`. For more information, see [Accessing and listing an Amazon S3 bucket ](https://docs.aws.amazon.com//AmazonS3/latest/userguide/access-bucket-intro.html).
To help you find these errors during development, this type of redirect does not contain a Location HTTP header that allows you to automatically follow the request to the correct location. Consult the resulting XML error document for help using the correct Amazon S3 endpoint.
### Request redirection examples
The following are examples of temporary request redirection responses.
#### REST API temporary redirect response
```
1. HTTP/1.1 307 Temporary Redirect
2. Location: http://awsexamplebucket1.s3-gztb4pa9sq.amazonaws.com/photos/puppy.jpg?rk=e2c69a31
3. Content-Type: application/xml
4. Transfer-Encoding: chunked
5. Date: Fri, 12 Oct 2007 01:12:56 GMT
6. Server: AmazonS3
7.
8.
9.
10. TemporaryRedirect
11. Please re-send this request to the specified temporary endpoint.
12. Continue to use the original request endpoint for future requests.
13. awsexamplebucket1.s3-gztb4pa9sq.amazonaws.com
14.
```
#### SOAP API temporary redirect response
**Note**
SOAP APIs for Amazon S3 are not available for new customers, and are approaching End of Life (EOL) on October 31, 2025. We recommend that you use either the REST API or the AWS SDKs.
```
1.
2.
3. soapenv:Client.TemporaryRedirect
4. Please re-send this request to the specified temporary endpoint.
5. Continue to use the original request endpoint for future requests.
6.
7. images
8. s3-gztb4pa9sq.amazonaws.com
9.
10.
11.
```
## DNS considerations
One of the design requirements of Amazon S3 is extremely high availability. One of the ways we meet this requirement is by updating the IP addresses associated with the Amazon S3 endpoint in DNS as needed. These changes are automatically reflected in short-lived clients, but not in some long-lived clients. Long-lived clients will need to take special action to re-resolve the Amazon S3 endpoint periodically to benefit from these changes. For more information about virtual machines (VMs), refer to the following:
+ For Java, Sun's JVM caches DNS lookups forever by default; go to the "InetAddress Caching" section of [the InetAddress documentation](https://docs.oracle.com/javase/9/docs/api/java/net/InetAddress.html) for information on how to change this behavior.
+ For PHP, the persistent PHP VM that runs in the most popular deployment configurations caches DNS lookups until the VM is restarted. Go to [the getHostByName PHP docs.](http://us2.php.net/manual/en/function.gethostbyname.php)
# Developing with Amazon S3 using the AWS CLI
The Amazon S3 AWS CLI commands are organized into different sets in AWS CLI Command Reference and each has it’s own available commands. If you don't find the command that you're looking for in one set, check one of the other sets. The different sets are as follows:
+ `s3` – Describes high-level commands for working with objects and buckets. These include copy, list and move actions. For a complete list of commands in this set, see [s3](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/s3/index.html) in the AWS CLI Command Reference.
+ `s3api` – Describes low-level commands that manage S3 resources such as buckets, objects, sessions and multipart uploads. These commands correspond to the [Amazon S3 API](https://docs.aws.amazon.com/AmazonS3/latest/API/API_Operations_Amazon_Simple_Storage_Service.html) operations. For a complete list of CLI commands in this set, see [s3api](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/s3api/index.html) in the AWS CLI Command Reference.
+ `s3control` – Describes low-level commands that manage all other S3 resources such as Access Grants, Storage Lens groups, and Amazon S3 on Outposts buckets. These commands correspond to the [Amazon S3 Control](https://docs.aws.amazon.com/AmazonS3/latest/API/API_Operations_AWS_S3_Control.html) API operations. For a complete list of CLI commands in this set, see [s3control](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/s3control/index.html) in the AWS CLI Command Reference.
If you are having issues setting up the AWS CLI, see [see How do I resolve the "Unable to locate credentials" error in Amazon S3](https://repost.aws/knowledge-center/s3-locate-credentials-error) in the AWS re:Post Knowledge Center.
