# Amazon S3 The following actions are supported by Amazon S3: + [AbortMultipartUpload](API_AbortMultipartUpload.md) + [CompleteMultipartUpload](API_CompleteMultipartUpload.md) + [CopyObject](API_CopyObject.md) + [CreateBucket](API_CreateBucket.md) + [CreateBucketMetadataConfiguration](API_CreateBucketMetadataConfiguration.md) + [CreateBucketMetadataTableConfiguration](API_CreateBucketMetadataTableConfiguration.md) + [CreateMultipartUpload](API_CreateMultipartUpload.md) + [CreateSession](API_CreateSession.md) + [DeleteBucket](API_DeleteBucket.md) + [DeleteBucketAnalyticsConfiguration](API_DeleteBucketAnalyticsConfiguration.md) + [DeleteBucketCors](API_DeleteBucketCors.md) + [DeleteBucketEncryption](API_DeleteBucketEncryption.md) + [DeleteBucketIntelligentTieringConfiguration](API_DeleteBucketIntelligentTieringConfiguration.md) + [DeleteBucketInventoryConfiguration](API_DeleteBucketInventoryConfiguration.md) + [DeleteBucketLifecycle](API_DeleteBucketLifecycle.md) + [DeleteBucketMetadataConfiguration](API_DeleteBucketMetadataConfiguration.md) + [DeleteBucketMetadataTableConfiguration](API_DeleteBucketMetadataTableConfiguration.md) + [DeleteBucketMetricsConfiguration](API_DeleteBucketMetricsConfiguration.md) + [DeleteBucketOwnershipControls](API_DeleteBucketOwnershipControls.md) + [DeleteBucketPolicy](API_DeleteBucketPolicy.md) + [DeleteBucketReplication](API_DeleteBucketReplication.md) + [DeleteBucketTagging](API_DeleteBucketTagging.md) + [DeleteBucketWebsite](API_DeleteBucketWebsite.md) + [DeleteObject](API_DeleteObject.md) + [DeleteObjects](API_DeleteObjects.md) + [DeleteObjectTagging](API_DeleteObjectTagging.md) + [DeletePublicAccessBlock](API_DeletePublicAccessBlock.md) + [GetBucketAbac](API_GetBucketAbac.md) + [GetBucketAccelerateConfiguration](API_GetBucketAccelerateConfiguration.md) + [GetBucketAcl](API_GetBucketAcl.md) + [GetBucketAnalyticsConfiguration](API_GetBucketAnalyticsConfiguration.md) + [GetBucketCors](API_GetBucketCors.md) + [GetBucketEncryption](API_GetBucketEncryption.md) + [GetBucketIntelligentTieringConfiguration](API_GetBucketIntelligentTieringConfiguration.md) + [GetBucketInventoryConfiguration](API_GetBucketInventoryConfiguration.md) + [GetBucketLifecycle](API_GetBucketLifecycle.md) + [GetBucketLifecycleConfiguration](API_GetBucketLifecycleConfiguration.md) + [GetBucketLocation](API_GetBucketLocation.md) + [GetBucketLogging](API_GetBucketLogging.md) + [GetBucketMetadataConfiguration](API_GetBucketMetadataConfiguration.md) + [GetBucketMetadataTableConfiguration](API_GetBucketMetadataTableConfiguration.md) + [GetBucketMetricsConfiguration](API_GetBucketMetricsConfiguration.md) + [GetBucketNotification](API_GetBucketNotification.md) + [GetBucketNotificationConfiguration](API_GetBucketNotificationConfiguration.md) + [GetBucketOwnershipControls](API_GetBucketOwnershipControls.md) + [GetBucketPolicy](API_GetBucketPolicy.md) + [GetBucketPolicyStatus](API_GetBucketPolicyStatus.md) + [GetBucketReplication](API_GetBucketReplication.md) + [GetBucketRequestPayment](API_GetBucketRequestPayment.md) + [GetBucketTagging](API_GetBucketTagging.md) + [GetBucketVersioning](API_GetBucketVersioning.md) + [GetBucketWebsite](API_GetBucketWebsite.md) + [GetObject](API_GetObject.md) + [GetObjectAcl](API_GetObjectAcl.md) + [GetObjectAttributes](API_GetObjectAttributes.md) + [GetObjectLegalHold](API_GetObjectLegalHold.md) + [GetObjectLockConfiguration](API_GetObjectLockConfiguration.md) + [GetObjectRetention](API_GetObjectRetention.md) + [GetObjectTagging](API_GetObjectTagging.md) + [GetObjectTorrent](API_GetObjectTorrent.md) + [GetPublicAccessBlock](API_GetPublicAccessBlock.md) + [HeadBucket](API_HeadBucket.md) + [HeadObject](API_HeadObject.md) + [ListBucketAnalyticsConfigurations](API_ListBucketAnalyticsConfigurations.md) + [ListBucketIntelligentTieringConfigurations](API_ListBucketIntelligentTieringConfigurations.md) + [ListBucketInventoryConfigurations](API_ListBucketInventoryConfigurations.md) + [ListBucketMetricsConfigurations](API_ListBucketMetricsConfigurations.md) + [ListBuckets](API_ListBuckets.md) + [ListDirectoryBuckets](API_ListDirectoryBuckets.md) + [ListMultipartUploads](API_ListMultipartUploads.md) + [ListObjects](API_ListObjects.md) + [ListObjectsV2](API_ListObjectsV2.md) + [ListObjectVersions](API_ListObjectVersions.md) + [ListParts](API_ListParts.md) + [PutBucketAbac](API_PutBucketAbac.md) + [PutBucketAccelerateConfiguration](API_PutBucketAccelerateConfiguration.md) + [PutBucketAcl](API_PutBucketAcl.md) + [PutBucketAnalyticsConfiguration](API_PutBucketAnalyticsConfiguration.md) + [PutBucketCors](API_PutBucketCors.md) + [PutBucketEncryption](API_PutBucketEncryption.md) + [PutBucketIntelligentTieringConfiguration](API_PutBucketIntelligentTieringConfiguration.md) + [PutBucketInventoryConfiguration](API_PutBucketInventoryConfiguration.md) + [PutBucketLifecycle](API_PutBucketLifecycle.md) + [PutBucketLifecycleConfiguration](API_PutBucketLifecycleConfiguration.md) + [PutBucketLogging](API_PutBucketLogging.md) + [PutBucketMetricsConfiguration](API_PutBucketMetricsConfiguration.md) + [PutBucketNotification](API_PutBucketNotification.md) + [PutBucketNotificationConfiguration](API_PutBucketNotificationConfiguration.md) + [PutBucketOwnershipControls](API_PutBucketOwnershipControls.md) + [PutBucketPolicy](API_PutBucketPolicy.md) + [PutBucketReplication](API_PutBucketReplication.md) + [PutBucketRequestPayment](API_PutBucketRequestPayment.md) + [PutBucketTagging](API_PutBucketTagging.md) + [PutBucketVersioning](API_PutBucketVersioning.md) + [PutBucketWebsite](API_PutBucketWebsite.md) + [PutObject](API_PutObject.md) + [PutObjectAcl](API_PutObjectAcl.md) + [PutObjectLegalHold](API_PutObjectLegalHold.md) + [PutObjectLockConfiguration](API_PutObjectLockConfiguration.md) + [PutObjectRetention](API_PutObjectRetention.md) + [PutObjectTagging](API_PutObjectTagging.md) + [PutPublicAccessBlock](API_PutPublicAccessBlock.md) + [RenameObject](API_RenameObject.md) + [RestoreObject](API_RestoreObject.md) + [SelectObjectContent](API_SelectObjectContent.md) + [UpdateBucketMetadataInventoryTableConfiguration](API_UpdateBucketMetadataInventoryTableConfiguration.md) + [UpdateBucketMetadataJournalTableConfiguration](API_UpdateBucketMetadataJournalTableConfiguration.md) + [UpdateObjectEncryption](API_UpdateObjectEncryption.md) + [UploadPart](API_UploadPart.md) + [UploadPartCopy](API_UploadPartCopy.md) + [WriteGetObjectResponse](API_WriteGetObjectResponse.md) # AbortMultipartUpload This operation aborts a multipart upload. After a multipart upload is aborted, no additional parts can be uploaded using that upload ID. The storage consumed by any previously uploaded parts will be freed. However, if any part uploads are currently in progress, those part uploads might or might not succeed. As a result, it might be necessary to abort a given multipart upload multiple times in order to completely free all storage consumed by all parts. To verify that all parts have been removed and prevent getting charged for the part storage, you should call the [ListParts](https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html) API operation and ensure that the parts list is empty. **Note** **Directory buckets** - If multipart uploads in a directory bucket are in progress, you can't delete the bucket until all the in-progress multipart uploads are aborted or completed. To delete these in-progress multipart uploads, use the `ListMultipartUploads` operation to list the in-progress multipart uploads in the bucket and use the `AbortMultipartUpload` operation to abort all the in-progress multipart uploads. **Directory buckets** - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format `https://amzn-s3-demo-bucket.s3express-zone-id.region-code.amazonaws.com/key-name `. Path-style requests are not supported. For more information about endpoints in Availability Zones, see [Regional and Zonal endpoints for directory buckets in Availability Zones](https://docs.aws.amazon.com/AmazonS3/latest/userguide/endpoint-directory-buckets-AZ.html) in the *Amazon S3 User Guide*. For more information about endpoints in Local Zones, see [Concepts for directory buckets in Local Zones](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-lzs-for-directory-buckets.html) in the *Amazon S3 User Guide*. Permissions + **General purpose bucket permissions** - For information about permissions required to use the multipart upload, see [Multipart Upload and Permissions](https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html) in the *Amazon S3 User Guide*. + **Directory bucket permissions** - To grant access to this API operation on a directory bucket, we recommend that you use the [https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) API operation for session-based authorization. Specifically, you grant the `s3express:CreateSession` permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the `CreateSession` API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another `CreateSession` API call to generate a new session token for use. AWS CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see [https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). HTTP Host header syntax **Directory buckets ** - The HTTP Host header syntax is ` Bucket-name.s3express-zone-id.region-code.amazonaws.com`. The following operations are related to `AbortMultipartUpload`: + [CreateMultipartUpload](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html) + [UploadPart](https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html) + [CompleteMultipartUpload](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html) + [ListParts](https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html) + [ListMultipartUploads](https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListMultipartUploads.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` DELETE /Key+?uploadId=UploadId HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-request-payer: RequestPayer x-amz-expected-bucket-owner: ExpectedBucketOwner x-amz-if-match-initiated-time: IfMatchInitiatedTime ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_AbortMultipartUpload_RequestSyntax) ** The bucket name to which the upload was taking place. **Directory buckets** - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format ` Bucket-name.s3express-zone-id.region-code.amazonaws.com`. Path-style requests are not supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must follow the format ` bucket-base-name--zone-id--x-s3` (for example, ` amzn-s3-demo-bucket--usw2-az1--x-s3`). For information about bucket naming restrictions, see [Directory bucket naming rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) in the *Amazon S3 User Guide*. **Access points** - When you use this action with an access point for general purpose buckets, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When you use this action with an access point for directory buckets, you must provide the access point name in place of the bucket name. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com. When using this action with an access point through the AWS SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see [Using access points](https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) in the *Amazon S3 User Guide*. Object Lambda access points are not supported by directory buckets. **S3 on Outposts** - When you use this action with S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form ` AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com`. When you use this action with S3 on Outposts, the destination bucket must be the Outposts access point ARN or the access point alias. For more information about S3 on Outposts, see [What is S3 on Outposts?](https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) in the *Amazon S3 User Guide*. Required: Yes ** [Key](#API_AbortMultipartUpload_RequestSyntax) ** Key of the object for which the multipart upload was initiated. Length Constraints: Minimum length of 1. Required: Yes ** [uploadId](#API_AbortMultipartUpload_RequestSyntax) ** Upload ID that identifies the multipart upload. Required: Yes ** [x-amz-expected-bucket-owner](#API_AbortMultipartUpload_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ** [x-amz-if-match-initiated-time](#API_AbortMultipartUpload_RequestSyntax) ** If present, this header aborts an in progress multipart upload only if it was initiated on the provided timestamp. If the initiated timestamp of the multipart upload does not match the provided value, the operation returns a `412 Precondition Failed` error. If the initiated timestamp matches or if the multipart upload doesn’t exist, the operation returns a `204 Success (No Content)` response. This functionality is only supported for directory buckets. ** [x-amz-request-payer](#API_AbortMultipartUpload_RequestSyntax) ** Confirms that the requester knows that they will be charged for the request. Bucket owners need not specify this parameter in their requests. If either the source or destination S3 bucket has Requester Pays enabled, the requester will pay for the corresponding charges. For information about downloading objects from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets](https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) in the *Amazon S3 User Guide*. This functionality is not supported for directory buckets. Valid Values: `requester` ## Request Body The request does not have a request body. ## Response Syntax ``` HTTP/1.1 204 x-amz-request-charged: RequestCharged ``` ## Response Elements If the action is successful, the service sends back an HTTP 204 response. The response returns the following HTTP headers. ** [x-amz-request-charged](#API_AbortMultipartUpload_ResponseSyntax) ** If present, indicates that the requester was successfully charged for the request. For more information, see [Using Requester Pays buckets for storage transfers and usage](https://docs.aws.amazon.com/AmazonS3/latest/userguide/RequesterPaysBuckets.html) in the *Amazon Simple Storage Service user guide*. This functionality is not supported for directory buckets. Valid Values: `requester` ## Errors ** NoSuchUpload ** The specified multipart upload does not exist. HTTP Status Code: 404 ## Examples ### Sample Request for general purpose buckets The following request aborts a multipart upload identified by its upload ID. ``` DELETE /example-object?uploadId=VXBsb2FkIElEIGZvciBlbHZpbmcncyBteS1tb3ZpZS5tMnRzIHVwbG9hZ HTTP/1.1 Host: amzn-s3-demo-bucket.s3..amazonaws.com Date: Mon, 1 Nov 2010 20:34:56 GMT Authorization: authorization string ``` ### Sample Response for general purpose buckets This example illustrates one usage of AbortMultipartUpload. ``` HTTP/1.1 204 OK x-amz-id-2: Weag1LuByRx9e6j5Onimru9pO4ZVKnJ2Qz7/C1NPcfTWAtRPfTaOFg== x-amz-request-id: 996c76696e6727732072657175657374 Date: Mon, 1 Nov 2010 20:34:56 GMT Content-Length: 0 Connection: keep-alive Server: AmazonS3 ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/AbortMultipartUpload) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/AbortMultipartUpload) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/AbortMultipartUpload) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/AbortMultipartUpload) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/AbortMultipartUpload) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/AbortMultipartUpload) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/AbortMultipartUpload) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/AbortMultipartUpload) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/AbortMultipartUpload) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/AbortMultipartUpload) # CompleteMultipartUpload Completes a multipart upload by assembling previously uploaded parts. You first initiate the multipart upload and then upload all parts using the [UploadPart](https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html) operation or the [UploadPartCopy](https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html) operation. After successfully uploading all relevant parts of an upload, you call this `CompleteMultipartUpload` operation to complete the upload. Upon receiving this request, Amazon S3 concatenates all the parts in ascending order by part number to create a new object. In the CompleteMultipartUpload request, you must provide the parts list and ensure that the parts list is complete. The CompleteMultipartUpload API operation concatenates the parts that you provide in the list. For each part in the list, you must provide the `PartNumber` value and the `ETag` value that are returned after that part was uploaded. The processing of a CompleteMultipartUpload request could take several minutes to finalize. After Amazon S3 begins processing the request, it sends an HTTP response header that specifies a `200 OK` response. While processing is in progress, Amazon S3 periodically sends white space characters to keep the connection from timing out. A request could fail after the initial `200 OK` response has been sent. This means that a `200 OK` response can contain either a success or an error. The error response might be embedded in the `200 OK` response. If you call this API operation directly, make sure to design your application to parse the contents of the response and handle it appropriately. If you use AWS SDKs, SDKs handle this condition. The SDKs detect the embedded error and apply error handling per your configuration settings (including automatically retrying the request as appropriate). If the condition persists, the SDKs throw an exception (or, for the SDKs that don't use exceptions, they return an error). Note that if `CompleteMultipartUpload` fails, applications should be prepared to retry any failed requests (including 500 error responses). For more information, see [Amazon S3 Error Best Practices](https://docs.aws.amazon.com/AmazonS3/latest/dev/ErrorBestPractices.html). **Important** You can't use `Content-Type: application/x-www-form-urlencoded` for the CompleteMultipartUpload requests. Also, if you don't provide a `Content-Type` header, `CompleteMultipartUpload` can still return a `200 OK` response. For more information about multipart uploads, see [Uploading Objects Using Multipart Upload](https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html) in the *Amazon S3 User Guide*. **Note** **Directory buckets** - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format `https://amzn-s3-demo-bucket.s3express-zone-id.region-code.amazonaws.com/key-name `. Path-style requests are not supported. For more information about endpoints in Availability Zones, see [Regional and Zonal endpoints for directory buckets in Availability Zones](https://docs.aws.amazon.com/AmazonS3/latest/userguide/endpoint-directory-buckets-AZ.html) in the *Amazon S3 User Guide*. For more information about endpoints in Local Zones, see [Concepts for directory buckets in Local Zones](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-lzs-for-directory-buckets.html) in the *Amazon S3 User Guide*. Permissions + **General purpose bucket permissions** - For information about permissions required to use the multipart upload API, see [Multipart Upload and Permissions](https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html) in the *Amazon S3 User Guide*. If you provide an [additional checksum value](https://docs.aws.amazon.com/AmazonS3/latest/API/API_Checksum.html) in your `MultipartUpload` requests and the object is encrypted with AWS Key Management Service, you must have permission to use the `kms:Decrypt` action for the `CompleteMultipartUpload` request to succeed. + **Directory bucket permissions** - To grant access to this API operation on a directory bucket, we recommend that you use the [https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) API operation for session-based authorization. Specifically, you grant the `s3express:CreateSession` permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the `CreateSession` API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another `CreateSession` API call to generate a new session token for use. AWS CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see [https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). If the object is encrypted with SSE-KMS, you must also have the `kms:GenerateDataKey` and `kms:Decrypt` permissions in IAM identity-based policies and AWS KMS key policies for the AWS KMS key. Special errors + Error Code: `EntityTooSmall` + Description: Your proposed upload is smaller than the minimum allowed object size. Each part must be at least 5 MB in size, except the last part. + HTTP Status Code: 400 Bad Request + Error Code: `InvalidPart` + Description: One or more of the specified parts could not be found. The part might not have been uploaded, or the specified ETag might not have matched the uploaded part's ETag. + HTTP Status Code: 400 Bad Request + Error Code: `InvalidPartOrder` + Description: The list of parts was not in ascending order. The parts list must be specified in order by part number. + HTTP Status Code: 400 Bad Request + Error Code: `NoSuchUpload` + Description: The specified multipart upload does not exist. The upload ID might be invalid, or the multipart upload might have been aborted or completed. + HTTP Status Code: 404 Not Found HTTP Host header syntax **Directory buckets ** - The HTTP Host header syntax is ` Bucket-name.s3express-zone-id.region-code.amazonaws.com`. The following operations are related to `CompleteMultipartUpload`: + [CreateMultipartUpload](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html) + [UploadPart](https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html) + [AbortMultipartUpload](https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html) + [ListParts](https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html) + [ListMultipartUploads](https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListMultipartUploads.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` POST /Key+?uploadId=UploadId HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-checksum-crc32: ChecksumCRC32 x-amz-checksum-crc32c: ChecksumCRC32C x-amz-checksum-crc64nvme: ChecksumCRC64NVME x-amz-checksum-sha1: ChecksumSHA1 x-amz-checksum-sha256: ChecksumSHA256 x-amz-checksum-type: ChecksumType x-amz-mp-object-size: MpuObjectSize x-amz-request-payer: RequestPayer x-amz-expected-bucket-owner: ExpectedBucketOwner If-Match: IfMatch If-None-Match: IfNoneMatch x-amz-server-side-encryption-customer-algorithm: SSECustomerAlgorithm x-amz-server-side-encryption-customer-key: SSECustomerKey x-amz-server-side-encryption-customer-key-MD5: SSECustomerKeyMD5 string string string string string string integer ... ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_CompleteMultipartUpload_RequestSyntax) ** Name of the bucket to which the multipart upload was initiated. **Directory buckets** - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format ` Bucket-name.s3express-zone-id.region-code.amazonaws.com`. Path-style requests are not supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must follow the format ` bucket-base-name--zone-id--x-s3` (for example, ` amzn-s3-demo-bucket--usw2-az1--x-s3`). For information about bucket naming restrictions, see [Directory bucket naming rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) in the *Amazon S3 User Guide*. **Access points** - When you use this action with an access point for general purpose buckets, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When you use this action with an access point for directory buckets, you must provide the access point name in place of the bucket name. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com. When using this action with an access point through the AWS SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see [Using access points](https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) in the *Amazon S3 User Guide*. Object Lambda access points are not supported by directory buckets. **S3 on Outposts** - When you use this action with S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form ` AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com`. When you use this action with S3 on Outposts, the destination bucket must be the Outposts access point ARN or the access point alias. For more information about S3 on Outposts, see [What is S3 on Outposts?](https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) in the *Amazon S3 User Guide*. Required: Yes ** [If-Match](#API_CompleteMultipartUpload_RequestSyntax) ** Uploads the object only if the ETag (entity tag) value provided during the WRITE operation matches the ETag of the object in S3. If the ETag values do not match, the operation returns a `412 Precondition Failed` error. If a conflicting operation occurs during the upload S3 returns a `409 ConditionalRequestConflict` response. On a 409 failure you should fetch the object's ETag, re-initiate the multipart upload with `CreateMultipartUpload`, and re-upload each part. Expects the ETag value as a string. For more information about conditional requests, see [RFC 7232](https://tools.ietf.org/html/rfc7232), or [Conditional requests](https://docs.aws.amazon.com/AmazonS3/latest/userguide/conditional-requests.html) in the *Amazon S3 User Guide*. ** [If-None-Match](#API_CompleteMultipartUpload_RequestSyntax) ** Uploads the object only if the object key name does not already exist in the bucket specified. Otherwise, Amazon S3 returns a `412 Precondition Failed` error. If a conflicting operation occurs during the upload S3 returns a `409 ConditionalRequestConflict` response. On a 409 failure you should re-initiate the multipart upload with `CreateMultipartUpload` and re-upload each part. Expects the '\$1' (asterisk) character. For more information about conditional requests, see [RFC 7232](https://tools.ietf.org/html/rfc7232), or [Conditional requests](https://docs.aws.amazon.com/AmazonS3/latest/userguide/conditional-requests.html) in the *Amazon S3 User Guide*. ** [Key](#API_CompleteMultipartUpload_RequestSyntax) ** Object key for which the multipart upload was initiated. Length Constraints: Minimum length of 1. Required: Yes ** [uploadId](#API_CompleteMultipartUpload_RequestSyntax) ** ID for the initiated multipart upload. Required: Yes ** [x-amz-checksum-crc32](#API_CompleteMultipartUpload_RequestSyntax) ** This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This header specifies the Base64 encoded, 32-bit `CRC32` checksum of the object. For more information, see [Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) in the *Amazon S3 User Guide*. ** [x-amz-checksum-crc32c](#API_CompleteMultipartUpload_RequestSyntax) ** This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This header specifies the Base64 encoded, 32-bit `CRC32C` checksum of the object. For more information, see [Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) in the *Amazon S3 User Guide*. ** [x-amz-checksum-crc64nvme](#API_CompleteMultipartUpload_RequestSyntax) ** This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This header specifies the Base64 encoded, 64-bit `CRC64NVME` checksum of the object. The `CRC64NVME` checksum is always a full object checksum. For more information, see [Checking object integrity in the Amazon S3 User Guide](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html). ** [x-amz-checksum-sha1](#API_CompleteMultipartUpload_RequestSyntax) ** This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This header specifies the Base64 encoded, 160-bit `SHA1` digest of the object. For more information, see [Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) in the *Amazon S3 User Guide*. ** [x-amz-checksum-sha256](#API_CompleteMultipartUpload_RequestSyntax) ** This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This header specifies the Base64 encoded, 256-bit `SHA256` digest of the object. For more information, see [Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) in the *Amazon S3 User Guide*. ** [x-amz-checksum-type](#API_CompleteMultipartUpload_RequestSyntax) ** This header specifies the checksum type of the object, which determines how part-level checksums are combined to create an object-level checksum for multipart objects. You can use this header as a data integrity check to verify that the checksum type that is received is the same checksum that was specified. If the checksum type doesn’t match the checksum type that was specified for the object during the `CreateMultipartUpload` request, it’ll result in a `BadDigest` error. For more information, see Checking object integrity in the Amazon S3 User Guide. Valid Values: `COMPOSITE | FULL_OBJECT` ** [x-amz-expected-bucket-owner](#API_CompleteMultipartUpload_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ** [x-amz-mp-object-size](#API_CompleteMultipartUpload_RequestSyntax) ** The expected total object size of the multipart upload request. If there’s a mismatch between the specified object size value and the actual object size value, it results in an `HTTP 400 InvalidRequest` error. ** [x-amz-request-payer](#API_CompleteMultipartUpload_RequestSyntax) ** Confirms that the requester knows that they will be charged for the request. Bucket owners need not specify this parameter in their requests. If either the source or destination S3 bucket has Requester Pays enabled, the requester will pay for the corresponding charges. For information about downloading objects from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets](https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) in the *Amazon S3 User Guide*. This functionality is not supported for directory buckets. Valid Values: `requester` ** [x-amz-server-side-encryption-customer-algorithm](#API_CompleteMultipartUpload_RequestSyntax) ** The server-side encryption (SSE) algorithm used to encrypt the object. This parameter is required only when the object was created using a checksum algorithm or if your bucket policy requires the use of SSE-C. For more information, see [Protecting data using SSE-C keys](https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerSideEncryptionCustomerKeys.html#ssec-require-condition-key) in the *Amazon S3 User Guide*. This functionality is not supported for directory buckets. ** [x-amz-server-side-encryption-customer-key](#API_CompleteMultipartUpload_RequestSyntax) ** The server-side encryption (SSE) customer managed key. This parameter is needed only when the object was created using a checksum algorithm. For more information, see [Protecting data using SSE-C keys](https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html) in the *Amazon S3 User Guide*. This functionality is not supported for directory buckets. ** [x-amz-server-side-encryption-customer-key-MD5](#API_CompleteMultipartUpload_RequestSyntax) ** The MD5 server-side encryption (SSE) customer managed key. This parameter is needed only when the object was created using a checksum algorithm. For more information, see [Protecting data using SSE-C keys](https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html) in the *Amazon S3 User Guide*. This functionality is not supported for directory buckets. ## Request Body The request accepts the following data in XML format. ** [CompleteMultipartUpload](#API_CompleteMultipartUpload_RequestSyntax) ** Root level tag for the CompleteMultipartUpload parameters. Required: Yes ** [Part](#API_CompleteMultipartUpload_RequestSyntax) ** Array of CompletedPart data types. If you do not supply a valid `Part` with your request, the service sends back an HTTP 400 response. Type: Array of [CompletedPart](API_CompletedPart.md) data types Required: No ## Response Syntax ``` HTTP/1.1 200 x-amz-expiration: Expiration x-amz-server-side-encryption: ServerSideEncryption x-amz-version-id: VersionId x-amz-server-side-encryption-aws-kms-key-id: SSEKMSKeyId x-amz-server-side-encryption-bucket-key-enabled: BucketKeyEnabled x-amz-request-charged: RequestCharged string string string string string string string string string string ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response. The response returns the following HTTP headers. ** [x-amz-expiration](#API_CompleteMultipartUpload_ResponseSyntax) ** If the object expiration is configured, this will contain the expiration date (`expiry-date`) and rule ID (`rule-id`). The value of `rule-id` is URL-encoded. This functionality is not supported for directory buckets. ** [x-amz-request-charged](#API_CompleteMultipartUpload_ResponseSyntax) ** If present, indicates that the requester was successfully charged for the request. For more information, see [Using Requester Pays buckets for storage transfers and usage](https://docs.aws.amazon.com/AmazonS3/latest/userguide/RequesterPaysBuckets.html) in the *Amazon Simple Storage Service user guide*. This functionality is not supported for directory buckets. Valid Values: `requester` ** [x-amz-server-side-encryption](#API_CompleteMultipartUpload_ResponseSyntax) ** The server-side encryption algorithm used when storing this object in Amazon S3. When accessing data stored in Amazon FSx file systems using S3 access points, the only valid server side encryption option is `aws:fsx`. Valid Values: `AES256 | aws:fsx | aws:kms | aws:kms:dsse` ** [x-amz-server-side-encryption-aws-kms-key-id](#API_CompleteMultipartUpload_ResponseSyntax) ** If present, indicates the ID of the KMS key that was used for object encryption. ** [x-amz-server-side-encryption-bucket-key-enabled](#API_CompleteMultipartUpload_ResponseSyntax) ** Indicates whether the multipart upload uses an S3 Bucket Key for server-side encryption with AWS Key Management Service (AWS KMS) keys (SSE-KMS). ** [x-amz-version-id](#API_CompleteMultipartUpload_ResponseSyntax) ** Version ID of the newly created object, in case the bucket has versioning turned on. This functionality is not supported for directory buckets. The following data is returned in XML format by the service. ** [CompleteMultipartUploadResult](#API_CompleteMultipartUpload_ResponseSyntax) ** Root level tag for the CompleteMultipartUploadResult parameters. Required: Yes ** [Bucket](#API_CompleteMultipartUpload_ResponseSyntax) ** The name of the bucket that contains the newly created object. Does not return the access point ARN or access point alias if used. Access points are not supported by directory buckets. Type: String ** [ChecksumCRC32](#API_CompleteMultipartUpload_ResponseSyntax) ** The Base64 encoded, 32-bit `CRC32 checksum` of the object. This checksum is only present if the checksum was uploaded with the object. When you use an API operation on an object that was uploaded using multipart uploads, this value may not be a direct checksum value of the full object. Instead, it's a calculation based on the checksum values of each individual part. For more information about how checksums are calculated with multipart uploads, see [ Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) in the *Amazon S3 User Guide*. Type: String ** [ChecksumCRC32C](#API_CompleteMultipartUpload_ResponseSyntax) ** The Base64 encoded, 32-bit `CRC32C` checksum of the object. This checksum is only present if the checksum was uploaded with the object. When you use an API operation on an object that was uploaded using multipart uploads, this value may not be a direct checksum value of the full object. Instead, it's a calculation based on the checksum values of each individual part. For more information about how checksums are calculated with multipart uploads, see [ Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) in the *Amazon S3 User Guide*. Type: String ** [ChecksumCRC64NVME](#API_CompleteMultipartUpload_ResponseSyntax) ** This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This header specifies the Base64 encoded, 64-bit `CRC64NVME` checksum of the object. The `CRC64NVME` checksum is always a full object checksum. For more information, see [Checking object integrity in the Amazon S3 User Guide](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html). Type: String ** [ChecksumSHA1](#API_CompleteMultipartUpload_ResponseSyntax) ** The Base64 encoded, 160-bit `SHA1` digest of the object. This checksum is only present if the checksum was uploaded with the object. When you use the API operation on an object that was uploaded using multipart uploads, this value may not be a direct checksum value of the full object. Instead, it's a calculation based on the checksum values of each individual part. For more information about how checksums are calculated with multipart uploads, see [ Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) in the *Amazon S3 User Guide*. Type: String ** [ChecksumSHA256](#API_CompleteMultipartUpload_ResponseSyntax) ** The Base64 encoded, 256-bit `SHA256` digest of the object. This checksum is only present if the checksum was uploaded with the object. When you use an API operation on an object that was uploaded using multipart uploads, this value may not be a direct checksum value of the full object. Instead, it's a calculation based on the checksum values of each individual part. For more information about how checksums are calculated with multipart uploads, see [ Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) in the *Amazon S3 User Guide*. Type: String ** [ChecksumType](#API_CompleteMultipartUpload_ResponseSyntax) ** The checksum type, which determines how part-level checksums are combined to create an object-level checksum for multipart objects. You can use this header as a data integrity check to verify that the checksum type that is received is the same checksum type that was specified during the `CreateMultipartUpload` request. For more information, see [Checking object integrity in the Amazon S3 User Guide](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html). Type: String Valid Values: `COMPOSITE | FULL_OBJECT` ** [ETag](#API_CompleteMultipartUpload_ResponseSyntax) ** Entity tag that identifies the newly created object's data. Objects with different object data will have different entity tags. The entity tag is an opaque string. The entity tag may or may not be an MD5 digest of the object data. If the entity tag is not an MD5 digest of the object data, it will contain one or more nonhexadecimal characters and/or will consist of less than 32 or more than 32 hexadecimal digits. For more information about how the entity tag is calculated, see [Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) in the *Amazon S3 User Guide*. Type: String ** [Key](#API_CompleteMultipartUpload_ResponseSyntax) ** The object key of the newly created object. Type: String Length Constraints: Minimum length of 1. ** [Location](#API_CompleteMultipartUpload_ResponseSyntax) ** The URI that identifies the newly created object. Type: String ## Examples ### Sample Request for general purpose buckets The following Complete Multipart Upload request specifies three parts in the `CompleteMultipartUpload` element. ``` POST /example-object?uploadId=AAAsb2FkIElEIGZvciBlbHZpbmcncyWeeS1tb3ZpZS5tMnRzIRRwbG9hZA HTTP/1.1 Host: amzn-s3-demo-bucket.s3..amazonaws.com Date: Mon, 1 Nov 2010 20:34:56 GMT Content-Length: 391 Authorization: authorization string 1 "a54357aff0632cce46d942af68356b38" 2 "0c78aef83f66abc1fa1e8477f296d394" 3 "acbd18db4cc2f85cedef654fccc4a4d8" ``` ### Sample Response for general purpose buckets The following response indicates that an object was successfully assembled. ``` HTTP/1.1 200 OK x-amz-id-2: Uuag1LuByRx9e6j5Onimru9pO4ZVKnJ2Qz7/C1NPcfTWAtRPfTaOFg== x-amz-request-id: 656c76696e6727732072657175657374 Date: Mon, 1 Nov 2010 20:34:56 GMT Connection: close Server: AmazonS3 http://amzn-s3-demo-bucket.s3..amazonaws.com/Example-Object amzn-s3-demo-bucket Example-Object "3858f62230ac3c915f300c664312c11f-9" ``` ### Sample Response for general purpose buckets: Error specified in header The following response indicates that an error occurred before the HTTP response header was sent. ``` HTTP/1.1 403 Forbidden x-amz-id-2: Uuag1LuByRx9e6j5Onimru9pO4ZVKnJ2Qz7/C1NPcfTWAtRPfTaOFg== x-amz-request-id: 656c76696e6727732072657175657374 Date: Mon, 1 Nov 2010 20:34:56 GMT Content-Length: 237 Connection: keep-alive Server: AmazonS3 AccessDenied Access Denied 656c76696e6727732072657175657374 Uuag1LuByRx9e6j5Onimru9pO4ZVKnJ2Qz7/C1NPcfTWAtRPfTaOFg== ``` ### Sample Response for general purpose buckets: Error specified in body The following response indicates that an error occurred after the HTTP response header was sent. Note that while the HTTP status code is 200 OK, the request actually failed as described in the `Error` element. ``` HTTP/1.1 200 OK x-amz-id-2: Uuag1LuByRx9e6j5Onimru9pO4ZVKnJ2Qz7/C1NPcfTWAtRPfTaOFg== x-amz-request-id: 656c76696e6727732072657175657374 Date: Mon, 1 Nov 2010 20:34:56 GMT Connection: close Server: AmazonS3 InternalError We encountered an internal error. Please try again. 656c76696e6727732072657175657374 Uuag1LuByRx9e6j5Onimru9pO4ZVKnJ2Qz7/C1NPcfTWAtRPfTaOFg== ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/CompleteMultipartUpload) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/CompleteMultipartUpload) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/CompleteMultipartUpload) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/CompleteMultipartUpload) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/CompleteMultipartUpload) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/CompleteMultipartUpload) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/CompleteMultipartUpload) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/CompleteMultipartUpload) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/CompleteMultipartUpload) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/CompleteMultipartUpload) # CopyObject Creates a copy of an object that is already stored in Amazon S3. **Important** End of support notice: As of October 1, 2025, Amazon S3 has discontinued support for Email Grantee Access Control Lists (ACLs). If you attempt to use an Email Grantee ACL in a request after October 1, 2025, the request will receive an `HTTP 405` (Method Not Allowed) error. This change affects the following AWS Regions: US East (N. Virginia), US West (N. California), US West (Oregon), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Europe (Ireland), and South America (São Paulo). **Note** You can store individual objects of up to 50 TB in Amazon S3. You create a copy of your object up to 5 GB in size in a single atomic action using this API. However, to copy an object greater than 5 GB, you must use the multipart upload Upload Part - Copy (UploadPartCopy) API. For more information, see [Copy Object Using the REST Multipart Upload API](https://docs.aws.amazon.com/AmazonS3/latest/dev/CopyingObjctsUsingRESTMPUapi.html). You can copy individual objects between general purpose buckets, between directory buckets, and between general purpose buckets and directory buckets. **Note** Amazon S3 supports copy operations using Multi-Region Access Points only as a destination when using the Multi-Region Access Point ARN. **Directory buckets ** - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format `https://amzn-s3-demo-bucket.s3express-zone-id.region-code.amazonaws.com/key-name `. Path-style requests are not supported. For more information about endpoints in Availability Zones, see [Regional and Zonal endpoints for directory buckets in Availability Zones](https://docs.aws.amazon.com/AmazonS3/latest/userguide/endpoint-directory-buckets-AZ.html) in the *Amazon S3 User Guide*. For more information about endpoints in Local Zones, see [Concepts for directory buckets in Local Zones](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-lzs-for-directory-buckets.html) in the *Amazon S3 User Guide*. VPC endpoints don't support cross-Region requests (including copies). If you're using VPC endpoints, your source and destination buckets should be in the same AWS Region as your VPC endpoint. Both the Region that you want to copy the object from and the Region that you want to copy the object to must be enabled for your account. For more information about how to enable a Region for your account, see [Enable or disable a Region for standalone accounts](https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-regions.html#manage-acct-regions-enable-standalone) in the * AWS Account Management Guide*. **Important** Amazon S3 transfer acceleration does not support cross-Region copies. If you request a cross-Region copy using a transfer acceleration endpoint, you get a `400 Bad Request` error. For more information, see [Transfer Acceleration](https://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html). Authentication and authorization All `CopyObject` requests must be authenticated and signed by using IAM credentials (access key ID and secret access key for the IAM identities). All headers with the `x-amz-` prefix, including `x-amz-copy-source`, must be signed. For more information, see [REST Authentication](https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html). **Directory buckets** - You must use the IAM credentials to authenticate and authorize your access to the `CopyObject` API operation, instead of using the temporary security credentials through the `CreateSession` API operation. AWS CLI or SDKs handles authentication and authorization on your behalf. Permissions You must have *read* access to the source object and *write* access to the destination bucket. + **General purpose bucket permissions** - You must have permissions in an IAM policy based on the source and destination bucket types in a `CopyObject` operation. + If the source object is in a general purpose bucket, you must have ** `s3:GetObject` ** permission to read the source object that is being copied. + If the destination bucket is a general purpose bucket, you must have ** `s3:PutObject` ** permission to write the object copy to the destination bucket. + **Directory bucket permissions** - You must have permissions in a bucket policy or an IAM identity-based policy based on the source and destination bucket types in a `CopyObject` operation. + If the source object that you want to copy is in a directory bucket, you must have the ** `s3express:CreateSession` ** permission in the `Action` element of a policy to read the object. If no session mode is specified, the session will be created with the maximum allowable privilege, attempting `ReadWrite` first, then `ReadOnly` if `ReadWrite` is not permitted. If you want to explicitly restrict the access to be read-only, you can set the `s3express:SessionMode` condition key to `ReadOnly` on the copy source bucket. + If the copy destination is a directory bucket, you must have the ** `s3express:CreateSession` ** permission in the `Action` element of a policy to write the object to the destination. The `s3express:SessionMode` condition key can't be set to `ReadOnly` on the copy destination bucket. If the object is encrypted with SSE-KMS, you must also have the `kms:GenerateDataKey` and `kms:Decrypt` permissions in IAM identity-based policies and AWS KMS key policies for the AWS KMS key. For example policies, see [Example bucket policies for S3 Express One Zone](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-example-bucket-policies.html) and [AWS Identity and Access Management (IAM) identity-based policies for S3 Express One Zone](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-identity-policies.html) in the *Amazon S3 User Guide*. Response and special errors When the request is an HTTP 1.1 request, the response is chunk encoded. When the request is not an HTTP 1.1 request, the response would not contain the `Content-Length`. You always need to read the entire response body to check if the copy succeeds. + If the copy is successful, you receive a response with information about the copied object. + A copy request might return an error when Amazon S3 receives the copy request or while Amazon S3 is copying the files. A `200 OK` response can contain either a success or an error. + If the error occurs before the copy action starts, you receive a standard Amazon S3 error. + If the error occurs during the copy operation, the error response is embedded in the `200 OK` response. For example, in a cross-region copy, you may encounter throttling and receive a `200 OK` response. For more information, see [Resolve the Error 200 response when copying objects to Amazon S3](https://repost.aws/knowledge-center/s3-resolve-200-internalerror). The `200 OK` status code means the copy was accepted, but it doesn't mean the copy is complete. Another example is when you disconnect from Amazon S3 before the copy is complete, Amazon S3 might cancel the copy and you may receive a `200 OK` response. You must stay connected to Amazon S3 until the entire response is successfully received and processed. If you call this API operation directly, make sure to design your application to parse the content of the response and handle it appropriately. If you use AWS SDKs, SDKs handle this condition. The SDKs detect the embedded error and apply error handling per your configuration settings (including automatically retrying the request as appropriate). If the condition persists, the SDKs throw an exception (or, for the SDKs that don't use exceptions, they return an error). Charge The copy request charge is based on the storage class and Region that you specify for the destination object. The request can also result in a data retrieval charge for the source if the source storage class bills for data retrieval. If the copy source is in a different region, the data transfer is billed to the copy source account. For pricing information, see [Amazon S3 pricing](http://aws.amazon.com/s3/pricing/). HTTP Host header syntax + **Directory buckets ** - The HTTP Host header syntax is ` Bucket-name.s3express-zone-id.region-code.amazonaws.com`. + **Amazon S3 on Outposts** - When you use this action with S3 on Outposts through the REST API, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form ` AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com`. The hostname isn't required when you use the AWS CLI or SDKs. The following operations are related to `CopyObject`: + [PutObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html) + [GetObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` PUT /Key+ HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-acl: ACL Cache-Control: CacheControl x-amz-checksum-algorithm: ChecksumAlgorithm Content-Disposition: ContentDisposition Content-Encoding: ContentEncoding Content-Language: ContentLanguage Content-Type: ContentType x-amz-copy-source: CopySource x-amz-copy-source-if-match: CopySourceIfMatch x-amz-copy-source-if-modified-since: CopySourceIfModifiedSince x-amz-copy-source-if-none-match: CopySourceIfNoneMatch x-amz-copy-source-if-unmodified-since: CopySourceIfUnmodifiedSince Expires: Expires x-amz-grant-full-control: GrantFullControl x-amz-grant-read: GrantRead x-amz-grant-read-acp: GrantReadACP x-amz-grant-write-acp: GrantWriteACP If-Match: IfMatch If-None-Match: IfNoneMatch x-amz-metadata-directive: MetadataDirective x-amz-tagging-directive: TaggingDirective x-amz-server-side-encryption: ServerSideEncryption x-amz-storage-class: StorageClass x-amz-website-redirect-location: WebsiteRedirectLocation x-amz-server-side-encryption-customer-algorithm: SSECustomerAlgorithm x-amz-server-side-encryption-customer-key: SSECustomerKey x-amz-server-side-encryption-customer-key-MD5: SSECustomerKeyMD5 x-amz-server-side-encryption-aws-kms-key-id: SSEKMSKeyId x-amz-server-side-encryption-context: SSEKMSEncryptionContext x-amz-server-side-encryption-bucket-key-enabled: BucketKeyEnabled x-amz-copy-source-server-side-encryption-customer-algorithm: CopySourceSSECustomerAlgorithm x-amz-copy-source-server-side-encryption-customer-key: CopySourceSSECustomerKey x-amz-copy-source-server-side-encryption-customer-key-MD5: CopySourceSSECustomerKeyMD5 x-amz-request-payer: RequestPayer x-amz-tagging: Tagging x-amz-object-lock-mode: ObjectLockMode x-amz-object-lock-retain-until-date: ObjectLockRetainUntilDate x-amz-object-lock-legal-hold: ObjectLockLegalHoldStatus x-amz-expected-bucket-owner: ExpectedBucketOwner x-amz-source-expected-bucket-owner: ExpectedSourceBucketOwner ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_CopyObject_RequestSyntax) ** The name of the destination bucket. **Directory buckets** - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format ` Bucket-name.s3express-zone-id.region-code.amazonaws.com`. Path-style requests are not supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must follow the format ` bucket-base-name--zone-id--x-s3` (for example, ` amzn-s3-demo-bucket--usw2-az1--x-s3`). For information about bucket naming restrictions, see [Directory bucket naming rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) in the *Amazon S3 User Guide*. Copying objects across different AWS Regions isn't supported when the source or destination bucket is in AWS Local Zones. The source and destination buckets must have the same parent AWS Region. Otherwise, you get an HTTP `400 Bad Request` error with the error code `InvalidRequest`. **Access points** - When you use this action with an access point for general purpose buckets, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When you use this action with an access point for directory buckets, you must provide the access point name in place of the bucket name. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com. When using this action with an access point through the AWS SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see [Using access points](https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) in the *Amazon S3 User Guide*. Object Lambda access points are not supported by directory buckets. **S3 on Outposts** - When you use this action with S3 on Outposts, you must use the Outpost bucket access point ARN or the access point alias for the destination bucket. You can only copy objects within the same Outpost bucket. It's not supported to copy objects across different AWS Outposts, between buckets on the same Outposts, or between Outposts buckets and any other bucket types. For more information about S3 on Outposts, see [What is S3 on Outposts?](https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) in the *S3 on Outposts guide*. When you use this action with S3 on Outposts through the REST API, you must direct requests to the S3 on Outposts hostname, in the format ` AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com`. The hostname isn't required when you use the AWS CLI or SDKs. Required: Yes ** [Cache-Control](#API_CopyObject_RequestSyntax) ** Specifies the caching behavior along the request/reply chain. ** [Content-Disposition](#API_CopyObject_RequestSyntax) ** Specifies presentational information for the object. Indicates whether an object should be displayed in a web browser or downloaded as a file. It allows specifying the desired filename for the downloaded file. ** [Content-Encoding](#API_CopyObject_RequestSyntax) ** Specifies what content encodings have been applied to the object and thus what decoding mechanisms must be applied to obtain the media-type referenced by the Content-Type header field. For directory buckets, only the `aws-chunked` value is supported in this header field. ** [Content-Language](#API_CopyObject_RequestSyntax) ** The language the content is in. ** [Content-Type](#API_CopyObject_RequestSyntax) ** A standard MIME type that describes the format of the object data. ** [Expires](#API_CopyObject_RequestSyntax) ** The date and time at which the object is no longer cacheable. ** [If-Match](#API_CopyObject_RequestSyntax) ** Copies the object if the entity tag (ETag) of the destination object matches the specified tag. If the ETag values do not match, the operation returns a `412 Precondition Failed` error. If a concurrent operation occurs during the upload S3 returns a `409 ConditionalRequestConflict` response. On a 409 failure you should fetch the object's ETag and retry the upload. Expects the ETag value as a string. For more information about conditional requests, see [RFC 7232](https://tools.ietf.org/html/rfc7232). ** [If-None-Match](#API_CopyObject_RequestSyntax) ** Copies the object only if the object key name at the destination does not already exist in the bucket specified. Otherwise, Amazon S3 returns a `412 Precondition Failed` error. If a concurrent operation occurs during the upload S3 returns a `409 ConditionalRequestConflict` response. On a 409 failure you should retry the upload. Expects the '\$1' (asterisk) character. For more information about conditional requests, see [RFC 7232](https://tools.ietf.org/html/rfc7232). ** [Key](#API_CopyObject_RequestSyntax) ** The key of the destination object. Length Constraints: Minimum length of 1. Required: Yes ** [x-amz-acl](#API_CopyObject_RequestSyntax) ** The canned access control list (ACL) to apply to the object. When you copy an object, the ACL metadata is not preserved and is set to `private` by default. Only the owner has full access control. To override the default ACL setting, specify a new ACL when you generate a copy request. For more information, see [Using ACLs](https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html). If the destination bucket that you're copying objects to uses the bucket owner enforced setting for S3 Object Ownership, ACLs are disabled and no longer affect permissions. Buckets that use this setting only accept `PUT` requests that don't specify an ACL or `PUT` requests that specify bucket owner full control ACLs, such as the `bucket-owner-full-control` canned ACL or an equivalent form of this ACL expressed in the XML format. For more information, see [Controlling ownership of objects and disabling ACLs](https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html) in the *Amazon S3 User Guide*. + If your destination bucket uses the bucket owner enforced setting for Object Ownership, all objects written to the bucket by any account will be owned by the bucket owner. + This functionality is not supported for directory buckets. + This functionality is not supported for Amazon S3 on Outposts. Valid Values: `private | public-read | public-read-write | authenticated-read | aws-exec-read | bucket-owner-read | bucket-owner-full-control` ** [x-amz-checksum-algorithm](#API_CopyObject_RequestSyntax) ** Indicates the algorithm that you want Amazon S3 to use to create the checksum for the object. For more information, see [Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) in the *Amazon S3 User Guide*. When you copy an object, if the source object has a checksum, that checksum value will be copied to the new object by default. If the `CopyObject` request does not include this `x-amz-checksum-algorithm` header, the checksum algorithm will be copied from the source object to the destination object (if it's present on the source object). You can optionally specify a different checksum algorithm to use with the `x-amz-checksum-algorithm` header. Unrecognized or unsupported values will respond with the HTTP status code `400 Bad Request`. For directory buckets, when you use AWS SDKs, `CRC32` is the default checksum algorithm that's used for performance. Valid Values: `CRC32 | CRC32C | SHA1 | SHA256 | CRC64NVME` ** [x-amz-copy-source](#API_CopyObject_RequestSyntax) ** Specifies the source object for the copy operation. The source object can be up to 5 GB. If the source object is an object that was uploaded by using a multipart upload, the object copy will be a single part object after the source object is copied to the destination bucket. You specify the value of the copy source in one of two formats, depending on whether you want to access the source object through an [access point](https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-points.html): + For objects not accessed through an access point, specify the name of the source bucket and the key of the source object, separated by a slash (/). For example, to copy the object `reports/january.pdf` from the general purpose bucket `awsexamplebucket`, use `awsexamplebucket/reports/january.pdf`. The value must be URL-encoded. To copy the object `reports/january.pdf` from the directory bucket `awsexamplebucket--use1-az5--x-s3`, use `awsexamplebucket--use1-az5--x-s3/reports/january.pdf`. The value must be URL-encoded. + For objects accessed through access points, specify the Amazon Resource Name (ARN) of the object as accessed through the access point, in the format `arn:aws:s3:::accesspoint//object/`. For example, to copy the object `reports/january.pdf` through access point `my-access-point` owned by account `123456789012` in Region `us-west-2`, use the URL encoding of `arn:aws:s3:us-west-2:123456789012:accesspoint/my-access-point/object/reports/january.pdf`. The value must be URL encoded. **Note** Amazon S3 supports copy operations using Access points only when the source and destination buckets are in the same AWS Region. Access points are not supported by directory buckets. Alternatively, for objects accessed through Amazon S3 on Outposts, specify the ARN of the object as accessed in the format `arn:aws:s3-outposts:::outpost//object/`. For example, to copy the object `reports/january.pdf` through outpost `my-outpost` owned by account `123456789012` in Region `us-west-2`, use the URL encoding of `arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/object/reports/january.pdf`. The value must be URL-encoded. If your source bucket versioning is enabled, the `x-amz-copy-source` header by default identifies the current version of an object to copy. If the current version is a delete marker, Amazon S3 behaves as if the object was deleted. To copy a different version, use the `versionId` query parameter. Specifically, append `?versionId=` to the value (for example, `awsexamplebucket/reports/january.pdf?versionId=QUpfdndhfd8438MNFDN93jdnJFkdmqnh893`). If you don't specify a version ID, Amazon S3 copies the latest version of the source object. If you enable versioning on the destination bucket, Amazon S3 generates a unique version ID for the copied object. This version ID is different from the version ID of the source object. Amazon S3 returns the version ID of the copied object in the `x-amz-version-id` response header in the response. If you do not enable versioning or suspend it on the destination bucket, the version ID that Amazon S3 generates in the `x-amz-version-id` response header is always null. **Directory buckets** - S3 Versioning isn't enabled and supported for directory buckets. Pattern: `\/?.+\/.+` Required: Yes ** [x-amz-copy-source-if-match](#API_CopyObject_RequestSyntax) ** Copies the object if its entity tag (ETag) matches the specified tag. If both the `x-amz-copy-source-if-match` and `x-amz-copy-source-if-unmodified-since` headers are present in the request and evaluate as follows, Amazon S3 returns `200 OK` and copies the data: + `x-amz-copy-source-if-match` condition evaluates to true + `x-amz-copy-source-if-unmodified-since` condition evaluates to false ** [x-amz-copy-source-if-modified-since](#API_CopyObject_RequestSyntax) ** Copies the object if it has been modified since the specified time. If both the `x-amz-copy-source-if-none-match` and `x-amz-copy-source-if-modified-since` headers are present in the request and evaluate as follows, Amazon S3 returns the `412 Precondition Failed` response code: + `x-amz-copy-source-if-none-match` condition evaluates to false + `x-amz-copy-source-if-modified-since` condition evaluates to true ** [x-amz-copy-source-if-none-match](#API_CopyObject_RequestSyntax) ** Copies the object if its entity tag (ETag) is different than the specified ETag. If both the `x-amz-copy-source-if-none-match` and `x-amz-copy-source-if-modified-since` headers are present in the request and evaluate as follows, Amazon S3 returns the `412 Precondition Failed` response code: + `x-amz-copy-source-if-none-match` condition evaluates to false + `x-amz-copy-source-if-modified-since` condition evaluates to true ** [x-amz-copy-source-if-unmodified-since](#API_CopyObject_RequestSyntax) ** Copies the object if it hasn't been modified since the specified time. If both the `x-amz-copy-source-if-match` and `x-amz-copy-source-if-unmodified-since` headers are present in the request and evaluate as follows, Amazon S3 returns `200 OK` and copies the data: + `x-amz-copy-source-if-match` condition evaluates to true + `x-amz-copy-source-if-unmodified-since` condition evaluates to false ** [x-amz-copy-source-server-side-encryption-customer-algorithm](#API_CopyObject_RequestSyntax) ** Specifies the algorithm to use when decrypting the source object (for example, `AES256`). If the source object for the copy is stored in Amazon S3 using SSE-C, you must provide the necessary encryption information in your request so that Amazon S3 can decrypt the object for copying. This functionality is not supported when the source object is in a directory bucket. ** [x-amz-copy-source-server-side-encryption-customer-key](#API_CopyObject_RequestSyntax) ** Specifies the customer-provided encryption key for Amazon S3 to use to decrypt the source object. The encryption key provided in this header must be the same one that was used when the source object was created. If the source object for the copy is stored in Amazon S3 using SSE-C, you must provide the necessary encryption information in your request so that Amazon S3 can decrypt the object for copying. This functionality is not supported when the source object is in a directory bucket. ** [x-amz-copy-source-server-side-encryption-customer-key-MD5](#API_CopyObject_RequestSyntax) ** Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. Amazon S3 uses this header for a message integrity check to ensure that the encryption key was transmitted without error. If the source object for the copy is stored in Amazon S3 using SSE-C, you must provide the necessary encryption information in your request so that Amazon S3 can decrypt the object for copying. This functionality is not supported when the source object is in a directory bucket. ** [x-amz-expected-bucket-owner](#API_CopyObject_RequestSyntax) ** The account ID of the expected destination bucket owner. If the account ID that you provide does not match the actual owner of the destination bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ** [x-amz-grant-full-control](#API_CopyObject_RequestSyntax) ** Gives the grantee READ, READ\$1ACP, and WRITE\$1ACP permissions on the object. + This functionality is not supported for directory buckets. + This functionality is not supported for Amazon S3 on Outposts. ** [x-amz-grant-read](#API_CopyObject_RequestSyntax) ** Allows grantee to read the object data and its metadata. + This functionality is not supported for directory buckets. + This functionality is not supported for Amazon S3 on Outposts. ** [x-amz-grant-read-acp](#API_CopyObject_RequestSyntax) ** Allows grantee to read the object ACL. + This functionality is not supported for directory buckets. + This functionality is not supported for Amazon S3 on Outposts. ** [x-amz-grant-write-acp](#API_CopyObject_RequestSyntax) ** Allows grantee to write the ACL for the applicable object. + This functionality is not supported for directory buckets. + This functionality is not supported for Amazon S3 on Outposts. ** [x-amz-metadata-directive](#API_CopyObject_RequestSyntax) ** Specifies whether the metadata is copied from the source object or replaced with metadata that's provided in the request. When copying an object, you can preserve all metadata (the default) or specify new metadata. If this header isn’t specified, `COPY` is the default behavior. **General purpose bucket** - For general purpose buckets, when you grant permissions, you can use the `s3:x-amz-metadata-directive` condition key to enforce certain metadata behavior when objects are uploaded. For more information, see [Amazon S3 condition key examples](https://docs.aws.amazon.com/AmazonS3/latest/dev/amazon-s3-policy-keys.html) in the *Amazon S3 User Guide*. `x-amz-website-redirect-location` is unique to each object and is not copied when using the `x-amz-metadata-directive` header. To copy the value, you must specify `x-amz-website-redirect-location` in the request header. Valid Values: `COPY | REPLACE` ** [x-amz-object-lock-legal-hold](#API_CopyObject_RequestSyntax) ** Specifies whether you want to apply a legal hold to the object copy. This functionality is not supported for directory buckets. Valid Values: `ON | OFF` ** [x-amz-object-lock-mode](#API_CopyObject_RequestSyntax) ** The Object Lock mode that you want to apply to the object copy. This functionality is not supported for directory buckets. Valid Values: `GOVERNANCE | COMPLIANCE` ** [x-amz-object-lock-retain-until-date](#API_CopyObject_RequestSyntax) ** The date and time when you want the Object Lock of the object copy to expire. This functionality is not supported for directory buckets. ** [x-amz-request-payer](#API_CopyObject_RequestSyntax) ** Confirms that the requester knows that they will be charged for the request. Bucket owners need not specify this parameter in their requests. If either the source or destination S3 bucket has Requester Pays enabled, the requester will pay for the corresponding charges. For information about downloading objects from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets](https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) in the *Amazon S3 User Guide*. This functionality is not supported for directory buckets. Valid Values: `requester` ** [x-amz-server-side-encryption](#API_CopyObject_RequestSyntax) ** The server-side encryption algorithm used when storing this object in Amazon S3. Unrecognized or unsupported values won’t write a destination object and will receive a `400 Bad Request` response. Amazon S3 automatically encrypts all new objects that are copied to an S3 bucket. When copying an object, if you don't specify encryption information in your copy request, the encryption setting of the target object is set to the default encryption configuration of the destination bucket. By default, all buckets have a base level of encryption configuration that uses server-side encryption with Amazon S3 managed keys (SSE-S3). If the destination bucket has a different default encryption configuration, Amazon S3 uses the corresponding encryption key to encrypt the target object copy. With server-side encryption, Amazon S3 encrypts your data as it writes your data to disks in its data centers and decrypts the data when you access it. For more information about server-side encryption, see [Using Server-Side Encryption](https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html) in the *Amazon S3 User Guide*. **General purpose buckets ** + For general purpose buckets, there are the following supported options for server-side encryption: server-side encryption with AWS Key Management Service (AWS KMS) keys (SSE-KMS), dual-layer server-side encryption with AWS KMS keys (DSSE-KMS), and server-side encryption with customer-provided encryption keys (SSE-C). Amazon S3 uses the corresponding KMS key, or a customer-provided key to encrypt the target object copy. + When you perform a `CopyObject` operation, if you want to use a different type of encryption setting for the target object, you can specify appropriate encryption-related headers to encrypt the target object with an Amazon S3 managed key, a KMS key, or a customer-provided key. If the encryption setting in your request is different from the default encryption configuration of the destination bucket, the encryption setting in your request takes precedence. **Directory buckets ** + For directory buckets, there are only two supported options for server-side encryption: server-side encryption with Amazon S3 managed keys (SSE-S3) (`AES256`) and server-side encryption with AWS KMS keys (SSE-KMS) (`aws:kms`). We recommend that the bucket's default encryption uses the desired encryption configuration and you don't override the bucket default encryption in your `CreateSession` requests or `PUT` object requests. Then, new objects are automatically encrypted with the desired encryption settings. For more information, see [Protecting data with server-side encryption](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-serv-side-encryption.html) in the *Amazon S3 User Guide*. For more information about the encryption overriding behaviors in directory buckets, see [Specifying server-side encryption with AWS KMS for new object uploads](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-specifying-kms-encryption.html). + To encrypt new object copies to a directory bucket with SSE-KMS, we recommend you specify SSE-KMS as the directory bucket's default encryption configuration with a KMS key (specifically, a [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk)). The [AWS managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk) (`aws/s3`) isn't supported. Your SSE-KMS configuration can only support 1 [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) per directory bucket for the lifetime of the bucket. After you specify a customer managed key for SSE-KMS, you can't override the customer managed key for the bucket's SSE-KMS configuration. Then, when you perform a `CopyObject` operation and want to specify server-side encryption settings for new object copies with SSE-KMS in the encryption-related request headers, you must ensure the encryption key is the same customer managed key that you specified for the directory bucket's default encryption configuration. + **S3 access points for Amazon FSx ** - When accessing data stored in Amazon FSx file systems using S3 access points, the only valid server side encryption option is `aws:fsx`. All Amazon FSx file systems have encryption configured by default and are encrypted at rest. Data is automatically encrypted before being written to the file system, and automatically decrypted as it is read. These processes are handled transparently by Amazon FSx. Valid Values: `AES256 | aws:fsx | aws:kms | aws:kms:dsse` ** [x-amz-server-side-encryption-aws-kms-key-id](#API_CopyObject_RequestSyntax) ** Specifies the AWS KMS key ID (Key ID, Key ARN, or Key Alias) to use for object encryption. All GET and PUT requests for an object protected by AWS KMS will fail if they're not made via SSL or using SigV4. For information about configuring any of the officially supported AWS SDKs and AWS CLI, see [Specifying the Signature Version in Request Authentication](https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version) in the *Amazon S3 User Guide*. **Directory buckets** - To encrypt data using SSE-KMS, it's recommended to specify the `x-amz-server-side-encryption` header to `aws:kms`. Then, the `x-amz-server-side-encryption-aws-kms-key-id` header implicitly uses the bucket's default KMS customer managed key ID. If you want to explicitly set the ` x-amz-server-side-encryption-aws-kms-key-id` header, it must match the bucket's default customer managed key (using key ID or ARN, not alias). Your SSE-KMS configuration can only support 1 [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) per directory bucket's lifetime. The [AWS managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk) (`aws/s3`) isn't supported. Incorrect key specification results in an HTTP `400 Bad Request` error. ** [x-amz-server-side-encryption-bucket-key-enabled](#API_CopyObject_RequestSyntax) ** Specifies whether Amazon S3 should use an S3 Bucket Key for object encryption with server-side encryption using AWS Key Management Service (AWS KMS) keys (SSE-KMS). If a target object uses SSE-KMS, you can enable an S3 Bucket Key for the object. Setting this header to `true` causes Amazon S3 to use an S3 Bucket Key for object encryption with SSE-KMS. Specifying this header with a COPY action doesn’t affect bucket-level settings for S3 Bucket Key. For more information, see [Amazon S3 Bucket Keys](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html) in the *Amazon S3 User Guide*. **Directory buckets** - S3 Bucket Keys aren't supported, when you copy SSE-KMS encrypted objects from general purpose buckets to directory buckets, from directory buckets to general purpose buckets, or between directory buckets, through [CopyObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html). In this case, Amazon S3 makes a call to AWS KMS every time a copy request is made for a KMS-encrypted object. ** [x-amz-server-side-encryption-context](#API_CopyObject_RequestSyntax) ** Specifies the AWS KMS Encryption Context as an additional encryption context to use for the destination object encryption. The value of this header is a base64-encoded UTF-8 string holding JSON with the encryption context key-value pairs. **General purpose buckets** - This value must be explicitly added to specify encryption context for `CopyObject` requests if you want an additional encryption context for your destination object. The additional encryption context of the source object won't be copied to the destination object. For more information, see [Encryption context](https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html#encryption-context) in the *Amazon S3 User Guide*. **Directory buckets** - You can optionally provide an explicit encryption context value. The value must match the default encryption context - the bucket Amazon Resource Name (ARN). An additional encryption context value is not supported. ** [x-amz-server-side-encryption-customer-algorithm](#API_CopyObject_RequestSyntax) ** Specifies the algorithm to use when encrypting the object (for example, `AES256`). When you perform a `CopyObject` operation, if you want to use a different type of encryption setting for the target object, you can specify appropriate encryption-related headers to encrypt the target object with an Amazon S3 managed key, a KMS key, or a customer-provided key. If the encryption setting in your request is different from the default encryption configuration of the destination bucket, the encryption setting in your request takes precedence. This functionality is not supported when the destination bucket is a directory bucket. ** [x-amz-server-side-encryption-customer-key](#API_CopyObject_RequestSyntax) ** Specifies the customer-provided encryption key for Amazon S3 to use in encrypting data. This value is used to store the object and then it is discarded. Amazon S3 does not store the encryption key. The key must be appropriate for use with the algorithm specified in the `x-amz-server-side-encryption-customer-algorithm` header. This functionality is not supported when the destination bucket is a directory bucket. ** [x-amz-server-side-encryption-customer-key-MD5](#API_CopyObject_RequestSyntax) ** Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. Amazon S3 uses this header for a message integrity check to ensure that the encryption key was transmitted without error. This functionality is not supported when the destination bucket is a directory bucket. ** [x-amz-source-expected-bucket-owner](#API_CopyObject_RequestSyntax) ** The account ID of the expected source bucket owner. If the account ID that you provide does not match the actual owner of the source bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ** [x-amz-storage-class](#API_CopyObject_RequestSyntax) ** If the `x-amz-storage-class` header is not used, the copied object will be stored in the `STANDARD` Storage Class by default. The `STANDARD` storage class provides high durability and high availability. Depending on performance needs, you can specify a different Storage Class. + **Directory buckets ** - Directory buckets only support `EXPRESS_ONEZONE` (the S3 Express One Zone storage class) in Availability Zones and `ONEZONE_IA` (the S3 One Zone-Infrequent Access storage class) in Dedicated Local Zones. Unsupported storage class values won't write a destination object and will respond with the HTTP status code `400 Bad Request`. + **Amazon S3 on Outposts ** - S3 on Outposts only uses the `OUTPOSTS` Storage Class. You can use the `CopyObject` action to change the storage class of an object that is already stored in Amazon S3 by using the `x-amz-storage-class` header. For more information, see [Storage Classes](https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html) in the *Amazon S3 User Guide*. Before using an object as a source object for the copy operation, you must restore a copy of it if it meets any of the following conditions: + The storage class of the source object is `GLACIER` or `DEEP_ARCHIVE`. + The storage class of the source object is `INTELLIGENT_TIERING` and it's [S3 Intelligent-Tiering access tier](https://docs.aws.amazon.com/AmazonS3/latest/userguide/intelligent-tiering-overview.html#intel-tiering-tier-definition) is `Archive Access` or `Deep Archive Access`. For more information, see [RestoreObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html) and [Copying Objects](https://docs.aws.amazon.com/AmazonS3/latest/dev/CopyingObjectsExamples.html) in the *Amazon S3 User Guide*. Valid Values: `STANDARD | REDUCED_REDUNDANCY | STANDARD_IA | ONEZONE_IA | INTELLIGENT_TIERING | GLACIER | DEEP_ARCHIVE | OUTPOSTS | GLACIER_IR | SNOW | EXPRESS_ONEZONE | FSX_OPENZFS | FSX_ONTAP` ** [x-amz-tagging](#API_CopyObject_RequestSyntax) ** The tag-set for the object copy in the destination bucket. This value must be used in conjunction with the `x-amz-tagging-directive` if you choose `REPLACE` for the `x-amz-tagging-directive`. If you choose `COPY` for the `x-amz-tagging-directive`, you don't need to set the `x-amz-tagging` header, because the tag-set will be copied from the source object directly. The tag-set must be encoded as URL Query parameters. The default value is the empty value. **Directory buckets** - For directory buckets in a `CopyObject` operation, only the empty tag-set is supported. Any requests that attempt to write non-empty tags into directory buckets will receive a `501 Not Implemented` status code. When the destination bucket is a directory bucket, you will receive a `501 Not Implemented` response in any of the following situations: + When you attempt to `COPY` the tag-set from an S3 source object that has non-empty tags. + When you attempt to `REPLACE` the tag-set of a source object and set a non-empty value to `x-amz-tagging`. + When you don't set the `x-amz-tagging-directive` header and the source object has non-empty tags. This is because the default value of `x-amz-tagging-directive` is `COPY`. Because only the empty tag-set is supported for directory buckets in a `CopyObject` operation, the following situations are allowed: + When you attempt to `COPY` the tag-set from a directory bucket source object that has no tags to a general purpose bucket. It copies an empty tag-set to the destination object. + When you attempt to `REPLACE` the tag-set of a directory bucket source object and set the `x-amz-tagging` value of the directory bucket destination object to empty. + When you attempt to `REPLACE` the tag-set of a general purpose bucket source object that has non-empty tags and set the `x-amz-tagging` value of the directory bucket destination object to empty. + When you attempt to `REPLACE` the tag-set of a directory bucket source object and don't set the `x-amz-tagging` value of the directory bucket destination object. This is because the default value of `x-amz-tagging` is the empty value. ** [x-amz-tagging-directive](#API_CopyObject_RequestSyntax) ** Specifies whether the object tag-set is copied from the source object or replaced with the tag-set that's provided in the request. The default value is `COPY`. **Directory buckets** - For directory buckets in a `CopyObject` operation, only the empty tag-set is supported. Any requests that attempt to write non-empty tags into directory buckets will receive a `501 Not Implemented` status code. When the destination bucket is a directory bucket, you will receive a `501 Not Implemented` response in any of the following situations: + When you attempt to `COPY` the tag-set from an S3 source object that has non-empty tags. + When you attempt to `REPLACE` the tag-set of a source object and set a non-empty value to `x-amz-tagging`. + When you don't set the `x-amz-tagging-directive` header and the source object has non-empty tags. This is because the default value of `x-amz-tagging-directive` is `COPY`. Because only the empty tag-set is supported for directory buckets in a `CopyObject` operation, the following situations are allowed: + When you attempt to `COPY` the tag-set from a directory bucket source object that has no tags to a general purpose bucket. It copies an empty tag-set to the destination object. + When you attempt to `REPLACE` the tag-set of a directory bucket source object and set the `x-amz-tagging` value of the directory bucket destination object to empty. + When you attempt to `REPLACE` the tag-set of a general purpose bucket source object that has non-empty tags and set the `x-amz-tagging` value of the directory bucket destination object to empty. + When you attempt to `REPLACE` the tag-set of a directory bucket source object and don't set the `x-amz-tagging` value of the directory bucket destination object. This is because the default value of `x-amz-tagging` is the empty value. Valid Values: `COPY | REPLACE` ** [x-amz-website-redirect-location](#API_CopyObject_RequestSyntax) ** If the destination bucket is configured as a website, redirects requests for this object copy to another object in the same bucket or to an external URL. Amazon S3 stores the value of this header in the object metadata. This value is unique to each object and is not copied when using the `x-amz-metadata-directive` header. Instead, you may opt to provide this header in combination with the `x-amz-metadata-directive` header. This functionality is not supported for directory buckets. ## Request Body The request does not have a request body. ## Response Syntax ``` HTTP/1.1 200 x-amz-expiration: Expiration x-amz-copy-source-version-id: CopySourceVersionId x-amz-version-id: VersionId x-amz-server-side-encryption: ServerSideEncryption x-amz-server-side-encryption-customer-algorithm: SSECustomerAlgorithm x-amz-server-side-encryption-customer-key-MD5: SSECustomerKeyMD5 x-amz-server-side-encryption-aws-kms-key-id: SSEKMSKeyId x-amz-server-side-encryption-context: SSEKMSEncryptionContext x-amz-server-side-encryption-bucket-key-enabled: BucketKeyEnabled x-amz-request-charged: RequestCharged string timestamp string string string string string string ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response. The response returns the following HTTP headers. ** [x-amz-copy-source-version-id](#API_CopyObject_ResponseSyntax) ** Version ID of the source object that was copied. This functionality is not supported when the source object is in a directory bucket. ** [x-amz-expiration](#API_CopyObject_ResponseSyntax) ** If the object expiration is configured, the response includes this header. Object expiration information is not returned in directory buckets and this header returns the value "`NotImplemented`" in all responses for directory buckets. ** [x-amz-request-charged](#API_CopyObject_ResponseSyntax) ** If present, indicates that the requester was successfully charged for the request. For more information, see [Using Requester Pays buckets for storage transfers and usage](https://docs.aws.amazon.com/AmazonS3/latest/userguide/RequesterPaysBuckets.html) in the *Amazon Simple Storage Service user guide*. This functionality is not supported for directory buckets. Valid Values: `requester` ** [x-amz-server-side-encryption](#API_CopyObject_ResponseSyntax) ** The server-side encryption algorithm used when you store this object in Amazon S3 or Amazon FSx. When accessing data stored in Amazon FSx file systems using S3 access points, the only valid server side encryption option is `aws:fsx`. Valid Values: `AES256 | aws:fsx | aws:kms | aws:kms:dsse` ** [x-amz-server-side-encryption-aws-kms-key-id](#API_CopyObject_ResponseSyntax) ** If present, indicates the ID of the KMS key that was used for object encryption. ** [x-amz-server-side-encryption-bucket-key-enabled](#API_CopyObject_ResponseSyntax) ** Indicates whether the copied object uses an S3 Bucket Key for server-side encryption with AWS Key Management Service (AWS KMS) keys (SSE-KMS). ** [x-amz-server-side-encryption-context](#API_CopyObject_ResponseSyntax) ** If present, indicates the AWS KMS Encryption Context to use for object encryption. The value of this header is a Base64 encoded UTF-8 string holding JSON with the encryption context key-value pairs. ** [x-amz-server-side-encryption-customer-algorithm](#API_CopyObject_ResponseSyntax) ** If server-side encryption with a customer-provided encryption key was requested, the response will include this header to confirm the encryption algorithm that's used. This functionality is not supported for directory buckets. ** [x-amz-server-side-encryption-customer-key-MD5](#API_CopyObject_ResponseSyntax) ** If server-side encryption with a customer-provided encryption key was requested, the response will include this header to provide the round-trip message integrity verification of the customer-provided encryption key. This functionality is not supported for directory buckets. ** [x-amz-version-id](#API_CopyObject_ResponseSyntax) ** Version ID of the newly created copy. This functionality is not supported for directory buckets. The following data is returned in XML format by the service. ** [CopyObjectResult](#API_CopyObject_ResponseSyntax) ** Root level tag for the CopyObjectResult parameters. Required: Yes ** [ChecksumCRC32](#API_CopyObject_ResponseSyntax) ** The Base64 encoded, 32-bit `CRC32` checksum of the object. This checksum is only present if the object was uploaded with the object. For more information, see [ Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) in the *Amazon S3 User Guide*. Type: String ** [ChecksumCRC32C](#API_CopyObject_ResponseSyntax) ** The Base64 encoded, 32-bit `CRC32C` checksum of the object. This checksum is only present if the checksum was uploaded with the object. For more information, see [ Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) in the *Amazon S3 User Guide*. Type: String ** [ChecksumCRC64NVME](#API_CopyObject_ResponseSyntax) ** The Base64 encoded, 64-bit `CRC64NVME` checksum of the object. This checksum is present if the object being copied was uploaded with the `CRC64NVME` checksum algorithm, or if the object was uploaded without a checksum (and Amazon S3 added the default checksum, `CRC64NVME`, to the uploaded object). For more information, see [Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) in the *Amazon S3 User Guide*. Type: String ** [ChecksumSHA1](#API_CopyObject_ResponseSyntax) ** The Base64 encoded, 160-bit `SHA1` digest of the object. This checksum is only present if the checksum was uploaded with the object. For more information, see [ Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) in the *Amazon S3 User Guide*. Type: String ** [ChecksumSHA256](#API_CopyObject_ResponseSyntax) ** The Base64 encoded, 256-bit `SHA256` digest of the object. This checksum is only present if the checksum was uploaded with the object. For more information, see [ Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) in the *Amazon S3 User Guide*. Type: String ** [ChecksumType](#API_CopyObject_ResponseSyntax) ** The checksum type that is used to calculate the object’s checksum value. For more information, see [Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) in the *Amazon S3 User Guide*. Type: String Valid Values: `COMPOSITE | FULL_OBJECT` ** [ETag](#API_CopyObject_ResponseSyntax) ** Returns the ETag of the new object. The ETag reflects only changes to the contents of an object, not its metadata. Type: String ** [LastModified](#API_CopyObject_ResponseSyntax) ** Creation date of the object. Type: Timestamp ## Errors ** ObjectNotInActiveTierError ** The source object of the COPY action is not in the active tier and is only stored in Amazon S3 Glacier. HTTP Status Code: 403 ## Examples ### Sample Request for general purpose buckets This example copies `my-image.jpg` into the `amzn-s3-demo-bucket` bucket, with the key name `my-second-image.jpg`. ``` PUT /my-second-image.jpg HTTP/1.1 Host: amzn-s3-demo-bucket.s3..amazonaws.com Date: Wed, 28 Oct 2009 22:32:00 GMT x-amz-copy-source: /amzn-s3-demo-bucket/my-image.jpg Authorization: authorization string ``` ### Sample Response for general purpose buckets This example illustrates one usage of CopyObject. ``` HTTP/1.1 200 OK x-amz-id-2: eftixk72aD6Ap51TnqcoF8eFidJG9Z/2mkiDFu8yU9AS1ed4OpIszj7UDNEHGran x-amz-request-id: 318BC8BC148832E5 x-amz-copy-source-version-id: 3/L4kqtJlcpXroDTDmJ+rmSpXd3dIbrHY+MTRCxf3vjVBH40Nr8X8gdRQBpUMLUo x-amz-version-id: QUpfdndhfd8438MNFDN93jdnJFkdmqnh893 Date: Wed, 28 Oct 2009 22:32:00 GMT Connection: close Server: AmazonS3 2009-10-12T17:50:30.000Z "9b2cf535f27731c974343645a3985328" ``` ### Sample Request for general purpose buckets: Copying a specified version of an object The following request copies the `my-image.jpg` key with the specified version ID, copies it into the `amzn-s3-demo-bucket` bucket, and gives it the `my-second-image.jpg` key. ``` PUT /my-second-image.jpg HTTP/1.1 Host: amzn-s3-demo-bucket.s3..amazonaws.com Date: Wed, 28 Oct 2009 22:32:00 GMT x-amz-copy-source: /amzn-s3-demo-bucket/my-image.jpg?versionId=3/L4kqtJlcpXroDTDmJ+rmSpXd3dIbrHY+MTRCxf3vjVBH40Nr8X8gdRQBpUMLUo Authorization: authorization string ``` ### Success Response for general purpose buckets: Copying a versioned object into a version-enabled bucket The following response shows that an object was copied into a target bucket where versioning is enabled. ``` HTTP/1.1 200 OK x-amz-id-2: eftixk72aD6Ap51TnqcoF8eFidJG9Z/2mkiDFu8yU9AS1ed4OpIszj7UDNEHGran x-amz-request-id: 318BC8BC148832E5 x-amz-version-id: QUpfdndhfd8438MNFDN93jdnJFkdmqnh893 x-amz-copy-source-version-id: 09df8234529fjs0dfi0w52935029wefdj Date: Wed, 28 Oct 2009 22:32:00 GMT Connection: close Server: AmazonS3 2009-10-12T17:50:30.000Z "9b2cf535f27731c974343645a3985328" ``` ### Success Response for general purpose buckets: Copying a versioned object into a version-suspended bucket The following response shows that an object was copied into a target bucket where versioning is suspended. The parameter `VersionId` does not appear. ``` HTTP/1.1 200 OK x-amz-id-2: eftixk72aD6Ap51TnqcoF8eFidJG9Z/2mkiDFu8yU9AS1ed4OpIszj7UDNEHGran x-amz-request-id: 318BC8BC148832E5 x-amz-copy-source-version-id: 3/L4kqtJlcpXroDTDmJ+rmSpXd3dIbrHY+MTRCxf3vjVBH40Nr8X8gdRQBpUMLUo Date: Wed, 28 Oct 2009 22:32:00 GMT Connection: close Server: AmazonS3 2009-10-28T22:32:00 "9b2cf535f27731c974343645a3985328" ``` ### Sample Request for general purpose buckets: Copy from unencrypted object to an object encrypted with server-side encryption with customer-provided encryption keys The following example specifies the HTTP PUT header to copy an unencrypted object to an object encrypted with server-side encryption with customer-provided encryption keys (SSE-C). ``` PUT /exampleDestinationObject HTTP/1.1 Host: amzn-s3-demo-destination-bucket.s3..amazonaws.com x-amz-server-side-encryption-customer-algorithm: AES256 x-amz-server-side-encryption-customer-key: Base64(YourKey) x-amz-server-side-encryption-customer-key-MD5 : Base64(MD5(YourKey)) x-amz-metadata-directive: metadata_directive x-amz-copy-source: /amzn-s3-demo-source-bucket/exampleSourceObject x-amz-copy-source-if-match: etag x-amz-copy-source-if-none-match: etag x-amz-copy-source-if-unmodified-since: time_stamp x-amz-copy-source-if-modified-since: time_stamp Authorization: authorization string (see Authenticating Requests (AWS Signature Version 4)) Date: date ``` ### Sample Request for general purpose buckets: Copy from an object encrypted with SSE-C to an object encrypted with SSE-C The following example specifies the HTTP PUT header to copy an object encrypted with server-side encryption with customer-provided encryption keys to an object encrypted with server-side encryption with customer-provided encryption keys for key rotation. **Note** If you have server-side encryption with customer-provided keys (SSE-C) blocked for your general purpose bucket, you will get an HTTP 403 Access Denied error when you specify the SSE-C request headers while writing new data to your bucket. For more information, see [Blocking or unblocking SSE-C for a general purpose bucket](https://docs.aws.amazon.com/AmazonS3/latest/userguide/blocking-unblocking-s3-c-encryption-gpb.html). ``` PUT /exampleDestinationObject HTTP/1.1 Host: amzn-s3-demo-destination-bucket.s3..amazonaws.com x-amz-server-side-encryption-customer-algorithm: AES256 x-amz-server-side-encryption-customer-key: Base64(NewKey) x-amz-server-side-encryption-customer-key-MD5: Base64(MD5(NewKey)) x-amz-metadata-directive: metadata_directive x-amz-copy-source: /amzn-s3-demo-source-bucket/sourceObject x-amz-copy-source-if-match: etag x-amz-copy-source-if-none-match: etag x-amz-copy-source-if-unmodified-since: time_stamp x-amz-copy-source-if-modified-since: time_stamp x-amz-copy-source-server-side-encryption-customer-algorithm: AES256 x-amz-copy-source-server-side-encryption-customer-key: Base64(OldKey) x-amz-copy-source-server-side-encryption-customer-key-MD5: Base64(MD5(OldKey)) Authorization: authorization string (see Authenticating Requests (AWS Signature Version 4)) Date: date ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/CopyObject) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/CopyObject) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/CopyObject) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/CopyObject) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/CopyObject) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/CopyObject) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/CopyObject) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/CopyObject) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/CopyObject) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/CopyObject) # CreateBucket **Note** This action creates an Amazon S3 bucket. To create an Amazon S3 on Outposts bucket, see [https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_CreateBucket.html](https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_CreateBucket.html). Creates a new S3 bucket. To create a bucket, you must set up Amazon S3 and have a valid AWS Access Key ID to authenticate requests. Anonymous requests are never allowed to create buckets. By creating the bucket, you become the bucket owner. There are two types of buckets: general purpose buckets and directory buckets. For more information about these bucket types, see [Creating, configuring, and working with Amazon S3 buckets](https://docs.aws.amazon.com/AmazonS3/latest/userguide/creating-buckets-s3.html) in the *Amazon S3 User Guide*. General purpose buckets exist in a global namespace, which means that each bucket name must be unique across all AWS accounts in all the AWS Regions within a partition. A partition is a grouping of Regions. AWS currently has four partitions: `aws` (Standard Regions), `aws-cn` (China Regions), `aws-us-gov` (AWS GovCloud (US)), and `aws-eusc` (European Sovereign Cloud). When you create a general purpose bucket, you can choose to create a bucket in the shared global namespace or you can choose to create a bucket in your account regional namespace. Your account regional namespace is a subdivision of the global namespace that only your account can create buckets in. For more information on account regional namespaces, see [Namespaces for general purpose buckets](https://docs.aws.amazon.com/AmazonS3/latest/userguide/gpbucketnamespaces.html). **Note** **General purpose buckets** - If you send your `CreateBucket` request to the `s3.amazonaws.com` global endpoint, the request goes to the `us-east-1` Region. So the signature calculations in Signature Version 4 must use `us-east-1` as the Region, even if the location constraint in the request specifies another Region where the bucket is to be created. If you create a bucket in a Region other than US East (N. Virginia), your application must be able to handle 307 redirect. For more information, see [Virtual hosting of buckets](https://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html) in the *Amazon S3 User Guide*. **Directory buckets ** - For directory buckets, you must make requests for this API operation to the Regional endpoint. These endpoints support path-style requests in the format `https://s3express-control.region-code.amazonaws.com/bucket-name `. Virtual-hosted-style requests aren't supported. For more information about endpoints in Availability Zones, see [Regional and Zonal endpoints for directory buckets in Availability Zones](https://docs.aws.amazon.com/AmazonS3/latest/userguide/endpoint-directory-buckets-AZ.html) in the *Amazon S3 User Guide*. For more information about endpoints in Local Zones, see [Concepts for directory buckets in Local Zones](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-lzs-for-directory-buckets.html) in the *Amazon S3 User Guide*. Permissions + **General purpose bucket permissions** - In addition to the `s3:CreateBucket` permission, the following permissions are required in a policy when your `CreateBucket` request includes specific headers: + **Access control lists (ACLs)** - In your `CreateBucket` request, if you specify an access control list (ACL) and set it to `public-read`, `public-read-write`, `authenticated-read`, or if you explicitly specify any other custom ACLs, both `s3:CreateBucket` and `s3:PutBucketAcl` permissions are required. In your `CreateBucket` request, if you set the ACL to `private`, or if you don't specify any ACLs, only the `s3:CreateBucket` permission is required. + **Object Lock** - In your `CreateBucket` request, if you set `x-amz-bucket-object-lock-enabled` to true, the `s3:PutBucketObjectLockConfiguration` and `s3:PutBucketVersioning` permissions are required. + **S3 Object Ownership** - If your `CreateBucket` request includes the `x-amz-object-ownership` header, then the `s3:PutBucketOwnershipControls` permission is required. **Important** To set an ACL on a bucket as part of a `CreateBucket` request, you must explicitly set S3 Object Ownership for the bucket to a different value than the default, `BucketOwnerEnforced`. Additionally, if your desired bucket ACL grants public access, you must first create the bucket (without the bucket ACL) and then explicitly disable Block Public Access on the bucket before using `PutBucketAcl` to set the ACL. If you try to create a bucket with a public ACL, the request will fail. For the majority of modern use cases in S3, we recommend that you keep all Block Public Access settings enabled and keep ACLs disabled. If you would like to share data with users outside of your account, you can use bucket policies as needed. For more information, see [Controlling ownership of objects and disabling ACLs for your bucket ](https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html) and [Blocking public access to your Amazon S3 storage ](https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html) in the *Amazon S3 User Guide*. + **S3 Block Public Access** - If your specific use case requires granting public access to your S3 resources, you can disable Block Public Access. Specifically, you can create a new bucket with Block Public Access enabled, then separately call the [https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeletePublicAccessBlock.html](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeletePublicAccessBlock.html) API. To use this operation, you must have the `s3:PutBucketPublicAccessBlock` permission. For more information about S3 Block Public Access, see [Blocking public access to your Amazon S3 storage ](https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html) in the *Amazon S3 User Guide*. + **Directory bucket permissions** - You must have the `s3express:CreateBucket` permission in an IAM identity-based policy instead of a bucket policy. Cross-account access to this API operation isn't supported. This operation can only be performed by the AWS account that owns the resource. For more information about directory bucket policies and permissions, see [AWS Identity and Access Management (IAM) for S3 Express One Zone](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam.html) in the *Amazon S3 User Guide*. **Important** The permissions for ACLs, Object Lock, S3 Object Ownership, and S3 Block Public Access are not supported for directory buckets. For directory buckets, all Block Public Access settings are enabled at the bucket level and S3 Object Ownership is set to Bucket owner enforced (ACLs disabled). These settings can't be modified. For more information about permissions for creating and working with directory buckets, see [Directory buckets](https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-overview.html) in the *Amazon S3 User Guide*. For more information about supported S3 features for directory buckets, see [Features of S3 Express One Zone](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-one-zone.html#s3-express-features) in the *Amazon S3 User Guide*. HTTP Host header syntax **Directory buckets ** - The HTTP Host header syntax is `s3express-control.region-code.amazonaws.com`. The following operations are related to `CreateBucket`: + [PutObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html) + [DeleteBucket](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` PUT / HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-acl: ACL x-amz-grant-full-control: GrantFullControl x-amz-grant-read: GrantRead x-amz-grant-read-acp: GrantReadACP x-amz-grant-write: GrantWrite x-amz-grant-write-acp: GrantWriteACP x-amz-bucket-object-lock-enabled: ObjectLockEnabledForBucket x-amz-object-ownership: ObjectOwnership x-amz-bucket-namespace: BucketNamespace string string string string string string string ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_CreateBucket_RequestSyntax) ** The name of the bucket to create. **General purpose buckets** - For information about bucket naming restrictions, see [Bucket naming rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html) in the *Amazon S3 User Guide*. **Directory buckets ** - When you use this operation with a directory bucket, you must use path-style requests in the format `https://s3express-control.region-code.amazonaws.com/bucket-name `. Virtual-hosted-style requests aren't supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must also follow the format ` bucket-base-name--zone-id--x-s3` (for example, ` DOC-EXAMPLE-BUCKET--usw2-az1--x-s3`). For information about bucket naming restrictions, see [Directory bucket naming rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) in the *Amazon S3 User Guide* Required: Yes ** [x-amz-acl](#API_CreateBucket_RequestSyntax) ** The canned ACL to apply to the bucket. This functionality is not supported for directory buckets. Valid Values: `private | public-read | public-read-write | authenticated-read` ** [x-amz-bucket-namespace](#API_CreateBucket_RequestSyntax) ** Specifies the namespace where you want to create your general purpose bucket. When you create a general purpose bucket, you can choose to create a bucket in the shared global namespace or you can choose to create a bucket in your account regional namespace. Your account regional namespace is a subdivision of the global namespace that only your account can create buckets in. For more information on bucket namespaces, see [Namespaces for general purpose buckets](https://docs.aws.amazon.com/AmazonS3/latest/userguide/gpbucketnamespaces.html). General purpose buckets in your account regional namespace must follow a specific naming convention. These buckets consist of a bucket name prefix that you create, and a suffix that contains your 12-digit AWS Account ID, the AWS Region code, and ends with `-an`. Bucket names must follow the format `bucket-name-prefix-accountId-region-an` (for example, `amzn-s3-demo-bucket-111122223333-us-west-2-an`). For information about bucket naming restrictions, see [Account regional namespace naming rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html#account-regional-naming-rules) in the *Amazon S3 User Guide*. This functionality is not supported for directory buckets. Valid Values: `account-regional | global` ** [x-amz-bucket-object-lock-enabled](#API_CreateBucket_RequestSyntax) ** Specifies whether you want S3 Object Lock to be enabled for the new bucket. This functionality is not supported for directory buckets. ** [x-amz-grant-full-control](#API_CreateBucket_RequestSyntax) ** Allows grantee the read, write, read ACP, and write ACP permissions on the bucket. This functionality is not supported for directory buckets. ** [x-amz-grant-read](#API_CreateBucket_RequestSyntax) ** Allows grantee to list the objects in the bucket. This functionality is not supported for directory buckets. ** [x-amz-grant-read-acp](#API_CreateBucket_RequestSyntax) ** Allows grantee to read the bucket ACL. This functionality is not supported for directory buckets. ** [x-amz-grant-write](#API_CreateBucket_RequestSyntax) ** Allows grantee to create new objects in the bucket. For the bucket and object owners of existing objects, also allows deletions and overwrites of those objects. This functionality is not supported for directory buckets. ** [x-amz-grant-write-acp](#API_CreateBucket_RequestSyntax) ** Allows grantee to write the ACL for the applicable bucket. This functionality is not supported for directory buckets. ** [x-amz-object-ownership](#API_CreateBucket_RequestSyntax) ** The container element for object ownership for a bucket's ownership controls. `BucketOwnerPreferred` - Objects uploaded to the bucket change ownership to the bucket owner if the objects are uploaded with the `bucket-owner-full-control` canned ACL. `ObjectWriter` - The uploading account will own the object if the object is uploaded with the `bucket-owner-full-control` canned ACL. `BucketOwnerEnforced` - Access control lists (ACLs) are disabled and no longer affect permissions. The bucket owner automatically owns and has full control over every object in the bucket. The bucket only accepts PUT requests that don't specify an ACL or specify bucket owner full control ACLs (such as the predefined `bucket-owner-full-control` canned ACL or a custom ACL in XML format that grants the same permissions). By default, `ObjectOwnership` is set to `BucketOwnerEnforced` and ACLs are disabled. We recommend keeping ACLs disabled, except in uncommon use cases where you must control access for each object individually. For more information about S3 Object Ownership, see [Controlling ownership of objects and disabling ACLs for your bucket](https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html) in the *Amazon S3 User Guide*. This functionality is not supported for directory buckets. Directory buckets use the bucket owner enforced setting for S3 Object Ownership. Valid Values: `BucketOwnerPreferred | ObjectWriter | BucketOwnerEnforced` ## Request Body The request accepts the following data in XML format. ** [CreateBucketConfiguration](#API_CreateBucket_RequestSyntax) ** Root level tag for the CreateBucketConfiguration parameters. Required: Yes ** [Bucket](#API_CreateBucket_RequestSyntax) ** Specifies the information about the bucket that will be created. This functionality is only supported by directory buckets. Type: [BucketInfo](API_BucketInfo.md) data type Required: No ** [Location](#API_CreateBucket_RequestSyntax) ** Specifies the location where the bucket will be created. **Directory buckets ** - The location type is Availability Zone or Local Zone. To use the Local Zone location type, your account must be enabled for Local Zones. Otherwise, you get an HTTP `403 Forbidden` error with the error code `AccessDenied`. To learn more, see [Enable accounts for Local Zones](https://docs.aws.amazon.com/AmazonS3/latest/userguide/opt-in-directory-bucket-lz.html) in the *Amazon S3 User Guide*. This functionality is only supported by directory buckets. Type: [LocationInfo](API_LocationInfo.md) data type Required: No ** [LocationConstraint](#API_CreateBucket_RequestSyntax) ** Specifies the Region where the bucket will be created. You might choose a Region to optimize latency, minimize costs, or address regulatory requirements. For example, if you reside in Europe, you will probably find it advantageous to create buckets in the Europe (Ireland) Region. If you don't specify a Region, the bucket is created in the US East (N. Virginia) Region (us-east-1) by default. Configurations using the value `EU` will create a bucket in `eu-west-1`. For a list of the valid values for all of the AWS Regions, see [Regions and Endpoints](https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region). This functionality is not supported for directory buckets. Type: String Valid Values: `af-south-1 | ap-east-1 | ap-northeast-1 | ap-northeast-2 | ap-northeast-3 | ap-south-1 | ap-south-2 | ap-southeast-1 | ap-southeast-2 | ap-southeast-3 | ap-southeast-4 | ap-southeast-5 | ca-central-1 | cn-north-1 | cn-northwest-1 | EU | eu-central-1 | eu-central-2 | eu-north-1 | eu-south-1 | eu-south-2 | eu-west-1 | eu-west-2 | eu-west-3 | il-central-1 | me-central-1 | me-south-1 | sa-east-1 | us-east-2 | us-gov-east-1 | us-gov-west-1 | us-west-1 | us-west-2` Required: No ** [Tags](#API_CreateBucket_RequestSyntax) ** An array of tags that you can apply to the bucket that you're creating. Tags are key-value pairs of metadata used to categorize and organize your buckets, track costs, and control access. You must have the `s3:TagResource` permission to create a general purpose bucket with tags or the `s3express:TagResource` permission to create a directory bucket with tags. When creating buckets with tags, note that tag-based conditions using `aws:ResourceTag` and `s3:BucketTag` condition keys are applicable only after ABAC is enabled on the bucket. To learn more, see [Enabling ABAC in general purpose buckets](https://docs.aws.amazon.com/AmazonS3/latest/userguide/buckets-tagging-enable-abac.html). Type: Array of [Tag](API_Tag.md) data types Required: No ## Response Syntax ``` HTTP/1.1 200 Location: Location x-amz-bucket-arn: BucketArn ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response. The response returns the following HTTP headers. ** [Location](#API_CreateBucket_ResponseSyntax) ** A forward slash followed by the name of the bucket. ** [x-amz-bucket-arn](#API_CreateBucket_ResponseSyntax) ** The Amazon Resource Name (ARN) of the S3 bucket. ARNs uniquely identify AWS resources across all of AWS. This parameter is only supported for S3 directory buckets. For more information, see [Using tags with directory buckets](https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-tagging.html). Length Constraints: Minimum length of 1. Maximum length of 128. Pattern: `arn:[^:]+:(s3|s3express):.*` ## Errors ** BucketAlreadyExists ** The requested bucket name is not available. The bucket namespace is shared by all users of the system. Select a different name and try again. HTTP Status Code: 409 ** BucketAlreadyOwnedByYou ** The bucket you tried to create already exists, and you own it. Amazon S3 returns this error in all AWS Regions except in the North Virginia Region. For legacy compatibility, if you re-create an existing bucket that you already own in the North Virginia Region, Amazon S3 returns 200 OK and resets the bucket access control lists (ACLs). HTTP Status Code: 409 ## Examples ### Sample Request for general purpose buckets This request creates a bucket named `amzn-s3-demo-bucket`. ``` PUT / HTTP/1.1 Host: amzn-s3-demo-bucket.s3..amazonaws.com Content-Length: 0 Date: Wed, 01 Mar 2006 12:00:00 GMT Authorization: authorization string ``` ### Sample Response for general purpose buckets This example illustrates one usage of CreateBucket. ``` HTTP/1.1 200 OK x-amz-id-2: YgIPIfBiKa2bj0KMg95r/0zo3emzU4dzsD4rcKCHQUAdQkf3ShJTOOpXUueF6QKo x-amz-request-id: 236A8905248E5A01 Date: Wed, 01 Mar 2006 12:00:00 GMT Location: /amzn-s3-demo-bucket Content-Length: 0 Connection: close Server: AmazonS3 ``` ### Sample Request for general purpose buckets: Setting the Region of a bucket The following request sets the Region for the bucket to Europe. ``` PUT / HTTP/1.1 Host: amzn-s3-demo-bucket.s3.amazonaws.com Date: Wed, 12 Oct 2009 17:50:00 GMT Authorization: authorization string Content-Type: text/plain Content-Length: 124 EU ``` ### Sample Request for general purpose buckets: Creating a bucket and applying the ObjectWriter setting for S3 Object Ownership. This request creates a bucket and applies the `ObjectWriter` setting for Object Ownership. ``` PUT / HTTP/1.1 Host: amzn-s3-demo-bucket.s3..amazonaws.com Content-Length: 0 x-amz-object-ownership: ObjectWriter Date: Tue, 30 Nov 2021 12:00:00 GMT Authorization: authorization string ``` ### Sample Response for general purpose buckets This example illustrates one usage of CreateBucket. ``` HTTP/1.1 200 OK x-amz-id-2: YgIPIfBiKa2bj0KMg95r/0zo3emzU4dzsD4rcKCHQUAdQkf3ShJTOOpXUueF6QKo x-amz-request-id: 236A8905248E5A01 Date: Tue, 30 Nov 2021 12:00:00 GMT Location: /amzn-s3-demo-bucket Content-Length: 0 Connection: close Server: AmazonS3 ``` ### Sample Request for general purpose buckets: Creating a bucket and configuring access permissions explicitly This request creates a bucket named `amzn-s3-demo-bucket` and grants WRITE permission to the AWS account identified by canonical id. ``` PUT HTTP/1.1 Host: amzn-s3-demo-bucket.s3..amazonaws.com x-amz-date: Sat, 07 Apr 2012 00:54:40 GMT Authorization: authorization string x-amz-grant-write: id="79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be", id="52b113e7a2f25102679df27bb0746532b8776c37c9fc7ca4ac94015369746b9f" ``` ### Sample Response for general purpose buckets This example illustrates one usage of CreateBucket. ``` HTTP/1.1 200 OK ``` ### Sample Request for general purpose buckets: Creating a bucket and configuring access permission using a canned ACL This request creates a bucket named `amzn-s3-demo-bucket` and sets the ACL to private. ``` PUT / HTTP/1.1 Host: amzn-s3-demo-bucket.s3..amazonaws.com Content-Length: 0 x-amz-acl: private Date: Wed, 01 Mar 2006 12:00:00 GMT Authorization: authorization string ``` ### Sample Response for general purpose buckets This example illustrates one usage of CreateBucket. ``` HTTP/1.1 200 OK x-amz-id-2: YgIPIfBiKa2bj0KMg95r/0zo3emzU4dzsD4rcKCHQUAdQkf3ShJTOOpXUueF6QKo x-amz-request-id: 236A8905248E5A01 Date: Wed, 01 Mar 2006 12:00:00 GMT Location: /amzn-s3-demo-bucket Content-Length: 0 Connection: close Server: AmazonS3 ``` ### Sample Request for general purpose buckets: Creating a bucket in your account regional namespace This request creates the general purpose bucket `amzn-s3-demo-bucket-012345678910-us-west-2-an` in the account regional namespace for AWS Account 012345678910 in the US West (Oregon) Region `(us-west-2)` Region. ``` PUT / HTTP/1.1 Host: amzn-s3-demo-bucket-012345678910-us-west-2-an.s3.us-west-2.amazonaws.com Content-Length: 0 x-amz-bucket-namespace: account-regional Date: Wed, 01 Mar 2006 12:00:00 GMT Authorization: authorization string us-west-2 ``` ### Sample Response for general purpose buckets This example illustrates one usage of CreateBucket. ``` HTTP/1.1 200 OK x-amz-id-2: YgIPIfBiKa2bj0KMg95r/0zo3emzU4dzsD4rcKCHQUAdQkf3ShJTOOpXUueF6QKo x-amz-request-id: 236A8905248E5A01 Date: Wed, 01 Mar 2006 12:00:00 GMT Location: /amzn-s3-demo-bucket-012345678910-us-west-2-an Content-Length: 0 Connection: close Server: AmazonS3 ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/CreateBucket) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/CreateBucket) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/CreateBucket) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/CreateBucket) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/CreateBucket) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/CreateBucket) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/CreateBucket) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/CreateBucket) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/CreateBucket) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/CreateBucket) # CreateBucketMetadataConfiguration Creates an S3 Metadata V2 metadata configuration for a general purpose bucket. For more information, see [Accelerating data discovery with S3 Metadata](https://docs.aws.amazon.com/AmazonS3/latest/userguide/metadata-tables-overview.html) in the *Amazon S3 User Guide*. Permissions To use this operation, you must have the following permissions. For more information, see [Setting up permissions for configuring metadata tables](https://docs.aws.amazon.com/AmazonS3/latest/userguide/metadata-tables-permissions.html) in the *Amazon S3 User Guide*. If you want to encrypt your metadata tables with server-side encryption with AWS Key Management Service (AWS KMS) keys (SSE-KMS), you need additional permissions in your KMS key policy. For more information, see [ Setting up permissions for configuring metadata tables](https://docs.aws.amazon.com/AmazonS3/latest/userguide/metadata-tables-permissions.html) in the *Amazon S3 User Guide*. If you also want to integrate your table bucket with AWS analytics services so that you can query your metadata table, you need additional permissions. For more information, see [ Integrating Amazon S3 Tables with AWS analytics services](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-tables-integrating-aws.html) in the *Amazon S3 User Guide*. To query your metadata tables, you need additional permissions. For more information, see [ Permissions for querying metadata tables](https://docs.aws.amazon.com/AmazonS3/latest/userguide/metadata-tables-bucket-query-permissions.html) in the *Amazon S3 User Guide*. + `s3:CreateBucketMetadataTableConfiguration` **Note** The IAM policy action name is the same for the V1 and V2 API operations. + `s3tables:CreateTableBucket` + `s3tables:CreateNamespace` + `s3tables:GetTable` + `s3tables:CreateTable` + `s3tables:PutTablePolicy` + `s3tables:PutTableEncryption` + `kms:DescribeKey` The following operations are related to `CreateBucketMetadataConfiguration`: + [DeleteBucketMetadataConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketMetadataConfiguration.html) + [GetBucketMetadataConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketMetadataConfiguration.html) + [UpdateBucketMetadataInventoryTableConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_UpdateBucketMetadataInventoryTableConfiguration.html) + [UpdateBucketMetadataJournalTableConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_UpdateBucketMetadataJournalTableConfiguration.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` POST /?metadataConfiguration HTTP/1.1 Host: Bucket.s3.amazonaws.com Content-MD5: ContentMD5 x-amz-sdk-checksum-algorithm: ChecksumAlgorithm x-amz-expected-bucket-owner: ExpectedBucketOwner string string integer string string string string ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_CreateBucketMetadataConfiguration_RequestSyntax) ** The general purpose bucket that you want to create the metadata configuration for. Required: Yes ** [Content-MD5](#API_CreateBucketMetadataConfiguration_RequestSyntax) ** The `Content-MD5` header for the metadata configuration. ** [x-amz-expected-bucket-owner](#API_CreateBucketMetadataConfiguration_RequestSyntax) ** The expected owner of the general purpose bucket that corresponds to your metadata configuration. ** [x-amz-sdk-checksum-algorithm](#API_CreateBucketMetadataConfiguration_RequestSyntax) ** The checksum algorithm to use with your metadata configuration. Valid Values: `CRC32 | CRC32C | SHA1 | SHA256 | CRC64NVME` ## Request Body The request accepts the following data in XML format. ** [MetadataConfiguration](#API_CreateBucketMetadataConfiguration_RequestSyntax) ** Root level tag for the MetadataConfiguration parameters. Required: Yes ** [InventoryTableConfiguration](#API_CreateBucketMetadataConfiguration_RequestSyntax) ** The inventory table configuration for a metadata configuration. Type: [InventoryTableConfiguration](API_InventoryTableConfiguration.md) data type Required: No ** [JournalTableConfiguration](#API_CreateBucketMetadataConfiguration_RequestSyntax) ** The journal table configuration for a metadata configuration. Type: [JournalTableConfiguration](API_JournalTableConfiguration.md) data type Required: Yes ## Response Syntax ``` HTTP/1.1 200 ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body. ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/CreateBucketMetadataConfiguration) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/CreateBucketMetadataConfiguration) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/CreateBucketMetadataConfiguration) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/CreateBucketMetadataConfiguration) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/CreateBucketMetadataConfiguration) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/CreateBucketMetadataConfiguration) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/CreateBucketMetadataConfiguration) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/CreateBucketMetadataConfiguration) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/CreateBucketMetadataConfiguration) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/CreateBucketMetadataConfiguration) # CreateBucketMetadataTableConfiguration **Important** We recommend that you create your S3 Metadata configurations by using the V2 [CreateBucketMetadataConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucketMetadataConfiguration.html) API operation. We no longer recommend using the V1 `CreateBucketMetadataTableConfiguration` API operation. If you created your S3 Metadata configuration before July 15, 2025, we recommend that you delete and re-create your configuration by using [CreateBucketMetadataConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucketMetadataConfiguration.html) so that you can expire journal table records and create a live inventory table. Creates a V1 S3 Metadata configuration for a general purpose bucket. For more information, see [Accelerating data discovery with S3 Metadata](https://docs.aws.amazon.com/AmazonS3/latest/userguide/metadata-tables-overview.html) in the *Amazon S3 User Guide*. Permissions To use this operation, you must have the following permissions. For more information, see [Setting up permissions for configuring metadata tables](https://docs.aws.amazon.com/AmazonS3/latest/userguide/metadata-tables-permissions.html) in the *Amazon S3 User Guide*. If you want to encrypt your metadata tables with server-side encryption with AWS Key Management Service (AWS KMS) keys (SSE-KMS), you need additional permissions. For more information, see [ Setting up permissions for configuring metadata tables](https://docs.aws.amazon.com/AmazonS3/latest/userguide/metadata-tables-permissions.html) in the *Amazon S3 User Guide*. If you also want to integrate your table bucket with AWS analytics services so that you can query your metadata table, you need additional permissions. For more information, see [ Integrating Amazon S3 Tables with AWS analytics services](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-tables-integrating-aws.html) in the *Amazon S3 User Guide*. + `s3:CreateBucketMetadataTableConfiguration` + `s3tables:CreateNamespace` + `s3tables:GetTable` + `s3tables:CreateTable` + `s3tables:PutTablePolicy` The following operations are related to `CreateBucketMetadataTableConfiguration`: + [DeleteBucketMetadataTableConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketMetadataTableConfiguration.html) + [GetBucketMetadataTableConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketMetadataTableConfiguration.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` POST /?metadataTable HTTP/1.1 Host: Bucket.s3.amazonaws.com Content-MD5: ContentMD5 x-amz-sdk-checksum-algorithm: ChecksumAlgorithm x-amz-expected-bucket-owner: ExpectedBucketOwner string string ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_CreateBucketMetadataTableConfiguration_RequestSyntax) ** The general purpose bucket that you want to create the metadata table configuration for. Required: Yes ** [Content-MD5](#API_CreateBucketMetadataTableConfiguration_RequestSyntax) ** The `Content-MD5` header for the metadata table configuration. ** [x-amz-expected-bucket-owner](#API_CreateBucketMetadataTableConfiguration_RequestSyntax) ** The expected owner of the general purpose bucket that corresponds to your metadata table configuration. ** [x-amz-sdk-checksum-algorithm](#API_CreateBucketMetadataTableConfiguration_RequestSyntax) ** The checksum algorithm to use with your metadata table configuration. Valid Values: `CRC32 | CRC32C | SHA1 | SHA256 | CRC64NVME` ## Request Body The request accepts the following data in XML format. ** [MetadataTableConfiguration](#API_CreateBucketMetadataTableConfiguration_RequestSyntax) ** Root level tag for the MetadataTableConfiguration parameters. Required: Yes ** [S3TablesDestination](#API_CreateBucketMetadataTableConfiguration_RequestSyntax) ** The destination information for the metadata table configuration. The destination table bucket must be in the same Region and AWS account as the general purpose bucket. The specified metadata table name must be unique within the `aws_s3_metadata` namespace in the destination table bucket. Type: [S3TablesDestination](API_S3TablesDestination.md) data type Required: Yes ## Response Syntax ``` HTTP/1.1 200 ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body. ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/CreateBucketMetadataTableConfiguration) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/CreateBucketMetadataTableConfiguration) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/CreateBucketMetadataTableConfiguration) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/CreateBucketMetadataTableConfiguration) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/CreateBucketMetadataTableConfiguration) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/CreateBucketMetadataTableConfiguration) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/CreateBucketMetadataTableConfiguration) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/CreateBucketMetadataTableConfiguration) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/CreateBucketMetadataTableConfiguration) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/CreateBucketMetadataTableConfiguration) # CreateMultipartUpload **Important** End of support notice: As of October 1, 2025, Amazon S3 has discontinued support for Email Grantee Access Control Lists (ACLs). If you attempt to use an Email Grantee ACL in a request after October 1, 2025, the request will receive an `HTTP 405` (Method Not Allowed) error. This change affects the following AWS Regions: US East (N. Virginia), US West (N. California), US West (Oregon), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Europe (Ireland), and South America (São Paulo). This action initiates a multipart upload and returns an upload ID. This upload ID is used to associate all of the parts in the specific multipart upload. You specify this upload ID in each of your subsequent upload part requests (see [UploadPart](https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html)). You also include this upload ID in the final request to either complete or abort the multipart upload request. For more information about multipart uploads, see [Multipart Upload Overview](https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html) in the *Amazon S3 User Guide*. **Note** After you initiate a multipart upload and upload one or more parts, to stop being charged for storing the uploaded parts, you must either complete or abort the multipart upload. Amazon S3 frees up the space used to store the parts and stops charging you for storing them only after you either complete or abort a multipart upload. If you have configured a lifecycle rule to abort incomplete multipart uploads, the created multipart upload must be completed within the number of days specified in the bucket lifecycle configuration. Otherwise, the incomplete multipart upload becomes eligible for an abort action and Amazon S3 aborts the multipart upload. For more information, see [Aborting Incomplete Multipart Uploads Using a Bucket Lifecycle Configuration](https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config). **Note** **Directory buckets ** - S3 Lifecycle is not supported by directory buckets. **Directory buckets ** - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format `https://amzn-s3-demo-bucket.s3express-zone-id.region-code.amazonaws.com/key-name `. Path-style requests are not supported. For more information about endpoints in Availability Zones, see [Regional and Zonal endpoints for directory buckets in Availability Zones](https://docs.aws.amazon.com/AmazonS3/latest/userguide/endpoint-directory-buckets-AZ.html) in the *Amazon S3 User Guide*. For more information about endpoints in Local Zones, see [Concepts for directory buckets in Local Zones](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-lzs-for-directory-buckets.html) in the *Amazon S3 User Guide*. Request signing For request signing, multipart upload is just a series of regular requests. You initiate a multipart upload, send one or more requests to upload parts, and then complete the multipart upload process. You sign each request individually. There is nothing special about signing multipart upload requests. For more information about signing, see [Authenticating Requests (AWS Signature Version 4)](https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html) in the *Amazon S3 User Guide*. Permissions + **General purpose bucket permissions** - To perform a multipart upload with encryption using an AWS Key Management Service (AWS KMS) KMS key, the requester must have permission to the `kms:Decrypt` and `kms:GenerateDataKey` actions on the key. The requester must also have permissions for the `kms:GenerateDataKey` action for the `CreateMultipartUpload` API. Then, the requester needs permissions for the `kms:Decrypt` action on the `UploadPart` and `UploadPartCopy` APIs. These permissions are required because Amazon S3 must decrypt and read data from the encrypted file parts before it completes the multipart upload. For more information, see [Multipart upload API and permissions](https://docs.aws.amazon.com/AmazonS3/latest/userguide/mpuoverview.html#mpuAndPermissions) and [Protecting data using server-side encryption with AWS KMS](https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html) in the *Amazon S3 User Guide*. + **Directory bucket permissions** - To grant access to this API operation on a directory bucket, we recommend that you use the [https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) API operation for session-based authorization. Specifically, you grant the `s3express:CreateSession` permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the `CreateSession` API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another `CreateSession` API call to generate a new session token for use. AWS CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see [https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). Encryption + **General purpose buckets** - Server-side encryption is for data encryption at rest. Amazon S3 encrypts your data as it writes it to disks in its data centers and decrypts it when you access it. Amazon S3 automatically encrypts all new objects that are uploaded to an S3 bucket. When doing a multipart upload, if you don't specify encryption information in your request, the encryption setting of the uploaded parts is set to the default encryption configuration of the destination bucket. By default, all buckets have a base level of encryption configuration that uses server-side encryption with Amazon S3 managed keys (SSE-S3). If the destination bucket has a default encryption configuration that uses server-side encryption with an AWS Key Management Service (AWS KMS) key (SSE-KMS), or a customer-provided encryption key (SSE-C), Amazon S3 uses the corresponding KMS key, or a customer-provided key to encrypt the uploaded parts. When you perform a CreateMultipartUpload operation, if you want to use a different type of encryption setting for the uploaded parts, you can request that Amazon S3 encrypts the object with a different encryption key (such as an Amazon S3 managed key, a KMS key, or a customer-provided key). When the encryption setting in your request is different from the default encryption configuration of the destination bucket, the encryption setting in your request takes precedence. If you choose to provide your own encryption key, the request headers you provide in [UploadPart](https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html) and [UploadPartCopy](https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html) requests must match the headers you used in the `CreateMultipartUpload` request. + Use KMS keys (SSE-KMS) that include the AWS managed key (`aws/s3`) and AWS KMS customer managed keys stored in AWS Key Management Service (AWS KMS) – If you want AWS to manage the keys used to encrypt data, specify the following headers in the request. + `x-amz-server-side-encryption` + `x-amz-server-side-encryption-aws-kms-key-id` + `x-amz-server-side-encryption-context` **Note** If you specify `x-amz-server-side-encryption:aws:kms`, but don't provide `x-amz-server-side-encryption-aws-kms-key-id`, Amazon S3 uses the AWS managed key (`aws/s3` key) in AWS KMS to protect the data. To perform a multipart upload with encryption by using an AWS KMS key, the requester must have permission to the `kms:Decrypt` and `kms:GenerateDataKey*` actions on the key. These permissions are required because Amazon S3 must decrypt and read data from the encrypted file parts before it completes the multipart upload. For more information, see [Multipart upload API and permissions](https://docs.aws.amazon.com/AmazonS3/latest/userguide/mpuoverview.html#mpuAndPermissions) and [Protecting data using server-side encryption with AWS KMS](https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html) in the *Amazon S3 User Guide*. If your AWS Identity and Access Management (IAM) user or role is in the same AWS account as the KMS key, then you must have these permissions on the key policy. If your IAM user or role is in a different account from the key, then you must have the permissions on both the key policy and your IAM user or role. All `GET` and `PUT` requests for an object protected by AWS KMS fail if you don't make them by using Secure Sockets Layer (SSL), Transport Layer Security (TLS), or Signature Version 4. For information about configuring any of the officially supported AWS SDKs and AWS CLI, see [Specifying the Signature Version in Request Authentication](https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version) in the *Amazon S3 User Guide*. For more information about server-side encryption with AWS KMS keys (SSE-KMS), see [Protecting Data Using Server-Side Encryption with KMS keys](https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html) in the *Amazon S3 User Guide*. + Use customer-provided encryption keys (SSE-C) – If you want to manage your own encryption keys, provide all the following headers in the request. + `x-amz-server-side-encryption-customer-algorithm` + `x-amz-server-side-encryption-customer-key` + `x-amz-server-side-encryption-customer-key-MD5` For more information about server-side encryption with customer-provided encryption keys (SSE-C), see [ Protecting data using server-side encryption with customer-provided encryption keys (SSE-C)](https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerSideEncryptionCustomerKeys.html) in the *Amazon S3 User Guide*. + **Directory buckets** - For directory buckets, there are only two supported options for server-side encryption: server-side encryption with Amazon S3 managed keys (SSE-S3) (`AES256`) and server-side encryption with AWS KMS keys (SSE-KMS) (`aws:kms`). We recommend that the bucket's default encryption uses the desired encryption configuration and you don't override the bucket default encryption in your `CreateSession` requests or `PUT` object requests. Then, new objects are automatically encrypted with the desired encryption settings. For more information, see [Protecting data with server-side encryption](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-serv-side-encryption.html) in the *Amazon S3 User Guide*. For more information about the encryption overriding behaviors in directory buckets, see [Specifying server-side encryption with AWS KMS for new object uploads](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-specifying-kms-encryption.html). In the Zonal endpoint API calls (except [CopyObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html) and [UploadPartCopy](https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html)) using the REST API, the encryption request headers must match the encryption settings that are specified in the `CreateSession` request. You can't override the values of the encryption settings (`x-amz-server-side-encryption`, `x-amz-server-side-encryption-aws-kms-key-id`, `x-amz-server-side-encryption-context`, and `x-amz-server-side-encryption-bucket-key-enabled`) that are specified in the `CreateSession` request. You don't need to explicitly specify these encryption settings values in Zonal endpoint API calls, and Amazon S3 will use the encryption settings values from the `CreateSession` request to protect new objects in the directory bucket. **Note** When you use the CLI or the AWS SDKs, for `CreateSession`, the session token refreshes automatically to avoid service interruptions when a session expires. The CLI or the AWS SDKs use the bucket's default encryption configuration for the `CreateSession` request. It's not supported to override the encryption settings values in the `CreateSession` request. So in the Zonal endpoint API calls (except [CopyObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html) and [UploadPartCopy](https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html)), the encryption request headers must match the default encryption configuration of the directory bucket. **Note** For directory buckets, when you perform a `CreateMultipartUpload` operation and an `UploadPartCopy` operation, the request headers you provide in the `CreateMultipartUpload` request must match the default encryption configuration of the destination bucket. HTTP Host header syntax **Directory buckets ** - The HTTP Host header syntax is ` Bucket-name.s3express-zone-id.region-code.amazonaws.com`. The following operations are related to `CreateMultipartUpload`: + [UploadPart](https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html) + [CompleteMultipartUpload](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html) + [AbortMultipartUpload](https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html) + [ListParts](https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html) + [ListMultipartUploads](https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListMultipartUploads.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` POST /{Key+}?uploads HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-acl: ACL Cache-Control: CacheControl Content-Disposition: ContentDisposition Content-Encoding: ContentEncoding Content-Language: ContentLanguage Content-Type: ContentType Expires: Expires x-amz-grant-full-control: GrantFullControl x-amz-grant-read: GrantRead x-amz-grant-read-acp: GrantReadACP x-amz-grant-write-acp: GrantWriteACP x-amz-server-side-encryption: ServerSideEncryption x-amz-storage-class: StorageClass x-amz-website-redirect-location: WebsiteRedirectLocation x-amz-server-side-encryption-customer-algorithm: SSECustomerAlgorithm x-amz-server-side-encryption-customer-key: SSECustomerKey x-amz-server-side-encryption-customer-key-MD5: SSECustomerKeyMD5 x-amz-server-side-encryption-aws-kms-key-id: SSEKMSKeyId x-amz-server-side-encryption-context: SSEKMSEncryptionContext x-amz-server-side-encryption-bucket-key-enabled: BucketKeyEnabled x-amz-request-payer: RequestPayer x-amz-tagging: Tagging x-amz-object-lock-mode: ObjectLockMode x-amz-object-lock-retain-until-date: ObjectLockRetainUntilDate x-amz-object-lock-legal-hold: ObjectLockLegalHoldStatus x-amz-expected-bucket-owner: ExpectedBucketOwner x-amz-checksum-algorithm: ChecksumAlgorithm x-amz-checksum-type: ChecksumType ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_CreateMultipartUpload_RequestSyntax) ** The name of the bucket where the multipart upload is initiated and where the object is uploaded. **Directory buckets** - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format ` Bucket-name.s3express-zone-id.region-code.amazonaws.com`. Path-style requests are not supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must follow the format ` bucket-base-name--zone-id--x-s3` (for example, ` amzn-s3-demo-bucket--usw2-az1--x-s3`). For information about bucket naming restrictions, see [Directory bucket naming rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) in the *Amazon S3 User Guide*. **Access points** - When you use this action with an access point for general purpose buckets, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When you use this action with an access point for directory buckets, you must provide the access point name in place of the bucket name. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com. When using this action with an access point through the AWS SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see [Using access points](https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) in the *Amazon S3 User Guide*. Object Lambda access points are not supported by directory buckets. **S3 on Outposts** - When you use this action with S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form ` AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com`. When you use this action with S3 on Outposts, the destination bucket must be the Outposts access point ARN or the access point alias. For more information about S3 on Outposts, see [What is S3 on Outposts?](https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) in the *Amazon S3 User Guide*. Required: Yes ** [Cache-Control](#API_CreateMultipartUpload_RequestSyntax) ** Specifies caching behavior along the request/reply chain. ** [Content-Disposition](#API_CreateMultipartUpload_RequestSyntax) ** Specifies presentational information for the object. ** [Content-Encoding](#API_CreateMultipartUpload_RequestSyntax) ** Specifies what content encodings have been applied to the object and thus what decoding mechanisms must be applied to obtain the media-type referenced by the Content-Type header field. For directory buckets, only the `aws-chunked` value is supported in this header field. ** [Content-Language](#API_CreateMultipartUpload_RequestSyntax) ** The language that the content is in. ** [Content-Type](#API_CreateMultipartUpload_RequestSyntax) ** A standard MIME type describing the format of the object data. ** [Expires](#API_CreateMultipartUpload_RequestSyntax) ** The date and time at which the object is no longer cacheable. ** [Key](#API_CreateMultipartUpload_RequestSyntax) ** Object key for which the multipart upload is to be initiated. Length Constraints: Minimum length of 1. Required: Yes ** [x-amz-acl](#API_CreateMultipartUpload_RequestSyntax) ** The canned ACL to apply to the object. Amazon S3 supports a set of predefined ACLs, known as *canned ACLs*. Each canned ACL has a predefined set of grantees and permissions. For more information, see [Canned ACL](https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL) in the *Amazon S3 User Guide*. By default, all objects are private. Only the owner has full access control. When uploading an object, you can grant access permissions to individual AWS accounts or to predefined groups defined by Amazon S3. These permissions are then added to the access control list (ACL) on the new object. For more information, see [Using ACLs](https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html). One way to grant the permissions using the request headers is to specify a canned ACL with the `x-amz-acl` request header. + This functionality is not supported for directory buckets. + This functionality is not supported for Amazon S3 on Outposts. Valid Values: `private | public-read | public-read-write | authenticated-read | aws-exec-read | bucket-owner-read | bucket-owner-full-control` ** [x-amz-checksum-algorithm](#API_CreateMultipartUpload_RequestSyntax) ** Indicates the algorithm that you want Amazon S3 to use to create the checksum for the object. For more information, see [Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) in the *Amazon S3 User Guide*. Valid Values: `CRC32 | CRC32C | SHA1 | SHA256 | CRC64NVME` ** [x-amz-checksum-type](#API_CreateMultipartUpload_RequestSyntax) ** Indicates the checksum type that you want Amazon S3 to use to calculate the object’s checksum value. For more information, see [Checking object integrity in the Amazon S3 User Guide](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html). Valid Values: `COMPOSITE | FULL_OBJECT` ** [x-amz-expected-bucket-owner](#API_CreateMultipartUpload_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ** [x-amz-grant-full-control](#API_CreateMultipartUpload_RequestSyntax) ** Specify access permissions explicitly to give the grantee READ, READ\$1ACP, and WRITE\$1ACP permissions on the object. By default, all objects are private. Only the owner has full access control. When uploading an object, you can use this header to explicitly grant access permissions to specific AWS accounts or groups. This header maps to specific permissions that Amazon S3 supports in an ACL. For more information, see [Access Control List (ACL) Overview](https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html) in the *Amazon S3 User Guide*. You specify each grantee as a type=value pair, where the type is one of the following: + `id` – if the value specified is the canonical user ID of an AWS account + `uri` – if you are granting permissions to a predefined group + `emailAddress` – if the value specified is the email address of an AWS account **Note** Using email addresses to specify a grantee is only supported in the following AWS Regions: US East (N. Virginia) US West (N. California) US West (Oregon) Asia Pacific (Singapore) Asia Pacific (Sydney) Asia Pacific (Tokyo) Europe (Ireland) South America (São Paulo) For a list of all the Amazon S3 supported Regions and endpoints, see [Regions and Endpoints](https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) in the AWS General Reference. For example, the following `x-amz-grant-read` header grants the AWS accounts identified by account IDs permissions to read object data and its metadata: `x-amz-grant-read: id="11112222333", id="444455556666" ` + This functionality is not supported for directory buckets. + This functionality is not supported for Amazon S3 on Outposts. ** [x-amz-grant-read](#API_CreateMultipartUpload_RequestSyntax) ** Specify access permissions explicitly to allow grantee to read the object data and its metadata. By default, all objects are private. Only the owner has full access control. When uploading an object, you can use this header to explicitly grant access permissions to specific AWS accounts or groups. This header maps to specific permissions that Amazon S3 supports in an ACL. For more information, see [Access Control List (ACL) Overview](https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html) in the *Amazon S3 User Guide*. You specify each grantee as a type=value pair, where the type is one of the following: + `id` – if the value specified is the canonical user ID of an AWS account + `uri` – if you are granting permissions to a predefined group + `emailAddress` – if the value specified is the email address of an AWS account **Note** Using email addresses to specify a grantee is only supported in the following AWS Regions: US East (N. Virginia) US West (N. California) US West (Oregon) Asia Pacific (Singapore) Asia Pacific (Sydney) Asia Pacific (Tokyo) Europe (Ireland) South America (São Paulo) For a list of all the Amazon S3 supported Regions and endpoints, see [Regions and Endpoints](https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) in the AWS General Reference. For example, the following `x-amz-grant-read` header grants the AWS accounts identified by account IDs permissions to read object data and its metadata: `x-amz-grant-read: id="11112222333", id="444455556666" ` + This functionality is not supported for directory buckets. + This functionality is not supported for Amazon S3 on Outposts. ** [x-amz-grant-read-acp](#API_CreateMultipartUpload_RequestSyntax) ** Specify access permissions explicitly to allows grantee to read the object ACL. By default, all objects are private. Only the owner has full access control. When uploading an object, you can use this header to explicitly grant access permissions to specific AWS accounts or groups. This header maps to specific permissions that Amazon S3 supports in an ACL. For more information, see [Access Control List (ACL) Overview](https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html) in the *Amazon S3 User Guide*. You specify each grantee as a type=value pair, where the type is one of the following: + `id` – if the value specified is the canonical user ID of an AWS account + `uri` – if you are granting permissions to a predefined group + `emailAddress` – if the value specified is the email address of an AWS account **Note** Using email addresses to specify a grantee is only supported in the following AWS Regions: US East (N. Virginia) US West (N. California) US West (Oregon) Asia Pacific (Singapore) Asia Pacific (Sydney) Asia Pacific (Tokyo) Europe (Ireland) South America (São Paulo) For a list of all the Amazon S3 supported Regions and endpoints, see [Regions and Endpoints](https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) in the AWS General Reference. For example, the following `x-amz-grant-read` header grants the AWS accounts identified by account IDs permissions to read object data and its metadata: `x-amz-grant-read: id="11112222333", id="444455556666" ` + This functionality is not supported for directory buckets. + This functionality is not supported for Amazon S3 on Outposts. ** [x-amz-grant-write-acp](#API_CreateMultipartUpload_RequestSyntax) ** Specify access permissions explicitly to allows grantee to allow grantee to write the ACL for the applicable object. By default, all objects are private. Only the owner has full access control. When uploading an object, you can use this header to explicitly grant access permissions to specific AWS accounts or groups. This header maps to specific permissions that Amazon S3 supports in an ACL. For more information, see [Access Control List (ACL) Overview](https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html) in the *Amazon S3 User Guide*. You specify each grantee as a type=value pair, where the type is one of the following: + `id` – if the value specified is the canonical user ID of an AWS account + `uri` – if you are granting permissions to a predefined group + `emailAddress` – if the value specified is the email address of an AWS account **Note** Using email addresses to specify a grantee is only supported in the following AWS Regions: US East (N. Virginia) US West (N. California) US West (Oregon) Asia Pacific (Singapore) Asia Pacific (Sydney) Asia Pacific (Tokyo) Europe (Ireland) South America (São Paulo) For a list of all the Amazon S3 supported Regions and endpoints, see [Regions and Endpoints](https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) in the AWS General Reference. For example, the following `x-amz-grant-read` header grants the AWS accounts identified by account IDs permissions to read object data and its metadata: `x-amz-grant-read: id="11112222333", id="444455556666" ` + This functionality is not supported for directory buckets. + This functionality is not supported for Amazon S3 on Outposts. ** [x-amz-object-lock-legal-hold](#API_CreateMultipartUpload_RequestSyntax) ** Specifies whether you want to apply a legal hold to the uploaded object. This functionality is not supported for directory buckets. Valid Values: `ON | OFF` ** [x-amz-object-lock-mode](#API_CreateMultipartUpload_RequestSyntax) ** Specifies the Object Lock mode that you want to apply to the uploaded object. This functionality is not supported for directory buckets. Valid Values: `GOVERNANCE | COMPLIANCE` ** [x-amz-object-lock-retain-until-date](#API_CreateMultipartUpload_RequestSyntax) ** Specifies the date and time when you want the Object Lock to expire. This functionality is not supported for directory buckets. ** [x-amz-request-payer](#API_CreateMultipartUpload_RequestSyntax) ** Confirms that the requester knows that they will be charged for the request. Bucket owners need not specify this parameter in their requests. If either the source or destination S3 bucket has Requester Pays enabled, the requester will pay for the corresponding charges. For information about downloading objects from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets](https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) in the *Amazon S3 User Guide*. This functionality is not supported for directory buckets. Valid Values: `requester` ** [x-amz-server-side-encryption](#API_CreateMultipartUpload_RequestSyntax) ** The server-side encryption algorithm used when you store this object in Amazon S3 or Amazon FSx. + **Directory buckets ** - For directory buckets, there are only two supported options for server-side encryption: server-side encryption with Amazon S3 managed keys (SSE-S3) (`AES256`) and server-side encryption with AWS KMS keys (SSE-KMS) (`aws:kms`). We recommend that the bucket's default encryption uses the desired encryption configuration and you don't override the bucket default encryption in your `CreateSession` requests or `PUT` object requests. Then, new objects are automatically encrypted with the desired encryption settings. For more information, see [Protecting data with server-side encryption](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-serv-side-encryption.html) in the *Amazon S3 User Guide*. For more information about the encryption overriding behaviors in directory buckets, see [Specifying server-side encryption with AWS KMS for new object uploads](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-specifying-kms-encryption.html). In the Zonal endpoint API calls (except [CopyObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html) and [UploadPartCopy](https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html)) using the REST API, the encryption request headers must match the encryption settings that are specified in the `CreateSession` request. You can't override the values of the encryption settings (`x-amz-server-side-encryption`, `x-amz-server-side-encryption-aws-kms-key-id`, `x-amz-server-side-encryption-context`, and `x-amz-server-side-encryption-bucket-key-enabled`) that are specified in the `CreateSession` request. You don't need to explicitly specify these encryption settings values in Zonal endpoint API calls, and Amazon S3 will use the encryption settings values from the `CreateSession` request to protect new objects in the directory bucket. **Note** When you use the CLI or the AWS SDKs, for `CreateSession`, the session token refreshes automatically to avoid service interruptions when a session expires. The CLI or the AWS SDKs use the bucket's default encryption configuration for the `CreateSession` request. It's not supported to override the encryption settings values in the `CreateSession` request. So in the Zonal endpoint API calls (except [CopyObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html) and [UploadPartCopy](https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html)), the encryption request headers must match the default encryption configuration of the directory bucket. + **S3 access points for Amazon FSx ** - When accessing data stored in Amazon FSx file systems using S3 access points, the only valid server side encryption option is `aws:fsx`. All Amazon FSx file systems have encryption configured by default and are encrypted at rest. Data is automatically encrypted before being written to the file system, and automatically decrypted as it is read. These processes are handled transparently by Amazon FSx. Valid Values: `AES256 | aws:fsx | aws:kms | aws:kms:dsse` ** [x-amz-server-side-encryption-aws-kms-key-id](#API_CreateMultipartUpload_RequestSyntax) ** Specifies the AWS KMS key ID (Key ID, Key ARN, or Key Alias) to use for object encryption. If the KMS key doesn't exist in the same account that's issuing the command, you must use the full Key ARN not the Key ID. **General purpose buckets** - If you specify `x-amz-server-side-encryption` with `aws:kms` or `aws:kms:dsse`, this header specifies the ID (Key ID, Key ARN, or Key Alias) of the AWS KMS key to use. If you specify `x-amz-server-side-encryption:aws:kms` or `x-amz-server-side-encryption:aws:kms:dsse`, but do not provide `x-amz-server-side-encryption-aws-kms-key-id`, Amazon S3 uses the AWS managed key (`aws/s3`) to protect the data. **Directory buckets** - To encrypt data using SSE-KMS, it's recommended to specify the `x-amz-server-side-encryption` header to `aws:kms`. Then, the `x-amz-server-side-encryption-aws-kms-key-id` header implicitly uses the bucket's default KMS customer managed key ID. If you want to explicitly set the ` x-amz-server-side-encryption-aws-kms-key-id` header, it must match the bucket's default customer managed key (using key ID or ARN, not alias). Your SSE-KMS configuration can only support 1 [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) per directory bucket's lifetime. The [AWS managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk) (`aws/s3`) isn't supported. Incorrect key specification results in an HTTP `400 Bad Request` error. ** [x-amz-server-side-encryption-bucket-key-enabled](#API_CreateMultipartUpload_RequestSyntax) ** Specifies whether Amazon S3 should use an S3 Bucket Key for object encryption with server-side encryption using AWS Key Management Service (AWS KMS) keys (SSE-KMS). **General purpose buckets** - Setting this header to `true` causes Amazon S3 to use an S3 Bucket Key for object encryption with SSE-KMS. Also, specifying this header with a PUT action doesn't affect bucket-level settings for S3 Bucket Key. **Directory buckets** - S3 Bucket Keys are always enabled for `GET` and `PUT` operations in a directory bucket and can’t be disabled. S3 Bucket Keys aren't supported, when you copy SSE-KMS encrypted objects from general purpose buckets to directory buckets, from directory buckets to general purpose buckets, or between directory buckets, through [CopyObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html), [UploadPartCopy](https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html), [the Copy operation in Batch Operations](https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-objects-Batch-Ops), or [the import jobs](https://docs.aws.amazon.com/AmazonS3/latest/userguide/create-import-job). In this case, Amazon S3 makes a call to AWS KMS every time a copy request is made for a KMS-encrypted object. ** [x-amz-server-side-encryption-context](#API_CreateMultipartUpload_RequestSyntax) ** Specifies the AWS KMS Encryption Context to use for object encryption. The value of this header is a Base64 encoded string of a UTF-8 encoded JSON, which contains the encryption context as key-value pairs. **Directory buckets** - You can optionally provide an explicit encryption context value. The value must match the default encryption context - the bucket Amazon Resource Name (ARN). An additional encryption context value is not supported. ** [x-amz-server-side-encryption-customer-algorithm](#API_CreateMultipartUpload_RequestSyntax) ** Specifies the algorithm to use when encrypting the object (for example, AES256). This functionality is not supported for directory buckets. ** [x-amz-server-side-encryption-customer-key](#API_CreateMultipartUpload_RequestSyntax) ** Specifies the customer-provided encryption key for Amazon S3 to use in encrypting data. This value is used to store the object and then it is discarded; Amazon S3 does not store the encryption key. The key must be appropriate for use with the algorithm specified in the `x-amz-server-side-encryption-customer-algorithm` header. This functionality is not supported for directory buckets. ** [x-amz-server-side-encryption-customer-key-MD5](#API_CreateMultipartUpload_RequestSyntax) ** Specifies the 128-bit MD5 digest of the customer-provided encryption key according to RFC 1321. Amazon S3 uses this header for a message integrity check to ensure that the encryption key was transmitted without error. This functionality is not supported for directory buckets. ** [x-amz-storage-class](#API_CreateMultipartUpload_RequestSyntax) ** By default, Amazon S3 uses the STANDARD Storage Class to store newly created objects. The STANDARD storage class provides high durability and high availability. Depending on performance needs, you can specify a different Storage Class. For more information, see [Storage Classes](https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html) in the *Amazon S3 User Guide*. + Directory buckets only support `EXPRESS_ONEZONE` (the S3 Express One Zone storage class) in Availability Zones and `ONEZONE_IA` (the S3 One Zone-Infrequent Access storage class) in Dedicated Local Zones. + Amazon S3 on Outposts only uses the OUTPOSTS Storage Class. Valid Values: `STANDARD | REDUCED_REDUNDANCY | STANDARD_IA | ONEZONE_IA | INTELLIGENT_TIERING | GLACIER | DEEP_ARCHIVE | OUTPOSTS | GLACIER_IR | SNOW | EXPRESS_ONEZONE | FSX_OPENZFS | FSX_ONTAP` ** [x-amz-tagging](#API_CreateMultipartUpload_RequestSyntax) ** The tag-set for the object. The tag-set must be encoded as URL Query parameters. This functionality is not supported for directory buckets. ** [x-amz-website-redirect-location](#API_CreateMultipartUpload_RequestSyntax) ** If the bucket is configured as a website, redirects requests for this object to another object in the same bucket or to an external URL. Amazon S3 stores the value of this header in the object metadata. This functionality is not supported for directory buckets. ## Request Body The request does not have a request body. ## Response Syntax ``` HTTP/1.1 200 x-amz-abort-date: AbortDate x-amz-abort-rule-id: AbortRuleId x-amz-server-side-encryption: ServerSideEncryption x-amz-server-side-encryption-customer-algorithm: SSECustomerAlgorithm x-amz-server-side-encryption-customer-key-MD5: SSECustomerKeyMD5 x-amz-server-side-encryption-aws-kms-key-id: SSEKMSKeyId x-amz-server-side-encryption-context: SSEKMSEncryptionContext x-amz-server-side-encryption-bucket-key-enabled: BucketKeyEnabled x-amz-request-charged: RequestCharged x-amz-checksum-algorithm: ChecksumAlgorithm x-amz-checksum-type: ChecksumType string string string ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response. The response returns the following HTTP headers. ** [x-amz-abort-date](#API_CreateMultipartUpload_ResponseSyntax) ** If the bucket has a lifecycle rule configured with an action to abort incomplete multipart uploads and the prefix in the lifecycle rule matches the object name in the request, the response includes this header. The header indicates when the initiated multipart upload becomes eligible for an abort operation. For more information, see [ Aborting Incomplete Multipart Uploads Using a Bucket Lifecycle Configuration](https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config) in the *Amazon S3 User Guide*. The response also includes the `x-amz-abort-rule-id` header that provides the ID of the lifecycle configuration rule that defines the abort action. This functionality is not supported for directory buckets. ** [x-amz-abort-rule-id](#API_CreateMultipartUpload_ResponseSyntax) ** This header is returned along with the `x-amz-abort-date` header. It identifies the applicable lifecycle configuration rule that defines the action to abort incomplete multipart uploads. This functionality is not supported for directory buckets. ** [x-amz-checksum-algorithm](#API_CreateMultipartUpload_ResponseSyntax) ** The algorithm that was used to create a checksum of the object. Valid Values: `CRC32 | CRC32C | SHA1 | SHA256 | CRC64NVME` ** [x-amz-checksum-type](#API_CreateMultipartUpload_ResponseSyntax) ** Indicates the checksum type that you want Amazon S3 to use to calculate the object’s checksum value. For more information, see [Checking object integrity in the Amazon S3 User Guide](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html). Valid Values: `COMPOSITE | FULL_OBJECT` ** [x-amz-request-charged](#API_CreateMultipartUpload_ResponseSyntax) ** If present, indicates that the requester was successfully charged for the request. For more information, see [Using Requester Pays buckets for storage transfers and usage](https://docs.aws.amazon.com/AmazonS3/latest/userguide/RequesterPaysBuckets.html) in the *Amazon Simple Storage Service user guide*. This functionality is not supported for directory buckets. Valid Values: `requester` ** [x-amz-server-side-encryption](#API_CreateMultipartUpload_ResponseSyntax) ** The server-side encryption algorithm used when you store this object in Amazon S3 or Amazon FSx. When accessing data stored in Amazon FSx file systems using S3 access points, the only valid server side encryption option is `aws:fsx`. Valid Values: `AES256 | aws:fsx | aws:kms | aws:kms:dsse` ** [x-amz-server-side-encryption-aws-kms-key-id](#API_CreateMultipartUpload_ResponseSyntax) ** If present, indicates the ID of the KMS key that was used for object encryption. ** [x-amz-server-side-encryption-bucket-key-enabled](#API_CreateMultipartUpload_ResponseSyntax) ** Indicates whether the multipart upload uses an S3 Bucket Key for server-side encryption with AWS Key Management Service (AWS KMS) keys (SSE-KMS). ** [x-amz-server-side-encryption-context](#API_CreateMultipartUpload_ResponseSyntax) ** If present, indicates the AWS KMS Encryption Context to use for object encryption. The value of this header is a Base64 encoded string of a UTF-8 encoded JSON, which contains the encryption context as key-value pairs. ** [x-amz-server-side-encryption-customer-algorithm](#API_CreateMultipartUpload_ResponseSyntax) ** If server-side encryption with a customer-provided encryption key was requested, the response will include this header to confirm the encryption algorithm that's used. This functionality is not supported for directory buckets. ** [x-amz-server-side-encryption-customer-key-MD5](#API_CreateMultipartUpload_ResponseSyntax) ** If server-side encryption with a customer-provided encryption key was requested, the response will include this header to provide the round-trip message integrity verification of the customer-provided encryption key. This functionality is not supported for directory buckets. The following data is returned in XML format by the service. ** [InitiateMultipartUploadResult](#API_CreateMultipartUpload_ResponseSyntax) ** Root level tag for the InitiateMultipartUploadResult parameters. Required: Yes ** [Bucket](#API_CreateMultipartUpload_ResponseSyntax) ** The name of the bucket to which the multipart upload was initiated. Does not return the access point ARN or access point alias if used. Access points are not supported by directory buckets. Type: String ** [Key](#API_CreateMultipartUpload_ResponseSyntax) ** Object key for which the multipart upload was initiated. Type: String Length Constraints: Minimum length of 1. ** [UploadId](#API_CreateMultipartUpload_ResponseSyntax) ** ID for the initiated multipart upload. Type: String ## Examples ### Sample Request for general purpose buckets This action initiates a multipart upload for the `amzn-s3-demo-bucket` object. ``` POST /example-object?uploads HTTP/1.1 Host: amzn-s3-demo-bucket.s3..amazonaws.com Date: Mon, 1 Nov 2010 20:34:56 GMT Authorization: authorization string ``` ### Sample Response for general purpose buckets This example illustrates one usage of CreateMultipartUpload. ``` HTTP/1.1 200 OK x-amz-id-2: Uuag1LuByRx9e6j5Onimru9pO4ZVKnJ2Qz7/C1NPcfTWAtRPfTaOFg== x-amz-request-id: 656c76696e6727732072657175657374 Date: Mon, 1 Nov 2010 20:34:56 GMT Transfer-Encoding: chunked Connection: keep-alive Server: AmazonS3 amzn-s3-demo-bucket example-object VXBsb2FkIElEIGZvciA2aWWpbmcncyBteS1tb3ZpZS5tMnRzIHVwbG9hZA ``` ### Example for general purpose buckets: Initiate a multipart upload using server-side encryption with customer-provided encryption keys This example, which initiates a multipart upload request, specifies server-side encryption with customer-provided encryption keys by adding relevant headers. **Note** If you have server-side encryption with customer-provided keys (SSE-C) blocked for your general purpose bucket, you will get an HTTP 403 Access Denied error when you specify the SSE-C request headers while writing new data to your bucket. For more information, see [Blocking or unblocking SSE-C for a general purpose bucket](https://docs.aws.amazon.com/AmazonS3/latest/userguide/blocking-unblocking-s3-c-encryption-gpb.html). ``` POST /example-object?uploads HTTP/1.1 Host: amzn-s3-demo-bucket.s3..amazonaws.com Authorization:authorization string Date: Wed, 28 May 2014 19:34:57 +0000 x-amz-server-side-encryption-customer-key: g0lCfA3Dv40jZz5SQJ1ZukLRFqtI5WorC/8SEEXAMPLE x-amz-server-side-encryption-customer-key-MD5: ZjQrne1X/iTcskbY2example x-amz-server-side-encryption-customer-algorithm: AES256 ``` ### Sample Response for general purpose buckets In the response, Amazon S3 returns an `UploadId`. In addition, Amazon S3 returns the encryption algorithm and the MD5 digest of the encryption key that you provided in the request. ``` HTTP/1.1 200 OK x-amz-id-2: 36HRCaIGp57F1FvWvVRrvd3hNn9WoBGfEaCVHTCt8QWf00qxdHazQUgfoXAbhFWD x-amz-request-id: 50FA1D691B62CA43 Date: Wed, 28 May 2014 19:34:58 GMT x-amz-server-side-encryption-customer-algorithm: AES256 x-amz-server-side-encryption-customer-key-MD5: ZjQrne1X/iTcskbY2m3tFg== Transfer-Encoding: chunked amzn-s3-demo-bucket example-object EXAMPLEJZ6e0YupT2h66iePQCc9IEbYbDUy4RTpMeoSMLPRp8Z5o1u8feSRonpvnWsKKG35tI2LB9VDPiCgTy.Gq2VxQLYjrue4Nq.NBdqI- ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/CreateMultipartUpload) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/CreateMultipartUpload) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/CreateMultipartUpload) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/CreateMultipartUpload) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/CreateMultipartUpload) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/CreateMultipartUpload) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/CreateMultipartUpload) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/CreateMultipartUpload) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/CreateMultipartUpload) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/CreateMultipartUpload) # CreateSession Creates a session that establishes temporary security credentials to support fast authentication and authorization for the Zonal endpoint API operations on directory buckets. For more information about Zonal endpoint API operations that include the Availability Zone in the request endpoint, see [S3 Express One Zone APIs](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-APIs.html) in the *Amazon S3 User Guide*. To make Zonal endpoint API requests on a directory bucket, use the `CreateSession` API operation. Specifically, you grant `s3express:CreateSession` permission to a bucket in a bucket policy or an IAM identity-based policy. Then, you use IAM credentials to make the `CreateSession` API request on the bucket, which returns temporary security credentials that include the access key ID, secret access key, session token, and expiration. These credentials have associated permissions to access the Zonal endpoint API operations. After the session is created, you don’t need to use other policies to grant permissions to each Zonal endpoint API individually. Instead, in your Zonal endpoint API requests, you sign your requests by applying the temporary security credentials of the session to the request headers and following the SigV4 protocol for authentication. You also apply the session token to the `x-amz-s3session-token` request header for authorization. Temporary security credentials are scoped to the bucket and expire after 5 minutes. After the expiration time, any calls that you make with those credentials will fail. You must use IAM credentials again to make a `CreateSession` API request that generates a new set of temporary credentials for use. Temporary credentials cannot be extended or refreshed beyond the original specified interval. If you use AWS SDKs, SDKs handle the session token refreshes automatically to avoid service interruptions when a session expires. We recommend that you use the AWS SDKs to initiate and manage requests to the CreateSession API. For more information, see [Performance guidelines and design patterns](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-optimizing-performance-guidelines-design-patterns.html#s3-express-optimizing-performance-session-authentication) in the *Amazon S3 User Guide*. **Note** You must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format `https://bucket-name.s3express-zone-id.region-code.amazonaws.com`. Path-style requests are not supported. For more information about endpoints in Availability Zones, see [Regional and Zonal endpoints for directory buckets in Availability Zones](https://docs.aws.amazon.com/AmazonS3/latest/userguide/endpoint-directory-buckets-AZ.html) in the *Amazon S3 User Guide*. For more information about endpoints in Local Zones, see [Concepts for directory buckets in Local Zones](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-lzs-for-directory-buckets.html) in the *Amazon S3 User Guide*. ** `CopyObject` API operation** - Unlike other Zonal endpoint API operations, the `CopyObject` API operation doesn't use the temporary security credentials returned from the `CreateSession` API operation for authentication and authorization. For information about authentication and authorization of the `CopyObject` API operation on directory buckets, see [CopyObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html). ** `HeadBucket` API operation** - Unlike other Zonal endpoint API operations, the `HeadBucket` API operation doesn't use the temporary security credentials returned from the `CreateSession` API operation for authentication and authorization. For information about authentication and authorization of the `HeadBucket` API operation on directory buckets, see [HeadBucket](https://docs.aws.amazon.com/AmazonS3/latest/API/API_HeadBucket.html). Permissions To obtain temporary security credentials, you must create a bucket policy or an IAM identity-based policy that grants `s3express:CreateSession` permission to the bucket. In a policy, you can have the `s3express:SessionMode` condition key to control who can create a `ReadWrite` or `ReadOnly` session. For more information about `ReadWrite` or `ReadOnly` sessions, see [https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html#API_CreateSession_RequestParameters](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html#API_CreateSession_RequestParameters). For example policies, see [Example bucket policies for S3 Express One Zone](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-example-bucket-policies.html) and [AWS Identity and Access Management (IAM) identity-based policies for S3 Express One Zone](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-identity-policies.html) in the *Amazon S3 User Guide*. To grant cross-account access to Zonal endpoint API operations, the bucket policy should also grant both accounts the `s3express:CreateSession` permission. If you want to encrypt objects with SSE-KMS, you must also have the `kms:GenerateDataKey` and the `kms:Decrypt` permissions in IAM identity-based policies and AWS KMS key policies for the target AWS KMS key. Encryption For directory buckets, there are only two supported options for server-side encryption: server-side encryption with Amazon S3 managed keys (SSE-S3) (`AES256`) and server-side encryption with AWS KMS keys (SSE-KMS) (`aws:kms`). We recommend that the bucket's default encryption uses the desired encryption configuration and you don't override the bucket default encryption in your `CreateSession` requests or `PUT` object requests. Then, new objects are automatically encrypted with the desired encryption settings. For more information, see [Protecting data with server-side encryption](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-serv-side-encryption.html) in the *Amazon S3 User Guide*. For more information about the encryption overriding behaviors in directory buckets, see [Specifying server-side encryption with AWS KMS for new object uploads](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-specifying-kms-encryption.html). For [Zonal endpoint (object-level) API operations](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-differences.html#s3-express-differences-api-operations) except [CopyObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html) and [UploadPartCopy](https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html), you authenticate and authorize requests through [CreateSession](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) for low latency. To encrypt new objects in a directory bucket with SSE-KMS, you must specify SSE-KMS as the directory bucket's default encryption configuration with a KMS key (specifically, a [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk)). Then, when a session is created for Zonal endpoint API operations, new objects are automatically encrypted and decrypted with SSE-KMS and S3 Bucket Keys during the session. Only 1 [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) is supported per directory bucket for the lifetime of the bucket. The [AWS managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk) (`aws/s3`) isn't supported. After you specify SSE-KMS as your bucket's default encryption configuration with a customer managed key, you can't change the customer managed key for the bucket's SSE-KMS configuration. In the Zonal endpoint API calls (except [CopyObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html) and [UploadPartCopy](https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html)) using the REST API, you can't override the values of the encryption settings (`x-amz-server-side-encryption`, `x-amz-server-side-encryption-aws-kms-key-id`, `x-amz-server-side-encryption-context`, and `x-amz-server-side-encryption-bucket-key-enabled`) from the `CreateSession` request. You don't need to explicitly specify these encryption settings values in Zonal endpoint API calls, and Amazon S3 will use the encryption settings values from the `CreateSession` request to protect new objects in the directory bucket. When you use the CLI or the AWS SDKs, for `CreateSession`, the session token refreshes automatically to avoid service interruptions when a session expires. The CLI or the AWS SDKs use the bucket's default encryption configuration for the `CreateSession` request. It's not supported to override the encryption settings values in the `CreateSession` request. Also, in the Zonal endpoint API calls (except [CopyObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html) and [UploadPartCopy](https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html)), it's not supported to override the values of the encryption settings from the `CreateSession` request. HTTP Host header syntax **Directory buckets ** - The HTTP Host header syntax is ` Bucket-name.s3express-zone-id.region-code.amazonaws.com`. **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` GET /?session HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-create-session-mode: SessionMode x-amz-server-side-encryption: ServerSideEncryption x-amz-server-side-encryption-aws-kms-key-id: SSEKMSKeyId x-amz-server-side-encryption-context: SSEKMSEncryptionContext x-amz-server-side-encryption-bucket-key-enabled: BucketKeyEnabled ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_CreateSession_RequestSyntax) ** The name of the bucket that you create a session for. Required: Yes ** [x-amz-create-session-mode](#API_CreateSession_RequestSyntax) ** Specifies the mode of the session that will be created, either `ReadWrite` or `ReadOnly`. If no session mode is specified, the default behavior attempts to create a session with the maximum allowable privilege. It will first attempt to create a `ReadWrite` session, and if that is not allowed by permissions, it will attempt to create a `ReadOnly` session. If neither session type is allowed, the request will return an Access Denied error. A `ReadWrite` session is capable of executing all the Zonal endpoint API operations on a directory bucket. A `ReadOnly` session is constrained to execute the following Zonal endpoint API operations: `GetObject`, `HeadObject`, `ListObjectsV2`, `GetObjectAttributes`, `ListParts`, and `ListMultipartUploads`. Valid Values: `ReadOnly | ReadWrite` ** [x-amz-server-side-encryption](#API_CreateSession_RequestSyntax) ** The server-side encryption algorithm to use when you store objects in the directory bucket. For directory buckets, there are only two supported options for server-side encryption: server-side encryption with Amazon S3 managed keys (SSE-S3) (`AES256`) and server-side encryption with AWS KMS keys (SSE-KMS) (`aws:kms`). By default, Amazon S3 encrypts data with SSE-S3. For more information, see [Protecting data with server-side encryption](https://docs.aws.amazon.com/AmazonS3/latest/userguide/serv-side-encryption.html) in the *Amazon S3 User Guide*. **S3 access points for Amazon FSx ** - When accessing data stored in Amazon FSx file systems using S3 access points, the only valid server side encryption option is `aws:fsx`. All Amazon FSx file systems have encryption configured by default and are encrypted at rest. Data is automatically encrypted before being written to the file system, and automatically decrypted as it is read. These processes are handled transparently by Amazon FSx. Valid Values: `AES256 | aws:fsx | aws:kms | aws:kms:dsse` ** [x-amz-server-side-encryption-aws-kms-key-id](#API_CreateSession_RequestSyntax) ** If you specify `x-amz-server-side-encryption` with `aws:kms`, you must specify the ` x-amz-server-side-encryption-aws-kms-key-id` header with the ID (Key ID or Key ARN) of the AWS KMS symmetric encryption customer managed key to use. Otherwise, you get an HTTP `400 Bad Request` error. Only use the key ID or key ARN. The key alias format of the KMS key isn't supported. Also, if the KMS key doesn't exist in the same account that't issuing the command, you must use the full Key ARN not the Key ID. Your SSE-KMS configuration can only support 1 [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) per directory bucket's lifetime. The [AWS managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk) (`aws/s3`) isn't supported. ** [x-amz-server-side-encryption-bucket-key-enabled](#API_CreateSession_RequestSyntax) ** Specifies whether Amazon S3 should use an S3 Bucket Key for object encryption with server-side encryption using AWS KMS keys (SSE-KMS). S3 Bucket Keys are always enabled for `GET` and `PUT` operations in a directory bucket and can’t be disabled. S3 Bucket Keys aren't supported, when you copy SSE-KMS encrypted objects from general purpose buckets to directory buckets, from directory buckets to general purpose buckets, or between directory buckets, through [CopyObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html), [UploadPartCopy](https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html), [the Copy operation in Batch Operations](https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-objects-Batch-Ops), or [the import jobs](https://docs.aws.amazon.com/AmazonS3/latest/userguide/create-import-job). In this case, Amazon S3 makes a call to AWS KMS every time a copy request is made for a KMS-encrypted object. ** [x-amz-server-side-encryption-context](#API_CreateSession_RequestSyntax) ** Specifies the AWS KMS Encryption Context as an additional encryption context to use for object encryption. The value of this header is a Base64 encoded string of a UTF-8 encoded JSON, which contains the encryption context as key-value pairs. This value is stored as object metadata and automatically gets passed on to AWS KMS for future `GetObject` operations on this object. **General purpose buckets** - This value must be explicitly added during `CopyObject` operations if you want an additional encryption context for your object. For more information, see [Encryption context](https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html#encryption-context) in the *Amazon S3 User Guide*. **Directory buckets** - You can optionally provide an explicit encryption context value. The value must match the default encryption context - the bucket Amazon Resource Name (ARN). An additional encryption context value is not supported. ## Request Body The request does not have a request body. ## Response Syntax ``` HTTP/1.1 200 x-amz-server-side-encryption: ServerSideEncryption x-amz-server-side-encryption-aws-kms-key-id: SSEKMSKeyId x-amz-server-side-encryption-context: SSEKMSEncryptionContext x-amz-server-side-encryption-bucket-key-enabled: BucketKeyEnabled string timestamp string string ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response. The response returns the following HTTP headers. ** [x-amz-server-side-encryption](#API_CreateSession_ResponseSyntax) ** The server-side encryption algorithm used when you store objects in the directory bucket. When accessing data stored in Amazon FSx file systems using S3 access points, the only valid server side encryption option is `aws:fsx`. Valid Values: `AES256 | aws:fsx | aws:kms | aws:kms:dsse` ** [x-amz-server-side-encryption-aws-kms-key-id](#API_CreateSession_ResponseSyntax) ** If you specify `x-amz-server-side-encryption` with `aws:kms`, this header indicates the ID of the AWS KMS symmetric encryption customer managed key that was used for object encryption. ** [x-amz-server-side-encryption-bucket-key-enabled](#API_CreateSession_ResponseSyntax) ** Indicates whether to use an S3 Bucket Key for server-side encryption with AWS KMS keys (SSE-KMS). ** [x-amz-server-side-encryption-context](#API_CreateSession_ResponseSyntax) ** If present, indicates the AWS KMS Encryption Context to use for object encryption. The value of this header is a Base64 encoded string of a UTF-8 encoded JSON, which contains the encryption context as key-value pairs. This value is stored as object metadata and automatically gets passed on to AWS KMS for future `GetObject` operations on this object. The following data is returned in XML format by the service. ** [CreateSessionResult](#API_CreateSession_ResponseSyntax) ** Root level tag for the CreateSessionResult parameters. Required: Yes ** [Credentials](#API_CreateSession_ResponseSyntax) ** The established temporary security credentials for the created session. Type: [SessionCredentials](API_SessionCredentials.md) data type ## Errors ** NoSuchBucket ** The specified bucket does not exist. HTTP Status Code: 404 ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/CreateSession) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/CreateSession) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/CreateSession) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/CreateSession) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/CreateSession) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/CreateSession) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/CreateSession) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/CreateSession) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/CreateSession) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/CreateSession) # DeleteBucket Deletes the S3 bucket. All objects (including all object versions and delete markers) in the bucket must be deleted before the bucket itself can be deleted. **Note** **Directory buckets** - If multipart uploads in a directory bucket are in progress, you can't delete the bucket until all the in-progress multipart uploads are aborted or completed. **Directory buckets ** - For directory buckets, you must make requests for this API operation to the Regional endpoint. These endpoints support path-style requests in the format `https://s3express-control.region-code.amazonaws.com/bucket-name `. Virtual-hosted-style requests aren't supported. For more information about endpoints in Availability Zones, see [Regional and Zonal endpoints for directory buckets in Availability Zones](https://docs.aws.amazon.com/AmazonS3/latest/userguide/endpoint-directory-buckets-AZ.html) in the *Amazon S3 User Guide*. For more information about endpoints in Local Zones, see [Concepts for directory buckets in Local Zones](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-lzs-for-directory-buckets.html) in the *Amazon S3 User Guide*. Permissions + **General purpose bucket permissions** - You must have the `s3:DeleteBucket` permission on the specified bucket in a policy. + **Directory bucket permissions** - You must have the `s3express:DeleteBucket` permission in an IAM identity-based policy instead of a bucket policy. Cross-account access to this API operation isn't supported. This operation can only be performed by the AWS account that owns the resource. For more information about directory bucket policies and permissions, see [AWS Identity and Access Management (IAM) for S3 Express One Zone](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam.html) in the *Amazon S3 User Guide*. HTTP Host header syntax **Directory buckets ** - The HTTP Host header syntax is `s3express-control.region-code.amazonaws.com`. The following operations are related to `DeleteBucket`: + [CreateBucket](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html) + [DeleteObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` DELETE / HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-expected-bucket-owner: ExpectedBucketOwner ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_DeleteBucket_RequestSyntax) ** Specifies the bucket being deleted. **Directory buckets ** - When you use this operation with a directory bucket, you must use path-style requests in the format `https://s3express-control.region-code.amazonaws.com/bucket-name `. Virtual-hosted-style requests aren't supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must also follow the format ` bucket-base-name--zone-id--x-s3` (for example, ` DOC-EXAMPLE-BUCKET--usw2-az1--x-s3`). For information about bucket naming restrictions, see [Directory bucket naming rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) in the *Amazon S3 User Guide* Required: Yes ** [x-amz-expected-bucket-owner](#API_DeleteBucket_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). For directory buckets, this header is not supported in this API operation. If you specify this header, the request fails with the HTTP status code `501 Not Implemented`. ## Request Body The request does not have a request body. ## Response Syntax ``` HTTP/1.1 204 ``` ## Response Elements If the action is successful, the service sends back an HTTP 204 response with an empty HTTP body. ## Examples ### Sample Request for general purpose buckets This request deletes the bucket named `amzn-s3-demo-bucket`. ``` DELETE / HTTP/1.1 Host: amzn-s3-demo-bucket.s3..amazonaws.com Date: Wed, 01 Mar 2006 12:00:00 GMT Authorization: authorization string ``` ### Sample Response for general purpose buckets ``` HTTP/1.1 204 No Content x-amz-id-2: JuKZqmXuiwFeDQxhD7M8KtsKobSzWA1QEjLbTMTagkKdBX2z7Il/jGhDeJ3j6s80 x-amz-request-id: 32FE2CEB32F5EE25 Date: Wed, 01 Mar 2006 12:00:00 GMT Connection: close Server: AmazonS3 ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/DeleteBucket) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/DeleteBucket) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/DeleteBucket) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/DeleteBucket) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/DeleteBucket) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/DeleteBucket) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/DeleteBucket) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/DeleteBucket) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/DeleteBucket) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/DeleteBucket) # DeleteBucketAnalyticsConfiguration **Note** This operation is not supported for directory buckets. Deletes an analytics configuration for the bucket (specified by the analytics configuration ID). To use this operation, you must have permissions to perform the `s3:PutAnalyticsConfiguration` action. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see [Permissions Related to Bucket Subresource Operations](https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) and [Managing Access Permissions to Your Amazon S3 Resources](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html). For information about the Amazon S3 analytics feature, see [Amazon S3 Analytics – Storage Class Analysis](https://docs.aws.amazon.com/AmazonS3/latest/dev/analytics-storage-class.html). The following operations are related to `DeleteBucketAnalyticsConfiguration`: + [GetBucketAnalyticsConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketAnalyticsConfiguration.html) + [ListBucketAnalyticsConfigurations](https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketAnalyticsConfigurations.html) + [PutBucketAnalyticsConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketAnalyticsConfiguration.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` DELETE /?analytics&id=Id HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-expected-bucket-owner: ExpectedBucketOwner ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_DeleteBucketAnalyticsConfiguration_RequestSyntax) ** The name of the bucket from which an analytics configuration is deleted. Required: Yes ** [id](#API_DeleteBucketAnalyticsConfiguration_RequestSyntax) ** The ID that identifies the analytics configuration. Required: Yes ** [x-amz-expected-bucket-owner](#API_DeleteBucketAnalyticsConfiguration_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ## Request Body The request does not have a request body. ## Response Syntax ``` HTTP/1.1 204 ``` ## Response Elements If the action is successful, the service sends back an HTTP 204 response with an empty HTTP body. ## Examples ### Sample Request The following DELETE request deletes the analytics configuration with the ID `list1`. ``` DELETE ?