WriteGetObjectResponse - Amazon Simple Storage Service

WriteGetObjectResponse

Note

This operation is not supported for directory buckets.

Passes transformed objects to a GetObject operation when using Object Lambda access points. For information about Object Lambda access points, see Transforming objects with Object Lambda access points in the Amazon S3 User Guide.

This operation supports metadata that can be returned by GetObject, in addition to RequestRoute, RequestToken, StatusCode, ErrorCode, and ErrorMessage. The GetObject response metadata is supported so that the WriteGetObjectResponse caller, typically an AWS Lambda function, can provide the same metadata when it internally invokes GetObject. When WriteGetObjectResponse is called by a customer-owned Lambda function, the metadata returned to the end user GetObject call might differ from what Amazon S3 would normally return.

You can include any number of metadata headers. When including a metadata header, it should be prefaced with x-amz-meta. For example, x-amz-meta-my-custom-header: MyCustomValue. The primary use case for this is to forward GetObject metadata.

AWS provides some prebuilt Lambda functions that you can use with S3 Object Lambda to detect and redact personally identifiable information (PII) and decompress S3 objects. These Lambda functions are available in the AWS Serverless Application Repository, and can be selected through the AWS Management Console when you create your Object Lambda access point.

Example 1: PII Access Control - This Lambda function uses Amazon Comprehend, a natural language processing (NLP) service using machine learning to find insights and relationships in text. It automatically detects personally identifiable information (PII) such as names, addresses, dates, credit card numbers, and social security numbers from documents in your Amazon S3 bucket.

Example 2: PII Redaction - This Lambda function uses Amazon Comprehend, a natural language processing (NLP) service using machine learning to find insights and relationships in text. It automatically redacts personally identifiable information (PII) such as names, addresses, dates, credit card numbers, and social security numbers from documents in your Amazon S3 bucket.

Example 3: Decompression - The Lambda function S3ObjectLambdaDecompression, is equipped to decompress objects stored in S3 in one of six compressed file formats including bzip2, gzip, snappy, zlib, zstandard and ZIP.

For information on how to view and use these functions, see Using AWS built Lambda functions in the Amazon S3 User Guide.

Request Syntax

POST /WriteGetObjectResponse HTTP/1.1 Host: s3.amazonaws.com x-amz-request-route: RequestRoute x-amz-request-token: RequestToken x-amz-fwd-status: StatusCode x-amz-fwd-error-code: ErrorCode x-amz-fwd-error-message: ErrorMessage x-amz-fwd-header-accept-ranges: AcceptRanges x-amz-fwd-header-Cache-Control: CacheControl x-amz-fwd-header-Content-Disposition: ContentDisposition x-amz-fwd-header-Content-Encoding: ContentEncoding x-amz-fwd-header-Content-Language: ContentLanguage Content-Length: ContentLength x-amz-fwd-header-Content-Range: ContentRange x-amz-fwd-header-Content-Type: ContentType x-amz-fwd-header-x-amz-checksum-crc32: ChecksumCRC32 x-amz-fwd-header-x-amz-checksum-crc32c: ChecksumCRC32C x-amz-fwd-header-x-amz-checksum-sha1: ChecksumSHA1 x-amz-fwd-header-x-amz-checksum-sha256: ChecksumSHA256 x-amz-fwd-header-x-amz-delete-marker: DeleteMarker x-amz-fwd-header-ETag: ETag x-amz-fwd-header-Expires: Expires x-amz-fwd-header-x-amz-expiration: Expiration x-amz-fwd-header-Last-Modified: LastModified x-amz-fwd-header-x-amz-missing-meta: MissingMeta x-amz-fwd-header-x-amz-object-lock-mode: ObjectLockMode x-amz-fwd-header-x-amz-object-lock-legal-hold: ObjectLockLegalHoldStatus x-amz-fwd-header-x-amz-object-lock-retain-until-date: ObjectLockRetainUntilDate x-amz-fwd-header-x-amz-mp-parts-count: PartsCount x-amz-fwd-header-x-amz-replication-status: ReplicationStatus x-amz-fwd-header-x-amz-request-charged: RequestCharged x-amz-fwd-header-x-amz-restore: Restore x-amz-fwd-header-x-amz-server-side-encryption: ServerSideEncryption x-amz-fwd-header-x-amz-server-side-encryption-customer-algorithm: SSECustomerAlgorithm x-amz-fwd-header-x-amz-server-side-encryption-aws-kms-key-id: SSEKMSKeyId x-amz-fwd-header-x-amz-server-side-encryption-customer-key-MD5: SSECustomerKeyMD5 x-amz-fwd-header-x-amz-storage-class: StorageClass x-amz-fwd-header-x-amz-tagging-count: TagCount x-amz-fwd-header-x-amz-version-id: VersionId x-amz-fwd-header-x-amz-server-side-encryption-bucket-key-enabled: BucketKeyEnabled Body

URI Request Parameters

The request uses the following URI parameters.

