Container for the parameters to the CopyObject operation.
Creates a copy of an object that is already stored in Amazon S3.
You can store individual objects of up to 5 TB in Amazon S3. You create a copy of
your object up to 5 GB in size in a single atomic action using this API. However,
to copy an object greater than 5 GB, you must use the multipart upload Upload Part
- Copy (UploadPartCopy) API. For more information, see Copy
Object Using the REST Multipart Upload API.
You can copy individual objects between general purpose buckets, between directory buckets, and between general purpose buckets and directory buckets.
Directory buckets - For directory buckets, you must make requests for this
API operation to the Zonal endpoint. These endpoints support virtual-hosted-style
requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name. Path-style requests are not supported. For more information, see Regional
and Zonal endpoints in the Amazon S3 User Guide.
Both the Region that you want to copy the object from and the Region that you want to copy the object to must be enabled for your account.
Amazon S3 transfer acceleration does not support cross-Region copies. If you request
a cross-Region copy using a transfer acceleration endpoint, you get a 400 Bad
Request error. For more information, see Transfer
Acceleration.
- Authentication and authorization
All
CopyObjectrequests must be authenticated and signed by using IAM credentials (access key ID and secret access key for the IAM identities). All headers with thex-amz-prefix, includingx-amz-copy-source, must be signed. For more information, see REST Authentication.Directory buckets - You must use the IAM credentials to authenticate and authorize your access to the
CopyObjectAPI operation, instead of using the temporary security credentials through theCreateSessionAPI operation.Amazon Web Services CLI or SDKs handles authentication and authorization on your behalf.
- Permissions
You must have read access to the source object and write access to the destination bucket.
General purpose bucket permissions - You must have permissions in an IAM policy based on the source and destination bucket types in a
CopyObjectoperation.If the source object is in a general purpose bucket, you must have
s3:GetObjectpermission to read the source object that is being copied.If the destination bucket is a general purpose bucket, you must have
s3:PutObjectpermission to write the object copy to the destination bucket.
Directory bucket permissions - You must have permissions in a bucket policy or an IAM identity-based policy based on the source and destination bucket types in a
CopyObjectoperation.If the source object that you want to copy is in a directory bucket, you must have the
s3express:CreateSessionpermission in theActionelement of a policy to read the object. By default, the session is in theReadWritemode. If you want to restrict the access, you can explicitly set thes3express:SessionModecondition key toReadOnlyon the copy source bucket.If the copy destination is a directory bucket, you must have the
s3express:CreateSessionpermission in theActionelement of a policy to write the object to the destination. Thes3express:SessionModecondition key can't be set toReadOnlyon the copy destination bucket.
For example policies, see Example bucket policies for S3 Express One Zone and Amazon Web Services Identity and Access Management (IAM) identity-based policies for S3 Express One Zone in the Amazon S3 User Guide.
- Response and special errors
When the request is an HTTP 1.1 request, the response is chunk encoded. When the request is not an HTTP 1.1 request, the response would not contain the
Content-Length. You always need to read the entire response body to check if the copy succeeds. to keep the connection alive while we copy the data.If the copy is successful, you receive a response with information about the copied object.
A copy request might return an error when Amazon S3 receives the copy request or while Amazon S3 is copying the files. A
200 OKresponse can contain either a success or an error.If the error occurs before the copy action starts, you receive a standard Amazon S3 error.
If the error occurs during the copy operation, the error response is embedded in the
200 OKresponse. For example, in a cross-region copy, you may encounter throttling and receive a200 OKresponse. For more information, see Resolve the Error 200 response when copying objects to Amazon S3. The200 OKstatus code means the copy was accepted, but it doesn't mean the copy is complete. Another example is when you disconnect from Amazon S3 before the copy is complete, Amazon S3 might cancel the copy and you may receive a200 OKresponse. You must stay connected to Amazon S3 until the entire response is successfully received and processed.If you call this API operation directly, make sure to design your application to parse the content of the response and handle it appropriately. If you use Amazon Web Services SDKs, SDKs handle this condition. The SDKs detect the embedded error and apply error handling per your configuration settings (including automatically retrying the request as appropriate). If the condition persists, the SDKs throw an exception (or, for the SDKs that don't use exceptions, they return an error).