**Note**
Services in AWS, such as Amazon S3, require that you provide credentials when you access them. The service can then determine whether you have permissions to access the resources that it owns. The console requires your password. You can create access keys for your AWS account to access the AWS CLI or API. However, we don't recommend that you access AWS using the credentials for your AWS account. Instead, we recommend that you use AWS Identity and Access Management (IAM). Create an IAM user, add the user to an IAM group with administrative permissions, and then grant administrative permissions to the IAM user that you created. You can then access AWS using a special URL and the credentials of that IAM user. For instructions, go to [Creating Your First IAM user and Administrators Group](https://docs.aws.amazon.com/IAM/latest/UserGuide/getting-started_create-admin-group.html) in the *IAM User Guide*.
## Learn more about the AWS CLI
To learn more about the AWS, see the following resources:
+ [AWS Command Line Interface](https://aws.amazon.com/cli)
+ [AWS Command Line Interface User Guide for Version 2](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-welcome.html)
# Developing with Amazon S3 using the AWS SDKs
AWS software development kits (SDKs) are available for many popular programming languages. Each SDK provides an API, code examples, and documentation that make it easier for developers to build applications in their preferred language.
**Note**
You can use AWS Amplify for end-to-end fullstack development of web and mobile apps. Amplify Storage seamlessly integrates file storage and management capabilities into frontend web and mobile apps, built on top of Amazon S3. For more information, see [Storage](https://docs.amplify.aws/react/build-a-backend/storage/) in the Amplify user guide.
| SDK documentation | Code examples |
| --- | --- |
| [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/sdk-for-cpp) | [AWS SDK for C\$1\$1 code examples](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/cpp) |
| [AWS CLI](https://docs.aws.amazon.com/cli) | [AWS CLI code examples](https://docs.aws.amazon.com/code-library/latest/ug/cli_2_code_examples.html) |
| [AWS SDK for Go](https://docs.aws.amazon.com/sdk-for-go) | [AWS SDK for Go code examples](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/gov2) |
| [AWS SDK for Java](https://docs.aws.amazon.com/sdk-for-java) | [AWS SDK for Java code examples](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2) |
| [AWS SDK for JavaScript](https://docs.aws.amazon.com/sdk-for-javascript) | [AWS SDK for JavaScript code examples](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3) |
| [AWS SDK for Kotlin](https://docs.aws.amazon.com/sdk-for-kotlin) | [AWS SDK for Kotlin code examples](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/kotlin) |
| [AWS SDK for .NET](https://docs.aws.amazon.com/sdk-for-net) | [AWS SDK for .NET code examples](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3) |
| [AWS SDK for PHP](https://docs.aws.amazon.com/sdk-for-php) | [AWS SDK for PHP code examples](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/php) |
| [AWS Tools for PowerShell](https://docs.aws.amazon.com/powershell) | [Tools for PowerShell code examples](https://docs.aws.amazon.com/code-library/latest/ug/powershell_4_code_examples.html) |
| [AWS SDK for Python (Boto3)](https://docs.aws.amazon.com/pythonsdk) | [AWS SDK for Python (Boto3) code examples](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python) |
| [AWS SDK for Ruby](https://docs.aws.amazon.com/sdk-for-ruby) | [AWS SDK for Ruby code examples](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby) |
| [AWS SDK for Rust](https://docs.aws.amazon.com/sdk-for-rust) | [AWS SDK for Rust code examples](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/rustv1) |
| [AWS SDK for SAP ABAP](https://docs.aws.amazon.com/sdk-for-sapabap) | [AWS SDK for SAP ABAP code examples](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/sap-abap) |
| [AWS SDK for Swift](https://docs.aws.amazon.com/sdk-for-swift) | [AWS SDK for Swift code examples](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/swift) |
For specific examples, see [Code examples for Amazon S3 using AWS SDKs](service_code_examples.md).
## SDK Programming interfaces
Each AWS SDK provides one or more programmatic interfaces for working with Amazon S3. Each SDK provides a low-level interface for Amazon S3, with methods that closely resemble API operations. Some SDKs provide high-level interfaces for Amazon S3, that are abstractions intended to simplify common use cases.