Content-Length

The size of the content body in bytes.

x-amz-fwd-error-code

A string that uniquely identifies an error condition. Returned in the <Code> tag of the error XML response for a corresponding GetObject call. Cannot be used with a successful StatusCode header or when the transformed object is provided in the body. All error codes from S3 are sentence-cased. The regular expression (regex) value is "^[A-Z][a-zA-Z]+$".

x-amz-fwd-error-message

Contains a generic description of the error condition. Returned in the <Message> tag of the error XML response for a corresponding GetObject call. Cannot be used with a successful StatusCode header or when the transformed object is provided in body.

x-amz-fwd-header-accept-ranges

Indicates that a range of bytes was specified.

x-amz-fwd-header-Cache-Control

Specifies caching behavior along the request/reply chain.

x-amz-fwd-header-Content-Disposition

Specifies presentational information for the object.

x-amz-fwd-header-Content-Encoding

Specifies what content encodings have been applied to the object and thus what decoding mechanisms must be applied to obtain the media-type referenced by the Content-Type header field.

x-amz-fwd-header-Content-Language

The language the content is in.

x-amz-fwd-header-Content-Range

The portion of the object returned in the response.

x-amz-fwd-header-Content-Type

A standard MIME type describing the format of the object data.

x-amz-fwd-header-ETag

An opaque identifier assigned by a web server to a specific version of a resource found at a URL.

x-amz-fwd-header-Expires

The date and time at which the object is no longer cacheable.

x-amz-fwd-header-Last-Modified

The date and time that the object was last modified.

x-amz-fwd-header-x-amz-checksum-crc32

This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This specifies the base64-encoded, 32-bit CRC-32 checksum of the object returned by the Object Lambda function. This may not match the checksum for the object stored in Amazon S3. Amazon S3 will perform validation of the checksum values only when the original GetObject request required checksum validation. For more information about checksums, see Checking object integrity in the Amazon S3 User Guide.

Only one checksum header can be specified at a time. If you supply multiple checksum headers, this request will fail.

x-amz-fwd-header-x-amz-checksum-crc32c

This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This specifies the base64-encoded, 32-bit CRC-32C checksum of the object returned by the Object Lambda function. This may not match the checksum for the object stored in Amazon S3. Amazon S3 will perform validation of the checksum values only when the original GetObject request required checksum validation. For more information about checksums, see Checking object integrity in the Amazon S3 User Guide.

Only one checksum header can be specified at a time. If you supply multiple checksum headers, this request will fail.

x-amz-fwd-header-x-amz-checksum-sha1

This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This specifies the base64-encoded, 160-bit SHA-1 digest of the object returned by the Object Lambda function. This may not match the checksum for the object stored in Amazon S3. Amazon S3 will perform validation of the checksum values only when the original GetObject request required checksum validation. For more information about checksums, see Checking object integrity in the Amazon S3 User Guide.

Only one checksum header can be specified at a time. If you supply multiple checksum headers, this request will fail.

x-amz-fwd-header-x-amz-checksum-sha256

This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This specifies the base64-encoded, 256-bit SHA-256 digest of the object returned by the Object Lambda function. This may not match the checksum for the object stored in Amazon S3. Amazon S3 will perform validation of the checksum values only when the original GetObject request required checksum validation. For more information about checksums, see Checking object integrity in the Amazon S3 User Guide.

Only one checksum header can be specified at a time. If you supply multiple checksum headers, this request will fail.

x-amz-fwd-header-x-amz-delete-marker

Specifies whether an object stored in Amazon S3 is (true) or is not (false) a delete marker. To learn more about delete markers, see Working with delete markers.

x-amz-fwd-header-x-amz-expiration

If the object expiration is configured (see PUT Bucket lifecycle), the response includes this header. It includes the expiry-date and rule-id key-value pairs that provide the object expiration information. The value of the rule-id is URL-encoded.

x-amz-fwd-header-x-amz-missing-meta

Set to the number of metadata entries not returned in x-amz-meta headers. This can happen if you create metadata using an API like SOAP that supports more flexible metadata than the REST API. For example, using SOAP, you can create metadata whose values are not legal HTTP headers.

x-amz-fwd-header-x-amz-mp-parts-count

The count of parts this object has.

x-amz-fwd-header-x-amz-object-lock-legal-hold

Indicates whether an object stored in Amazon S3 has an active legal hold.