- Charge
The copy request charge is based on the storage class and Region that you specify for the destination object. The request can also result in a data retrieval charge for the source if the source storage class bills for data retrieval. If the copy source is in a different region, the data transfer is billed to the copy source account. For pricing information, see Amazon S3 pricing.
- HTTP Host header syntax
Directory buckets - The HTTP Host header syntax is
Bucket_name.s3express-az_id.region.amazonaws.com.
The following operations are related to CopyObject:
Inheritance Hierarchy
Amazon.Runtime.AmazonWebServiceRequest
Amazon.S3.Model.PutWithACLRequest
Amazon.S3.Model.CopyObjectRequest
Namespace: Amazon.S3.Model
Assembly: AWSSDK.S3.dll
Version: 3.x.y.z
Syntax
public class CopyObjectRequest : PutWithACLRequest IAmazonWebServiceRequest
The CopyObjectRequest type exposes the following members
Constructors
| Name | Description | |
|---|---|---|
|
CopyObjectRequest() |
Properties
| Name | Type | Description | |
|---|---|---|---|
|
|
BucketKeyEnabled | System.Boolean |
Gets and sets the property BucketKeyEnabled.
Specifies whether Amazon S3 should use an S3 Bucket Key for object encryption with
server-side encryption using AWS KMS (SSE-KMS). Setting this header to Specifying this header with a COPY action doesn't affect bucket-level settings for S3 Bucket Key. For more information, see Amazon S3 Bucket Keys in the Amazon S3 User Guide. Directory buckets - S3 Bucket Keys aren't supported, when you copy SSE-KMS encrypted objects from general purpose buckets to directory buckets, from directory buckets to general purpose buckets, or between directory buckets, through CopyObject. In this case, Amazon S3 makes a call to KMS every time a copy request is made for a KMS-encrypted object. |
|
|
CannedACL | Amazon.S3.S3CannedACL |
A canned access control list (CACL) to apply to the object. Please refer to Amazon.S3.S3CannedACL for information on S3 Canned ACLs. This action is not supported by Amazon S3 on Outposts. |
|
|
ChecksumAlgorithm | Amazon.S3.ChecksumAlgorithm |
Gets and sets the property ChecksumAlgorithm. Indicates the algorithm you want Amazon S3 to use to create the checksum for the object. For more information, see Checking object integrity in the Amazon S3 User Guide. |
|
|
ContentType | System.String |
This is a convenience property for Headers.ContentType. |
|
|
CopySourceServerSideEncryptionCustomerMethod | Amazon.S3.ServerSideEncryptionCustomerMethod |
The Server-side encryption algorithm to be used with the customer provided key. |
|
|
CopySourceServerSideEncryptionCustomerProvidedKey | System.String |
The customer provided encryption key for the source object of the copy. Important: Amazon S3 does not store the encryption key you provide. |
|
|
CopySourceServerSideEncryptionCustomerProvidedKeyMD5 | System.String |
The MD5 of the customer encryption key specified in the CopySourceServerSideEncryptionCustomerProvidedKey property. The MD5 is base 64 encoded. This field is optional, the SDK will calculate the MD5 if this is not set. |
|
|
DestinationBucket | System.String |
Gets and sets the property DestinationBucket. The name of the destination bucket. Directory buckets - When you use this operation with a directory bucket, you
must use virtual-hosted-style requests in the format Access points - When you use this action with an access point, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide. Access points and Object Lambda access points are not supported by directory buckets. S3 on Outposts - When you use this action with Amazon S3 on Outposts, you
must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes
the form |
|
|
DestinationKey | System.String |
The key to be given to the copy of the source object. |
|
|
DisableTrimmingLeadingSlash | System.Boolean |
If this is set to true then the Amazon S3 client will not remove leading slashes from Amazon.S3.Model.CopyObjectRequest.SourceKey and Amazon.S3.Model.CopyObjectRequest.DestinationKey. The default value is false. |
|
|
ETagToMatch | System.String |
ETag to be matched as a pre-condition for copying the source object otherwise returns a PreconditionFailed. |
|
|
ETagToNotMatch | System.String |
ETag that must not be matched as a pre-condition for copying the source object, otherwise returns a PreconditionFailed. |
|
|
ExpectedBucketOwner | System.String |
Gets and sets the property ExpectedBucketOwner.
The account ID of the expected destination bucket owner. If the destination bucket
is owned by a different account, the request will fail with an HTTP |
|
|
ExpectedSourceBucketOwner | System.String |
Gets and sets the property ExpectedSourceBucketOwner.
The account ID of the expected source bucket owner. If the source bucket is owned
by a different account, the request will fail with an HTTP |
|
|
Grants | System.Collections.Generic.List<Amazon.S3.Model.S3Grant> | Inherited from Amazon.S3.Model.PutWithACLRequest. |
|
|
Headers | Amazon.S3.Model.HeadersCollection |
The collection of headers for the request. |
|
|
Metadata | Amazon.S3.Model.MetadataCollection |
The collection of meta data for the request. |
|
|
MetadataDirective | Amazon.S3.S3MetadataDirective |
Specifies whether the metadata is copied from the source object or replaced with metadata provided in the request. |
|
|
ModifiedSinceDate | System.DateTime |
This property is deprecated. Setting this property results in non-UTC DateTimes not being marshalled correctly. Use ModifiedSinceDateUtc instead. Setting either ModifiedSinceDate or ModifiedSinceDateUtc results in both ModifiedSinceDate and ModifiedSinceDateUtc being assigned, the latest assignment to either one of the two property is reflected in the value of both. ModifiedSinceDate is provided for backwards compatibility only and assigning a non-Utc DateTime to it results in the wrong timestamp being passed to the service. Copies the object if it has been modified since the specified time, otherwise returns a PreconditionFailed. |
|
|
ModifiedSinceDateUtc | System.DateTime |
Copies the object if it has been modified since the specified time, otherwise returns a PreconditionFailed. |
|
|
ObjectLockLegalHoldStatus | Amazon.S3.ObjectLockLegalHoldStatus |
Gets and sets the property ObjectLockLegalHoldStatus. Specifies whether you want to apply a Legal Hold to the copied object. |
|
|
ObjectLockMode | Amazon.S3.ObjectLockMode |
Gets and sets the property ObjectLockMode. The Object Lock mode that you want to apply to the copied object. |
|
|
ObjectLockRetainUntilDate | System.DateTime |
Gets and sets the property ObjectLockRetainUntilDate. The date and time when you want the copied object's Object Lock to expire. |
|
|
ReadWriteTimeout | System.Nullable<System.TimeSpan> |
Overrides the default ReadWriteTimeout value. |
|
|
RequestPayer | Amazon.S3.RequestPayer |
Confirms that the requester knows that she or he will be charged for the request. Bucket owners need not specify this parameter in their requests. |
|
|
ServerSideEncryptionCustomerMethod | Amazon.S3.ServerSideEncryptionCustomerMethod |
The Server-side encryption algorithm to be used with the customer provided key. |
|
|
ServerSideEncryptionCustomerProvidedKey | System.String |
The base64-encoded encryption key for Amazon S3 to use to encrypt the object Using the encryption key you provide as part of your request Amazon S3 manages both the encryption, as it writes to disks, and decryption, when you access your objects. Therefore, you don't need to maintain any data encryption code. The only thing you do is manage the encryption keys you provide. ///When you retrieve an object, you must provide the same encryption key as part of your request. Amazon S3 first verifies the encryption key you provided matches, and then decrypts the object before returning the object data to you. Important: Amazon S3 does not store the encryption key you provide. |
|
|
ServerSideEncryptionCustomerProvidedKeyMD5 | System.String |
The MD5 of the customer encryption key specified in the ServerSideEncryptionCustomerProvidedKey property. The MD5 is base 64 encoded. This field is optional, the SDK will calculate the MD5 if this is not set. |
|
|
ServerSideEncryptionKeyManagementServiceEncryptionContext | System.String |
Gets and sets the property ServerSideEncryptionKeyManagementServiceEncryptionContext. Specifies the Amazon Web Services KMS Encryption Context as an additional encryption context to use for the destination object encryption. The value of this header is a base64-encoded UTF-8 string holding JSON with the encryption context key-value pairs. General purpose buckets - This value must be explicitly added to specify encryption context for Directory buckets - You can optionally provide an explicit encryption context value. The value must match the default encryption context - the bucket Amazon Resource Name (ARN). An additional encryption context value is not supported. |
|
|
ServerSideEncryptionKeyManagementServiceKeyId | System.String |
Gets and sets the property SSEKMSKeyId. Specifies the KMS key ID (Key ID, Key ARN, or Key Alias) to use for object encryption. All GET and PUT requests for an object protected by KMS will fail if they're not made via SSL or using SigV4. For information about configuring any of the officially supported Amazon Web Services SDKs and Amazon Web Services CLI, see Specifying the Signature Version in Request Authentication in the Amazon S3 User Guide. Directory buckets - If you specify |
|
|
ServerSideEncryptionMethod | Amazon.S3.ServerSideEncryptionMethod |
The server-side encryption algorithm used when storing this object in Amazon S3.
