Best practices and guidelines for S3 Object Lambda
Note
Starting on November 7th, 2025, S3 Object Lambda will be available only to existing customers that are currently using the service as well as to select AWS Partner Network (APN) partners. If you would like to use the service, please sign up prior to November 7th, 2025. For capabilities similar to S3 Object Lambda, learn more here - Amazon S3 Object Lambda availability change.
When using S3 Object Lambda, follow these best practices and guidelines to optimize operations and performance.
Topics
Working with S3 Object Lambda
S3 Object Lambda supports processing only GET, LIST, and
HEAD requests. Any other requests don't invoke AWS Lambda and instead
return standard, non-transformed API responses. You can create a maximum of 1,000
Object Lambda Access Points per AWS account per Region. The AWS Lambda function that you use must be in the
same AWS account and Region as the Object Lambda Access Point.
S3 Object Lambda allows up to 60 seconds to stream a complete response to its caller. Your function is also subject to AWS Lambda default quotas. For more information, see Lambda quotas in the AWS Lambda Developer Guide.
When S3 Object Lambda invokes your specified Lambda function, you are responsible for ensuring that any data that is overwritten or deleted from Amazon S3 by your specified Lambda function or application is intended and correct.
You can use S3 Object Lambda only to perform operations on objects. You cannot use S3 Object Lambda to perform other Amazon S3 operations, such as modifying or deleting buckets. For a complete list of S3 operations that support access points, see Access points compatibility with S3 operations.
In addition to this list, Object Lambda Access Points do not support the POST Object,
CopyObject (as the source), and SelectObjectContent API operations.
AWS services used in connection with S3 Object Lambda
S3 Object Lambda connects Amazon S3, AWS Lambda, and optionally, other AWS services of your choosing to deliver objects relevant to the requesting applications. All AWS services used with S3 Object Lambda are governed by their respective Service Level Agreements (SLAs). For example, if any AWS service does not meet its Service Commitment, you are eligible to receive a Service Credit, as documented in the service's SLA.
Range and
partNumber headers
When working with large objects, you can use the Range HTTP header to
download a specified byte-range from an object. When you use the Range
header, your request fetches only the specified portion of the object. You can also use
the partNumber header to perform a ranged request for the specified part
from the object.
For more information, see Working with Range and partNumber headers.
Transforming the
expiry-date
You can open or download transformed objects from your Object Lambda Access Point on the AWS Management Console. These
objects must be non-expired. If your Lambda function transforms the
expiry-date of your objects, you might see expired objects that cannot
be opened or downloaded. This behavior applies only to S3 Glacier Flexible Retrieval and
S3 Glacier Deep Archive restored objects.
Working with the AWS CLI and AWS SDKs
AWS Command Line Interface (AWS CLI) S3 subcommands (cp, mv, and
sync) and the use of the AWS SDK for Java TransferManager class
are not supported for use with S3 Object Lambda.
