payload signing data integrity check on this request.

If using SigV4, the DisablePayloadSigning flag controls if the payload should be signed on a request by request basis. By default this flag is null which will use the default client behavior. The default client behavior is to sign the payload. When DisablePayloadSigning is true, the request will be signed with an UNSIGNED-PAYLOAD value. Setting DisablePayloadSigning to true requires that the request is sent over a HTTPS connection.

Under certain circumstances, such as uploading to S3 while using MD5 hashing, it may be desireable to use UNSIGNED-PAYLOAD to decrease signing CPU usage. This flag only applies to Amazon S3 PutObject and UploadPart requests.

MD5Stream, SigV4 payload signing, and HTTPS each provide some data integrity verification. If DisableMD5Stream is true and DisablePayloadSigning is true, then the possibility of data corruption is completely dependant on HTTPS being the only remaining source of data integrity verification.

Gets and sets the property ExpectedBucketOwner.

The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code 403 Forbidden (access denied).

The full path and name to a file to be uploaded. If this is set the request will upload the specified file to S3.

For WinRT and Windows Phone this property must be in the form of "ms-appdata:///local/file.txt".

The collection of headers for the request.

Uploads the object only if the object key name does not already exist in the bucket specified. Otherwise, Amazon S3 returns a 412 Precondition Failed error.

If a conflicting operation occurs during the upload S3 returns a 409 ConditionalRequestConflict response. On a 409 failure you should re-initiate the multipart upload with CreateMultipartUpload and re-upload each part.

Expects the '*' (asterisk) character.

For more information about conditional requests, see RFC 7232, or Conditional requests in the Amazon S3 User Guide.

Input stream for the request; content for the request will be read from the stream.

Gets and sets Key property. This key is used to identify the object in S3.

An MD5 digest for the content.

The collection of meta data for the request.

Gets and sets the property ObjectLockLegalHoldStatus.

Specifies whether a legal hold will be applied to this object. For more information about S3 Object Lock, see Object Lock in the Amazon S3 User Guide.

Gets and sets the property ObjectLockMode.

The Object Lock mode that you want to apply to this object.

Gets and sets the property ObjectLockRetainUntilDate.

The date and time when you want this object's Object Lock to expire. Must be formatted as a timestamp parameter.

Overrides the default ReadWriteTimeout value.

Confirms that the requester knows that she or he will be charged for the request. Bucket owners need not specify this parameter in their requests.

The Server-side encryption algorithm to be used with the customer provided key.

This functionality is not supported for directory buckets.

The base64-encoded encryption key for Amazon S3 to use to encrypt the object

Using the encryption key you provide as part of your request Amazon S3 manages both the encryption, as it writes to disks, and decryption, when you access your objects. Therefore, you don't need to maintain any data encryption code. The only thing you do is manage the encryption keys you provide.

When you retrieve an object, you must provide the same encryption key as part of your request. Amazon S3 first verifies the encryption key you provided matches, and then decrypts the object before returning the object data to you.

Important: Amazon S3 does not store the encryption key you provide.

The MD5 of the customer encryption key specified in the ServerSideEncryptionCustomerProvidedKey property. The MD5 is base 64 encoded. This field is optional, the SDK will calculate the MD5 if this is not set.

This functionality is not supported for directory buckets.

Gets and sets the property ServerSideEncryptionKeyManagementServiceEncryptionContext.

Specifies the Amazon Web Services KMS Encryption Context as an additional encryption context to use for object encryption. The value of this header is a Base64-encoded string of a UTF-8 encoded JSON, which contains the encryption context as key-value pairs. This value is stored as object metadata and automatically gets passed on to Amazon Web Services KMS for future GetObject operations on this object.

General purpose buckets - This value must be explicitly added during CopyObject operations if you want an additional encryption context for your object. For more information, see Encryption context in the Amazon S3 User Guide.

Directory buckets - You can optionally provide an explicit encryption context value. The value must match the default encryption context - the bucket Amazon Resource Name (ARN). An additional encryption context value is not supported.

Specifies the KMS key ID (Key ID, Key ARN, or Key Alias) to use for object encryption. If the KMS key doesn't exist in the same account that's issuing the command, you must use the full Key ARN not the Key ID.

General purpose buckets - If you specify x-amz-server-side-encryption with aws:kms or aws:kms:dsse, this header specifies the ID (Key ID, Key ARN, or Key Alias) of the KMS key to use. If you specify x-amz-server-side-encryption:aws:kms or x-amz-server-side-encryption:aws:kms:dsse, but do not provide x-amz-server-side-encryption-aws-kms-key-id, Amazon S3 uses the Amazon Web Services managed key (aws/s3) to protect the data.