Unrecognized or unsupported values won't write a destination object and will receive a Amazon S3 automatically encrypts all new objects that are copied to an S3 bucket. When copying an object, if you don't specify encryption information in your copy request, the encryption setting of the target object is set to the default encryption configuration of the destination bucket. By default, all buckets have a base level of encryption configuration that uses server-side encryption with Amazon S3 managed keys (SSE-S3). If the destination bucket has a different default encryption configuration, Amazon S3 uses the corresponding encryption key to encrypt the target object copy. With server-side encryption, Amazon S3 encrypts your data as it writes your data to disks in its data centers and decrypts the data when you access it. For more information about server-side encryption, see Using Server-Side Encryption in the Amazon S3 User Guide. General purpose buckets
Directory buckets
|
|
|
SourceBucket | System.String |
The name of the bucket containing the object to copy. |
|
|
SourceKey | System.String |
The key of the object to copy. |
|
|
SourceVersionId | System.String |
Specifies a particular version of the source object to copy. By default the latest version is copied. |
|
|
StorageClass | Amazon.S3.S3StorageClass |
Gets and sets the property StorageClass. By default, Amazon S3 uses the STANDARD Storage Class to store newly created objects. The STANDARD storage class provides high durability and high availability. Depending on performance needs, you can specify a different Storage Class. Amazon S3 on Outposts only uses the OUTPOSTS Storage Class. For more information, see Storage Classes in the Amazon S3 User Guide. |
|
|
TagSet | System.Collections.Generic.List<Amazon.S3.Model.Tag> |
The tag-set for the object destination object this value must be used in conjunction with the TaggingDirective. The tag-set must be encoded as URL Query parameters. |
|
|
Timeout | System.Nullable<System.TimeSpan> |
Overrides the default request timeout value. |
|
|
UnmodifiedSinceDate | System.DateTime |
This property is deprecated. Setting this property results in non-UTC DateTimes not being marshalled correctly. Use UnmodifiedSinceDateUtc instead. Setting either UnmodifiedSinceDate or UnmodifiedSinceDateUtc results in both UnmodifiedSinceDate and UnmodifiedSinceDateUtc being assigned, the latest assignment to either one of the two property is reflected in the value of both. UnmodifiedSinceDate is provided for backwards compatibility only and assigning a non-Utc DateTime to it results in the wrong timestamp being passed to the service. Copies the object if it has not been modified since the specified time, otherwise returns a PreconditionFailed. |
|
|
UnmodifiedSinceDateUtc | System.DateTime |
Copies the object if it has not been modified since the specified time, otherwise returns a PreconditionFailed. |
|
|
WebsiteRedirectLocation | System.String |
If the bucket is configured as a website, redirects requests for this object to another
object in the same bucket or to an external URL. Amazon S3 stores the value of this
header in the object metadata. This value is unique to each object and is not copied
when using the |
Examples
This example shows how to copy an object from one bucket/key to a different bucket/key.
CopyObject sample
// Create a client
AmazonS3Client client = new AmazonS3Client();
// Create a CopyObject request
CopyObjectRequest request = new CopyObjectRequest
{
SourceBucket = "SampleBucket",
SourceKey = "Item1",
DestinationBucket = "AnotherBucket",
DestinationKey = "Copy1",
CannedACL = S3CannedACL.PublicRead
};
// Issue request
client.CopyObject(request);
Version Information
.NET:
Supported in: 8.0 and newer, Core 3.1
.NET Standard:
Supported in: 2.0
.NET Framework:
Supported in: 4.5 and newer, 3.5