Valid Values: ON | OFF

x-amz-fwd-header-x-amz-object-lock-mode

Indicates whether an object stored in Amazon S3 has Object Lock enabled. For more information about S3 Object Lock, see Object Lock.

Valid Values: GOVERNANCE | COMPLIANCE

x-amz-fwd-header-x-amz-object-lock-retain-until-date

The date and time when Object Lock is configured to expire.

x-amz-fwd-header-x-amz-replication-status

Indicates if request involves bucket that is either a source or destination in a Replication rule. For more information about S3 Replication, see Replication.

Valid Values: COMPLETE | PENDING | FAILED | REPLICA | COMPLETED

x-amz-fwd-header-x-amz-request-charged

If present, indicates that the requester was successfully charged for the request.

Note

This functionality is not supported for directory buckets.

Valid Values: requester

x-amz-fwd-header-x-amz-restore

Provides information about object restoration operation and expiration time of the restored object copy.

x-amz-fwd-header-x-amz-server-side-encryption

The server-side encryption algorithm used when storing requested object in Amazon S3 (for example, AES256, aws:kms).

Valid Values: AES256 | aws:kms | aws:kms:dsse

x-amz-fwd-header-x-amz-server-side-encryption-aws-kms-key-id

If present, specifies the ID (Key ID, Key ARN, or Key Alias) of the AWS Key Management Service (AWS KMS) symmetric encryption customer managed key that was used for stored in Amazon S3 object.

x-amz-fwd-header-x-amz-server-side-encryption-bucket-key-enabled

Indicates whether the object stored in Amazon S3 uses an S3 bucket key for server-side encryption with AWS KMS (SSE-KMS).

x-amz-fwd-header-x-amz-server-side-encryption-customer-algorithm

Encryption algorithm used if server-side encryption with a customer-provided encryption key was specified for object stored in Amazon S3.

x-amz-fwd-header-x-amz-server-side-encryption-customer-key-MD5

128-bit MD5 digest of customer-provided encryption key used in Amazon S3 to encrypt data stored in S3. For more information, see Protecting data using server-side encryption with customer-provided encryption keys (SSE-C).

x-amz-fwd-header-x-amz-storage-class

Provides storage class information of the object. Amazon S3 returns this header for all objects except for S3 Standard storage class objects.

For more information, see Storage Classes.

Valid Values: STANDARD | REDUCED_REDUNDANCY | STANDARD_IA | ONEZONE_IA | INTELLIGENT_TIERING | GLACIER | DEEP_ARCHIVE | OUTPOSTS | GLACIER_IR | SNOW | EXPRESS_ONEZONE

x-amz-fwd-header-x-amz-tagging-count

The number of tags, if any, on the object.

x-amz-fwd-header-x-amz-version-id

An ID used to reference a specific version of the object.

x-amz-fwd-status

The integer status code for an HTTP response of a corresponding GetObject request. The following is a list of status codes.

  • 200 - OK

  • 206 - Partial Content

  • 304 - Not Modified

  • 400 - Bad Request

  • 401 - Unauthorized

  • 403 - Forbidden

  • 404 - Not Found

  • 405 - Method Not Allowed

  • 409 - Conflict

  • 411 - Length Required

  • 412 - Precondition Failed

  • 416 - Range Not Satisfiable

  • 500 - Internal Server Error

  • 503 - Service Unavailable

x-amz-request-route

Route prefix to the HTTP URL generated.

Required: Yes

x-amz-request-token

A single use encrypted token that maps WriteGetObjectResponse to the end user GetObject request.

Required: Yes

Request Body

The request accepts the following binary data.

Response Syntax

HTTP/1.1 200

Response Elements

If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

Examples

Sample Response

The following illustrates a sample response.

HTTP/1.1 200 OK x-amz-request-id: 19684529-d1aa-413e-9382-9ff490962d12 Date: Wed, 24 Feb 2021 10:57:53 GMT Content-Length: 0

Sample Request

The following illustrates a sample request from a POST.

POST /WriteGetObjectResponse HTTP/1.1 Host: <RequestRoute>.s3-object-lambda.<Region>.amazonaws.com x-amz-request-token: <RequestToken> Authorization: authorization string Content-Type: text/plain Content-Length: 16 [16 bytes of object data]

Sample Error Response

The following response returns a ValidationError error because the RequestToken could not be decrypted.

<?xml version="1.0" encoding="UTF-8"?> <Error> <Code>ValidationError</Code> <Message>Invalid token</Message> <RequestId>fcd2cd5e-def0-4001-8030-1fd1d61d2c9d</RequestId> </Error>

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: