Billing for Amazon S3 error responses

In general, S3 bucket owners are billed for requests with HTTP 200 OK successful responses and HTTP 4XX client error responses. Bucket owners aren't billed for HTTP 5XX server error responses, such as HTTP 503 Slow Down errors. For more information about billing charges if your bucket is configured as a Requester Pays bucket, see How Requester Pays charges work.

The following table lists specific error codes under HTTP 3XX and 4XX status codes that aren't billed. For buckets configured with website hosting, applicable request and other charges will still apply when S3 returns a custom error document or for custom redirects.

Note

For AccessDenied (HTTP 403 Forbidden), S3 doesn't charge the bucket owner when the request is initiated outside of the bucket owner's individual AWS account or the bucket owner's AWS organization.

HTTP status code	Error code	Description of error code
301 Moved Permanently	PermanentRedirect	The bucket that you are attempting to access must be addressed using the specified endpoint. Send all future requests to this endpoint.
301 Moved Permanently	PermanentRedirectControlError	The API operation you are attempting to access must be addressed using the specified endpoint. Send all future requests to this endpoint.
307 Temporary Redirect	TemporaryRedirect	You are being redirected to the bucket while the Domain Name System (DNS) server is being updated.
400 Bad Request	AuthorizationHeaderMalformed	The authorization header that you provided is not valid.
	AuthorizationQueryParametersError	The authorization query parameters that you provided are not valid.
	ConnectionClosedByRequester	Returned to the original caller when an error is encountered while reading the WriteGetObjectResponse body.
	DeviceNotActiveError	The device is not currently active.
	EndpointNotFound	Direct requests to the correct endpoint.
	ExpiredToken	The provided token has expired.
	IllegalLocationConstraintException	You are trying to access a bucket from a different Region than where the bucket exists. To avoid this error, use the `--region` option. For example: `aws s3 cp awsexample.txt s3://amzn-s3-demo-bucket/ --region ap-east-1`.
	InvalidArgument	This error might occur for the following reasons: The specified argument was not valid. The request was missing a required header. The specified argument was incomplete or in the wrong format. The specified argument must have a length greater than or equal to 3.
	InvalidBucketOwnerAWSAccountID	The value of the expected bucket owner parameter must be an AWS account ID.
	InvalidDigest	The Content-MD5 or checksum value that you specified is not valid.
	InvalidEncryptionAlgorithmError	The encryption request that you specified is not valid. The valid value is `AES256`.
	InvalidHostHeader	The host headers provided in the request used the incorrect style addressing.
	InvalidHttpMethod	The request is made using an unexpected HTTP method.
	InvalidRequest	This error might occur for the following reasons: The request is using the wrong signature version. Use `AWS4-HMAC-SHA256` (Signature Version 4). An access point can be created only for an existing bucket. The access point is not in a state where it can be deleted. An access point can be listed only for an existing bucket. The next token is not valid. At least one action must be specified in a lifecycle rule. At least one lifecycle rule must be specified. The number of lifecycle rules must not exceed the allowed limit of 1000 rules. The range for the `MaxResults` parameter is not valid. SOAP requests must be made over an HTTPS connection. Amazon S3 Transfer Acceleration is not supported for buckets with non-DNS compliant names. Amazon S3 Transfer Acceleration is not supported for buckets with periods (.) in their names. The Amazon S3 Transfer Acceleration endpoint supports only virtual style requests. Amazon S3 Transfer Acceleration is not configured on this bucket. Amazon S3 Transfer Acceleration is disabled on this bucket. Amazon S3 Transfer Acceleration is not supported on this bucket. For assistance, contact AWS Support. Amazon S3 Transfer Acceleration cannot be enabled on this bucket. For assistance, contact AWS Support. Conflicting values provided in HTTP headers and query parameters. Conflicting values provided in HTTP headers and POST form fields. CopyObject request made on objects larger than 5GB in size.
	InvalidSessionException	Returned if the session doesn't exist anymore because it timed out or expired.
	InvalidSignature	The request signature that the server calculated does not match the signature that you provided. Check your AWS secret access key and signing method. For more information, see Signing and authenticating REST requests.
	InvalidSOAPRequest	The SOAP request body is not valid.
	InvalidStorageClass	The storage class that you specified is not valid.
	InvalidTag	Your request contains tag input that is not valid. For example, your request might contain duplicate keys, keys or values that are too long, or system tags.
	InvalidToken	The provided token is malformed or otherwise not valid.
	InvalidURI	The specified URI couldn't be parsed.
	KeyTooLongError	Your key is too long.
	KMS.DisabledException	The request was rejected because the specified KMS key is not enabled.
	KMS.InvalidKeyUsageException	The request was rejected for one of the following reasons: The KeyUsage value of the KMS key is incompatible with the API operation. The encryption algorithm or signing algorithm specified for the operation is incompatible with the type of key material in the KMS key (KeySpec). For encrypting, decrypting, re-encrypting, and generating data keys, the KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying messages, the KeyUsage must be SIGN_VERIFY. For generating and verifying message authentication codes (MACs), the KeyUsage must be GENERATE_VERIFY_MAC. For deriving key agreement secrets, the KeyUsage must be KEY_AGREEMENT. To find the KeyUsage of a KMS key, use the DescribeKey operation. To find the encryption or signing algorithms supported for a particular KMS key, use the DescribeKey operation.
	KMS.KMSInvalidStateException	The request was rejected because the state of the specified resource is not valid for this request. This exception means one of the following: The key state of the KMS key is not compatible with the operation. To find the key state, use the DescribeKey operation. For more information about which key states are compatible with each KMS operation, see Key states of AWS KMS keys in the AWS Key Management Service Developer Guide. For cryptographic operations on KMS keys in custom key stores, this exception represents a general failure with many possible causes. To identify the cause, see the error message that accompanies the exception.
	KMS.NotFoundException	The request was rejected because the specified entity or resource could not be found.
	LambdaInvalidResponse	Returned to the original caller when WriteGetObjectResponse responds with ValidationError to AWS Lambda. See the ValidationError message for more details. Not all cases of ValidationError result in a LambdaInvalidResponse error.
	LambdaInvocationFailed	Lambda function invocation failed. Callers might receive the following error when S3 Object Lambda is unable to successfully invoke the configured Lambda function. The error message might contain details about an eventual error returned by the AWS Lambda service when invoking the function (for example, status code, error code, error message and request ID).
	MalformedACLError	The ACL that you provided was not well formed or did not validate against our published schema.
	MalformedPOSTRequest	The body of your POST request is not well-formed multipart/form-data.
	MalformedXML	The XML that you provided was not well formed or did not validate against our published schema.
	MaxPostPreDataLengthExceededError	Your POST request fields preceding the upload file were too large.
	MetadataTooLarge	Your metadata headers exceed the maximum allowed metadata size.
	MissingAttachment	A SOAP attachment was expected, but none was found.
	MissingRequestBodyError	You sent an empty XML document as a request.
	MissingSecurityHeader	Your request is missing a required header.
	NoLoggingStatusForKey	There is no such thing as a logging status subresource for a key.
	NotDeviceOwnerError	The device that generated the token is not owned by the authenticated user.
	ResponseInterrupted	Returned to the original caller when an error is encountered while reading the WriteGetObjectResponse body.
	RequestHeaderSectionTooLarge	The request header and query parameters used to make the request exceed the maximum allowed sizes
	TokenCodeInvalidError	The serial number and/or token code you provided is not valid.
	UnexpectedContent	This request contains unsupported content.
	UnsupportedArgument	The request contained an unsupported argument.
	UnsupportedSignature	The provided request is signed with an unsupported STS Token version or the signature version is not supported.
	UserKeyMustBeSpecified	The bucket POST request must contain the specified field name. If it is specified, check the order of the fields.
	IncorrectEndpoint	The specified bucket exists in another Region. Direct requests to the correct endpoint.
	ValidationError	Validation errors might be returned from the WriteGetObjectResponse API operation and can occur for numerous reasons. See the error message for more details.
403 Forbidden	RequestTimeTooSkewed	The difference between the request time and the server's time is too large.
	SignatureDoesNotMatch	The request signature that the server calculated does not match the signature that you provided. Check your AWS secret access key and signing method. For more information, see REST Authentication and SOAP Authentication.
	NotSignedUp	Your account is not signed up for the Amazon S3 service. You must sign up before you can use Amazon S3. You can sign up at the following URL: https://aws.amazon.com/s3
	InvalidSecurity	The provided security credentials are not valid.
	InvalidPayer	All access to this object has been disabled. For further assistance, see Contact Us.
	InvalidAccessKeyId	The AWS access key ID that you provided does not exist in our records.
	AccountProblem	There is a problem with your AWS account that prevents the operation from completing successfully. For further assistance, see Contact Us.
	UnauthorizedAccessError	Applicable in China Regions only. Returned when a request is made to a bucket that doesn't have an ICP license. For more information, see ICP Recordal.
	UnexpectedIPError	Applicable in China Regions only. This request was rejected because the IP was unexpected.
	MissingAuthenticationToken	The request was not signed.
	LambdaPermissionError	The caller is not authorized to invoke the Lambda function. The caller must have permission to invoke the Lambda function. Check the policies attached to the caller and ensure that they've been allowed to use `lambda:Invoke` for the configured function. The error message might contain details about an eventual error returned by the Lambda service when invoking the function (for example, status code, error code, error message and request ID).
404 Not Found	LambdaNotFound	The AWS Lambda function was not found. The configured Lambda function, version, or alias was not found when attempting to invoke it. Ensure that the S3 Object Lambda Access Point configuration points to the correct Lambda function ARN. The error message might contain details about an eventual error returned by the AWS Lambda service when invoking the function (for example, status code, error code, error message and request ID).
	NoSuchAsyncRequest	The specified request was not found.
	NoSuchObjectLockConfiguration	The specified object does not have an ObjectLock configuration.
	NoSuchUpload	The specified multipart upload does not exist. The upload ID might not be valid, or the multipart upload might have been aborted or completed.
	NoSuchWebsiteConfiguration	The specified bucket does not have a website configuration.
	NoTransformationDefined	No transformation found for this Object Lambda Access Point.
	ObjectLockConfigurationNotFoundError	The Object Lock configuration does not exist for this bucket.
405 Method Not Allowed	MethodNotAllowed	The specified method is not allowed against this resource.
409 Conflict	BucketAlreadyExists	The requested bucket name is not available. The bucket namespace is shared by all users of the system. Specify a different name and try again.
	InvalidBucketState	The request is not valid for the current state of the bucket.
	OperationAborted	A conflicting conditional operation is currently in progress against this resource. Try again.
411 Length Required	MissingContentLength	You must provide the Content-Length HTTP header.
412 Precondition Failed	RequestIsNotMultiPartContent	A bucket POST request must be of the enclosure-type multipart/form-data.
416 Requested Range Not Satisfiable	InvalidRange	The requested range is not valid for the request. Try another range.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Understanding billing and usage reports

Understanding and managing storage classes