Directory buckets - If you specify x-amz-server-side-encryption with aws:kms, you must specify the x-amz-server-side-encryption-aws-kms-key-id header with the ID (Key ID or Key ARN) of the KMS symmetric encryption customer managed key to use. Otherwise, you get an HTTP 400 Bad Request error. Only use the key ID or key ARN. The key alias format of the KMS key isn't supported. Your SSE-KMS configuration can only support 1 customer managed key per directory bucket for the lifetime of the bucket. Amazon Web Services managed key (aws/s3) isn't supported.

Gets and sets the property ServerSideEncryptionMethod.

The server-side encryption algorithm that was used when you store this object in Amazon S3 (for example, AES256, aws:kms, aws:kms:dsse).

• General purpose buckets - You have four mutually exclusive options to protect data using server-side encryption in Amazon S3, depending on how you choose to manage the encryption keys. Specifically, the encryption key options are Amazon S3 managed keys (SSE-S3), Amazon Web Services KMS keys (SSE-KMS or DSSE-KMS), and customer-provided keys (SSE-C). Amazon S3 encrypts data with server-side encryption by using Amazon S3 managed keys (SSE-S3) by default. You can optionally tell Amazon S3 to encrypt data at rest by using server-side encryption with other key options. For more information, see Using Server-Side Encryption in the Amazon S3 User Guide.

• Directory buckets - For directory buckets, there are only two supported options for server-side encryption: server-side encryption with Amazon S3 managed keys (SSE-S3) (AES256) and server-side encryption with KMS keys (SSE-KMS) (aws:kms). We recommend that the bucket's default encryption uses the desired encryption configuration and you don't override the bucket default encryption in your CreateSession requests or PUT object requests. Then, new objects are automatically encrypted with the desired encryption settings. For more information, see Protecting data with server-side encryption in the Amazon S3 User Guide. For more information about the encryption overriding behaviors in directory buckets, see Specifying server-side encryption with KMS for new object uploads.

  In the Zonal endpoint API calls (except CopyObject and UploadPartCopy) using the REST API, the encryption request headers must match the encryption settings that are specified in the CreateSession request. You can't override the values of the encryption settings (x-amz-server-side-encryption, x-amz-server-side-encryption-aws-kms-key-id, x-amz-server-side-encryption-context, and x-amz-server-side-encryption-bucket-key-enabled) that are specified in the CreateSession request. You don't need to explicitly specify these encryption settings values in Zonal endpoint API calls, and Amazon S3 will use the encryption settings values from the CreateSession request to protect new objects in the directory bucket.

  When you use the CLI or the Amazon Web Services SDKs, for CreateSession, the session token refreshes automatically to avoid service interruptions when a session expires. The CLI or the Amazon Web Services SDKs use the bucket's default encryption configuration for the CreateSession request. It's not supported to override the encryption settings values in the CreateSession request. So in the Zonal endpoint API calls (except CopyObject and UploadPartCopy), the encryption request headers must match the default encryption configuration of the directory bucket.

Gets and sets the property StorageClass.

By default, Amazon S3 uses the STANDARD Storage Class to store newly created objects. The STANDARD storage class provides high durability and high availability. Depending on performance needs, you can specify a different Storage Class. For more information, see Storage Classes in the Amazon S3 User Guide.

Attach a callback that will be called as data is being sent to the AWS Service.

The tag-set for the object. The tag-set must be encoded as URL Query parameters.

This functionality is not supported for directory buckets.

Overrides the default request timeout value.

If this value is set to true then a chunked encoding upload will be used for the request. Default: true.

Gets and sets the property WebsiteRedirectLocation.

If the bucket is configured as a website, redirects requests for this object to another object in the same bucket or to an external URL. Amazon S3 stores the value of this header in the object metadata. For information about object metadata, see Object Key and Metadata in the Amazon S3 User Guide.

In the following example, the request header sets the redirect to an object (anotherPage.html) in the same bucket:

x-amz-website-redirect-location: /anotherPage.html

In the following example, the request header sets the object redirect to another website:

x-amz-website-redirect-location: http://www.example.com/

For more information about website hosting in Amazon S3, see Hosting Websites on Amazon S3 and How to Configure Website Page Redirects in the Amazon S3 User Guide.