For example, when you perform a multipart upload by using the low-level API operations, you use an operation to initiate the upload, another operation to upload parts, and a final operation to complete the upload. A high-level multipart upload API operation lets you to do all of the operations required for upload in a single API call. For examples, see [Uploading an object using multipart upload](https://docs.aws.amazon.com/AmazonS3/latest/userguide/mpu-upload-object.html) in the *Amazon S3 User Guide*.
Low-level API operations allow greater control over the upload. We recommend that you use the low-level API operations if you need to pause and resume uploads, vary part sizes during the upload, or begin uploads when you don't know the size of the data in advance.
# Specifying the Signature Version in request authentication
Amazon S3 supports only AWS Signature Version 4 in most AWS Regions. In some of the older AWS Regions, Amazon S3 supports both Signature Version 4 and Signature Version 2. However, Signature Version 2 is being turned off (deprecated). For more information about the end of support for Signature Version 2, see [AWS Signature Version 2 turned off (deprecated) for Amazon S3](#UsingAWSSDK-sig2-deprecation).
For a list of all the Amazon S3 Regions and the signature versions they support, see [Regions and Endpoints](https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) in the *AWS General Reference*.
For all AWS Regions, AWS SDKs use Signature Version 4 by default to authenticate requests. When using AWS SDKs that were released before May 2016, you might be required to request Signature Version 4, as shown in the following table.
| SDK | Requesting Signature Version 4 for Request Authentication |
| --- | --- |
| AWS CLI | For the default profile, run the following command: $ aws configure set default.s3.signature_version s3v4
For a custom profile, run the following command: $ aws configure set profile.your_profile_name.s3.signature_version s3v4
|
| Java SDK | Add the following in your code: System.setProperty(SDKGlobalConfiguration.ENABLE_S3_SIGV4_SYSTEM_PROPERTY, "true");
Or, on the command line, specify the following: -Dcom.amazonaws.services.s3.enableV4
|
| JavaScript SDK | Set the `signatureVersion` parameter to `v4` when constructing the client: var s3 = new AWS.S3({signatureVersion: 'v4'}); |
| PHP SDK | Set the `signature` parameter to `v4` when constructing the Amazon S3 service client for PHP SDK v2: $client = S3Client::factory([
'region' => 'YOUR-REGION',
'version' => 'latest',
'signature' => 'v4'
]);
When using the PHP SDK v3, set the `signature_version` parameter to `v4` during construction of the Amazon S3 service client: $s3 = new Aws\S3\S3Client([
'version' => '2006-03-01',
'region' => 'YOUR-REGION',
'signature_version' => 'v4'
]);
|
| Python-Boto SDK | Specify the following in the boto default config file: [s3] use-sigv4 = True
|
| Ruby SDK | Ruby SDK - Version 1: Set the `:s3_signature_version` parameter to `:v4` when constructing the client: s3 = AWS::S3::Client.new(:s3_signature_version => :v4)
Ruby SDK - Version 3: Set the `signature_version` parameter to `v4` when constructing the client: s3 = Aws::S3::Client.new(signature_version: 'v4')
|
| .NET SDK | Add the following to the code before creating the Amazon S3 client: AWSConfigsS3.UseSignatureVersion4 = true;
Or, add the following to the config file:
|
## AWS Signature Version 2 turned off (deprecated) for Amazon S3
Signature Version 2 is being turned off (deprecated) in Amazon S3. Amazon S3 will then only accept API requests that are signed using Signature Version 4.
This section provides answers to common questions regarding the end of support for Signature Version 2.
**What is Signature Version 2/4, and What Does It Mean to Sign Requests?**
The Signature Version 2 or Signature Version 4 signing process is used to authenticate your Amazon S3 API requests. Signing requests enables Amazon S3 to identify who is sending the request and protects your requests from bad actors.
For more information about signing AWS requests, see [Signing AWS API Requests](https://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html) in the *AWS General Reference*.
**What Update Are You Making?**
We currently support Amazon S3 API requests that are signed using Signature Version 2 and Signature Version 4 processes. After that, Amazon S3 will only accept requests that are signed using Signature Version 4.
For more information about signing AWS requests, see [Changes in Signature Version 4](https://docs.aws.amazon.com/general/latest/gr/sigv4_changes.html) in the *AWS General Reference*.
**Why Are You Making the Update?**
Signature Version 4 provides improved security by using a signing key instead of your secret access key. Signature Version 4 is currently supported in all AWS Regions, whereas Signature Version 2 is only supported in Regions that were launched before January 2014. This update allows us to provide a more consistent experience across all Regions.
**How Do I Ensure That I'm Using Signature Version 4, and What Updates Do I Need?**
The signature version that is used to sign your requests is usually set by the tool or the SDK on the client side. By default, the latest versions of our AWS SDKs use Signature Version 4. For third-party software, contact the appropriate support team for your software to confirm what version you need. If you are sending direct REST calls to Amazon S3, you must modify your application to use the Signature Version 4 signing process.
For information about which version of the AWS SDKs to use when moving to Signature Version 4, see [Moving from Signature Version 2 to Signature Version 4](#UsingAWSSDK-move-to-Sig4).
For information about using Signature Version 4 with the Amazon S3 REST API, see [Authenticating Requests (AWS Signature Version 4)](https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html) in the *Amazon Simple Storage Service API Reference*.
**What Happens if I Don't Make Updates?**
Requests signed with Signature Version 2 that are made after that will fail to authenticate with Amazon S3. Requesters will see errors stating that the request must be signed with Signature Version 4.
**Should I Make Changes Even if I’m Using a Presigned URL That Requires Me to Sign for More than 7 Days?**
If you are using a presigned URL that requires you to sign for more than 7 days, no action is currently needed. You can continue to use AWS Signature Version 2 to sign and authenticate the presigned URL. We will follow up and provide more details on how to migrate to Signature Version 4 for a presigned URL scenario.
### More Info
+ For more information about using Signature Version 4, see [Signing AWS API Requests](https://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html).
+ View the list of changes between Signature Version 2 and Signature Version 4 in [Changes in Signature Version 4](https://docs.aws.amazon.com/general/latest/gr/sigv4_changes.html).
+ View the post [AWS Signature Version 4 to replace AWS Signature Version 2 for signing Amazon S3 API requests](https://forums.aws.amazon.com/ann.jspa?annID=5816) in the AWS forums.
+ If you have any questions or concerns, contact [Support](https://docs.aws.amazon.com/awssupport/latest/user/getting-started.html).
## Moving from Signature Version 2 to Signature Version 4
If you currently use Signature Version 2 for Amazon S3 API request authentication, you should move to using Signature Version 4. Support is ending for Signature Version 2, as described in [AWS Signature Version 2 turned off (deprecated) for Amazon S3](#UsingAWSSDK-sig2-deprecation).
For information about using Signature Version 4 with the Amazon S3 REST API, see [Authenticating Requests (AWS Signature Version 4)](https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html) in the *Amazon Simple Storage Service API Reference*.
The following table lists the SDKs with the necessary minimum version to use Signature Version 4 (SigV4). If you are using presigned URLs with the AWS Java, JavaScript (Node.js), or Python (Boto/CLI) SDKs, you must set the correct AWS Region and set Signature Version 4 in the client configuration. For information about setting `SigV4` in the client configuration, see [Specifying the Signature Version in request authentication](#specify-signature-version).
| If you use this SDK/Product | Upgrade to this SDK version | Code change needed to the client to use Sigv4? | Link to SDK documentation |
| --- | --- | --- | --- |
| AWS SDK for Java v1 | Upgrade to Java 1.11.201\$1 or v2. | Yes | [Specifying the Signature Version in request authentication](#specify-signature-version) |
| AWS SDK for Java v2 | No SDK upgrade is needed. | No | [AWS SDK for Java](https://aws.amazon.com/sdk-for-java/) |
| AWS SDK for .NET v1 | Upgrade to 3.1.10 or later. | Yes | [AWS SDK for .NET](https://github.com/aws/aws-sdk-net/tree/aws-sdk-net-v1/) |
| AWS SDK for .NET v2 | Upgrade to 3.1.10 or later. | No | [AWS SDK for .NET v2](https://github.com/aws/aws-sdk-net/tree/aws-sdk-net-v2/) |
| AWS SDK for .NET v3 | Upgrade to 3.3.0.0 or later. | Yes | [AWS SDK for .NET v3](https://github.com/aws/aws-sdk-net) |
| AWS SDK for JavaScript v1 | Upgrade to 2.68.0 or later. | Yes | [AWS SDK for JavaScript](https://github.com/aws/aws-sdk-js) |
| AWS SDK for JavaScript v2 | Upgrade to 2.68.0 or later. | Yes | [AWS SDK for JavaScript](https://github.com/aws/aws-sdk-js) |
| AWS SDK for JavaScript v3 | No action is currently needed. Upgrade to major version V3 in Q3 2019. | No | [AWS SDK for JavaScript](https://github.com/aws/aws-sdk-js) |
| AWS SDK for PHP v1 | Recommend to upgrade to the most recent version of PHP or, at least to v2.7.4 with the signature parameter set to v4 in the S3 client's configuration. | Yes | [AWS SDK for PHP](https://aws.amazon.com/sdk-for-php/) |
| AWS SDK for PHP v2 | Recommend to upgrade to the most recent version of PHP or, at least to v2.7.4 with the signature parameter set to v4 in the S3 client's configuration. | No | [AWS SDK for PHP](https://aws.amazon.com/sdk-for-php/) |
| AWS SDK for PHP v3 | No SDK upgrade is needed. | No | [AWS SDK for PHP](https://aws.amazon.com/sdk-for-php/) |
| Boto2 | Upgrade to Boto2 v2.49.0. | Yes | [Boto 2 Upgrade](https://github.com/boto/boto/commit/16729da27b95d6dbbd81bcebb43bcf099ce23fd3) |
| Boto3 | Upgrade to 1.5.71 (Botocore), 1.4.6 (Boto3). | Yes | [Boto 3 - AWS SDK for Python](https://github.com/boto/boto3) |
| AWS CLI | Upgrade to 1.11.108. | Yes | [AWS Command Line Interface](https://aws.amazon.com/cli/) |
| AWS CLI v2 (preview) | No SDK upgrade is needed. | No | [AWS Command Line Interface version 2](https://github.com/aws/aws-cli/tree/v2) |
| AWS SDK for Ruby v1 | Upgrade to Ruby V3. | Yes | [Ruby V3 for AWS](https://rubygems.org/gems/aws-sdk/versions) |
| AWS SDK for Ruby v2 | Upgrade to Ruby V3. | Yes | [Ruby V3 for AWS](https://rubygems.org/gems/aws-sdk/versions) |
| AWS SDK for Ruby v3 | No SDK upgrade is needed. | No | [Ruby V3 for AWS](https://rubygems.org/gems/aws-sdk/versions) |
| Go | No SDK upgrade is needed. | No | [AWS SDK for Go](https://aws.amazon.com/sdk-for-go/) |
| C\$1\$1 | No SDK upgrade is needed. | No | [AWS SDK for C\$1\$1](https://aws.amazon.com/sdk-for-cpp/) |
**AWS Tools for Windows PowerShell or AWS Tools for PowerShell Core**
If you are using module versions *earlier* than 3.3.0.0, you must upgrade to 3.3.0.0.
To get the version information, use the `Get-Module` cmdlet:
```
Get-Module –Name AWSPowershell
Get-Module –Name AWSPowershell.NetCore
```
To update the 3.3.0.0 version, use the `Update-Module` cmdlet:
```
Update-Module –Name AWSPowershell
Update-Module –Name AWSPowershell.NetCore
```
You can use presigned URLs that are valid for more than 7 days that you will send Signature Version 2 traffic on.
# Getting Amazon S3 request IDs for AWS Support
Whenever you contact AWS Support because you've encountered errors or unexpected behavior in Amazon S3, you must provide the request IDs associated with the failed action. AWS Support uses these request IDs to help resolve the problems that you're experiencing.
Request IDs come in pairs, are returned in every response that Amazon S3 processes (even the erroneous ones), and can be accessed through verbose logs. There are a number of common methods for getting your request IDs, including S3 server access logs and AWS CloudTrail events or data events.
After you've recovered these logs, copy and retain those two values, because you'll need them when you contact AWS Support. For information about contacting AWS Support, see [Contact AWS](https://aws.amazon.com/contact-us/) or the [AWS Support Documentation](https://aws.amazon.com/documentation/aws-support/).
**Topics**
+ [
## Using the AWS CLI to obtain request IDs
](#cli-request-id)
+ [
## Using Windows PowerShell to obtain request IDs
](#powershell-request-id)
+ [
## Using AWS CloudTrail data events to obtain request IDs
](#cloudtrail-request-id)
+ [
## Using S3 server access logging to obtain request IDs
](#server-access-log-request-id)
+ [
## Using HTTP to obtain request IDs
](#http-request-id)
+ [
## Using a web browser to obtain request IDs
](#browser-request-id)
+ [
## Using the AWS SDKs to obtain request IDs
](#sdk-request-ids)
## Using the AWS CLI to obtain request IDs
To get your request IDs when using the AWS Command Line Interface (AWS CLI), add `--debug` to your command. For example you should see `x-amz-request-id` and `x-amz-id-2` in the debug log as shown below:
```
...
2025-04-30 14:35:28,572 - MainThread - botocore.parsers - DEBUG - Response headers: {'x-amz-id-2': 'a+zm50vDJH3LLmCiXvwEo0u0PtPS/qCJaBvB2ZMH9dzyzTiJhiLZkBFFoRfsPfOKztUKT/garCI=', 'x-amz-request-id': 'N4NMN0MJ4VDFZMX9', 'Date': 'Wed, 30 Apr 2025 21:35:29 GMT', 'Content-Type': 'application/xml', 'Transfer-Encoding': 'chunked', 'Server': 'AmazonS3'}
...
```
## Using Windows PowerShell to obtain request IDs
For information on recovering logs with Windows PowerShell, see the [Response Logging in AWS Tools for Windows PowerShell](https://aws.amazon.com/blogs/developer/response-logging-in-aws-tools-for-windows-powershell/) in the *AWS Developer Tools Blog*.
## Using AWS CloudTrail data events to obtain request IDs
An Amazon S3 bucket that is configured with CloudTrail data events to log S3 object-level API operations provides detailed information about actions that are taken by a user, role, or an AWS service in Amazon S3. You can identify S3 request IDs by querying CloudTrail events with Athena.
For more information, see [Identifying Amazon S3 requests using CloudTrail](https://docs.aws.amazon.com/AmazonS3/latest/userguide/cloudtrail-request-identification.html) in the *Amazon Simple Storage Service User Guide*.
## Using S3 server access logging to obtain request IDs
An Amazon S3 bucket configured for S3 server access logging provides detailed records for each request that is made to the bucket. You can identify S3 request IDs by querying the server access logs using Athena.
For more information, see [Querying access logs for requests by using Amazon Athena](https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-s3-access-logs-to-identify-requests.html#querying-s3-access-logs-for-requests) in the *Amazon Simple Storage Service User Guide*.
## Using HTTP to obtain request IDs
You can obtain your request IDs, `x-amz-request-id` and `x-amz-id-2` by logging the bits of an HTTP request before it reaches the target application. There are a variety of third-party tools that can be used to recover verbose logs for HTTP requests. Choose one that you trust, and then run the tool to listen on the port that your Amazon S3 traffic travels on, as you send out another Amazon S3 HTTP request.
For HTTP requests, the pair of request IDs will look like the following:
```
x-amz-request-id: 79104EXAMPLEB723
x-amz-id-2: IOWQ4fDEXAMPLEQM+ey7N9WgVhSnQ6JEXAMPLEZb7hSQDASK+Jd1vEXAMPLEa3Km
```
**Note**
HTTPS requests are encrypted and hidden in most packet captures.
## Using a web browser to obtain request IDs
Most web browsers have developer tools that you can use to view request headers.
For web browser-based requests that return an error, the pair of requests IDs will look like the following examples.
```
AccessDeniedAccess Denied
79104EXAMPLEB723IOWQ4fDEXAMPLEQM+ey7N9WgVhSnQ6JEXAMPLEZb7hSQDASK+Jd1vEXAMPLEa3Km
```
To obtain the request ID pair from successful requests, use your browser's developer tools to look at the HTTP response headers.
## Using the AWS SDKs to obtain request IDs
The following sections include information for configuring logging by using different AWS SDKs.
**Note**
Although you can enable verbose logging on every request and response, we don't recommend enabling logging in production systems, because large requests or responses can significantly slow down an application.
For AWS SDK requests, the pair of request IDs will look like the following:
```
Status Code: 403, AWS Service: Amazon S3, AWS Request ID: 79104EXAMPLEB723
AWS Error Code: AccessDenied AWS Error Message: Access Denied
S3 Extended Request ID: IOWQ4fDEXAMPLEQM+ey7N9WgVhSnQ6JEXAMPLEZb7hSQDASK+Jd1vEXAMPLEa3Km
```
------
#### [ C\$1\$1 ]
The type of logger and the verbosity are specified during the SDK initialization in the `SDKOptions` argument. The following example specifies the verbosity level as `LogLevel::Debug`.
The default logger will write to the filesystem and the file is named using the following convention `aws_sdk_YYYY-MM-DD-HH.log`. The logger creates a new file on the hour.
```
Aws::SDKOptions options;
options.loggingOptions.logLevel = Aws::Utils::Logging::LogLevel::Debug;
Aws::InitAPI(options);
// ...
Aws::ShutdownAPI(options);
```
For more information, see [How do I turn on logging?](https://github.com/aws/aws-sdk-cpp/wiki#how-do-i-turn-on-logging) in the *AWS SDK for C\$1\$1 wiki on GitHub*.
------
#### [ Go ]
You can configure logging by using SDK for Go. For more information, see [Logging](https://docs.aws.amazon.com/sdk-for-go/v2/developer-guide/configure-logging.html) in the *AWS SDK for Go v2 Developer Guide*.
------
#### [ Java ]
You can enable logging for specific requests or responses to catch and return only relevant headers. To do this, import the `com.amazonaws.services.s3.S3ResponseMetadata` class. Afterward, you can store the request in a variable before performing the actual request. To get the logged request or response, call `getCachedResponseMetadata(AmazonWebServiceRequest request).getRequestID()`.
```
PutObjectRequest req = new PutObjectRequest(bucketName, key, createSampleFile());
s3.putObject(req);
S3ResponseMetadata md = s3.getCachedResponseMetadata(req);
System.out.println("Host ID: " + md.getHostId() + " RequestID: " + md.getRequestId());
```
Alternatively, you can use verbose logging of every Java request and response. For more information, see [Verbose Wire Logging](https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/java-dg-logging.html#sdk-net-logging-verbose) in the *AWS SDK for Java Developer Guide*.
------
#### [ JavaScript ]
The AWS SDK for JavaScript has a built-in logger so you can log API calls you make with it. To turn on the logger and print log entries in the console, add the following statement to your code:
```
AWS.config.logger = console;
```
For more information, see [Logging AWS SDK for JavaScript Calls](https://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/logging-sdk-calls.html) in the *AWS SDK for JavaScript Developer Guide*.
------
#### [ Kotlin ]
With the AWS SDK for Kotlin, you can specify log mode for wire-level messages using code or environment settings. You can set log mode for HTTP requests and HTTP responses.
To opt into additional logging, set the `logMode` property when you construct a service client:
```
import aws.smithy.kotlin.runtime.client.LogMode
// ...
val client = S3Client {
// ...
logMode = LogMode.LogRequestWithBody + LogMode.LogResponse
}
```
Alternatively, you can set log mode using an environment variable:
```
export SDK_LOG_MODE=LogRequestWithBody|LogResponse
```
For more information, see [Logging](https://docs.aws.amazon.com/sdk-for-kotlin/latest/developer-guide/logging.html) in the *AWS SDK for Kotlin Developer Guide*.
------
#### [ .NET ]
You can configure logging with the SDK for .NET by using the built-in `System.Diagnostics` logging tool. For more information, see the [ Logging with the SDK for .NET](https://aws.amazon.com/blogs/developer/logging-with-the-aws-sdk-for-net/) *AWS Developer Blog* post.
**Note**
By default, the returned log contains only error information. To get the request IDs, the config file must have `AWSLogMetrics` (and optionally, `AWSResponseLogging`) added.
------
#### [ PHP ]
You can get debug information, including the data sent over the wire, by setting the debug option to `true` in a client constructor.
```
$s3Client = new Aws\S3\S3Client([
'region' => 'us-standard',
'version' => '2006-03-01',
'debug' => true
]);
```
For more information, see [How can I see what data is sent over the wire?](https://docs.aws.amazon.com/sdk-for-php/v3/developer-guide/faq.html#how-can-i-see-what-data-is-sent-over-the-wire) in the *AWS SDK for PHP Developer Guide*.
------
#### [ Python (Boto3) ]
With the AWS SDK for Python (Boto3), you can log specific responses. You can use this feature to capture only the relevant headers. The following code shows how to log parts of the response to a file:
```
import logging
import boto3
logging.basicConfig(filename='logfile.txt', level=logging.INFO)
logger = logging.getLogger(__name__)
s3 = boto3.resource('s3')
response = s3.Bucket(bucket_name).Object(object_key).put()
logger.info("HTTPStatusCode: %s", response['ResponseMetadata']['HTTPStatusCode'])
logger.info("RequestId: %s", response['ResponseMetadata']['RequestId'])
logger.info("HostId: %s", response['ResponseMetadata']['HostId'])
logger.info("Date: %s", response['ResponseMetadata']['HTTPHeaders']['date'])
```
You can also catch exceptions and log relevant information when an exception is raised. For more information, see [Discerning useful information from error responses](https://boto3.amazonaws.com/v1/documentation/api/latest/guide/error-handling.html#discerning-useful-information-from-error-responses) in the *AWS SDK for Python (Boto) API Reference*.
Additionally, you can configure Boto3 to output verbose debugging logs by using the following code:
```
import logging
import boto3
boto3.set_stream_logger('', logging.DEBUG)
```
For more information, see [https://boto3.amazonaws.com/v1/documentation/api/latest/reference/core/boto3.html#boto3.set_stream_logger](https://boto3.amazonaws.com/v1/documentation/api/latest/reference/core/boto3.html#boto3.set_stream_logger) in the *AWS SDK for Python (Boto) API Reference*.
------
#### [ Ruby ]
You can get your request IDs using the SDK for Ruby Version 3. You can enable HTTP wire logging in your client using the following code:
```
s3 = Aws::S3::Client.new(http_wire_trace: true)
```
**Note**
Wire logging can include sensitive information, such as your access key ID. Sensitive information should be sanitized before sharing it with AWS Support.
You can also find the request ID of the request context object in the request response or error:
```
# Finding the request ID from an error:
begin
s3.put_object(bucket: 'bucket', key: 'key', body: 'test')
rescue Aws::S3::Errors::ServiceError => e
puts e.context[:request_id]
puts e.context[:s3_host_id]
end
# Finding the request ID from a successful call:
resp = s3.put_object(bucket: 'bucket', key: 'key', body: 'test')
puts resp.context[:request_id]
puts resp.context[:s3_host_id]
```
For more information, see [Debugging using wire trace information from an AWS SDK for Ruby client](https://docs.aws.amazon.com/sdk-for-ruby/v3/developer-guide/debugging.html) in the *AWS SDK for Ruby Developer Guide*.
------
#### [ Rust ]
To enable logging, add the `tracing-subscriber` crate and initialize it in your Rust application.
Add the tracing library to your `Cargo.toml` file:
```
tracing-subscriber = { version = "0.3", features = ["env-filter"] }
```
Then, in your Rust code, initialize the logger in the main function before you call any SDK operation:
```
tracing_subscriber::fmt::init();
```
For more information, see [Configuring and using logging in the AWS SDK for Rust](https://docs.aws.amazon.com/sdk-for-rust/latest/dg/logging.html) in the *AWS SDK for Rust Developer Guide*.
------
# Supported Amazon S3 object-level API operations for S3 Tables
The following table includes supported S3 object-level API operations and corresponding headers for S3 Tables. For a list of Amazon S3 Tables APIs, see [Amazon S3 Tables](https://docs.aws.amazon.com/AmazonS3/latest/API/API_Operations_Amazon_S3_Tables.html). For more information about Amazon S3 Tables, see [Working with Amazon S3 Tables and table buckets](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-tables.html) in the *Amazon S3 User Guide*.
[\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AmazonS3/latest/API/developing-s3-tables-APIs.html)