/analytics&id=list1 HTTP/1.1 Host: amzn-s3-demo-bucket.s3..amazonaws.com Date: Wed, 14 May 2014 02:11:22 GMT Authorization: signatureValue ``` ### Sample Response The following successful response shows Amazon S3 returning a `204 No Content` response. The analytics configuration with the ID `list1` for the bucket has been removed. ``` HTTP/1.1 204 No Content x-amz-id-2: 0FmFIWsh/PpBuzZ0JFRC55ZGVmQW4SHJ7xVDqKwhEdJmf3q63RtrvH8ZuxW1Bol5 x-amz-request-id: 0CF038E9BCF63097 Date: Wed, 14 May 2014 02:11:22 GMT Server: AmazonS3 ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/DeleteBucketAnalyticsConfiguration) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/DeleteBucketAnalyticsConfiguration) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/DeleteBucketAnalyticsConfiguration) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/DeleteBucketAnalyticsConfiguration) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/DeleteBucketAnalyticsConfiguration) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/DeleteBucketAnalyticsConfiguration) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/DeleteBucketAnalyticsConfiguration) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/DeleteBucketAnalyticsConfiguration) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/DeleteBucketAnalyticsConfiguration) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/DeleteBucketAnalyticsConfiguration) # DeleteBucketCors **Note** This operation is not supported for directory buckets. Deletes the `cors` configuration information set for the bucket. To use this operation, you must have permission to perform the `s3:PutBucketCORS` action. The bucket owner has this permission by default and can grant this permission to others. For information about `cors`, see [Enabling Cross-Origin Resource Sharing](https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html) in the *Amazon S3 User Guide*. **Related Resources** + [PutBucketCors](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketCors.html) + [RESTOPTIONSobject](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTOPTIONSobject.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` DELETE /?cors HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-expected-bucket-owner: ExpectedBucketOwner ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_DeleteBucketCors_RequestSyntax) ** Specifies the bucket whose `cors` configuration is being deleted. Required: Yes ** [x-amz-expected-bucket-owner](#API_DeleteBucketCors_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ## Request Body The request does not have a request body. ## Response Syntax ``` HTTP/1.1 204 ``` ## Response Elements If the action is successful, the service sends back an HTTP 204 response with an empty HTTP body. ## Examples ### Sample Request This example illustrates one usage of `DeleteBucketCors`. ``` DELETE /?cors HTTP/1.1 Host: amzn-s3-demo-bucket.s3..amazonaws.com Date: Tue, 13 Dec 2011 19:14:42 GMT Authorization: signatureValue ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/DeleteBucketCors) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/DeleteBucketCors) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/DeleteBucketCors) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/DeleteBucketCors) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/DeleteBucketCors) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/DeleteBucketCors) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/DeleteBucketCors) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/DeleteBucketCors) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/DeleteBucketCors) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/DeleteBucketCors) # DeleteBucketEncryption This implementation of the DELETE action resets the default encryption for the bucket as server-side encryption with Amazon S3 managed keys (SSE-S3). **Note** **General purpose buckets** - For information about the bucket default encryption feature, see [Amazon S3 Bucket Default Encryption](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html) in the *Amazon S3 User Guide*. **Directory buckets** - For directory buckets, there are only two supported options for server-side encryption: SSE-S3 and SSE-KMS. For information about the default encryption configuration in directory buckets, see [Setting default server-side encryption behavior for directory buckets](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-bucket-encryption.html). Permissions + **General purpose bucket permissions** - The `s3:PutEncryptionConfiguration` permission is required in a policy. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see [Permissions Related to Bucket Operations](https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) and [Managing Access Permissions to Your Amazon S3 Resources](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html). + **Directory bucket permissions** - To grant access to this API operation, you must have the `s3express:PutEncryptionConfiguration` permission in an IAM identity-based policy instead of a bucket policy. Cross-account access to this API operation isn't supported. This operation can only be performed by the AWS account that owns the resource. For more information about directory bucket policies and permissions, see [AWS Identity and Access Management (IAM) for S3 Express One Zone](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam.html) in the *Amazon S3 User Guide*. HTTP Host header syntax **Directory buckets ** - The HTTP Host header syntax is `s3express-control.region-code.amazonaws.com`. The following operations are related to `DeleteBucketEncryption`: + [PutBucketEncryption](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketEncryption.html) + [GetBucketEncryption](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketEncryption.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` DELETE /?encryption HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-expected-bucket-owner: ExpectedBucketOwner ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_DeleteBucketEncryption_RequestSyntax) ** The name of the bucket containing the server-side encryption configuration to delete. **Directory buckets ** - When you use this operation with a directory bucket, you must use path-style requests in the format `https://s3express-control.region-code.amazonaws.com/bucket-name `. Virtual-hosted-style requests aren't supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must also follow the format ` bucket-base-name--zone-id--x-s3` (for example, ` DOC-EXAMPLE-BUCKET--usw2-az1--x-s3`). For information about bucket naming restrictions, see [Directory bucket naming rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) in the *Amazon S3 User Guide* Required: Yes ** [x-amz-expected-bucket-owner](#API_DeleteBucketEncryption_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). For directory buckets, this header is not supported in this API operation. If you specify this header, the request fails with the HTTP status code `501 Not Implemented`. ## Request Body The request does not have a request body. ## Response Syntax ``` HTTP/1.1 204 ``` ## Response Elements If the action is successful, the service sends back an HTTP 204 response with an empty HTTP body. ## Examples ### Sample Request for a general purpose bucket The following `DELETE` request resets the default encryption for the bucket as server-side encryption with Amazon S3 managed keys (SSE-S3). ``` DELETE ?/encryption HTTP/1.1 Host: amzn-s3-demo-bucket.s3..amazonaws.com Date: Wed, 06 Sep 2017 12:00:00 GMT Authorization: signatureValue ``` ### Sample Response for a general purpose bucket The following successful response shows Amazon S3 returning a `204 No Content` response confirming that default encryption for the bucket has been reset as server-side encryption with Amazon S3 managed keys (SSE-S3). ``` HTTP/1.1 204 No Content x-amz-id-2: 0FmFIWsh/PpBuzZ0JFRC55ZGVmQW4SHJ7xVDqKwhEdJmf3q63RtrvH8ZuxW1Bol5 x-amz-request-id: 0CF038E9BCF63097 Date: Wed, 06 Sep 2017 12:00:00 GMT Server: AmazonS3 ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/DeleteBucketEncryption) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/DeleteBucketEncryption) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/DeleteBucketEncryption) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/DeleteBucketEncryption) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/DeleteBucketEncryption) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/DeleteBucketEncryption) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/DeleteBucketEncryption) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/DeleteBucketEncryption) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/DeleteBucketEncryption) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/DeleteBucketEncryption) # DeleteBucketIntelligentTieringConfiguration **Note** This operation is not supported for directory buckets. Deletes the S3 Intelligent-Tiering configuration from the specified bucket. The S3 Intelligent-Tiering storage class is designed to optimize storage costs by automatically moving data to the most cost-effective storage access tier, without performance impact or operational overhead. S3 Intelligent-Tiering delivers automatic cost savings in three low latency and high throughput access tiers. To get the lowest storage cost on data that can be accessed in minutes to hours, you can choose to activate additional archiving capabilities. The S3 Intelligent-Tiering storage class is the ideal storage class for data with unknown, changing, or unpredictable access patterns, independent of object size or retention period. If the size of an object is less than 128 KB, it is not monitored and not eligible for auto-tiering. Smaller objects can be stored, but they are always charged at the Frequent Access tier rates in the S3 Intelligent-Tiering storage class. For more information, see [Storage class for automatically optimizing frequently and infrequently accessed objects](https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html#sc-dynamic-data-access). Operations related to `DeleteBucketIntelligentTieringConfiguration` include: + [GetBucketIntelligentTieringConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketIntelligentTieringConfiguration.html) + [PutBucketIntelligentTieringConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketIntelligentTieringConfiguration.html) + [ListBucketIntelligentTieringConfigurations](https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketIntelligentTieringConfigurations.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` DELETE /?intelligent-tiering&id=Id HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-expected-bucket-owner: ExpectedBucketOwner ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_DeleteBucketIntelligentTieringConfiguration_RequestSyntax) ** The name of the Amazon S3 bucket whose configuration you want to modify or retrieve. Required: Yes ** [id](#API_DeleteBucketIntelligentTieringConfiguration_RequestSyntax) ** The ID used to identify the S3 Intelligent-Tiering configuration. Required: Yes ** [x-amz-expected-bucket-owner](#API_DeleteBucketIntelligentTieringConfiguration_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ## Request Body The request does not have a request body. ## Response Syntax ``` HTTP/1.1 204 ``` ## Response Elements If the action is successful, the service sends back an HTTP 204 response with an empty HTTP body. ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/DeleteBucketIntelligentTieringConfiguration) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/DeleteBucketIntelligentTieringConfiguration) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/DeleteBucketIntelligentTieringConfiguration) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/DeleteBucketIntelligentTieringConfiguration) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/DeleteBucketIntelligentTieringConfiguration) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/DeleteBucketIntelligentTieringConfiguration) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/DeleteBucketIntelligentTieringConfiguration) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/DeleteBucketIntelligentTieringConfiguration) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/DeleteBucketIntelligentTieringConfiguration) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/DeleteBucketIntelligentTieringConfiguration) # DeleteBucketInventoryConfiguration **Note** This operation is not supported for directory buckets. Deletes an S3 Inventory configuration (identified by the inventory ID) from the bucket. To use this operation, you must have permissions to perform the `s3:PutInventoryConfiguration` action. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see [Permissions Related to Bucket Subresource Operations](https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) and [Managing Access Permissions to Your Amazon S3 Resources](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html). For information about the Amazon S3 inventory feature, see [Amazon S3 Inventory](https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-inventory.html). **Note** After deleting a configuration, Amazon S3 might still deliver one additional inventory report during a brief transition period while the system processes the deletion. Operations related to `DeleteBucketInventoryConfiguration` include: + [GetBucketInventoryConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketInventoryConfiguration.html) + [PutBucketInventoryConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketInventoryConfiguration.html) + [ListBucketInventoryConfigurations](https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketInventoryConfigurations.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` DELETE /?inventory&id=Id HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-expected-bucket-owner: ExpectedBucketOwner ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_DeleteBucketInventoryConfiguration_RequestSyntax) ** The name of the bucket containing the inventory configuration to delete. Required: Yes ** [id](#API_DeleteBucketInventoryConfiguration_RequestSyntax) ** The ID used to identify the inventory configuration. Required: Yes ** [x-amz-expected-bucket-owner](#API_DeleteBucketInventoryConfiguration_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ## Request Body The request does not have a request body. ## Response Syntax ``` HTTP/1.1 204 ``` ## Response Elements If the action is successful, the service sends back an HTTP 204 response with an empty HTTP body. ## Examples ### Sample Request The following DELETE request deletes the inventory configuration with the ID `list1`. ``` DELETE ?/inventory&id=list1 HTTP/1.1 Host: amzn-s3-demo-bucket.s3..amazonaws.com Date: Wed, 14 May 2014 02:11:22 GMT Authorization: signatureValue ``` ### Sample Response The following successful response shows Amazon S3 returning a `204 No Content` response. The inventory configuration with the ID `list1` for the bucket has been removed. ``` HTTP/1.1 204 No Content x-amz-id-2: 0FmFIWsh/PpBuzZ0JFRC55ZGVmQW4SHJ7xVDqKwhEdJmf3q63RtrvH8ZuxW1Bol5 x-amz-request-id: 0CF038E9BCF63097 Date: Wed, 14 May 2014 02:11:22 GMT Server: AmazonS3 ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/DeleteBucketInventoryConfiguration) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/DeleteBucketInventoryConfiguration) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/DeleteBucketInventoryConfiguration) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/DeleteBucketInventoryConfiguration) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/DeleteBucketInventoryConfiguration) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/DeleteBucketInventoryConfiguration) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/DeleteBucketInventoryConfiguration) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/DeleteBucketInventoryConfiguration) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/DeleteBucketInventoryConfiguration) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/DeleteBucketInventoryConfiguration) # DeleteBucketLifecycle Deletes the lifecycle configuration from the specified bucket. Amazon S3 removes all the lifecycle configuration rules in the lifecycle subresource associated with the bucket. Your objects never expire, and Amazon S3 no longer automatically deletes any objects on the basis of rules contained in the deleted lifecycle configuration. Permissions + **General purpose bucket permissions** - By default, all Amazon S3 resources are private, including buckets, objects, and related subresources (for example, lifecycle configuration and website configuration). Only the resource owner (that is, the AWS account that created it) can access the resource. The resource owner can optionally grant access permissions to others by writing an access policy. For this operation, a user must have the `s3:PutLifecycleConfiguration` permission. For more information about permissions, see [Managing Access Permissions to Your Amazon S3 Resources](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html). + **Directory bucket permissions** - You must have the `s3express:PutLifecycleConfiguration` permission in an IAM identity-based policy to use this operation. Cross-account access to this API operation isn't supported. The resource owner can optionally grant access permissions to others by creating a role or user for them as long as they are within the same account as the owner and resource. For more information about directory bucket policies and permissions, see [Authorizing Regional endpoint APIs with IAM](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam.html) in the *Amazon S3 User Guide*. **Note** **Directory buckets ** - For directory buckets, you must make requests for this API operation to the Regional endpoint. These endpoints support path-style requests in the format `https://s3express-control.region-code.amazonaws.com/bucket-name `. Virtual-hosted-style requests aren't supported. For more information about endpoints in Availability Zones, see [Regional and Zonal endpoints for directory buckets in Availability Zones](https://docs.aws.amazon.com/AmazonS3/latest/userguide/endpoint-directory-buckets-AZ.html) in the *Amazon S3 User Guide*. For more information about endpoints in Local Zones, see [Concepts for directory buckets in Local Zones](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-lzs-for-directory-buckets.html) in the *Amazon S3 User Guide*. HTTP Host header syntax **Directory buckets ** - The HTTP Host header syntax is `s3express-control.region.amazonaws.com`. For more information about the object expiration, see [Elements to Describe Lifecycle Actions](https://docs.aws.amazon.com/AmazonS3/latest/dev/intro-lifecycle-rules.html#intro-lifecycle-rules-actions). Related actions include: + [PutBucketLifecycleConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html) + [GetBucketLifecycleConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycleConfiguration.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` DELETE /?lifecycle HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-expected-bucket-owner: ExpectedBucketOwner ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_DeleteBucketLifecycle_RequestSyntax) ** The bucket name of the lifecycle to delete. Required: Yes ** [x-amz-expected-bucket-owner](#API_DeleteBucketLifecycle_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). This parameter applies to general purpose buckets only. It is not supported for directory bucket lifecycle configurations. ## Request Body The request does not have a request body. ## Response Syntax ``` HTTP/1.1 204 ``` ## Response Elements If the action is successful, the service sends back an HTTP 204 response with an empty HTTP body. ## Examples ### Sample Request The following DELETE request deletes the lifecycle subresource from the specified general purpose bucket. This removes lifecycle configuration stored in the subresource. ``` DELETE /?lifecycle HTTP/1.1 Host: amzn-s3-demo-bucket.s3..amazonaws.com Date: Wed, 14 Dec 2011 05:37:16 GMT Authorization: signatureValue ``` ### Sample Response The following successful response shows Amazon S3 returning a 204 No Content response. Objects in your general purpose bucket no longer expire. ``` HTTP/1.1 204 No Content x-amz-id-2: Uuag1LuByRx9e6j5OnimrSAMPLEtRPfTaOAa== x-amz-request-id: 656c76696e672SAMPLE5657374 Date: Wed, 14 Dec 2011 05:37:16 GMT Connection: keep-alive Server: AmazonS3 ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/DeleteBucketLifecycle) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/DeleteBucketLifecycle) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/DeleteBucketLifecycle) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/DeleteBucketLifecycle) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/DeleteBucketLifecycle) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/DeleteBucketLifecycle) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/DeleteBucketLifecycle) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/DeleteBucketLifecycle) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/DeleteBucketLifecycle) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/DeleteBucketLifecycle) # DeleteBucketMetadataConfiguration Deletes an S3 Metadata configuration from a general purpose bucket. For more information, see [Accelerating data discovery with S3 Metadata](https://docs.aws.amazon.com/AmazonS3/latest/userguide/metadata-tables-overview.html) in the *Amazon S3 User Guide*. **Note** You can use the V2 `DeleteBucketMetadataConfiguration` API operation with V1 or V2 metadata configurations. However, if you try to use the V1 `DeleteBucketMetadataTableConfiguration` API operation with V2 configurations, you will receive an HTTP `405 Method Not Allowed` error. Permissions To use this operation, you must have the `s3:DeleteBucketMetadataTableConfiguration` permission. For more information, see [Setting up permissions for configuring metadata tables](https://docs.aws.amazon.com/AmazonS3/latest/userguide/metadata-tables-permissions.html) in the *Amazon S3 User Guide*. The IAM policy action name is the same for the V1 and V2 API operations. The following operations are related to `DeleteBucketMetadataConfiguration`: + [CreateBucketMetadataConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucketMetadataConfiguration.html) + [GetBucketMetadataConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketMetadataConfiguration.html) + [UpdateBucketMetadataInventoryTableConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_UpdateBucketMetadataInventoryTableConfiguration.html) + [UpdateBucketMetadataJournalTableConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_UpdateBucketMetadataJournalTableConfiguration.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` DELETE /?metadataConfiguration HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-expected-bucket-owner: ExpectedBucketOwner ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_DeleteBucketMetadataConfiguration_RequestSyntax) ** The general purpose bucket that you want to remove the metadata configuration from. Required: Yes ** [x-amz-expected-bucket-owner](#API_DeleteBucketMetadataConfiguration_RequestSyntax) ** The expected bucket owner of the general purpose bucket that you want to remove the metadata table configuration from. ## Request Body The request does not have a request body. ## Response Syntax ``` HTTP/1.1 204 ``` ## Response Elements If the action is successful, the service sends back an HTTP 204 response with an empty HTTP body. ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/DeleteBucketMetadataConfiguration) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/DeleteBucketMetadataConfiguration) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/DeleteBucketMetadataConfiguration) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/DeleteBucketMetadataConfiguration) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/DeleteBucketMetadataConfiguration) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/DeleteBucketMetadataConfiguration) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/DeleteBucketMetadataConfiguration) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/DeleteBucketMetadataConfiguration) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/DeleteBucketMetadataConfiguration) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/DeleteBucketMetadataConfiguration) # DeleteBucketMetadataTableConfiguration **Important** We recommend that you delete your S3 Metadata configurations by using the V2 [DeleteBucketMetadataTableConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketMetadataTableConfiguration.html) API operation. We no longer recommend using the V1 `DeleteBucketMetadataTableConfiguration` API operation. If you created your S3 Metadata configuration before July 15, 2025, we recommend that you delete and re-create your configuration by using [CreateBucketMetadataConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucketMetadataConfiguration.html) so that you can expire journal table records and create a live inventory table. Deletes a V1 S3 Metadata configuration from a general purpose bucket. For more information, see [Accelerating data discovery with S3 Metadata](https://docs.aws.amazon.com/AmazonS3/latest/userguide/metadata-tables-overview.html) in the *Amazon S3 User Guide*. **Note** You can use the V2 `DeleteBucketMetadataConfiguration` API operation with V1 or V2 metadata table configurations. However, if you try to use the V1 `DeleteBucketMetadataTableConfiguration` API operation with V2 configurations, you will receive an HTTP `405 Method Not Allowed` error. Make sure that you update your processes to use the new V2 API operations (`CreateBucketMetadataConfiguration`, `GetBucketMetadataConfiguration`, and `DeleteBucketMetadataConfiguration`) instead of the V1 API operations. Permissions To use this operation, you must have the `s3:DeleteBucketMetadataTableConfiguration` permission. For more information, see [Setting up permissions for configuring metadata tables](https://docs.aws.amazon.com/AmazonS3/latest/userguide/metadata-tables-permissions.html) in the *Amazon S3 User Guide*. The following operations are related to `DeleteBucketMetadataTableConfiguration`: + [CreateBucketMetadataTableConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucketMetadataTableConfiguration.html) + [GetBucketMetadataTableConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketMetadataTableConfiguration.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` DELETE /?metadataTable HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-expected-bucket-owner: ExpectedBucketOwner ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_DeleteBucketMetadataTableConfiguration_RequestSyntax) ** The general purpose bucket that you want to remove the metadata table configuration from. Required: Yes ** [x-amz-expected-bucket-owner](#API_DeleteBucketMetadataTableConfiguration_RequestSyntax) ** The expected bucket owner of the general purpose bucket that you want to remove the metadata table configuration from. ## Request Body The request does not have a request body. ## Response Syntax ``` HTTP/1.1 204 ``` ## Response Elements If the action is successful, the service sends back an HTTP 204 response with an empty HTTP body. ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/DeleteBucketMetadataTableConfiguration) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/DeleteBucketMetadataTableConfiguration) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/DeleteBucketMetadataTableConfiguration) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/DeleteBucketMetadataTableConfiguration) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/DeleteBucketMetadataTableConfiguration) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/DeleteBucketMetadataTableConfiguration) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/DeleteBucketMetadataTableConfiguration) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/DeleteBucketMetadataTableConfiguration) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/DeleteBucketMetadataTableConfiguration) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/DeleteBucketMetadataTableConfiguration) # DeleteBucketMetricsConfiguration Deletes a metrics configuration for the Amazon CloudWatch request metrics (specified by the metrics configuration ID) from the bucket. Note that this doesn't include the daily storage metrics. **Note** **Directory buckets ** - For directory buckets, you must make requests for this API operation to the Regional endpoint. These endpoints support path-style requests in the format `https://s3express-control.region-code.amazonaws.com/bucket-name `. Virtual-hosted-style requests aren't supported. For more information about endpoints in Availability Zones, see [Regional and Zonal endpoints for directory buckets in Availability Zones](https://docs.aws.amazon.com/AmazonS3/latest/userguide/endpoint-directory-buckets-AZ.html) in the *Amazon S3 User Guide*. For more information about endpoints in Local Zones, see [Concepts for directory buckets in Local Zones](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-lzs-for-directory-buckets.html) in the *Amazon S3 User Guide*. Permissions To use this operation, you must have permissions to perform the `s3:PutMetricsConfiguration` action. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see [Permissions Related to Bucket Subresource Operations](https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) and [Managing Access Permissions to Your Amazon S3 Resources](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html). + **General purpose bucket permissions** - The `s3:PutMetricsConfiguration` permission is required in a policy. For more information about general purpose buckets permissions, see [Using Bucket Policies and User Policies](https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html) in the *Amazon S3 User Guide*. + **Directory bucket permissions** - To grant access to this API operation, you must have the `s3express:PutMetricsConfiguration` permission in an IAM identity-based policy instead of a bucket policy. Cross-account access to this API operation isn't supported. This operation can only be performed by the AWS account that owns the resource. For more information about directory bucket policies and permissions, see [AWS Identity and Access Management (IAM) for S3 Express One Zone](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam.html) in the *Amazon S3 User Guide*. HTTP Host header syntax **Directory buckets ** - The HTTP Host header syntax is `s3express-control.region-code.amazonaws.com`. For information about CloudWatch request metrics for Amazon S3, see [Monitoring Metrics with Amazon CloudWatch](https://docs.aws.amazon.com/AmazonS3/latest/dev/cloudwatch-monitoring.html). The following operations are related to `DeleteBucketMetricsConfiguration`: + [GetBucketMetricsConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketMetricsConfiguration.html) + [PutBucketMetricsConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketMetricsConfiguration.html) + [ListBucketMetricsConfigurations](https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketMetricsConfigurations.html) + [Monitoring Metrics with Amazon CloudWatch](https://docs.aws.amazon.com/AmazonS3/latest/dev/cloudwatch-monitoring.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` DELETE /?metrics&id=Id HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-expected-bucket-owner: ExpectedBucketOwner ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_DeleteBucketMetricsConfiguration_RequestSyntax) ** The name of the bucket containing the metrics configuration to delete. **Directory buckets ** - When you use this operation with a directory bucket, you must use path-style requests in the format `https://s3express-control.region-code.amazonaws.com/bucket-name `. Virtual-hosted-style requests aren't supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must also follow the format ` bucket-base-name--zone-id--x-s3` (for example, ` DOC-EXAMPLE-BUCKET--usw2-az1--x-s3`). For information about bucket naming restrictions, see [Directory bucket naming rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) in the *Amazon S3 User Guide* Required: Yes ** [id](#API_DeleteBucketMetricsConfiguration_RequestSyntax) ** The ID used to identify the metrics configuration. The ID has a 64 character limit and can only contain letters, numbers, periods, dashes, and underscores. Required: Yes ** [x-amz-expected-bucket-owner](#API_DeleteBucketMetricsConfiguration_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). For directory buckets, this header is not supported in this API operation. If you specify this header, the request fails with the HTTP status code `501 Not Implemented`. ## Request Body The request does not have a request body. ## Response Syntax ``` HTTP/1.1 204 ``` ## Response Elements If the action is successful, the service sends back an HTTP 204 response with an empty HTTP body. ## Examples ### Sample Request Delete the metric configuration with a specified ID, which disables the CloudWatch metrics with the `ExampleMetrics` value for the `FilterId` dimension. ``` DELETE /?metrics&id=ExampleMetrics HTTP/1.1 Host: amzn-s3-demo-bucket.s3..amazonaws.com x-amz-date: Thu, 15 Nov 2016 00:17:21 GMT Authorization: signatureValue ``` ### Sample Response Delete the metric configuration with a specified ID, which disables the CloudWatch metrics with the `ExampleMetrics` value for the `FilterId` dimension. ``` HTTP/1.1 204 No Content x-amz-id-2: ITnGT1y4REXAMPLEPi4hklTXouTf0hccUjo0iCPEXAMPLEutBj3M7fPGlWO2SEWp x-amz-request-id: 51991EXAMPLE5321 Date: Thu, 15 Nov 2016 00:17:22 GMT Server: AmazonS3 ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/DeleteBucketMetricsConfiguration) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/DeleteBucketMetricsConfiguration) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/DeleteBucketMetricsConfiguration) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/DeleteBucketMetricsConfiguration) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/DeleteBucketMetricsConfiguration) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/DeleteBucketMetricsConfiguration) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/DeleteBucketMetricsConfiguration) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/DeleteBucketMetricsConfiguration) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/DeleteBucketMetricsConfiguration) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/DeleteBucketMetricsConfiguration) # DeleteBucketOwnershipControls **Note** This operation is not supported for directory buckets. Removes `OwnershipControls` for an Amazon S3 bucket. To use this operation, you must have the `s3:PutBucketOwnershipControls` permission. For more information about Amazon S3 permissions, see [Specifying Permissions in a Policy](https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html). For information about Amazon S3 Object Ownership, see [Using Object Ownership](https://docs.aws.amazon.com/AmazonS3/latest/dev/about-object-ownership.html). The following operations are related to `DeleteBucketOwnershipControls`: + [GetBucketOwnershipControls](API_GetBucketOwnershipControls.md) + [PutBucketOwnershipControls](API_PutBucketOwnershipControls.md) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` DELETE /?ownershipControls HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-expected-bucket-owner: ExpectedBucketOwner ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_DeleteBucketOwnershipControls_RequestSyntax) ** The Amazon S3 bucket whose `OwnershipControls` you want to delete. Required: Yes ** [x-amz-expected-bucket-owner](#API_DeleteBucketOwnershipControls_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ## Request Body The request does not have a request body. ## Response Syntax ``` HTTP/1.1 204 ``` ## Response Elements If the action is successful, the service sends back an HTTP 204 response with an empty HTTP body. ## Examples ### Sample DeleteBucketOwnershipControls Request This example illustrates one usage of DeleteBucketOwnershipControls. ``` DELETE /example-bucket?/ownershipControls HTTP/1.1 Host: examplebucket.s3..amazonaws.com Date: Thu, 18 Jun 2017 00:17:22 GMT Authorization: signatureValue; ``` ### Sample DeleteBucketOwnershipControls Response This example illustrates one usage of DeleteBucketOwnershipControls. ``` HTTP/1.1 204 No Content x-amz-id-2: dVrxJD3XHDcjZHFtd7eSB+ovpY8hQ6kSe9jPzyRVkWp27cij05qV1pTIvz/hjlsrupiy9gEkSdw= x-amz-request-id: 4BFC0B777B448C97 Date: Thu, 18 Jun 2020 22:54:03 GMT Server: AmazonS3 ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/DeleteBucketOwnershipControls) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/DeleteBucketOwnershipControls) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/DeleteBucketOwnershipControls) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/DeleteBucketOwnershipControls) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/DeleteBucketOwnershipControls) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/DeleteBucketOwnershipControls) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/DeleteBucketOwnershipControls) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/DeleteBucketOwnershipControls) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/DeleteBucketOwnershipControls) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/DeleteBucketOwnershipControls) # DeleteBucketPolicy Deletes the policy of a specified bucket. **Note** **Directory buckets ** - For directory buckets, you must make requests for this API operation to the Regional endpoint. These endpoints support path-style requests in the format `https://s3express-control.region-code.amazonaws.com/bucket-name `. Virtual-hosted-style requests aren't supported. For more information about endpoints in Availability Zones, see [Regional and Zonal endpoints for directory buckets in Availability Zones](https://docs.aws.amazon.com/AmazonS3/latest/userguide/endpoint-directory-buckets-AZ.html) in the *Amazon S3 User Guide*. For more information about endpoints in Local Zones, see [Concepts for directory buckets in Local Zones](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-lzs-for-directory-buckets.html) in the *Amazon S3 User Guide*. Permissions If you are using an identity other than the root user of the AWS account that owns the bucket, the calling identity must both have the `DeleteBucketPolicy` permissions on the specified bucket and belong to the bucket owner's account in order to use this operation. If you don't have `DeleteBucketPolicy` permissions, Amazon S3 returns a `403 Access Denied` error. If you have the correct permissions, but you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a `405 Method Not Allowed` error. To ensure that bucket owners don't inadvertently lock themselves out of their own buckets, the root principal in a bucket owner's AWS account can perform the `GetBucketPolicy`, `PutBucketPolicy`, and `DeleteBucketPolicy` API actions, even if their bucket policy explicitly denies the root principal's access. Bucket owner root principals can only be blocked from performing these API actions by VPC endpoint policies and AWS Organizations policies. + **General purpose bucket permissions** - The `s3:DeleteBucketPolicy` permission is required in a policy. For more information about general purpose buckets bucket policies, see [Using Bucket Policies and User Policies](https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html) in the *Amazon S3 User Guide*. + **Directory bucket permissions** - To grant access to this API operation, you must have the `s3express:DeleteBucketPolicy` permission in an IAM identity-based policy instead of a bucket policy. Cross-account access to this API operation isn't supported. This operation can only be performed by the AWS account that owns the resource. For more information about directory bucket policies and permissions, see [AWS Identity and Access Management (IAM) for S3 Express One Zone](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam.html) in the *Amazon S3 User Guide*. HTTP Host header syntax **Directory buckets ** - The HTTP Host header syntax is `s3express-control.region-code.amazonaws.com`. The following operations are related to `DeleteBucketPolicy` + [CreateBucket](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html) + [DeleteObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` DELETE /?policy HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-expected-bucket-owner: ExpectedBucketOwner ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_DeleteBucketPolicy_RequestSyntax) ** The bucket name. **Directory buckets ** - When you use this operation with a directory bucket, you must use path-style requests in the format `https://s3express-control.region-code.amazonaws.com/bucket-name `. Virtual-hosted-style requests aren't supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must also follow the format ` bucket-base-name--zone-id--x-s3` (for example, ` DOC-EXAMPLE-BUCKET--usw2-az1--x-s3`). For information about bucket naming restrictions, see [Directory bucket naming rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) in the *Amazon S3 User Guide* Required: Yes ** [x-amz-expected-bucket-owner](#API_DeleteBucketPolicy_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). For directory buckets, this header is not supported in this API operation. If you specify this header, the request fails with the HTTP status code `501 Not Implemented`. ## Request Body The request does not have a request body. ## Response Syntax ``` HTTP/1.1 204 ``` ## Response Elements If the action is successful, the service sends back an HTTP 204 response with an empty HTTP body. ## Examples ### Sample Request for general purpose buckets This request deletes the bucket named `amzn-s3-demo-bucket`. ``` DELETE /?policy HTTP/1.1 Host: amzn-s3-demo-bucket.s3..amazonaws.com Date: Tue, 04 Apr 2010 20:34:56 GMT Authorization: signatureValue ``` ### Sample Response for general purpose buckets This example illustrates one usage of DeleteBucketPolicy. ``` HTTP/1.1 204 No Content x-amz-id-2: Uuag1LuByRx9e6j5OnimrSAMPLEtRPfTaOFg== x-amz-request-id: 656c76696e672SAMPLE5657374 Date: Tue, 04 Apr 2010 20:34:56 GMT Connection: keep-alive Server: AmazonS3 ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/DeleteBucketPolicy) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/DeleteBucketPolicy) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/DeleteBucketPolicy) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/DeleteBucketPolicy) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/DeleteBucketPolicy) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/DeleteBucketPolicy) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/DeleteBucketPolicy) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/DeleteBucketPolicy) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/DeleteBucketPolicy) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/DeleteBucketPolicy) # DeleteBucketReplication **Note** This operation is not supported for directory buckets. Deletes the replication configuration from the bucket. To use this operation, you must have permissions to perform the `s3:PutReplicationConfiguration` action. The bucket owner has these permissions by default and can grant it to others. For more information about permissions, see [Permissions Related to Bucket Subresource Operations](https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) and [Managing Access Permissions to Your Amazon S3 Resources](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html). **Note** It can take a while for the deletion of a replication configuration to fully propagate. For information about replication configuration, see [Replication](https://docs.aws.amazon.com/AmazonS3/latest/dev/replication.html) in the *Amazon S3 User Guide*. The following operations are related to `DeleteBucketReplication`: + [PutBucketReplication](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketReplication.html) + [GetBucketReplication](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketReplication.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` DELETE /?replication HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-expected-bucket-owner: ExpectedBucketOwner ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_DeleteBucketReplication_RequestSyntax) ** The bucket name. Required: Yes ** [x-amz-expected-bucket-owner](#API_DeleteBucketReplication_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ## Request Body The request does not have a request body. ## Response Syntax ``` HTTP/1.1 204 ``` ## Response Elements If the action is successful, the service sends back an HTTP 204 response with an empty HTTP body. ## Examples ### Sample Request The following DELETE request deletes the `replication` subresource from the specified bucket. This removes the replication configuration that is set for the bucket. ``` DELETE /?replication HTTP/1.1 Host: amzn-s3-demo-bucket.s3..amazonaws.com Date: Wed, 11 Feb 2015 05:37:16 GMT 20150211T171320Z Authorization: authorization string ``` ### Sample Response When the `replication` subresource has been deleted, Amazon S3 returns a `204 No Content` response. It will not replicate new objects that are stored in the `examplebucket` bucket. ``` HTTP/1.1 204 No Content x-amz-id-2: Uuag1LuByRx9e6j5OnimrSAMPLEtRPfTaOAa== x-amz-request-id: 656c76696e672example Date: Wed, 11 Feb 2015 05:37:16 GMT Connection: keep-alive Server: AmazonS3 ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/DeleteBucketReplication) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/DeleteBucketReplication) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/DeleteBucketReplication) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/DeleteBucketReplication) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/DeleteBucketReplication) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/DeleteBucketReplication) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/DeleteBucketReplication) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/DeleteBucketReplication) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/DeleteBucketReplication) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/DeleteBucketReplication) # DeleteBucketTagging **Note** This operation is not supported for directory buckets. Deletes tags from the general purpose bucket if attribute based access control (ABAC) is not enabled for the bucket. When you [enable ABAC for a general purpose bucket](https://docs.aws.amazon.com/AmazonS3/latest/userguide/buckets-tagging-enable-abac.html), you can no longer use this operation for that bucket and must use [UntagResource](https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_UntagResource.html) instead. To use this operation, you must have permission to perform the `s3:PutBucketTagging` action. By default, the bucket owner has this permission and can grant this permission to others. The following operations are related to `DeleteBucketTagging`: + [GetBucketTagging](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketTagging.html) + [PutBucketTagging](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketTagging.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` DELETE /?tagging HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-expected-bucket-owner: ExpectedBucketOwner ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_DeleteBucketTagging_RequestSyntax) ** The bucket that has the tag set to be removed. Required: Yes ** [x-amz-expected-bucket-owner](#API_DeleteBucketTagging_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ## Request Body The request does not have a request body. ## Response Syntax ``` HTTP/1.1 204 ``` ## Response Elements If the action is successful, the service sends back an HTTP 204 response with an empty HTTP body. ## Examples ### Sample Request The following DELETE request deletes the tag set from the specified bucket. ``` DELETE /?tagging HTTP/1.1 Host: amzn-s3-demo-bucket.s3..amazonaws.com Date: Wed, 14 Dec 2011 05:37:16 GMT Authorization: signatureValue ``` ### Sample Response The following successful response shows Amazon S3 returning a `204 No Content` response. The tag set for the bucket has been removed. ``` HTTP/1.1 204 No Content Date: Wed, 25 Nov 2009 12:00:00 GMT Connection: close Server: AmazonS3 ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/DeleteBucketTagging) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/DeleteBucketTagging) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/DeleteBucketTagging) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/DeleteBucketTagging) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/DeleteBucketTagging) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/DeleteBucketTagging) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/DeleteBucketTagging) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/DeleteBucketTagging) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/DeleteBucketTagging) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/DeleteBucketTagging) # DeleteBucketWebsite **Note** This operation is not supported for directory buckets. This action removes the website configuration for a bucket. Amazon S3 returns a `200 OK` response upon successfully deleting a website configuration on the specified bucket. You will get a `200 OK` response if the website configuration you are trying to delete does not exist on the bucket. Amazon S3 returns a `404` response if the bucket specified in the request does not exist. This DELETE action requires the `S3:DeleteBucketWebsite` permission. By default, only the bucket owner can delete the website configuration attached to a bucket. However, bucket owners can grant other users permission to delete the website configuration by writing a bucket policy granting them the `S3:DeleteBucketWebsite` permission. For more information about hosting websites, see [Hosting Websites on Amazon S3](https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html). The following operations are related to `DeleteBucketWebsite`: + [GetBucketWebsite](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketWebsite.html) + [PutBucketWebsite](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketWebsite.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` DELETE /?website HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-expected-bucket-owner: ExpectedBucketOwner ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_DeleteBucketWebsite_RequestSyntax) ** The bucket name for which you want to remove the website configuration. Required: Yes ** [x-amz-expected-bucket-owner](#API_DeleteBucketWebsite_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ## Request Body The request does not have a request body. ## Response Syntax ``` HTTP/1.1 204 ``` ## Response Elements If the action is successful, the service sends back an HTTP 204 response with an empty HTTP body. ## Examples ### Sample Request This request deletes the website configuration on the specified bucket. ``` DELETE ?website HTTP/1.1 Host: amzn-s3-demo-bucket.s3..amazonaws.com Date: Thu, 27 Jan 2011 12:00:00 GMT Authorization: signatureValue ``` ### Sample Response This example illustrates one usage of DeleteBucketWebsite. ``` HTTP/1.1 204 No Content x-amz-id-2: aws-s3integ-s3ws-31008.sea31.amazon.com x-amz-request-id: AF1DD829D3B49707 Date: Thu, 03 Feb 2011 22:10:26 GMT Server: AmazonS3 ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/DeleteBucketWebsite) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/DeleteBucketWebsite) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/DeleteBucketWebsite) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/DeleteBucketWebsite) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/DeleteBucketWebsite) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/DeleteBucketWebsite) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/DeleteBucketWebsite) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/DeleteBucketWebsite) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/DeleteBucketWebsite) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/DeleteBucketWebsite) # DeleteObject Removes an object from a bucket. The behavior depends on the bucket's versioning state: + If bucket versioning is not enabled, the operation permanently deletes the object. + If bucket versioning is enabled, the operation inserts a delete marker, which becomes the current version of the object. To permanently delete an object in a versioned bucket, you must include the object’s `versionId` in the request. For more information about versioning-enabled buckets, see [Deleting object versions from a versioning-enabled bucket](https://docs.aws.amazon.com/AmazonS3/latest/userguide/DeletingObjectVersions.html). + If bucket versioning is suspended, the operation removes the object that has a null `versionId`, if there is one, and inserts a delete marker that becomes the current version of the object. If there isn't an object with a null `versionId`, and all versions of the object have a `versionId`, Amazon S3 does not remove the object and only inserts a delete marker. To permanently delete an object that has a `versionId`, you must include the object’s `versionId` in the request. For more information about versioning-suspended buckets, see [Deleting objects from versioning-suspended buckets](https://docs.aws.amazon.com/AmazonS3/latest/userguide/DeletingObjectsfromVersioningSuspendedBuckets.html). **Note** **Directory buckets** - S3 Versioning isn't enabled and supported for directory buckets. For this API operation, only the `null` value of the version ID is supported by directory buckets. You can only specify `null` to the `versionId` query parameter in the request. **Directory buckets** - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format `https://amzn-s3-demo-bucket.s3express-zone-id.region-code.amazonaws.com/key-name `. Path-style requests are not supported. For more information about endpoints in Availability Zones, see [Regional and Zonal endpoints for directory buckets in Availability Zones](https://docs.aws.amazon.com/AmazonS3/latest/userguide/endpoint-directory-buckets-AZ.html) in the *Amazon S3 User Guide*. For more information about endpoints in Local Zones, see [Concepts for directory buckets in Local Zones](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-lzs-for-directory-buckets.html) in the *Amazon S3 User Guide*. To remove a specific version, you must use the `versionId` query parameter. Using this query parameter permanently deletes the version. If the object deleted is a delete marker, Amazon S3 sets the response header `x-amz-delete-marker` to true. If the object you want to delete is in a bucket where the bucket versioning configuration is MFA Delete enabled, you must include the `x-amz-mfa` request header in the DELETE `versionId` request. Requests that include `x-amz-mfa` must use HTTPS. For more information about MFA Delete, see [Using MFA Delete](https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMFADelete.html) in the *Amazon S3 User Guide*. To see sample requests that use versioning, see [Sample Request](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTObjectDELETE.html#ExampleVersionObjectDelete). **Note** **Directory buckets** - MFA delete is not supported by directory buckets. You can delete objects by explicitly calling DELETE Object or calling ([PutBucketLifecycle](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycle.html)) to enable Amazon S3 to remove them for you. If you want to block users or accounts from removing or deleting objects from your bucket, you must deny them the `s3:DeleteObject`, `s3:DeleteObjectVersion`, and `s3:PutLifeCycleConfiguration` actions. **Note** **Directory buckets** - S3 Lifecycle is not supported by directory buckets. Permissions + **General purpose bucket permissions** - The following permissions are required in your policies when your `DeleteObjects` request includes specific headers. + ** `s3:DeleteObject` ** - To delete an object from a bucket, you must always have the `s3:DeleteObject` permission. + ** `s3:DeleteObjectVersion` ** - To delete a specific version of an object from a versioning-enabled bucket, you must have the `s3:DeleteObjectVersion` permission. **Note** If the `s3:DeleteObject` or `s3:DeleteObjectVersion` permissions are explicitly denied in your bucket policy, attempts to delete any unversioned objects result in a `403 Access Denied` error. + **Directory bucket permissions** - To grant access to this API operation on a directory bucket, we recommend that you use the [https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) API operation for session-based authorization. Specifically, you grant the `s3express:CreateSession` permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the `CreateSession` API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another `CreateSession` API call to generate a new session token for use. AWS CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see [https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). HTTP Host header syntax **Directory buckets ** - The HTTP Host header syntax is ` Bucket-name.s3express-zone-id.region-code.amazonaws.com`. The following action is related to `DeleteObject`: + [PutObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. **Note** The `If-Match` header is supported for both general purpose and directory buckets. `IfMatchLastModifiedTime` and `IfMatchSize` is only supported for directory buckets. ## Request Syntax ``` DELETE /Key+?versionId=VersionId HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-mfa: MFA x-amz-request-payer: RequestPayer x-amz-bypass-governance-retention: BypassGovernanceRetention x-amz-expected-bucket-owner: ExpectedBucketOwner If-Match: IfMatch x-amz-if-match-last-modified-time: IfMatchLastModifiedTime x-amz-if-match-size: IfMatchSize ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_DeleteObject_RequestSyntax) ** The bucket name of the bucket containing the object. **Directory buckets** - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format ` Bucket-name.s3express-zone-id.region-code.amazonaws.com`. Path-style requests are not supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must follow the format ` bucket-base-name--zone-id--x-s3` (for example, ` amzn-s3-demo-bucket--usw2-az1--x-s3`). For information about bucket naming restrictions, see [Directory bucket naming rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) in the *Amazon S3 User Guide*. **Access points** - When you use this action with an access point for general purpose buckets, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When you use this action with an access point for directory buckets, you must provide the access point name in place of the bucket name. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com. When using this action with an access point through the AWS SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see [Using access points](https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) in the *Amazon S3 User Guide*. Object Lambda access points are not supported by directory buckets. **S3 on Outposts** - When you use this action with S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form ` AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com`. When you use this action with S3 on Outposts, the destination bucket must be the Outposts access point ARN or the access point alias. For more information about S3 on Outposts, see [What is S3 on Outposts?](https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) in the *Amazon S3 User Guide*. Required: Yes ** [If-Match](#API_DeleteObject_RequestSyntax) ** Deletes the object if the ETag (entity tag) value provided during the delete operation matches the ETag of the object in S3. If the ETag values do not match, the operation returns a `412 Precondition Failed` error. Expects the ETag value as a string. `If-Match` does accept a string value of an '\$1' (asterisk) character to denote a match of any ETag. For more information about conditional requests, see [RFC 7232](https://tools.ietf.org/html/rfc7232). ** [Key](#API_DeleteObject_RequestSyntax) ** Key name of the object to delete. Length Constraints: Minimum length of 1. Required: Yes ** [versionId](#API_DeleteObject_RequestSyntax) ** Version ID used to reference a specific version of the object. For directory buckets in this API operation, only the `null` value of the version ID is supported. ** [x-amz-bypass-governance-retention](#API_DeleteObject_RequestSyntax) ** Indicates whether S3 Object Lock should bypass Governance-mode restrictions to process this operation. To use this header, you must have the `s3:BypassGovernanceRetention` permission. This functionality is not supported for directory buckets. ** [x-amz-expected-bucket-owner](#API_DeleteObject_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ** [x-amz-if-match-last-modified-time](#API_DeleteObject_RequestSyntax) ** If present, the object is deleted only if its modification times matches the provided `Timestamp`. If the `Timestamp` values do not match, the operation returns a `412 Precondition Failed` error. If the `Timestamp` matches or if the object doesn’t exist, the operation returns a `204 Success (No Content)` response. This functionality is only supported for directory buckets. ** [x-amz-if-match-size](#API_DeleteObject_RequestSyntax) ** If present, the object is deleted only if its size matches the provided size in bytes. If the `Size` value does not match, the operation returns a `412 Precondition Failed` error. If the `Size` matches or if the object doesn’t exist, the operation returns a `204 Success (No Content)` response. This functionality is only supported for directory buckets. You can use the `If-Match`, `x-amz-if-match-last-modified-time` and `x-amz-if-match-size` conditional headers in conjunction with each-other or individually. ** [x-amz-mfa](#API_DeleteObject_RequestSyntax) ** The concatenation of the authentication device's serial number, a space, and the value that is displayed on your authentication device. Required to permanently delete a versioned object if versioning is configured with MFA delete enabled. This functionality is not supported for directory buckets. ** [x-amz-request-payer](#API_DeleteObject_RequestSyntax) ** Confirms that the requester knows that they will be charged for the request. Bucket owners need not specify this parameter in their requests. If either the source or destination S3 bucket has Requester Pays enabled, the requester will pay for the corresponding charges. For information about downloading objects from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets](https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) in the *Amazon S3 User Guide*. This functionality is not supported for directory buckets. Valid Values: `requester` ## Request Body The request does not have a request body. ## Response Syntax ``` HTTP/1.1 204 x-amz-delete-marker: DeleteMarker x-amz-version-id: VersionId x-amz-request-charged: RequestCharged ``` ## Response Elements If the action is successful, the service sends back an HTTP 204 response. The response returns the following HTTP headers. ** [x-amz-delete-marker](#API_DeleteObject_ResponseSyntax) ** Indicates whether the specified object version that was permanently deleted was (true) or was not (false) a delete marker before deletion. In a simple DELETE, this header indicates whether (true) or not (false) the current version of the object is a delete marker. To learn more about delete markers, see [Working with delete markers](https://docs.aws.amazon.com/AmazonS3/latest/userguide/DeleteMarker.html). This functionality is not supported for directory buckets. ** [x-amz-request-charged](#API_DeleteObject_ResponseSyntax) ** If present, indicates that the requester was successfully charged for the request. For more information, see [Using Requester Pays buckets for storage transfers and usage](https://docs.aws.amazon.com/AmazonS3/latest/userguide/RequesterPaysBuckets.html) in the *Amazon Simple Storage Service user guide*. This functionality is not supported for directory buckets. Valid Values: `requester` ** [x-amz-version-id](#API_DeleteObject_ResponseSyntax) ** Returns the version ID of the delete marker created as a result of the DELETE operation. This functionality is not supported for directory buckets. ## Examples ### Sample Request for general purpose buckets The following request deletes the object `my-second-image.jpg`. ``` DELETE /my-second-image.jpg HTTP/1.1 Host: amzn-s3-demo-bucket.s3..amazonaws.com Date: Wed, 12 Oct 2009 17:50:00 GMT Authorization: authorization string Content-Type: text/plain ``` ### Sample Response for general purpose buckets This example illustrates one usage of DeleteObject. ``` HTTP/1.1 204 NoContent x-amz-id-2: LriYPLdmOdAiIfgSm/F1YsViT1LW94/xUQxMsF7xiEb1a0wiIOIxl+zbwZ163pt7 x-amz-request-id: 0A49CE4060975EAC Date: Wed, 12 Oct 2009 17:50:00 GMT Content-Length: 0 Connection: close Server: AmazonS3 ``` ### Sample Request for general purpose buckets: Deleting a specified version of an object The following request deletes the specified version of the object `my-third-image.jpg`. ``` DELETE /my-third-image.jpg?versionId=UIORUnfndfiufdisojhr398493jfdkjFJjkndnqUifhnw89493jJFJ HTTP/1.1 Host: amzn-s3-demo-bucket.s3..amazonaws.com Date: Wed, 12 Oct 2009 17:50:00 GMT Authorization: authorization string Content-Type: text/plain Content-Length: 0 ``` ### Sample Response for general purpose buckets This example illustrates one usage of DeleteObject. ``` HTTP/1.1 204 NoContent x-amz-id-2: LriYPLdmOdAiIfgSm/F1YsViT1LW94/xUQxMsF7xiEb1a0wiIOIxl+zbwZ163pt7 x-amz-request-id: 0A49CE4060975EAC x-amz-version-id: UIORUnfndfiufdisojhr398493jfdkjFJjkndnqUifhnw89493jJFJ Date: Wed, 12 Oct 2009 17:50:00 GMT Content-Length: 0 Connection: close Server: AmazonS3 ``` ### Sample Response for general purpose buckets: If the object deleted is a delete marker This example illustrates one usage of DeleteObject. ``` HTTP/1.1 204 NoContent x-amz-id-2: LriYPLdmOdAiIfgSm/F1YsViT1LW94/xUQxMsF7xiEb1a0wiIOIxl+zbwZ163pt7 x-amz-request-id: 0A49CE4060975EAC x-amz-version-id: 3/L4kqtJlcpXroDTDmJ+rmSpXd3dIbrHY+MTRCxf3vjVBH40Nr8X8gdRQBpUMLUo x-amz-delete-marker: true Date: Wed, 12 Oct 2009 17:50:00 GMT Content-Length: 0 Connection: close Server: AmazonS3 ``` ### Sample Request for general purpose buckets: Deleting a specified version of an object in an MFA-enabled bucket The following request deletes the specified version of the object `my-third-image.jpg`, which is stored in an MFA-enabled bucket. ``` DELETE /my-third-image.jpg?versionId=UIORUnfndfiuf HTTP/1.1 Host: amzn-s3-demo-bucket.s3..amazonaws.com Date: Wed, 12 Oct 2009 17:50:00 GMT x-amz-mfa:[SerialNumber] [AuthenticationCode] Authorization: authorization string Content-Type: text/plain Content-Length: 0 ``` ### Sample Response for general purpose buckets This example illustrates one usage of DeleteObject. ``` HTTP/1.1 204 NoContent x-amz-id-2: LriYPLdmOdAiIfgSm/F1YsViT1LW94/xUQxMsF7xiEb1a0wiIOIxl+zbwZ163pt7 x-amz-request-id: 0A49CE4060975EAC x-amz-version-id: UIORUnfndfiuf Date: Wed, 12 Oct 2009 17:50:00 GMT Content-Length: 0 Connection: close Server: AmazonS3 ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/DeleteObject) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/DeleteObject) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/DeleteObject) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/DeleteObject) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/DeleteObject) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/DeleteObject) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/DeleteObject) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/DeleteObject) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/DeleteObject) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/DeleteObject) # DeleteObjects This operation enables you to delete multiple objects from a bucket using a single HTTP request. If you know the object keys that you want to delete, then this operation provides a suitable alternative to sending individual delete requests, reducing per-request overhead. The request can contain a list of up to 1,000 keys that you want to delete. In the XML, you provide the object key names, and optionally, version IDs if you want to delete a specific version of the object from a versioning-enabled bucket. For each key, Amazon S3 performs a delete operation and returns the result of that delete, success or failure, in the response. If the object specified in the request isn't found, Amazon S3 confirms the deletion by returning the result as deleted. **Note** **Directory buckets** - S3 Versioning isn't enabled and supported for directory buckets. **Directory buckets** - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format `https://amzn-s3-demo-bucket.s3express-zone-id.region-code.amazonaws.com/key-name `. Path-style requests are not supported. For more information about endpoints in Availability Zones, see [Regional and Zonal endpoints for directory buckets in Availability Zones](https://docs.aws.amazon.com/AmazonS3/latest/userguide/endpoint-directory-buckets-AZ.html) in the *Amazon S3 User Guide*. For more information about endpoints in Local Zones, see [Concepts for directory buckets in Local Zones](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-lzs-for-directory-buckets.html) in the *Amazon S3 User Guide*. The operation supports two modes for the response: verbose and quiet. By default, the operation uses verbose mode in which the response includes the result of deletion of each key in your request. In quiet mode the response includes only keys where the delete operation encountered an error. For a successful deletion in a quiet mode, the operation does not return any information about the delete in the response body. When performing this action on an MFA Delete enabled bucket, that attempts to delete any versioned objects, you must include an MFA token. If you do not provide one, the entire request will fail, even if there are non-versioned objects you are trying to delete. If you provide an invalid token, whether there are versioned keys in the request or not, the entire Multi-Object Delete request will fail. For information about MFA Delete, see [MFA Delete](https://docs.aws.amazon.com/AmazonS3/latest/dev/Versioning.html#MultiFactorAuthenticationDelete) in the *Amazon S3 User Guide*. **Note** **Directory buckets** - MFA delete is not supported by directory buckets. Permissions + **General purpose bucket permissions** - The following permissions are required in your policies when your `DeleteObjects` request includes specific headers. + ** `s3:DeleteObject` ** - To delete an object from a bucket, you must always specify the `s3:DeleteObject` permission. + ** `s3:DeleteObjectVersion` ** - To delete a specific version of an object from a versioning-enabled bucket, you must specify the `s3:DeleteObjectVersion` permission. **Note** If the `s3:DeleteObject` or `s3:DeleteObjectVersion` permissions are explicitly denied in your bucket policy, attempts to delete any unversioned objects result in a `403 Access Denied` error. + **Directory bucket permissions** - To grant access to this API operation on a directory bucket, we recommend that you use the [https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) API operation for session-based authorization. Specifically, you grant the `s3express:CreateSession` permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the `CreateSession` API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another `CreateSession` API call to generate a new session token for use. AWS CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see [https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). Content-MD5 request header + **General purpose bucket** - The Content-MD5 request header is required for all Multi-Object Delete requests. Amazon S3 uses the header value to ensure that your request body has not been altered in transit. + **Directory bucket** - The Content-MD5 request header or a additional checksum request header (including `x-amz-checksum-crc32`, `x-amz-checksum-crc32c`, `x-amz-checksum-sha1`, or `x-amz-checksum-sha256`) is required for all Multi-Object Delete requests. HTTP Host header syntax **Directory buckets ** - The HTTP Host header syntax is ` Bucket-name.s3express-zone-id.region-code.amazonaws.com`. The following operations are related to `DeleteObjects`: + [CreateMultipartUpload](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html) + [UploadPart](https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html) + [CompleteMultipartUpload](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html) + [ListParts](https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html) + [AbortMultipartUpload](https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` POST /?delete HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-mfa: MFA x-amz-request-payer: RequestPayer x-amz-bypass-governance-retention: BypassGovernanceRetention x-amz-expected-bucket-owner: ExpectedBucketOwner x-amz-sdk-checksum-algorithm: ChecksumAlgorithm

... boolean ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_DeleteObjects_RequestSyntax) ** The bucket name containing the objects to delete. **Directory buckets** - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format ` Bucket-name.s3express-zone-id.region-code.amazonaws.com`. Path-style requests are not supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must follow the format ` bucket-base-name--zone-id--x-s3` (for example, ` amzn-s3-demo-bucket--usw2-az1--x-s3`). For information about bucket naming restrictions, see [Directory bucket naming rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) in the *Amazon S3 User Guide*. **Access points** - When you use this action with an access point for general purpose buckets, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When you use this action with an access point for directory buckets, you must provide the access point name in place of the bucket name. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com. When using this action with an access point through the AWS SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see [Using access points](https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) in the *Amazon S3 User Guide*. Object Lambda access points are not supported by directory buckets. **S3 on Outposts** - When you use this action with S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form ` AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com`. When you use this action with S3 on Outposts, the destination bucket must be the Outposts access point ARN or the access point alias. For more information about S3 on Outposts, see [What is S3 on Outposts?](https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) in the *Amazon S3 User Guide*. Required: Yes ** [x-amz-bypass-governance-retention](#API_DeleteObjects_RequestSyntax) ** Specifies whether you want to delete this object even if it has a Governance-type Object Lock in place. To use this header, you must have the `s3:BypassGovernanceRetention` permission. This functionality is not supported for directory buckets. ** [x-amz-expected-bucket-owner](#API_DeleteObjects_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ** [x-amz-mfa](#API_DeleteObjects_RequestSyntax) ** The concatenation of the authentication device's serial number, a space, and the value that is displayed on your authentication device. Required to permanently delete a versioned object if versioning is configured with MFA delete enabled. When performing the `DeleteObjects` operation on an MFA delete enabled bucket, which attempts to delete the specified versioned objects, you must include an MFA token. If you don't provide an MFA token, the entire request will fail, even if there are non-versioned objects that you are trying to delete. If you provide an invalid token, whether there are versioned object keys in the request or not, the entire Multi-Object Delete request will fail. For information about MFA Delete, see [ MFA Delete](https://docs.aws.amazon.com/AmazonS3/latest/dev/Versioning.html#MultiFactorAuthenticationDelete) in the *Amazon S3 User Guide*. This functionality is not supported for directory buckets. ** [x-amz-request-payer](#API_DeleteObjects_RequestSyntax) ** Confirms that the requester knows that they will be charged for the request. Bucket owners need not specify this parameter in their requests. If either the source or destination S3 bucket has Requester Pays enabled, the requester will pay for the corresponding charges. For information about downloading objects from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets](https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) in the *Amazon S3 User Guide*. This functionality is not supported for directory buckets. Valid Values: `requester` ** [x-amz-sdk-checksum-algorithm](#API_DeleteObjects_RequestSyntax) ** Indicates the algorithm used to create the checksum for the object when you use the SDK. This header will not provide any additional functionality if you don't use the SDK. When you send this header, there must be a corresponding `x-amz-checksum-algorithm ` or `x-amz-trailer` header sent. Otherwise, Amazon S3 fails the request with the HTTP status code `400 Bad Request`. For the `x-amz-checksum-algorithm ` header, replace ` algorithm ` with the supported algorithm from the following list: + `CRC32` + `CRC32C` + `CRC64NVME` + `SHA1` + `SHA256` For more information, see [Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) in the *Amazon S3 User Guide*. If the individual checksum value you provide through `x-amz-checksum-algorithm ` doesn't match the checksum algorithm you set through `x-amz-sdk-checksum-algorithm`, Amazon S3 fails the request with a `BadDigest` error. If you provide an individual checksum, Amazon S3 ignores any provided `ChecksumAlgorithm` parameter. Valid Values: `CRC32 | CRC32C | SHA1 | SHA256 | CRC64NVME` ## Request Body The request accepts the following data in XML format. ** [Delete](#API_DeleteObjects_RequestSyntax) ** Root level tag for the Delete parameters. Required: Yes ** [Object](#API_DeleteObjects_RequestSyntax) ** The object to delete. **Directory buckets** - For directory buckets, an object that's composed entirely of whitespace characters is not supported by the `DeleteObjects` API operation. The request will receive a `400 Bad Request` error and none of the objects in the request will be deleted. Type: Array of [ObjectIdentifier](API_ObjectIdentifier.md) data types Required: Yes ** [Quiet](#API_DeleteObjects_RequestSyntax) ** Element to enable quiet mode for the request. When you add this element, you must set its value to `true`. Type: Boolean Required: No ## Response Syntax ``` HTTP/1.1 200 x-amz-request-charged: RequestCharged boolean string string string ... string string string string ... ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response. The response returns the following HTTP headers. ** [x-amz-request-charged](#API_DeleteObjects_ResponseSyntax) ** If present, indicates that the requester was successfully charged for the request. For more information, see [Using Requester Pays buckets for storage transfers and usage](https://docs.aws.amazon.com/AmazonS3/latest/userguide/RequesterPaysBuckets.html) in the *Amazon Simple Storage Service user guide*. This functionality is not supported for directory buckets. Valid Values: `requester` The following data is returned in XML format by the service. ** [DeleteResult](#API_DeleteObjects_ResponseSyntax) ** Root level tag for the DeleteResult parameters. Required: Yes ** [Deleted](#API_DeleteObjects_ResponseSyntax) ** Container element for a successful delete. It identifies the object that was successfully deleted. Type: Array of [DeletedObject](API_DeletedObject.md) data types ** [Error](#API_DeleteObjects_ResponseSyntax) ** Container for a failed delete action that describes the object that Amazon S3 attempted to delete and the error it encountered. Type: Array of [Error](API_Error.md) data types ## Examples ### Sample Request for general purpose buckets: Multi-object delete resulting in mixed success/error response This example illustrates a Multi-Object Delete request to delete objects that result in mixed success and errors response. The following request deletes two objects from a bucket (`amzn-s3-demo-bucket`). In this example, the requester does not have permission to delete the `sample2.txt` object. ``` POST /?delete HTTP/1.1 Host: amzn-s3-demo-bucket.s3..amazonaws.com Accept: */* x-amz-date: Wed, 30 Nov 2011 03:39:05 GMT Content-MD5: p5/WA/oEr30qrEEl21PAqw== Authorization: AWS AKIAIOSFODNN7EXAMPLE:W0qPYCLe6JwkZAD1ei6hp9XZIee= Content-Length: 125 Connection: Keep-Alive

``` ### Sample Response for general purpose buckets The response includes a `DeleteResult` element that includes a `Deleted` element for the item that Amazon S3 successfully deleted and an `Error` element that Amazon S3 did not delete because you didn't have permission to delete the object. ``` HTTP/1.1 200 OK x-amz-id-2: 5h4FxSNCUS7wP5z92eGCWDshNpMnRuXvETa4HH3LvvH6VAIr0jU7tH9kM7X+njXx x-amz-request-id: A437B3B641629AEE Date: Fri, 02 Dec 2011 01:53:42 GMT Content-Type: application/xml Server: AmazonS3 Content-Length: 251 sample1.txt sample2.txt AccessDenied Access Denied ``` ### Sample Request for general purpose buckets: Deleting an object from a versioned bucket If you delete an item from a versioning enabled bucket, all versions of that object remain in the bucket. However, Amazon S3 inserts a delete marker. For more information, see [ Object Versioning](https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectVersioning.html). The following scenarios describe the behavior of a multi-object Delete request when versioning is enabled for your bucket. Case 1 - Simple Delete: In the following sample request, the multi-object delete request specifies only one key. ``` POST /?delete HTTP/1.1 Host: amzn-s3-demo-bucket.s3..amazonaws.com Accept: */* x-amz-date: Wed, 30 Nov 2011 03:39:05 GMT Content-MD5: p5/WA/oEr30qrEEl21PAqw== Authorization: AWS AKIAIOSFODNN7EXAMPLE:W0qPYCLe6JwkZAD1ei6hp9XZIee= Content-Length: 79 Connection: Keep-Alive

``` ### Sample Response for general purpose buckets Because versioning is enabled on the bucket, Amazon S3 does not delete the object. Instead, it adds a delete marker for this object. The following response indicates that a delete marker was added (the `DeleteMarker` element in the response as a value of true) and the version number of the delete marker it added. ``` HTTP/1.1 200 OK x-amz-id-2: P3xqrhuhYxlrefdw3rEzmJh8z5KDtGzb+/FB7oiQaScI9Yaxd8olYXc7d1111ab+ x-amz-request-id: 264A17BF16E9E80A Date: Wed, 30 Nov 2011 03:39:32 GMT Content-Type: application/xml Server: AmazonS3 Content-Length: 276 SampleDocument.txt true NeQt5xeFTfgPJD8B4CGWnkSLtluMr11s ``` ### Case 2 for general purpose buckets - Versioned Delete The following request attempts to delete a specific version of an object. ``` POST /?delete HTTP/1.1 Host: amzn-s3-demo-bucket.s3..amazonaws.com Accept: */* x-amz-date: Wed, 30 Nov 2011 03:39:05 GMT Content-MD5: p5/WA/oEr30qrEEl21PAqw== Authorization: AWS AKIAIOSFODNN7EXAMPLE:W0qPYCLe6JwkZAD1ei6hp9XZIxx= Content-Length: 140 Connection: Keep-Alive

``` ### Sample Response for general purpose buckets In this case, Amazon S3 deletes the specific object version from the bucket and returns the following response. In the response, Amazon S3 returns the key and version ID of the object deleted. ``` HTTP/1.1 400 Bad Request x-amz-id-2: P3xqrhuhYxlrefdw3rEzmJh8z5KDtGzb+/FB7oiQaScI9Yaxd8olYXc7d1111xx+ x-amz-request-id: 264A17BF16E9E80A Date: Wed, 30 Nov 2011 03:39:32 GMT Content-Type: application/xml Server: AmazonS3 Content-Length: 219 SampleDocument.txt OYcLXagmS.WaD..oyH4KRguB95_YhLs7 ``` ### Case 3 for general purpose buckets - Versioned delete of a delete marker In the preceding example, the request refers to a delete marker (instead of an object), then Amazon S3 deletes the delete marker. The effect of this action is to make your object reappear in your bucket. Amazon S3 returns a response that indicates the delete marker it deleted (`DeleteMarker` element with value true) and the version ID of the delete marker. ``` HTTP/1.1 200 OK x-amz-id-2: IIPUZrtolxDEmWsKOae9JlSZe6yWfTye3HQ3T2iAe0ZE4XHa6NKvAJcPp51zZaBr x-amz-request-id: D6B284CEC9B05E4E Date: Wed, 30 Nov 2011 03:43:25 GMT Content-Type: application/xml Server: AmazonS3 Content-Length: 331 SampleDocument.txt NeQt5xeFTfgPJD8B4CGWnkSLtluMr11s true NeQt5xeFTfgPJD8B4CGWnkSLtluMr11s ``` ### Sample Response for general purpose buckets In general, when a multi-object Delete request results in Amazon S3 either adding a delete marker or removing a delete marker, the response returns the following elements. ``` true NeQt5xeFTfgPJD8B4CGWnkSLtluMr11s ``` ### Sample Request for general purpose buckets: Malformed XML in the request This example shows how Amazon S3 responds to a request that includes a malformed XML document. The following request sends a malformed XML document (missing the Delete end element). ``` POST /?delete HTTP/1.1 Host: amzn-s3-demo-bucket.s3..amazonaws.com Accept: */* x-amz-date: Wed, 30 Nov 2011 03:39:05 GMT Content-MD5: p5/WA/oEr30qrEEl21PAqw== Authorization: AWS AKIAIOSFODNN7EXAMPLE:W0qPYCLe6JwkZAD1ei6hp9XZIee= Content-Length: 104 Connection: Keep-Alive

``` ### Sample Response for general purpose buckets The response returns the error messages that describe the error. ``` HTTP/1.1 200 OK x-amz-id-2: P3xqrhuhYxlrefdw3rEzmJh8z5KDtGzb+/FB7oiQaScI9Yaxd8olYXc7d1111ab+ x-amz-request-id: 264A17BF16E9E80A Date: Wed, 30 Nov 2011 03:39:32 GMT Content-Type: application/xml Server: AmazonS3 Content-Length: 207 MalformedXML The XML you provided was not well-formed or did not validate against our published schema 264A17BF16E9E80A P3xqrhuhYxlrefdw3rEzmJh8z5KDtGzb+/FB7oiQaScI9Yaxd8olYXc7d1111ab+ ``` ### Sample Request for general purpose buckets: DeleteObjects containing a carriage return The following example illustrates the use of an XML entity code as a substitution for a carriage return. This `DeleteObjects` request deletes an object with the `key` parameter: `/some/prefix/objectwith\rcarriagereturn` (where the `\r` is the carriage return). ```

``` ### Sample Request for directory buckets: Conditional deletes The following example shows a multi-object delete request. Each object sub-section in the XML also includes one or more preconditions around that object's `Etag`, `Last-Modified-Time` and `Size` that need to hold true for its deletion to succeed. ``` POST /?delete HTTP/1.1 Host: amzn-s3-demo-bucket.s3express-az_id.Region.amazonaws.com Accept: */* x-amz-date: Wed, 30 Nov 2011 03:39:05 GMT Content-MD5: p5/WA/oEr30qrEEl21PAqw== Authorization: AWS AKIAIOSFODNN7EXAMPLE:W0qPYCLe6JwkZAD1ei6hp9XZIee= Content-Length: 125 Connection: Keep-Alive

``` ### Sample Response for directory buckets: Conditional deletes The response returns acknowledgments of the deleted objects. ``` HTTP/1.1 204 Success (No Content) Content-Type: application/xml Server: AmazonS3 x-amz-request-id: 264A17BF16E9E80A x-amz-id-2: swzHZOuhs7DpyZEDu transfer-encoding: chunked date: Wed, 30 Nov 2011 03:39:11 GMT keyname1 keyname2 keyname3 ``` ### Sample Request for general purpose buckets: Conditional deletes The following example shows a multi-object delete request to evaluate if the objects are unchanged using the `ETag` value. ``` POST /?delete HTTP/1.1 Host: amzn-s3-demo-bucket.s3.Region.amazonaws.com Accept: */* x-amz-date: Wed, 30 Nov 2011 03:39:05 GMT Content-MD5: p5/WA/oEr30qrEEl21PAqw== Authorization: AWS AKIAIOSFODNN7EXAMPLE:W0qPYCLe6JwkZAD1ei6hp9XZIee= Content-Length: 125 Connection: Keep-Alive

``` ### Sample Response for general purpose buckets: Conditional deletes The response returns acknowledgments of the deleted objects. ``` HTTP/1.1 200 OK Content-Type: application/xml Server: AmazonS3 x-amz-request-id: 264A17BF16E9E80A x-amz-id-2: swzHZOuhs7DpyZEDu transfer-encoding: chunked date: Wed, 30 Nov 2011 03:39:11 GMT keyname1 keyname2 ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/DeleteObjects) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/DeleteObjects) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/DeleteObjects) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/DeleteObjects) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/DeleteObjects) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/DeleteObjects) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/DeleteObjects) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/DeleteObjects) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/DeleteObjects) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/DeleteObjects) # DeleteObjectTagging **Note** This operation is not supported for directory buckets. Removes the entire tag set from the specified object. For more information about managing object tags, see [ Object Tagging](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-tagging.html). To use this operation, you must have permission to perform the `s3:DeleteObjectTagging` action. To delete tags of a specific object version, add the `versionId` query parameter in the request. You will need permission for the `s3:DeleteObjectVersionTagging` action. The following operations are related to `DeleteObjectTagging`: + [PutObjectTagging](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObjectTagging.html) + [GetObjectTagging](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectTagging.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` DELETE /{Key+}?tagging&versionId=VersionId HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-expected-bucket-owner: ExpectedBucketOwner ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_DeleteObjectTagging_RequestSyntax) ** The bucket name containing the objects from which to remove the tags. **Access points** - When you use this action with an access point for general purpose buckets, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When you use this action with an access point for directory buckets, you must provide the access point name in place of the bucket name. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com. When using this action with an access point through the AWS SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see [Using access points](https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) in the *Amazon S3 User Guide*. **S3 on Outposts** - When you use this action with S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form ` AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com`. When you use this action with S3 on Outposts, the destination bucket must be the Outposts access point ARN or the access point alias. For more information about S3 on Outposts, see [What is S3 on Outposts?](https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) in the *Amazon S3 User Guide*. Required: Yes ** [Key](#API_DeleteObjectTagging_RequestSyntax) ** The key that identifies the object in the bucket from which to remove all tags. Length Constraints: Minimum length of 1. Required: Yes ** [versionId](#API_DeleteObjectTagging_RequestSyntax) ** The versionId of the object that the tag-set will be removed from. ** [x-amz-expected-bucket-owner](#API_DeleteObjectTagging_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ## Request Body The request does not have a request body. ## Response Syntax ``` HTTP/1.1 204 x-amz-version-id: VersionId ``` ## Response Elements If the action is successful, the service sends back an HTTP 204 response. The response returns the following HTTP headers. ** [x-amz-version-id](#API_DeleteObjectTagging_ResponseSyntax) ** The versionId of the object the tag-set was removed from. ## Examples ### Sample Request The following DELETE request deletes the tag set from the specified object. ``` DELETE /exampleobject?tagging HTTP/1.1 Host: amzn-s3-demo-bucket.s3..amazonaws.com Date: Wed, 25 Nov 2016 12:00:00 GMT Authorization: signatureValue ``` ### Sample Response The following successful response shows Amazon S3 returning a 204 No Content response. The tag set for the object has been removed. ``` HTTP/1.1 204 No Content x-amz-version-id: VersionId Date: Wed, 25 Nov 2016 12:00:00 GMT Connection: close Server: AmazonS3 ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/DeleteObjectTagging) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/DeleteObjectTagging) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/DeleteObjectTagging) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/DeleteObjectTagging) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/DeleteObjectTagging) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/DeleteObjectTagging) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/DeleteObjectTagging) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/DeleteObjectTagging) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/DeleteObjectTagging) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/DeleteObjectTagging) # DeletePublicAccessBlock **Note** This operation is not supported for directory buckets. Removes the `PublicAccessBlock` configuration for an Amazon S3 bucket. This operation removes the bucket-level configuration only. The effective public access behavior will still be governed by account-level settings (which may inherit from organization-level policies). To use this operation, you must have the `s3:PutBucketPublicAccessBlock` permission. For more information about permissions, see [Permissions Related to Bucket Subresource Operations](https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) and [Managing Access Permissions to Your Amazon S3 Resources](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html). The following operations are related to `DeletePublicAccessBlock`: + [Using Amazon S3 Block Public Access](https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html) + [GetPublicAccessBlock](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetPublicAccessBlock.html) + [PutPublicAccessBlock](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutPublicAccessBlock.html) + [GetBucketPolicyStatus](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketPolicyStatus.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` DELETE /?publicAccessBlock HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-expected-bucket-owner: ExpectedBucketOwner ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_DeletePublicAccessBlock_RequestSyntax) ** The Amazon S3 bucket whose `PublicAccessBlock` configuration you want to delete. Required: Yes ** [x-amz-expected-bucket-owner](#API_DeletePublicAccessBlock_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ## Request Body The request does not have a request body. ## Response Syntax ``` HTTP/1.1 204 ``` ## Response Elements If the action is successful, the service sends back an HTTP 204 response with an empty HTTP body. ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/DeletePublicAccessBlock) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/DeletePublicAccessBlock) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/DeletePublicAccessBlock) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/DeletePublicAccessBlock) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/DeletePublicAccessBlock) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/DeletePublicAccessBlock) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/DeletePublicAccessBlock) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/DeletePublicAccessBlock) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/DeletePublicAccessBlock) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/DeletePublicAccessBlock) # GetBucketAbac Returns the attribute-based access control (ABAC) property of the general purpose bucket. If ABAC is enabled on your bucket, you can use tags on the bucket for access control. For more information, see [Enabling ABAC in general purpose buckets](https://docs.aws.amazon.com/AmazonS3/latest/userguide/buckets-tagging-enable-abac.html). ## Request Syntax ``` GET /?abac HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-expected-bucket-owner: ExpectedBucketOwner ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_GetBucketAbac_RequestSyntax) ** The name of the general purpose bucket. Required: Yes ** [x-amz-expected-bucket-owner](#API_GetBucketAbac_RequestSyntax) ** The AWS account ID of the general purpose bucket's owner. ## Request Body The request does not have a request body. ## Response Syntax ``` HTTP/1.1 200 string ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response. The following data is returned in XML format by the service. ** [AbacStatus](#API_GetBucketAbac_ResponseSyntax) ** Root level tag for the AbacStatus parameters. Required: Yes ** [Status](#API_GetBucketAbac_ResponseSyntax) ** The ABAC status of the general purpose bucket. Type: String Valid Values: `Enabled | Disabled` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/GetBucketAbac) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/GetBucketAbac) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/GetBucketAbac) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/GetBucketAbac) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/GetBucketAbac) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/GetBucketAbac) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/GetBucketAbac) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/GetBucketAbac) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/GetBucketAbac) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/GetBucketAbac) # GetBucketAccelerateConfiguration **Note** This operation is not supported for directory buckets. This implementation of the GET action uses the `accelerate` subresource to return the Transfer Acceleration state of a bucket, which is either `Enabled` or `Suspended`. Amazon S3 Transfer Acceleration is a bucket-level feature that enables you to perform faster data transfers to and from Amazon S3. To use this operation, you must have permission to perform the `s3:GetAccelerateConfiguration` action. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see [Permissions Related to Bucket Subresource Operations](https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) and [Managing Access Permissions to your Amazon S3 Resources](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html) in the *Amazon S3 User Guide*. You set the Transfer Acceleration state of an existing bucket to `Enabled` or `Suspended` by using the [PutBucketAccelerateConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketAccelerateConfiguration.html) operation. A GET `accelerate` request does not return a state value for a bucket that has no transfer acceleration state. A bucket has no Transfer Acceleration state if a state has never been set on the bucket. For more information about transfer acceleration, see [Transfer Acceleration](https://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html) in the Amazon S3 User Guide. The following operations are related to `GetBucketAccelerateConfiguration`: + [PutBucketAccelerateConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketAccelerateConfiguration.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` GET /?accelerate HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-expected-bucket-owner: ExpectedBucketOwner x-amz-request-payer: RequestPayer ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_GetBucketAccelerateConfiguration_RequestSyntax) ** The name of the bucket for which the accelerate configuration is retrieved. Required: Yes ** [x-amz-expected-bucket-owner](#API_GetBucketAccelerateConfiguration_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ** [x-amz-request-payer](#API_GetBucketAccelerateConfiguration_RequestSyntax) ** Confirms that the requester knows that they will be charged for the request. Bucket owners need not specify this parameter in their requests. If either the source or destination S3 bucket has Requester Pays enabled, the requester will pay for the corresponding charges. For information about downloading objects from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets](https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) in the *Amazon S3 User Guide*. This functionality is not supported for directory buckets. Valid Values: `requester` ## Request Body The request does not have a request body. ## Response Syntax ``` HTTP/1.1 200 x-amz-request-charged: RequestCharged string ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response. The response returns the following HTTP headers. ** [x-amz-request-charged](#API_GetBucketAccelerateConfiguration_ResponseSyntax) ** If present, indicates that the requester was successfully charged for the request. For more information, see [Using Requester Pays buckets for storage transfers and usage](https://docs.aws.amazon.com/AmazonS3/latest/userguide/RequesterPaysBuckets.html) in the *Amazon Simple Storage Service user guide*. This functionality is not supported for directory buckets. Valid Values: `requester` The following data is returned in XML format by the service. ** [AccelerateConfiguration](#API_GetBucketAccelerateConfiguration_ResponseSyntax) ** Root level tag for the AccelerateConfiguration parameters. Required: Yes ** [Status](#API_GetBucketAccelerateConfiguration_ResponseSyntax) ** The accelerate configuration of the bucket. Type: String Valid Values: `Enabled | Suspended` ## Examples This implementation of the GET action returns the following responses. ### Example If the transfer acceleration state is set to `Enabled` on a bucket, the response is as follows: ``` Enabled ``` ### Example If the transfer acceleration state is set to `Suspended` on a bucket, the response is as follows: ``` Suspended ``` ### Example If the transfer acceleration state on a bucket has never been set to `Enabled` or `Suspended`, the response is as follows: ``` ``` ### Retrieve the transfer acceleration configuration for a bucket The following example shows a GET /?`accelerate` request to retrieve the transfer acceleration state of the bucket named `amzn-s3-demo-bucket`. ``` GET /?accelerate HTTP/1.1 Host: amzn-s3-demo-bucket.s3..amazonaws.com Date: Mon, 11 Apr 2016 12:00:00 GMT Authorization: authorization string Content-Type: text/plain ``` ### Example The following is a sample of the response body (only) that shows bucket transfer acceleration is enabled. ``` Enabled ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/GetBucketAccelerateConfiguration) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/GetBucketAccelerateConfiguration) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/GetBucketAccelerateConfiguration) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/GetBucketAccelerateConfiguration) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/GetBucketAccelerateConfiguration) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/GetBucketAccelerateConfiguration) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/GetBucketAccelerateConfiguration) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/GetBucketAccelerateConfiguration) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/GetBucketAccelerateConfiguration) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/GetBucketAccelerateConfiguration) # GetBucketAcl **Note** This operation is not supported for directory buckets. This implementation of the `GET` action uses the `acl` subresource to return the access control list (ACL) of a bucket. To use `GET` to return the ACL of the bucket, you must have the `READ_ACP` access to the bucket. If `READ_ACP` permission is granted to the anonymous user, you can return the ACL of the bucket without using an authorization header. When you use this API operation with an access point, provide the alias of the access point in place of the bucket name. When you use this API operation with an Object Lambda access point, provide the alias of the Object Lambda access point in place of the bucket name. If the Object Lambda access point alias in a request is not valid, the error code `InvalidAccessPointAliasError` is returned. For more information about `InvalidAccessPointAliasError`, see [List of Error Codes](https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList). **Note** If your bucket uses the bucket owner enforced setting for S3 Object Ownership, requests to read ACLs are still supported and return the `bucket-owner-full-control` ACL with the owner being the account that created the bucket. For more information, see [ Controlling object ownership and disabling ACLs](https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html) in the *Amazon S3 User Guide*. **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. The following operations are related to `GetBucketAcl`: + [ListObjects](https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjects.html) ## Request Syntax ``` GET /?acl HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-expected-bucket-owner: ExpectedBucketOwner ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_GetBucketAcl_RequestSyntax) ** Specifies the S3 bucket whose ACL is being requested. When you use this API operation with an access point, provide the alias of the access point in place of the bucket name. When you use this API operation with an Object Lambda access point, provide the alias of the Object Lambda access point in place of the bucket name. If the Object Lambda access point alias in a request is not valid, the error code `InvalidAccessPointAliasError` is returned. For more information about `InvalidAccessPointAliasError`, see [List of Error Codes](https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList). Required: Yes ** [x-amz-expected-bucket-owner](#API_GetBucketAcl_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ## Request Body The request does not have a request body. ## Response Syntax ``` HTTP/1.1 200 string string string string string string string string ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response. The following data is returned in XML format by the service. ** [AccessControlPolicy](#API_GetBucketAcl_ResponseSyntax) ** Root level tag for the AccessControlPolicy parameters. Required: Yes ** [Grants](#API_GetBucketAcl_ResponseSyntax) ** A list of grants. Type: Array of [Grant](API_Grant.md) data types ** [Owner](#API_GetBucketAcl_ResponseSyntax) ** Container for the bucket owner's ID. Type: [Owner](API_Owner.md) data type ## Examples ### Sample Request The following request returns the ACL of the specified bucket. ``` GET ?acl HTTP/1.1 Host: bucket.s3..amazonaws.com Date: Wed, 28 Oct 2009 22:32:00 GMT Authorization: authorization string ``` ### Sample Response ``` HTTP/1.1 200 OK x-amz-id-2: eftixk72aD6Ap51TnqcoF8eFidJG9Z/2mkiDFu8yU9AS1ed4OpIszj7UDNEHGran x-amz-request-id: 318BC8BC148832E5 Date: Wed, 28 Oct 2009 22:32:00 GMT Last-Modified: Sun, 1 Jan 2006 12:00:00 GMT Content-Length: 124 Content-Type: text/plain Connection: close Server: AmazonS3 75aa57f09aa0c8caeab4f8c24e99d10f8e7faeebf76c078efc7c6caea54ba06a 75aa57f09aa0c8caeab4f8c24e99d10f8e7faeebf76c078efc7c6caea54ba06a FULL_CONTROL ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/GetBucketAcl) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/GetBucketAcl) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/GetBucketAcl) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/GetBucketAcl) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/GetBucketAcl) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/GetBucketAcl) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/GetBucketAcl) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/GetBucketAcl) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/GetBucketAcl) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/GetBucketAcl) # GetBucketAnalyticsConfiguration **Note** This operation is not supported for directory buckets. This implementation of the GET action returns an analytics configuration (identified by the analytics configuration ID) from the bucket. To use this operation, you must have permissions to perform the `s3:GetAnalyticsConfiguration` action. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see [ Permissions Related to Bucket Subresource Operations](https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) and [Managing Access Permissions to Your Amazon S3 Resources](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html) in the *Amazon S3 User Guide*. For information about Amazon S3 analytics feature, see [Amazon S3 Analytics – Storage Class Analysis](https://docs.aws.amazon.com/AmazonS3/latest/dev/analytics-storage-class.html) in the *Amazon S3 User Guide*. The following operations are related to `GetBucketAnalyticsConfiguration`: + [DeleteBucketAnalyticsConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketAnalyticsConfiguration.html) + [ListBucketAnalyticsConfigurations](https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketAnalyticsConfigurations.html) + [PutBucketAnalyticsConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketAnalyticsConfiguration.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` GET /?analytics&id=Id HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-expected-bucket-owner: ExpectedBucketOwner ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_GetBucketAnalyticsConfiguration_RequestSyntax) ** The name of the bucket from which an analytics configuration is retrieved. Required: Yes ** [id](#API_GetBucketAnalyticsConfiguration_RequestSyntax) ** The ID that identifies the analytics configuration. Required: Yes ** [x-amz-expected-bucket-owner](#API_GetBucketAnalyticsConfiguration_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ## Request Body The request does not have a request body. ## Response Syntax ``` HTTP/1.1 200 string string string string ... string string string string string string string string ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response. The following data is returned in XML format by the service. ** [AnalyticsConfiguration](#API_GetBucketAnalyticsConfiguration_ResponseSyntax) ** Root level tag for the AnalyticsConfiguration parameters. Required: Yes ** [Filter](#API_GetBucketAnalyticsConfiguration_ResponseSyntax) ** The filter used to describe a set of objects for analyses. A filter must have exactly one prefix, one tag, or one conjunction (AnalyticsAndOperator). If no filter is provided, all objects will be considered in any analysis. Type: [AnalyticsFilter](API_AnalyticsFilter.md) data type ** [Id](#API_GetBucketAnalyticsConfiguration_ResponseSyntax) ** The ID that identifies the analytics configuration. Type: String ** [StorageClassAnalysis](#API_GetBucketAnalyticsConfiguration_ResponseSyntax) ** Contains data related to access patterns to be collected and made available to analyze the tradeoffs between different storage classes. Type: [StorageClassAnalysis](API_StorageClassAnalysis.md) data type ## Examples ### Configure an Analytics Report The following GET request for the bucket `amzn-s3-demo-bucket` returns the inventory configuration with the ID `list1`: ``` GET /?analytics&id=list1 HTTP/1.1 Host: amzn-s3-demo-bucket.s3..amazonaws.com Date: Mon, 31 Oct 2016 12:00:00 GMT Authorization: authorization string ``` ### Example The following is a sample response to the preceding GET request. ``` HTTP/1.1 200 OK x-amz-id-2: YgIPIfBiKa2bj0KMgUAdQkf3ShJTOOpXUueF6QKo x-amz-request-id: 236A8905248E5A02 Date: Mon, 31 Oct 2016 12:00:00 GMT Server: AmazonS3 Content-Length: length list1 images/ dog corgi V_1 CSV 123456789012 arn:aws:s3:::destination-bucket destination-prefix ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/GetBucketAnalyticsConfiguration) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/GetBucketAnalyticsConfiguration) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/GetBucketAnalyticsConfiguration) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/GetBucketAnalyticsConfiguration) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/GetBucketAnalyticsConfiguration) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/GetBucketAnalyticsConfiguration) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/GetBucketAnalyticsConfiguration) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/GetBucketAnalyticsConfiguration) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/GetBucketAnalyticsConfiguration) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/GetBucketAnalyticsConfiguration) # GetBucketCors **Note** This operation is not supported for directory buckets. Returns the Cross-Origin Resource Sharing (CORS) configuration information set for the bucket. To use this operation, you must have permission to perform the `s3:GetBucketCORS` action. By default, the bucket owner has this permission and can grant it to others. When you use this API operation with an access point, provide the alias of the access point in place of the bucket name. When you use this API operation with an Object Lambda access point, provide the alias of the Object Lambda access point in place of the bucket name. If the Object Lambda access point alias in a request is not valid, the error code `InvalidAccessPointAliasError` is returned. For more information about `InvalidAccessPointAliasError`, see [List of Error Codes](https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList). For more information about CORS, see [ Enabling Cross-Origin Resource Sharing](https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html). The following operations are related to `GetBucketCors`: + [PutBucketCors](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketCors.html) + [DeleteBucketCors](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketCors.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` GET /?cors HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-expected-bucket-owner: ExpectedBucketOwner ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_GetBucketCors_RequestSyntax) ** The bucket name for which to get the cors configuration. When you use this API operation with an access point, provide the alias of the access point in place of the bucket name. When you use this API operation with an Object Lambda access point, provide the alias of the Object Lambda access point in place of the bucket name. If the Object Lambda access point alias in a request is not valid, the error code `InvalidAccessPointAliasError` is returned. For more information about `InvalidAccessPointAliasError`, see [List of Error Codes](https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList). Required: Yes ** [x-amz-expected-bucket-owner](#API_GetBucketCors_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ## Request Body The request does not have a request body. ## Response Syntax ``` HTTP/1.1 200 string ... string ... string ... string ... string integer ... ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response. The following data is returned in XML format by the service. ** [CORSConfiguration](#API_GetBucketCors_ResponseSyntax) ** Root level tag for the CORSConfiguration parameters. Required: Yes ** [CORSRule](#API_GetBucketCors_ResponseSyntax) ** A set of origins and methods (cross-origin access that you want to allow). You can add up to 100 rules to the configuration. Type: Array of [CORSRule](API_CORSRule.md) data types ## Examples ### Configure CORS Sample Request The following PUT request adds the `cors` subresource to a bucket (`amzn-s3-demo-bucket`). ``` PUT /?cors HTTP/1.1 Host: amzn-s3-demo-bucket.s3..amazonaws.com x-amz-date: Tue, 21 Aug 2012 17:54:50 GMT Content-MD5: 8dYiLewFWZyGgV2Q5FNI4W== Authorization: authorization string Content-Length: 216 http://www.example.com PUT POST DELETE * 3000 x-amz-server-side-encryption * GET * 3000 ``` ### Example This is the sample response to the preceding request. ``` HTTP/1.1 200 OK x-amz-id-2: CCshOvbOPfxzhwOADyC4qHj/Ck3F9Q0viXKw3rivZ+GcBoZSOOahvEJfPisZB7B x-amz-request-id: BDC4B83DF5096BBE Date: Tue, 21 Aug 2012 17:54:50 GMT Server: AmazonS3 ``` ### Sample Request: Retrieve cors subresource The following example gets the cors subresource of a bucket. ``` GET /?cors HTTP/1.1 Host: amzn-s3-demo-bucket.s3..amazonaws.com Date: Tue, 13 Dec 2011 19:14:42 GMT Authorization: signatureValue ``` ### Example Sample Response ``` HTTP/1.1 200 OK x-amz-id-2: 0FmFIWsh/PpBuzZ0JFRC55ZGVmQW4SHJ7xVDqKwhEdJmf3q63RtrvH8ZuxW1Bol5 x-amz-request-id: 0CF038E9BCF63097 Date: Tue, 13 Dec 2011 19:14:42 GMT Server: AmazonS3 Content-Length: 280 http://www.example.com GET 3000 x-amz-server-side-encryption ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/GetBucketCors) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/GetBucketCors) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/GetBucketCors) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/GetBucketCors) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/GetBucketCors) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/GetBucketCors) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/GetBucketCors) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/GetBucketCors) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/GetBucketCors) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/GetBucketCors) # GetBucketEncryption Returns the default encryption configuration for an Amazon S3 bucket. By default, all buckets have a default encryption configuration that uses server-side encryption with Amazon S3 managed keys (SSE-S3). This operation also returns the [BucketKeyEnabled](https://docs.aws.amazon.com/AmazonS3/latest/API/API_ServerSideEncryptionRule.html#AmazonS3-Type-ServerSideEncryptionRule-BucketKeyEnabled) and [BlockedEncryptionTypes](https://docs.aws.amazon.com/AmazonS3/latest/API/API_ServerSideEncryptionRule.html#AmazonS3-Type-ServerSideEncryptionRule-BlockedEncryptionTypes) statuses. **Note** **General purpose buckets** - For information about the bucket default encryption feature, see [Amazon S3 Bucket Default Encryption](https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucket-encryption.html) in the *Amazon S3 User Guide*. **Directory buckets** - For directory buckets, there are only two supported options for server-side encryption: SSE-S3 and SSE-KMS. For information about the default encryption configuration in directory buckets, see [Setting default server-side encryption behavior for directory buckets](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-bucket-encryption.html). Permissions + **General purpose bucket permissions** - The `s3:GetEncryptionConfiguration` permission is required in a policy. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see [Permissions Related to Bucket Operations](https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) and [Managing Access Permissions to Your Amazon S3 Resources](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html). + **Directory bucket permissions** - To grant access to this API operation, you must have the `s3express:GetEncryptionConfiguration` permission in an IAM identity-based policy instead of a bucket policy. Cross-account access to this API operation isn't supported. This operation can only be performed by the AWS account that owns the resource. For more information about directory bucket policies and permissions, see [AWS Identity and Access Management (IAM) for S3 Express One Zone](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam.html) in the *Amazon S3 User Guide*. HTTP Host header syntax **Directory buckets ** - The HTTP Host header syntax is `s3express-control.region-code.amazonaws.com`. The following operations are related to `GetBucketEncryption`: + [PutBucketEncryption](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketEncryption.html) + [DeleteBucketEncryption](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketEncryption.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` GET /?encryption HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-expected-bucket-owner: ExpectedBucketOwner ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_GetBucketEncryption_RequestSyntax) ** The name of the bucket from which the server-side encryption configuration is retrieved. **Directory buckets ** - When you use this operation with a directory bucket, you must use path-style requests in the format `https://s3express-control.region-code.amazonaws.com/bucket-name `. Virtual-hosted-style requests aren't supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must also follow the format ` bucket-base-name--zone-id--x-s3` (for example, ` DOC-EXAMPLE-BUCKET--usw2-az1--x-s3`). For information about bucket naming restrictions, see [Directory bucket naming rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) in the *Amazon S3 User Guide* Required: Yes ** [x-amz-expected-bucket-owner](#API_GetBucketEncryption_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). For directory buckets, this header is not supported in this API operation. If you specify this header, the request fails with the HTTP status code `501 Not Implemented`. ## Request Body The request does not have a request body. ## Response Syntax ``` HTTP/1.1 200 string string string ... boolean ... ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response. The following data is returned in XML format by the service. ** [ServerSideEncryptionConfiguration](#API_GetBucketEncryption_ResponseSyntax) ** Root level tag for the ServerSideEncryptionConfiguration parameters. Required: Yes ** [Rule](#API_GetBucketEncryption_ResponseSyntax) ** Container for information about a particular server-side encryption configuration rule. Type: Array of [ServerSideEncryptionRule](API_ServerSideEncryptionRule.md) data types ## Examples ### Sample Request: Retrieve the encryption configuration for an S3 general purpose bucket The following example shows a GET /?encryption request. ``` GET /?encryption HTTP/1.1 Host: amzn-s3-demo-bucket.s3..amazonaws.com Date: Wed, 06 Sep 2017 12:00:00 GMT Authorization: authorization string Content-Length: length ``` ### Sample Response for a general purpose bucket This example illustrates one usage of `GetBucketEncryption`. ``` HTTP/1.1 200 OK x-amz-id-2: kDmqsuw5FDmgLmxQaUkd9A4NJ/PIiE0c1rAU/ue2Yp60toXs4I5k5fqlwZsA6fV+wJQCzRRwygQ= x-amz-request-id: 5D8706FCB2673B7D Date: Wed, 19 Nov 2025 12:00:00 GMT Transfer-Encoding: chunked Server: AmazonS3 aws:kms arn:aws:kms:us-east-1:1234/5678example SSE-C ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/GetBucketEncryption) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/GetBucketEncryption) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/GetBucketEncryption) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/GetBucketEncryption) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/GetBucketEncryption) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/GetBucketEncryption) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/GetBucketEncryption) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/GetBucketEncryption) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/GetBucketEncryption) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/GetBucketEncryption) # GetBucketIntelligentTieringConfiguration **Note** This operation is not supported for directory buckets. Gets the S3 Intelligent-Tiering configuration from the specified bucket. The S3 Intelligent-Tiering storage class is designed to optimize storage costs by automatically moving data to the most cost-effective storage access tier, without performance impact or operational overhead. S3 Intelligent-Tiering delivers automatic cost savings in three low latency and high throughput access tiers. To get the lowest storage cost on data that can be accessed in minutes to hours, you can choose to activate additional archiving capabilities. The S3 Intelligent-Tiering storage class is the ideal storage class for data with unknown, changing, or unpredictable access patterns, independent of object size or retention period. If the size of an object is less than 128 KB, it is not monitored and not eligible for auto-tiering. Smaller objects can be stored, but they are always charged at the Frequent Access tier rates in the S3 Intelligent-Tiering storage class. For more information, see [Storage class for automatically optimizing frequently and infrequently accessed objects](https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html#sc-dynamic-data-access). Operations related to `GetBucketIntelligentTieringConfiguration` include: + [DeleteBucketIntelligentTieringConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketIntelligentTieringConfiguration.html) + [PutBucketIntelligentTieringConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketIntelligentTieringConfiguration.html) + [ListBucketIntelligentTieringConfigurations](https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketIntelligentTieringConfigurations.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` GET /?intelligent-tiering&id=Id HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-expected-bucket-owner: ExpectedBucketOwner ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_GetBucketIntelligentTieringConfiguration_RequestSyntax) ** The name of the Amazon S3 bucket whose configuration you want to modify or retrieve. Required: Yes ** [id](#API_GetBucketIntelligentTieringConfiguration_RequestSyntax) ** The ID used to identify the S3 Intelligent-Tiering configuration. Required: Yes ** [x-amz-expected-bucket-owner](#API_GetBucketIntelligentTieringConfiguration_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ## Request Body The request does not have a request body. ## Response Syntax ``` HTTP/1.1 200 string string string string ... string string string string string integer ... ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response. The following data is returned in XML format by the service. ** [IntelligentTieringConfiguration](#API_GetBucketIntelligentTieringConfiguration_ResponseSyntax) ** Root level tag for the IntelligentTieringConfiguration parameters. Required: Yes ** [Filter](#API_GetBucketIntelligentTieringConfiguration_ResponseSyntax) ** Specifies a bucket filter. The configuration only includes objects that meet the filter's criteria. Type: [IntelligentTieringFilter](API_IntelligentTieringFilter.md) data type ** [Id](#API_GetBucketIntelligentTieringConfiguration_ResponseSyntax) ** The ID used to identify the S3 Intelligent-Tiering configuration. Type: String ** [Status](#API_GetBucketIntelligentTieringConfiguration_ResponseSyntax) ** Specifies the status of the configuration. Type: String Valid Values: `Enabled | Disabled` ** [Tiering](#API_GetBucketIntelligentTieringConfiguration_ResponseSyntax) ** Specifies the S3 Intelligent-Tiering storage class tier of the configuration. Type: Array of [Tiering](API_Tiering.md) data types ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/GetBucketIntelligentTieringConfiguration) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/GetBucketIntelligentTieringConfiguration) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/GetBucketIntelligentTieringConfiguration) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/GetBucketIntelligentTieringConfiguration) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/GetBucketIntelligentTieringConfiguration) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/GetBucketIntelligentTieringConfiguration) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/GetBucketIntelligentTieringConfiguration) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/GetBucketIntelligentTieringConfiguration) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/GetBucketIntelligentTieringConfiguration) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/GetBucketIntelligentTieringConfiguration) # GetBucketInventoryConfiguration **Note** This operation is not supported for directory buckets. Returns an S3 Inventory configuration (identified by the inventory configuration ID) from the bucket. To use this operation, you must have permissions to perform the `s3:GetInventoryConfiguration` action. The bucket owner has this permission by default and can grant this permission to others. For more information about permissions, see [Permissions Related to Bucket Subresource Operations](https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) and [Managing Access Permissions to Your Amazon S3 Resources](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html). For information about the Amazon S3 inventory feature, see [Amazon S3 Inventory](https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-inventory.html). The following operations are related to `GetBucketInventoryConfiguration`: + [DeleteBucketInventoryConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketInventoryConfiguration.html) + [ListBucketInventoryConfigurations](https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketInventoryConfigurations.html) + [PutBucketInventoryConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketInventoryConfiguration.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` GET /?inventory&id=Id HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-expected-bucket-owner: ExpectedBucketOwner ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_GetBucketInventoryConfiguration_RequestSyntax) ** The name of the bucket containing the inventory configuration to retrieve. Required: Yes ** [id](#API_GetBucketInventoryConfiguration_RequestSyntax) ** The ID used to identify the inventory configuration. Required: Yes ** [x-amz-expected-bucket-owner](#API_GetBucketInventoryConfiguration_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ## Request Body The request does not have a request body. ## Response Syntax ``` HTTP/1.1 200 string string

string

string string boolean string string string string string ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response. The following data is returned in XML format by the service. ** [InventoryConfiguration](#API_GetBucketInventoryConfiguration_ResponseSyntax) ** Root level tag for the InventoryConfiguration parameters. Required: Yes ** [Destination](#API_GetBucketInventoryConfiguration_ResponseSyntax) ** Contains information about where to publish the inventory results. Type: [InventoryDestination](API_InventoryDestination.md) data type ** [Filter](#API_GetBucketInventoryConfiguration_ResponseSyntax) ** Specifies an inventory filter. The inventory only includes objects that meet the filter's criteria. Type: [InventoryFilter](API_InventoryFilter.md) data type ** [Id](#API_GetBucketInventoryConfiguration_ResponseSyntax) ** The ID used to identify the inventory configuration. Type: String ** [IncludedObjectVersions](#API_GetBucketInventoryConfiguration_ResponseSyntax) ** Object versions to include in the inventory list. If set to `All`, the list includes all the object versions, which adds the version-related fields `VersionId`, `IsLatest`, and `DeleteMarker` to the list. If set to `Current`, the list does not contain these version-related fields. Type: String Valid Values: `All | Current` ** [IsEnabled](#API_GetBucketInventoryConfiguration_ResponseSyntax) ** Specifies whether the inventory is enabled or disabled. If set to `True`, an inventory list is generated. If set to `False`, no inventory list is generated. Type: Boolean ** [OptionalFields](#API_GetBucketInventoryConfiguration_ResponseSyntax) ** Contains the optional fields that are included in the inventory results. Type: Array of strings Valid Values: `Size | LastModifiedDate | StorageClass | ETag | IsMultipartUploaded | ReplicationStatus | EncryptionStatus | ObjectLockRetainUntilDate | ObjectLockMode | ObjectLockLegalHoldStatus | IntelligentTieringAccessTier | BucketKeyStatus | ChecksumAlgorithm | ObjectAccessControlList | ObjectOwner | LifecycleExpirationDate` ** [Schedule](#API_GetBucketInventoryConfiguration_ResponseSyntax) ** Specifies the schedule for generating inventory results. Type: [InventorySchedule](API_InventorySchedule.md) data type ## Examples ### Sample Request: Configure an inventory report The following GET request for the bucket `examplebucket` returns the inventory configuration with the ID `list1`. ``` GET /?inventory&id=list1 HTTP/1.1 Host: examplebucket.s3..amazonaws.com Date: Mon, 31 Oct 2016 12:00:00 GMT Authorization: authorization string ``` ### Sample Response This example illustrates one usage of GetBucketInventoryConfiguration. ``` HTTP/1.1 200 OK x-amz-id-2: YgIPIfBiKa2bj0KMgUAdQkf3ShJTOOpXUueF6QKo x-amz-request-id: 236A8905248E5A02 Date: Mon, 31 Oct 2016 12:00:00 GMT Server: AmazonS3 Content-Length: length report1 true CSV 123456789012 arn:aws:s3:::destination-bucket prefix1

Daily myprefix/ All Size LastModifiedDate ETag StorageClass IsMultipartUploaded ReplicationStatus ObjectLockRetainUntilDate ObjectLockMode ObjectLockLegalHoldStatus ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/GetBucketInventoryConfiguration) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/GetBucketInventoryConfiguration) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/GetBucketInventoryConfiguration) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/GetBucketInventoryConfiguration) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/GetBucketInventoryConfiguration) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/GetBucketInventoryConfiguration) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/GetBucketInventoryConfiguration) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/GetBucketInventoryConfiguration) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/GetBucketInventoryConfiguration) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/GetBucketInventoryConfiguration) # GetBucketLifecycle **Important** For an updated version of this API, see [GetBucketLifecycleConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycleConfiguration.html). If you configured a bucket lifecycle using the `filter` element, you should see the updated version of this topic. This topic is provided for backward compatibility. **Note** This operation is not supported for directory buckets. Returns the lifecycle configuration information set on the bucket. For information about lifecycle configuration, see [Object Lifecycle Management](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html). To use this operation, you must have permission to perform the `s3:GetLifecycleConfiguration` action. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see [Permissions Related to Bucket Subresource Operations](https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) and [Managing Access Permissions to Your Amazon S3 Resources](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html). `GetBucketLifecycle` has the following special error: + Error code: `NoSuchLifecycleConfiguration` + Description: The lifecycle configuration does not exist. + HTTP Status Code: 404 Not Found + SOAP Fault Code Prefix: Client The following operations are related to `GetBucketLifecycle`: + [GetBucketLifecycleConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycleConfiguration.html) + [PutBucketLifecycle](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycle.html) + [DeleteBucketLifecycle](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketLifecycle.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` GET /?lifecycle HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-expected-bucket-owner: ExpectedBucketOwner ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_GetBucketLifecycle_RequestSyntax) ** The name of the bucket for which to get the lifecycle information. Required: Yes ** [x-amz-expected-bucket-owner](#API_GetBucketLifecycle_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ## Request Body The request does not have a request body. ## Response Syntax ``` HTTP/1.1 200 integer timestamp integer boolean string integer integer integer integer string string string timestamp integer string ... ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response. The following data is returned in XML format by the service. ** [LifecycleConfiguration](#API_GetBucketLifecycle_ResponseSyntax) ** Root level tag for the LifecycleConfiguration parameters. Required: Yes ** [Rule](#API_GetBucketLifecycle_ResponseSyntax) ** Container for a lifecycle rule. Type: Array of [Rule](API_Rule.md) data types ## Examples ### Sample Request: Retrieve a lifecycle subresource This example is a GET request to retrieve the lifecycle subresource from the specified bucket, and an example response with the returned lifecycle configuration. ``` GET /?lifecycle HTTP/1.1 Host: amzn-s3-demo-bucket.s3..amazonaws.com x-amz-date: Thu, 15 Nov 2012 00:17:21 GMT Authorization: signatureValue ``` ### Sample Response This example illustrates one usage of GetBucketLifecycle. ``` HTTP/1.1 200 OK x-amz-id-2: ITnGT1y4RyTmXa3rPi4hklTXouTf0hccUjo0iCPjz6FnfIutBj3M7fPGlWO2SEWp x-amz-request-id: 51991C342C575321 Date: Thu, 15 Nov 2012 00:17:23 GMT Server: AmazonS3 Content-Length: 358 Archive and then delete rule projectdocs/ Enabled 30 STANDARD_IA 365 GLACIER 3650 ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/GetBucketLifecycle) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/GetBucketLifecycle) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/GetBucketLifecycle) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/GetBucketLifecycle) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/GetBucketLifecycle) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/GetBucketLifecycle) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/GetBucketLifecycle) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/GetBucketLifecycle) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/GetBucketLifecycle) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/GetBucketLifecycle) # GetBucketLifecycleConfiguration Returns the lifecycle configuration information set on the bucket. For information about lifecycle configuration, see [Object Lifecycle Management](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html). Bucket lifecycle configuration now supports specifying a lifecycle rule using an object key name prefix, one or more object tags, object size, or any combination of these. Accordingly, this section describes the latest API, which is compatible with the new functionality. The previous version of the API supported filtering based only on an object key name prefix, which is supported for general purpose buckets for backward compatibility. For the related API description, see [GetBucketLifecycle](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycle.html). **Note** Lifecyle configurations for directory buckets only support expiring objects and cancelling multipart uploads. Expiring of versioned objects, transitions and tag filters are not supported. Permissions + **General purpose bucket permissions** - By default, all Amazon S3 resources are private, including buckets, objects, and related subresources (for example, lifecycle configuration and website configuration). Only the resource owner (that is, the AWS account that created it) can access the resource. The resource owner can optionally grant access permissions to others by writing an access policy. For this operation, a user must have the `s3:GetLifecycleConfiguration` permission. For more information about permissions, see [Managing Access Permissions to Your Amazon S3 Resources](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html). + **Directory bucket permissions** - You must have the `s3express:GetLifecycleConfiguration` permission in an IAM identity-based policy to use this operation. Cross-account access to this API operation isn't supported. The resource owner can optionally grant access permissions to others by creating a role or user for them as long as they are within the same account as the owner and resource. For more information about directory bucket policies and permissions, see [Authorizing Regional endpoint APIs with IAM](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam.html) in the *Amazon S3 User Guide*. **Note** **Directory buckets ** - For directory buckets, you must make requests for this API operation to the Regional endpoint. These endpoints support path-style requests in the format `https://s3express-control.region-code.amazonaws.com/bucket-name `. Virtual-hosted-style requests aren't supported. For more information about endpoints in Availability Zones, see [Regional and Zonal endpoints for directory buckets in Availability Zones](https://docs.aws.amazon.com/AmazonS3/latest/userguide/endpoint-directory-buckets-AZ.html) in the *Amazon S3 User Guide*. For more information about endpoints in Local Zones, see [Concepts for directory buckets in Local Zones](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-lzs-for-directory-buckets.html) in the *Amazon S3 User Guide*. HTTP Host header syntax **Directory buckets ** - The HTTP Host header syntax is `s3express-control.region.amazonaws.com`. `GetBucketLifecycleConfiguration` has the following special error: + Error code: `NoSuchLifecycleConfiguration` + Description: The lifecycle configuration does not exist. + HTTP Status Code: 404 Not Found + SOAP Fault Code Prefix: Client The following operations are related to `GetBucketLifecycleConfiguration`: + [GetBucketLifecycle](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycle.html) + [PutBucketLifecycle](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycle.html) + [DeleteBucketLifecycle](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketLifecycle.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` GET /?lifecycle HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-expected-bucket-owner: ExpectedBucketOwner ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_GetBucketLifecycleConfiguration_RequestSyntax) ** The name of the bucket for which to get the lifecycle information. Required: Yes ** [x-amz-expected-bucket-owner](#API_GetBucketLifecycleConfiguration_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). This parameter applies to general purpose buckets only. It is not supported for directory bucket lifecycle configurations. ## Request Body The request does not have a request body. ## Response Syntax ``` HTTP/1.1 200 x-amz-transition-default-minimum-object-size: TransitionDefaultMinimumObjectSize integer timestamp integer boolean long long string string string ... long long string string string string integer integer integer integer string ... string string timestamp integer string ... ... ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response. The response returns the following HTTP headers. ** [x-amz-transition-default-minimum-object-size](#API_GetBucketLifecycleConfiguration_ResponseSyntax) ** Indicates which default minimum object size behavior is applied to the lifecycle configuration. This parameter applies to general purpose buckets only. It isn't supported for directory bucket lifecycle configurations. + `all_storage_classes_128K` - Objects smaller than 128 KB will not transition to any storage class by default. + `varies_by_storage_class` - Objects smaller than 128 KB will transition to Glacier Flexible Retrieval or Glacier Deep Archive storage classes. By default, all other storage classes will prevent transitions smaller than 128 KB. To customize the minimum object size for any transition you can add a filter that specifies a custom `ObjectSizeGreaterThan` or `ObjectSizeLessThan` in the body of your transition rule. Custom filters always take precedence over the default transition behavior. Valid Values: `varies_by_storage_class | all_storage_classes_128K` The following data is returned in XML format by the service. ** [LifecycleConfiguration](#API_GetBucketLifecycleConfiguration_ResponseSyntax) ** Root level tag for the LifecycleConfiguration parameters. Required: Yes ** [Rule](#API_GetBucketLifecycleConfiguration_ResponseSyntax) ** Container for a lifecycle rule. Type: Array of [LifecycleRule](API_LifecycleRule.md) data types ## Examples ### Example 1: Get lifecycle configuration - general purpose bucket This example illustrates how to use `GetBucketLifecycleConfiguration` to retrieve the lifecycle configuration for a general purpose bucket: ``` GET /?lifecycle HTTP/1.1 Host: amzn-s3-demo-bucket.s3..amazonaws.com x-amz-date: Thu, 15 Nov 2012 00:17:21 GMT Authorization: signatureValue ``` ### Sample Response This example shows the response from the preceeding `GetBucketLifecycleConfiguration` request: ``` HTTP/1.1 200 OK x-amz-id-2: ITnGT1y4RyTmXa3rPi4hklTXouTf0hccUjo0iCPjz6FnfIutBj3M7fPGlWO2SEWp x-amz-request-id: 51991C342C575321 Date: Thu, 15 Nov 2012 00:17:23 GMT Server: AmazonS3 Content-Length: 358 Archive and then delete rule projectdocs/ Enabled 30 STANDARD_IA 365 GLACIER 3650 ``` ### Example 2: Get lifecycle configuration - directory bucket This example illustrates how to use `GetBucketLifecycleConfiguration` to retrieve the lifecycle configuration for a directory bucket: ``` GET /?lifecycle HTTP/1.1 Host:s3express-control.us-west-2.amazonaws.com ``` ### Sample Response This example shows the response from the preceeding `GetBucketLifecycleConfiguration` request: ``` Lifecycle expiration rule myprefix/ 500 64000 Enabled 7 MPU Rule another_prefix Enabled 3 ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/GetBucketLifecycleConfiguration) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/GetBucketLifecycleConfiguration) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/GetBucketLifecycleConfiguration) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/GetBucketLifecycleConfiguration) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/GetBucketLifecycleConfiguration) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/GetBucketLifecycleConfiguration) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/GetBucketLifecycleConfiguration) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/GetBucketLifecycleConfiguration) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/GetBucketLifecycleConfiguration) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/GetBucketLifecycleConfiguration) # GetBucketLocation **Important** Using the `GetBucketLocation` operation is no longer a best practice. To return the Region that a bucket resides in, we recommend that you use the [HeadBucket](https://docs.aws.amazon.com/AmazonS3/latest/API/API_HeadBucket.html) operation instead. For backward compatibility, Amazon S3 continues to support the `GetBucketLocation` operation. Returns the Region the bucket resides in. You set the bucket's Region using the `LocationConstraint` request parameter in a `CreateBucket` request. For more information, see [CreateBucket](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html). **Note** In a bucket's home Region, calls to the `GetBucketLocation` operation are governed by the bucket's policy. In other Regions, the bucket policy doesn't apply, which means that cross-account access won't be authorized. However, calls to the `HeadBucket` operation always return the bucket’s location through an HTTP response header, whether access to the bucket is authorized or not. Therefore, we recommend using the `HeadBucket` operation for bucket Region discovery and to avoid using the `GetBucketLocation` operation. When you use this API operation with an access point, provide the alias of the access point in place of the bucket name. When you use this API operation with an Object Lambda access point, provide the alias of the Object Lambda access point in place of the bucket name. If the Object Lambda access point alias in a request is not valid, the error code `InvalidAccessPointAliasError` is returned. For more information about `InvalidAccessPointAliasError`, see [List of Error Codes](https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList). **Note** This operation is not supported for directory buckets. The following operations are related to `GetBucketLocation`: + [GetObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html) + [CreateBucket](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` GET /?location HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-expected-bucket-owner: ExpectedBucketOwner ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_GetBucketLocation_RequestSyntax) ** The name of the bucket for which to get the location. When you use this API operation with an access point, provide the alias of the access point in place of the bucket name. When you use this API operation with an Object Lambda access point, provide the alias of the Object Lambda access point in place of the bucket name. If the Object Lambda access point alias in a request is not valid, the error code `InvalidAccessPointAliasError` is returned. For more information about `InvalidAccessPointAliasError`, see [List of Error Codes](https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList). Required: Yes ** [x-amz-expected-bucket-owner](#API_GetBucketLocation_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ## Request Body The request does not have a request body. ## Response Syntax ``` HTTP/1.1 200 string ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response. The following data is returned in XML format by the service. ** [LocationConstraint](#API_GetBucketLocation_ResponseSyntax) ** Root level tag for the LocationConstraint parameters. Required: Yes ** [LocationConstraint](#API_GetBucketLocation_ResponseSyntax) ** Specifies the Region where the bucket resides. For a list of all the Amazon S3 supported location constraints by Region, see [Regions and Endpoints](https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region). Buckets in Region `us-east-1` have a LocationConstraint of `null`. Buckets with a LocationConstraint of `EU` reside in `eu-west-1`. Type: String Valid Values: `af-south-1 | ap-east-1 | ap-northeast-1 | ap-northeast-2 | ap-northeast-3 | ap-south-1 | ap-south-2 | ap-southeast-1 | ap-southeast-2 | ap-southeast-3 | ap-southeast-4 | ap-southeast-5 | ca-central-1 | cn-north-1 | cn-northwest-1 | EU | eu-central-1 | eu-central-2 | eu-north-1 | eu-south-1 | eu-south-2 | eu-west-1 | eu-west-2 | eu-west-3 | il-central-1 | me-central-1 | me-south-1 | sa-east-1 | us-east-2 | us-gov-east-1 | us-gov-west-1 | us-west-1 | us-west-2` ## Examples ### Sample Request The following request returns the Region of the specified bucket. ``` GET /?location HTTP/1.1 Host: amzn-s3-demo-bucket.s3.amazonaws.com Date: Tue, 09 Oct 2007 20:26:04 +0000 Authorization: signatureValue ``` ### Sample Response This example illustrates one usage of GetBucketLocation. ``` us-west-2 ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/GetBucketLocation) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/GetBucketLocation) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/GetBucketLocation) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/GetBucketLocation) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/GetBucketLocation) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/GetBucketLocation) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/GetBucketLocation) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/GetBucketLocation) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/GetBucketLocation) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/GetBucketLocation) # GetBucketLogging **Note** This operation is not supported for directory buckets. Returns the logging status of a bucket and the permissions users have to view and modify that status. The following operations are related to `GetBucketLogging`: + [CreateBucket](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html) + [PutBucketLogging](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLogging.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` GET /?logging HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-expected-bucket-owner: ExpectedBucketOwner ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_GetBucketLogging_RequestSyntax) ** The bucket name for which to get the logging information. Required: Yes ** [x-amz-expected-bucket-owner](#API_GetBucketLogging_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ## Request Body The request does not have a request body. ## Response Syntax ``` HTTP/1.1 200 string string string string string string string string string ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response. The following data is returned in XML format by the service. ** [BucketLoggingStatus](#API_GetBucketLogging_ResponseSyntax) ** Root level tag for the BucketLoggingStatus parameters. Required: Yes ** [LoggingEnabled](#API_GetBucketLogging_ResponseSyntax) ** Describes where logs are stored and the prefix that Amazon S3 assigns to all log object keys for a bucket. For more information, see [PUT Bucket logging](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTlogging.html) in the *Amazon S3 API Reference*. Type: [LoggingEnabled](API_LoggingEnabled.md) data type ## Examples ### Sample Request The following request returns the logging status for `amzn-s3-demo-bucket`. ``` GET ?logging HTTP/1.1 Host: amzn-s3-demo-bucket.s3..amazonaws.com Date: Wed, 25 Nov 2009 12:00:00 GMT Authorization: authorization string ``` ### Sample Response: Showing an enabled logging status This example illustrates one usage of GetBucketLogging. ``` HTTP/1.1 200 OK Date: Wed, 25 Nov 2009 12:00:00 GMT Connection: close Server: AmazonS3 amzn-s3-demo-bucket mybucket-access_log-/ 79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be READ ``` ### Sample Response: Showing a disabled logging status This example illustrates one usage of GetBucketLogging. ``` HTTP/1.1 200 OK Date: Wed, 25 Nov 2009 12:00:00 GMT Connection: close Server: AmazonS3 ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/GetBucketLogging) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/GetBucketLogging) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/GetBucketLogging) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/GetBucketLogging) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/GetBucketLogging) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/GetBucketLogging) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/GetBucketLogging) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/GetBucketLogging) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/GetBucketLogging) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/GetBucketLogging) # GetBucketMetadataConfiguration Retrieves the S3 Metadata configuration for a general purpose bucket. For more information, see [Accelerating data discovery with S3 Metadata](https://docs.aws.amazon.com/AmazonS3/latest/userguide/metadata-tables-overview.html) in the *Amazon S3 User Guide*. **Note** You can use the V2 `GetBucketMetadataConfiguration` API operation with V1 or V2 metadata configurations. However, if you try to use the V1 `GetBucketMetadataTableConfiguration` API operation with V2 configurations, you will receive an HTTP `405 Method Not Allowed` error. Permissions To use this operation, you must have the `s3:GetBucketMetadataTableConfiguration` permission. For more information, see [Setting up permissions for configuring metadata tables](https://docs.aws.amazon.com/AmazonS3/latest/userguide/metadata-tables-permissions.html) in the *Amazon S3 User Guide*. The IAM policy action name is the same for the V1 and V2 API operations. The following operations are related to `GetBucketMetadataConfiguration`: + [CreateBucketMetadataConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucketMetadataConfiguration.html) + [DeleteBucketMetadataConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketMetadataConfiguration.html) + [UpdateBucketMetadataInventoryTableConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_UpdateBucketMetadataInventoryTableConfiguration.html) + [UpdateBucketMetadataJournalTableConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_UpdateBucketMetadataJournalTableConfiguration.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` GET /?metadataConfiguration HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-expected-bucket-owner: ExpectedBucketOwner ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_GetBucketMetadataConfiguration_RequestSyntax) ** The general purpose bucket that corresponds to the metadata configuration that you want to retrieve. Required: Yes ** [x-amz-expected-bucket-owner](#API_GetBucketMetadataConfiguration_RequestSyntax) ** The expected owner of the general purpose bucket that you want to retrieve the metadata table configuration for. ## Request Body The request does not have a request body. ## Response Syntax ``` HTTP/1.1 200 string string string string string string string string string string string integer string string string string ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response. The following data is returned in XML format by the service. ** [GetBucketMetadataConfigurationResult](#API_GetBucketMetadataConfiguration_ResponseSyntax) ** Root level tag for the GetBucketMetadataConfigurationResult parameters. Required: Yes ** [MetadataConfigurationResult](#API_GetBucketMetadataConfiguration_ResponseSyntax) ** The metadata configuration for a general purpose bucket. Type: [MetadataConfigurationResult](API_MetadataConfigurationResult.md) data type ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/GetBucketMetadataConfiguration) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/GetBucketMetadataConfiguration) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/GetBucketMetadataConfiguration) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/GetBucketMetadataConfiguration) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/GetBucketMetadataConfiguration) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/GetBucketMetadataConfiguration) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/GetBucketMetadataConfiguration) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/GetBucketMetadataConfiguration) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/GetBucketMetadataConfiguration) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/GetBucketMetadataConfiguration) # GetBucketMetadataTableConfiguration **Important** We recommend that you retrieve your S3 Metadata configurations by using the V2 [GetBucketMetadataTableConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketMetadataTableConfiguration.html) API operation. We no longer recommend using the V1 `GetBucketMetadataTableConfiguration` API operation. If you created your S3 Metadata configuration before July 15, 2025, we recommend that you delete and re-create your configuration by using [CreateBucketMetadataConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucketMetadataConfiguration.html) so that you can expire journal table records and create a live inventory table. Retrieves the V1 S3 Metadata configuration for a general purpose bucket. For more information, see [Accelerating data discovery with S3 Metadata](https://docs.aws.amazon.com/AmazonS3/latest/userguide/metadata-tables-overview.html) in the *Amazon S3 User Guide*. **Note** You can use the V2 `GetBucketMetadataConfiguration` API operation with V1 or V2 metadata table configurations. However, if you try to use the V1 `GetBucketMetadataTableConfiguration` API operation with V2 configurations, you will receive an HTTP `405 Method Not Allowed` error. Make sure that you update your processes to use the new V2 API operations (`CreateBucketMetadataConfiguration`, `GetBucketMetadataConfiguration`, and `DeleteBucketMetadataConfiguration`) instead of the V1 API operations. Permissions To use this operation, you must have the `s3:GetBucketMetadataTableConfiguration` permission. For more information, see [Setting up permissions for configuring metadata tables](https://docs.aws.amazon.com/AmazonS3/latest/userguide/metadata-tables-permissions.html) in the *Amazon S3 User Guide*. The following operations are related to `GetBucketMetadataTableConfiguration`: + [CreateBucketMetadataTableConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucketMetadataTableConfiguration.html) + [DeleteBucketMetadataTableConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketMetadataTableConfiguration.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` GET /?metadataTable HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-expected-bucket-owner: ExpectedBucketOwner ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_GetBucketMetadataTableConfiguration_RequestSyntax) ** The general purpose bucket that corresponds to the metadata table configuration that you want to retrieve. Required: Yes ** [x-amz-expected-bucket-owner](#API_GetBucketMetadataTableConfiguration_RequestSyntax) ** The expected owner of the general purpose bucket that you want to retrieve the metadata table configuration for. ## Request Body The request does not have a request body. ## Response Syntax ``` HTTP/1.1 200 string string string string string string string ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response. The following data is returned in XML format by the service. ** [GetBucketMetadataTableConfigurationResult](#API_GetBucketMetadataTableConfiguration_ResponseSyntax) ** Root level tag for the GetBucketMetadataTableConfigurationResult parameters. Required: Yes ** [Error](#API_GetBucketMetadataTableConfiguration_ResponseSyntax) ** If the `CreateBucketMetadataTableConfiguration` request succeeds, but S3 Metadata was unable to create the table, this structure contains the error code and error message. Type: [ErrorDetails](API_ErrorDetails.md) data type ** [MetadataTableConfigurationResult](#API_GetBucketMetadataTableConfiguration_ResponseSyntax) ** The V1 S3 Metadata configuration for a general purpose bucket. Type: [MetadataTableConfigurationResult](API_MetadataTableConfigurationResult.md) data type ** [Status](#API_GetBucketMetadataTableConfiguration_ResponseSyntax) ** The status of the metadata table. The status values are: + `CREATING` - The metadata table is in the process of being created in the specified table bucket. + `ACTIVE` - The metadata table has been created successfully, and records are being delivered to the table. + `FAILED` - Amazon S3 is unable to create the metadata table, or Amazon S3 is unable to deliver records. See `ErrorDetails` for details. Type: String ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/GetBucketMetadataTableConfiguration) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/GetBucketMetadataTableConfiguration) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/GetBucketMetadataTableConfiguration) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/GetBucketMetadataTableConfiguration) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/GetBucketMetadataTableConfiguration) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/GetBucketMetadataTableConfiguration) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/GetBucketMetadataTableConfiguration) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/GetBucketMetadataTableConfiguration) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/GetBucketMetadataTableConfiguration) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/GetBucketMetadataTableConfiguration) # GetBucketMetricsConfiguration Gets a metrics configuration (specified by the metrics configuration ID) from the bucket. Note that this doesn't include the daily storage metrics. **Note** **Directory buckets ** - For directory buckets, you must make requests for this API operation to the Regional endpoint. These endpoints support path-style requests in the format `https://s3express-control.region-code.amazonaws.com/bucket-name `. Virtual-hosted-style requests aren't supported. For more information about endpoints in Availability Zones, see [Regional and Zonal endpoints for directory buckets in Availability Zones](https://docs.aws.amazon.com/AmazonS3/latest/userguide/endpoint-directory-buckets-AZ.html) in the *Amazon S3 User Guide*. For more information about endpoints in Local Zones, see [Concepts for directory buckets in Local Zones](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-lzs-for-directory-buckets.html) in the *Amazon S3 User Guide*. Permissions To use this operation, you must have permissions to perform the `s3:GetMetricsConfiguration` action. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see [Permissions Related to Bucket Subresource Operations](https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) and [Managing Access Permissions to Your Amazon S3 Resources](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html). + **General purpose bucket permissions** - The `s3:GetMetricsConfiguration` permission is required in a policy. For more information about general purpose buckets permissions, see [Using Bucket Policies and User Policies](https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html) in the *Amazon S3 User Guide*. + **Directory bucket permissions** - To grant access to this API operation, you must have the `s3express:GetMetricsConfiguration` permission in an IAM identity-based policy instead of a bucket policy. Cross-account access to this API operation isn't supported. This operation can only be performed by the AWS account that owns the resource. For more information about directory bucket policies and permissions, see [AWS Identity and Access Management (IAM) for S3 Express One Zone](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam.html) in the *Amazon S3 User Guide*. HTTP Host header syntax **Directory buckets ** - The HTTP Host header syntax is `s3express-control.region-code.amazonaws.com`. For information about CloudWatch request metrics for Amazon S3, see [Monitoring Metrics with Amazon CloudWatch](https://docs.aws.amazon.com/AmazonS3/latest/dev/cloudwatch-monitoring.html). The following operations are related to `GetBucketMetricsConfiguration`: + [PutBucketMetricsConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketMetricsConfiguration.html) + [DeleteBucketMetricsConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketMetricsConfiguration.html) + [ListBucketMetricsConfigurations](https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketMetricsConfigurations.html) + [Monitoring Metrics with Amazon CloudWatch](https://docs.aws.amazon.com/AmazonS3/latest/dev/cloudwatch-monitoring.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` GET /?metrics&id=Id HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-expected-bucket-owner: ExpectedBucketOwner ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_GetBucketMetricsConfiguration_RequestSyntax) ** The name of the bucket containing the metrics configuration to retrieve. **Directory buckets ** - When you use this operation with a directory bucket, you must use path-style requests in the format `https://s3express-control.region-code.amazonaws.com/bucket-name `. Virtual-hosted-style requests aren't supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must also follow the format ` bucket-base-name--zone-id--x-s3` (for example, ` DOC-EXAMPLE-BUCKET--usw2-az1--x-s3`). For information about bucket naming restrictions, see [Directory bucket naming rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) in the *Amazon S3 User Guide* Required: Yes ** [id](#API_GetBucketMetricsConfiguration_RequestSyntax) ** The ID used to identify the metrics configuration. The ID has a 64 character limit and can only contain letters, numbers, periods, dashes, and underscores. Required: Yes ** [x-amz-expected-bucket-owner](#API_GetBucketMetricsConfiguration_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). For directory buckets, this header is not supported in this API operation. If you specify this header, the request fails with the HTTP status code `501 Not Implemented`. ## Request Body The request does not have a request body. ## Response Syntax ``` HTTP/1.1 200 string string string string string string ... string string string ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response. The following data is returned in XML format by the service. ** [MetricsConfiguration](#API_GetBucketMetricsConfiguration_ResponseSyntax) ** Root level tag for the MetricsConfiguration parameters. Required: Yes ** [Filter](#API_GetBucketMetricsConfiguration_ResponseSyntax) ** Specifies a metrics configuration filter. The metrics configuration will only include objects that meet the filter's criteria. A filter must be a prefix, an object tag, an access point ARN, or a conjunction (MetricsAndOperator). Metrics configurations for directory buckets do not support tag filters. Type: [MetricsFilter](API_MetricsFilter.md) data type ** [Id](#API_GetBucketMetricsConfiguration_ResponseSyntax) ** The ID used to identify the metrics configuration. The ID has a 64 character limit and can only contain letters, numbers, periods, dashes, and underscores. Type: String ## Examples ### First Sample Request Retrieve a metrics configuration that filters metrics based on a specified prefix. ``` GET /?metrics&id=Documents HTTP/1.1 Host: amzn-s3-demo-bucket.s3..amazonaws.com x-amz-date: Thu, 15 Nov 2016 00:17:21 GMT Authorization: signatureValue ``` ### First Sample Response This example illustrates one usage of GetBucketMetricsConfiguration. ``` HTTP/1.1 200 OK x-amz-id-2: ITnGT1y4REXAMPLEPi4hklTXouTf0hccUjo0iCPEXAMPLEutBj3M7fPGlWO2SEWp x-amz-request-id: 51991EXAMPLE5321 Date: Thu, 15 Nov 2016 00:17:22 GMT Server: AmazonS3 Content-Length: 180 Documents documents/ ``` ### Second Sample Request Retrieve a metrics configuration that enables metrics for objects that start with a particular prefix and have specific tags applied. ``` GET /?metrics&id=ImportantBlueDocuments HTTP/1.1 Host: amzn-s3-demo-bucket.s3..amazonaws.com x-amz-date: Thu, 15 Nov 2016 00:17:21 GMT Authorization: signatureValue ``` ### Second Sample Response This example illustrates one usage of GetBucketMetricsConfiguration. ``` HTTP/1.1 200 OK x-amz-id-2: ITnGT1y4REXAMPLEPi4hklTXouTf0hccUjo0iCPEXAMPLEutBj3M7fPGlWO2SEWp x-amz-request-id: 51991EXAMPLE5321 Date: Thu, 15 Nov 2016 00:17:22 GMT Server: AmazonS3 Content-Length: 480 ImportantBlueDocuments documents/ priority high class blue ``` ### Third Sample Request Retrieve a metrics configuration that enables metrics for a specific access point. ``` GET /?metrics&id=ImportantDocumentsAccessPoint HTTP/1.1 Host: amzn-s3-demo-bucket.s3..amazonaws.com x-amz-date: Thu, 26 Aug 2021 00:17:21 GMT Authorization: signatureValue ``` ### Third Sample Response This example illustrates one usage of GetBucketMetricsConfiguration. ``` HTTP/1.1 200 OK x-amz-id-2: ITnGT1y4REXAMPLEPi4hklTXouTf0hccUjo0iCPEXAMPLEutBj3M7fPGlWO2SEWp x-amz-request-id: 51991EXAMPLE5321 Date: Thu, 26 Aug 2021 00:17:22 GMT Server: AmazonS3 Content-Length: 480 ImportantDocumentsAccessPoint arn:aws:s3:us-west-2:123456789012:accesspoint/test ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/GetBucketMetricsConfiguration) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/GetBucketMetricsConfiguration) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/GetBucketMetricsConfiguration) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/GetBucketMetricsConfiguration) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/GetBucketMetricsConfiguration) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/GetBucketMetricsConfiguration) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/GetBucketMetricsConfiguration) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/GetBucketMetricsConfiguration) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/GetBucketMetricsConfiguration) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/GetBucketMetricsConfiguration) # GetBucketNotification **Note** This operation is not supported for directory buckets. No longer used, see [GetBucketNotificationConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketNotificationConfiguration.html). ## Request Syntax ``` GET /?notification HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-expected-bucket-owner: ExpectedBucketOwner ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_GetBucketNotification_RequestSyntax) ** The name of the bucket for which to get the notification configuration. When you use this API operation with an access point, provide the alias of the access point in place of the bucket name. When you use this API operation with an Object Lambda access point, provide the alias of the Object Lambda access point in place of the bucket name. If the Object Lambda access point alias in a request is not valid, the error code `InvalidAccessPointAliasError` is returned. For more information about `InvalidAccessPointAliasError`, see [List of Error Codes](https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList). Required: Yes ** [x-amz-expected-bucket-owner](#API_GetBucketNotification_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ## Request Body The request does not have a request body. ## Response Syntax ``` HTTP/1.1 200 string string ... string string string string ... string string string string string ... string string ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response. The following data is returned in XML format by the service. ** [NotificationConfiguration](#API_GetBucketNotification_ResponseSyntax) ** Root level tag for the NotificationConfiguration parameters. Required: Yes ** [CloudFunctionConfiguration](#API_GetBucketNotification_ResponseSyntax) ** Container for specifying the AWS Lambda notification configuration. Type: [CloudFunctionConfiguration](API_CloudFunctionConfiguration.md) data type ** [QueueConfiguration](#API_GetBucketNotification_ResponseSyntax) ** This data type is deprecated. This data type specifies the configuration for publishing messages to an Amazon Simple Queue Service (Amazon SQS) queue when Amazon S3 detects specified events. Type: [QueueConfigurationDeprecated](API_QueueConfigurationDeprecated.md) data type ** [TopicConfiguration](#API_GetBucketNotification_ResponseSyntax) ** This data type is deprecated. A container for specifying the configuration for publication of messages to an Amazon Simple Notification Service (Amazon SNS) topic when Amazon S3 detects specified events. Type: [TopicConfigurationDeprecated](API_TopicConfigurationDeprecated.md) data type ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/GetBucketNotification) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/GetBucketNotification) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/GetBucketNotification) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/GetBucketNotification) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/GetBucketNotification) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/GetBucketNotification) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/GetBucketNotification) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/GetBucketNotification) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/GetBucketNotification) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/GetBucketNotification) # GetBucketNotificationConfiguration **Note** This operation is not supported for directory buckets. Returns the notification configuration of a bucket. If notifications are not enabled on the bucket, the action returns an empty `NotificationConfiguration` element. By default, you must be the bucket owner to read the notification configuration of a bucket. However, the bucket owner can use a bucket policy to grant permission to other users to read this configuration with the `s3:GetBucketNotification` permission. When you use this API operation with an access point, provide the alias of the access point in place of the bucket name. When you use this API operation with an Object Lambda access point, provide the alias of the Object Lambda access point in place of the bucket name. If the Object Lambda access point alias in a request is not valid, the error code `InvalidAccessPointAliasError` is returned. For more information about `InvalidAccessPointAliasError`, see [List of Error Codes](https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList). For more information about setting and reading the notification configuration on a bucket, see [Setting Up Notification of Bucket Events](https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html). For more information about bucket policies, see [Using Bucket Policies](https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html). The following action is related to `GetBucketNotification`: + [PutBucketNotification](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketNotification.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` GET /?notification HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-expected-bucket-owner: ExpectedBucketOwner ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_GetBucketNotificationConfiguration_RequestSyntax) ** The name of the bucket for which to get the notification configuration. When you use this API operation with an access point, provide the alias of the access point in place of the bucket name. When you use this API operation with an Object Lambda access point, provide the alias of the Object Lambda access point in place of the bucket name. If the Object Lambda access point alias in a request is not valid, the error code `InvalidAccessPointAliasError` is returned. For more information about `InvalidAccessPointAliasError`, see [List of Error Codes](https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList). Required: Yes ** [x-amz-expected-bucket-owner](#API_GetBucketNotificationConfiguration_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ## Request Body The request does not have a request body. ## Response Syntax ``` HTTP/1.1 200 string ... string string ... string string ... string ... string string ... string string ... string ... string string ... string string ... ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response. The following data is returned in XML format by the service. ** [NotificationConfiguration](#API_GetBucketNotificationConfiguration_ResponseSyntax) ** Root level tag for the NotificationConfiguration parameters. Required: Yes ** [CloudFunctionConfiguration](#API_GetBucketNotificationConfiguration_ResponseSyntax) ** Describes the AWS Lambda functions to invoke and the events for which to invoke them. Type: Array of [LambdaFunctionConfiguration](API_LambdaFunctionConfiguration.md) data types ** [EventBridgeConfiguration](#API_GetBucketNotificationConfiguration_ResponseSyntax) ** Enables delivery of events to Amazon EventBridge. Type: [EventBridgeConfiguration](API_EventBridgeConfiguration.md) data type ** [QueueConfiguration](#API_GetBucketNotificationConfiguration_ResponseSyntax) ** The Amazon Simple Queue Service queues to publish messages to and the events for which to publish messages. Type: Array of [QueueConfiguration](API_QueueConfiguration.md) data types ** [TopicConfiguration](#API_GetBucketNotificationConfiguration_ResponseSyntax) ** The topic to which notifications are sent and the events for which notifications are generated. Type: Array of [TopicConfiguration](API_TopicConfiguration.md) data types ## Examples ### Sample Request This request returns the notification configuration on the bucket `amzn-s3-demo-bucket.s3..amazonaws.com`. ``` GET ?notification HTTP/1.1 Host: amzn-s3-demo-bucket.s3..amazonaws.com Date: Wed, 15 Oct 2014 16:59:03 GMT Authorization: authorization string ``` ### Sample Response This response returns that the notification configuration for the specified bucket. ``` HTTP/1.1 200 OK x-amz-id-2: YgIPIfBiKa2bj0KMgUAdQkf3ShJTOOpXUueF6QKo x-amz-request-id: 236A8905248E5A02 Date: Wed, 15 Oct 2014 16:59:04 GMT Server: AmazonS3 YjVkM2Y0YmUtNGI3NC00ZjQyLWEwNGItNDIyYWUxY2I0N2M4 arn:aws:sns:us-east-1:account-id:s3notificationtopic2 s3:ReducedRedundancyLostObject s3:ObjectCreated:* ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/GetBucketNotificationConfiguration) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/GetBucketNotificationConfiguration) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/GetBucketNotificationConfiguration) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/GetBucketNotificationConfiguration) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/GetBucketNotificationConfiguration) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/GetBucketNotificationConfiguration) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/GetBucketNotificationConfiguration) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/GetBucketNotificationConfiguration) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/GetBucketNotificationConfiguration) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/GetBucketNotificationConfiguration) # GetBucketOwnershipControls **Note** This operation is not supported for directory buckets. Retrieves `OwnershipControls` for an Amazon S3 bucket. To use this operation, you must have the `s3:GetBucketOwnershipControls` permission. For more information about Amazon S3 permissions, see [Specifying permissions in a policy](https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html). **Note** A bucket doesn't have `OwnershipControls` settings in the following cases: The bucket was created before the `BucketOwnerEnforced` ownership setting was introduced and you've never explicitly applied this value You've manually deleted the bucket ownership control value using the `DeleteBucketOwnershipControls` API operation. By default, Amazon S3 sets `OwnershipControls` for all newly created buckets. For information about Amazon S3 Object Ownership, see [Using Object Ownership](https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html). The following operations are related to `GetBucketOwnershipControls`: + [PutBucketOwnershipControls](API_PutBucketOwnershipControls.md) + [DeleteBucketOwnershipControls](API_DeleteBucketOwnershipControls.md) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` GET /?ownershipControls HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-expected-bucket-owner: ExpectedBucketOwner ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_GetBucketOwnershipControls_RequestSyntax) ** The name of the Amazon S3 bucket whose `OwnershipControls` you want to retrieve. Required: Yes ** [x-amz-expected-bucket-owner](#API_GetBucketOwnershipControls_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ## Request Body The request does not have a request body. ## Response Syntax ``` HTTP/1.1 200 string ... ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response. The following data is returned in XML format by the service. ** [OwnershipControls](#API_GetBucketOwnershipControls_ResponseSyntax) ** Root level tag for the OwnershipControls parameters. Required: Yes ** [Rule](#API_GetBucketOwnershipControls_ResponseSyntax) ** The container element for an ownership control rule. Type: Array of [OwnershipControlsRule](API_OwnershipControlsRule.md) data types ## Examples ### Sample GetBucketOwnershipControls Request for BucketOwnerEnforced This example illustrates one usage of GetBucketOwnershipControls. ``` GET /amzn-s3-demo-bucket?/ownershipControls HTTP/1.1 Host: amzn-s3-demo-bucket.s3..amazonaws.com Date: Mon, 29 Nov 2021 00:17:22 GMT Authorization: signatureValue; ``` ### Sample GetBucketOwnershipControls Response This example illustrates one usage of GetBucketOwnershipControls. ``` HTTP/1.1 200 OK x-amz-id-2: Adphn7MaAHDEg9mh5JmcTN8mzyVX0JhIztSiQNaqTxnXXcYi4uiZbYdwWC3JXmh/XXVUUQwO4Vs= x-amz-request-id: 252631E05F84A415 Date: Mon, 29 Nov 2021 00:17:22 GMT Server: AmazonS3 Content-Length: 194 BucketOwnerEnforced ``` ### Sample GetBucketOwnershipControls Request for BucketOwnerPreferred This example illustrates one usage of GetBucketOwnershipControls. ``` GET /amzn-s3-demo-bucket?/ownershipControls HTTP/1.1 Host: amzn-s3-demo-bucket.s3..amazonaws.com Date: Thu, 18 Jun 2017 00:17:22 GMT Authorization: signatureValue; ``` ### Sample GetBucketOwnershipControls Response This example illustrates one usage of GetBucketOwnershipControls. ``` HTTP/1.1 200 OK x-amz-id-2: Adphn7MaAHDEg9mh5JmcTN8mzyVX0JhIztSiQNaqTxnXXcYi4uiZbYdwWC3JXmh/XXVUUQwO4Vs= x-amz-request-id: 252631E05F84A415 Date: Thu, 18 Jun 2020 00:17:22 GMT Server: AmazonS3 Content-Length: 194 BucketOwnerPreferred ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/GetBucketOwnershipControls) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/GetBucketOwnershipControls) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/GetBucketOwnershipControls) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/GetBucketOwnershipControls) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/GetBucketOwnershipControls) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/GetBucketOwnershipControls) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/GetBucketOwnershipControls) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/GetBucketOwnershipControls) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/GetBucketOwnershipControls) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/GetBucketOwnershipControls) # GetBucketPolicy Returns the policy of a specified bucket. **Note** **Directory buckets ** - For directory buckets, you must make requests for this API operation to the Regional endpoint. These endpoints support path-style requests in the format `https://s3express-control.region-code.amazonaws.com/bucket-name `. Virtual-hosted-style requests aren't supported. For more information about endpoints in Availability Zones, see [Regional and Zonal endpoints for directory buckets in Availability Zones](https://docs.aws.amazon.com/AmazonS3/latest/userguide/endpoint-directory-buckets-AZ.html) in the *Amazon S3 User Guide*. For more information about endpoints in Local Zones, see [Concepts for directory buckets in Local Zones](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-lzs-for-directory-buckets.html) in the *Amazon S3 User Guide*. Permissions If you are using an identity other than the root user of the AWS account that owns the bucket, the calling identity must both have the `GetBucketPolicy` permissions on the specified bucket and belong to the bucket owner's account in order to use this operation. If you don't have `GetBucketPolicy` permissions, Amazon S3 returns a `403 Access Denied` error. If you have the correct permissions, but you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a `405 Method Not Allowed` error. To ensure that bucket owners don't inadvertently lock themselves out of their own buckets, the root principal in a bucket owner's AWS account can perform the `GetBucketPolicy`, `PutBucketPolicy`, and `DeleteBucketPolicy` API actions, even if their bucket policy explicitly denies the root principal's access. Bucket owner root principals can only be blocked from performing these API actions by VPC endpoint policies and AWS Organizations policies. + **General purpose bucket permissions** - The `s3:GetBucketPolicy` permission is required in a policy. For more information about general purpose buckets bucket policies, see [Using Bucket Policies and User Policies](https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html) in the *Amazon S3 User Guide*. + **Directory bucket permissions** - To grant access to this API operation, you must have the `s3express:GetBucketPolicy` permission in an IAM identity-based policy instead of a bucket policy. Cross-account access to this API operation isn't supported. This operation can only be performed by the AWS account that owns the resource. For more information about directory bucket policies and permissions, see [AWS Identity and Access Management (IAM) for S3 Express One Zone](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam.html) in the *Amazon S3 User Guide*. Example bucket policies **General purpose buckets example bucket policies** - See [Bucket policy examples](https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html) in the *Amazon S3 User Guide*. **Directory bucket example bucket policies** - See [Example bucket policies for S3 Express One Zone](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-example-bucket-policies.html) in the *Amazon S3 User Guide*. HTTP Host header syntax **Directory buckets ** - The HTTP Host header syntax is `s3express-control.region-code.amazonaws.com`. The following action is related to `GetBucketPolicy`: + [GetObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` GET /?policy HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-expected-bucket-owner: ExpectedBucketOwner ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_GetBucketPolicy_RequestSyntax) ** The bucket name to get the bucket policy for. **Directory buckets ** - When you use this operation with a directory bucket, you must use path-style requests in the format `https://s3express-control.region-code.amazonaws.com/bucket-name `. Virtual-hosted-style requests aren't supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must also follow the format ` bucket-base-name--zone-id--x-s3` (for example, ` DOC-EXAMPLE-BUCKET--usw2-az1--x-s3`). For information about bucket naming restrictions, see [Directory bucket naming rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) in the *Amazon S3 User Guide* **Access points** - When you use this API operation with an access point, provide the alias of the access point in place of the bucket name. **Object Lambda access points** - When you use this API operation with an Object Lambda access point, provide the alias of the Object Lambda access point in place of the bucket name. If the Object Lambda access point alias in a request is not valid, the error code `InvalidAccessPointAliasError` is returned. For more information about `InvalidAccessPointAliasError`, see [List of Error Codes](https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList). Object Lambda access points are not supported by directory buckets. Required: Yes ** [x-amz-expected-bucket-owner](#API_GetBucketPolicy_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). For directory buckets, this header is not supported in this API operation. If you specify this header, the request fails with the HTTP status code `501 Not Implemented`. ## Request Body The request does not have a request body. ## Response Syntax ``` HTTP/1.1 200 { Policy in JSON format } ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response. The following data is returned in JSON format by the service. ** [Policy](#API_GetBucketPolicy_ResponseSyntax) ** ## Examples ### Sample Request for general purpose buckets The following request returns the policy of the specified bucket. ``` GET ?policy HTTP/1.1 Host: amzn-s3-demo-bucket.s3..amazonaws.com Date: Wed, 28 Oct 2009 22:32:00 GMT Authorization: authorization string ``` ### Sample Response for general purpose buckets This example illustrates one usage of GetBucketPolicy. ``` HTTP/1.1 200 OK x-amz-id-2: Uuag1LuByru9pO4SAMPLEAtRPfTaOFg== x-amz-request-id: 656c76696e67SAMPLE57374 Date: Tue, 04 Apr 2010 20:34:56 GMT Connection: keep-alive Server: AmazonS3 { "Version":"2008-10-17", "Id":"aaaa-bbbb-cccc-dddd", "Statement" : [ { "Effect":"Deny", "Sid":"1", "Principal" : { "AWS":["111122223333","444455556666"] }, "Action":["s3:*"], "Resource":"arn:aws:s3:::bucket/*" } ] } ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/GetBucketPolicy) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/GetBucketPolicy) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/GetBucketPolicy) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/GetBucketPolicy) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/GetBucketPolicy) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/GetBucketPolicy) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/GetBucketPolicy) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/GetBucketPolicy) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/GetBucketPolicy) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/GetBucketPolicy) # GetBucketPolicyStatus **Note** This operation is not supported for directory buckets. Retrieves the policy status for an Amazon S3 bucket, indicating whether the bucket is public. In order to use this operation, you must have the `s3:GetBucketPolicyStatus` permission. For more information about Amazon S3 permissions, see [Specifying Permissions in a Policy](https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html). For more information about when Amazon S3 considers a bucket public, see [The Meaning of "Public"](https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status). The following operations are related to `GetBucketPolicyStatus`: + [Using Amazon S3 Block Public Access](https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html) + [GetPublicAccessBlock](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetPublicAccessBlock.html) + [PutPublicAccessBlock](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutPublicAccessBlock.html) + [DeletePublicAccessBlock](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeletePublicAccessBlock.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` GET /?policyStatus HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-expected-bucket-owner: ExpectedBucketOwner ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_GetBucketPolicyStatus_RequestSyntax) ** The name of the Amazon S3 bucket whose policy status you want to retrieve. Required: Yes ** [x-amz-expected-bucket-owner](#API_GetBucketPolicyStatus_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ## Request Body The request does not have a request body. ## Response Syntax ``` HTTP/1.1 200 boolean ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response. The following data is returned in XML format by the service. ** [PolicyStatus](#API_GetBucketPolicyStatus_ResponseSyntax) ** Root level tag for the PolicyStatus parameters. Required: Yes ** [IsPublic](#API_GetBucketPolicyStatus_ResponseSyntax) ** The policy status for this bucket. `TRUE` indicates that this bucket is public. `FALSE` indicates that the bucket is not public. Type: Boolean ## Examples ### Sample Request The following request gets a bucket policy status. ``` GET /?policyStatus HTTP/1.1 Host: .s3..amazonaws.com x-amz-date: Authorization: ``` ### Sample Response This example illustrates one usage of GetBucketPolicyStatus. ``` HTTP/1.1 200 OK x-amz-id-2: ITnGT1y4REXAMPLEPi4hklTXouTf0hccUjo0iCPEXAMPLEutBj3M7fPGlWO2SEWp x-amz-request-id: 51991EXAMPLE5321 Date: Thu, 15 Nov 2016 00:17:22 GMT Server: AmazonS3 Content-Length: 0 TRUE ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/GetBucketPolicyStatus) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/GetBucketPolicyStatus) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/GetBucketPolicyStatus) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/GetBucketPolicyStatus) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/GetBucketPolicyStatus) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/GetBucketPolicyStatus) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/GetBucketPolicyStatus) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/GetBucketPolicyStatus) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/GetBucketPolicyStatus) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/GetBucketPolicyStatus) # GetBucketReplication **Note** This operation is not supported for directory buckets. Returns the replication configuration of a bucket. **Note** It can take a while to propagate the put or delete a replication configuration to all Amazon S3 systems. Therefore, a get request soon after put or delete can return a wrong result. For information about replication configuration, see [Replication](https://docs.aws.amazon.com/AmazonS3/latest/dev/replication.html) in the *Amazon S3 User Guide*. This action requires permissions for the `s3:GetReplicationConfiguration` action. For more information about permissions, see [Using Bucket Policies and User Policies](https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html). If you include the `Filter` element in a replication configuration, you must also include the `DeleteMarkerReplication` and `Priority` elements. The response also returns those elements. For information about `GetBucketReplication` errors, see [List of replication-related error codes](https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ReplicationErrorCodeList) The following operations are related to `GetBucketReplication`: + [PutBucketReplication](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketReplication.html) + [DeleteBucketReplication](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketReplication.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` GET /?replication HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-expected-bucket-owner: ExpectedBucketOwner ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_GetBucketReplication_RequestSyntax) ** The bucket name for which to get the replication information. Required: Yes ** [x-amz-expected-bucket-owner](#API_GetBucketReplication_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ## Request Body The request does not have a request body. ## Response Syntax ``` HTTP/1.1 200 string string string string string string integer string string integer string string string string string ... string string string string string integer string string string ... ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response. The following data is returned in XML format by the service. ** [ReplicationConfiguration](#API_GetBucketReplication_ResponseSyntax) ** Root level tag for the ReplicationConfiguration parameters. Required: Yes ** [Role](#API_GetBucketReplication_ResponseSyntax) ** The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role that Amazon S3 assumes when replicating objects. For more information, see [How to Set Up Replication](https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-how-setup.html) in the *Amazon S3 User Guide*. Type: String ** [Rule](#API_GetBucketReplication_ResponseSyntax) ** A container for one or more replication rules. A replication configuration must have at least one rule and can contain a maximum of 1,000 rules. Type: Array of [ReplicationRule](API_ReplicationRule.md) data types ## Examples ### Sample Request: Retrieve replication configuration information The following GET request retrieves information about the replication configuration set for the `amzn-s3-demo-bucket` bucket: ``` GET /?replication HTTP/1.1 Host: amzn-s3-demo-bucket.s3..amazonaws.com Date: Tue, 10 Feb 2015 00:17:21 GMT Authorization: authorization string ``` ### Sample Response The following response shows that replication is enabled on the bucket. The empty prefix indicates that Amazon S3 will replicate all objects that are created in the `amzn-s3-demo-bucket` bucket. The `Destination` element identifies the target bucket where Amazon S3 creates the object replicas, and the storage class (STANDARD\$1IA) that Amazon S3 uses when creating replicas. Amazon S3 assumes the specified IAM role to replicate objects on behalf of the bucket owner, which is the AWS account that created the bucket. ``` HTTP/1.1 200 OK x-amz-id-2: ITnGT1y4RyTmXa3rPi4hklTXouTf0hccUjo0iCPjz6FnfIutBj3M7fPGlWO2SEWp x-amz-request-id: 51991C342example Date: Tue, 10 Feb 2015 00:17:23 GMT Server: AmazonS3 Content-Length: contentlength arn:aws:iam::35667example:role/CrossRegionReplicationRoleForS3 rule1 Enabled 1 Disabled TaxDocs key1 value1 key1 value1 arn:aws:s3:::exampletargetbucket ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/GetBucketReplication) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/GetBucketReplication) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/GetBucketReplication) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/GetBucketReplication) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/GetBucketReplication) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/GetBucketReplication) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/GetBucketReplication) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/GetBucketReplication) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/GetBucketReplication) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/GetBucketReplication) # GetBucketRequestPayment **Note** This operation is not supported for directory buckets. Returns the request payment configuration of a bucket. To use this version of the operation, you must be the bucket owner. For more information, see [Requester Pays Buckets](https://docs.aws.amazon.com/AmazonS3/latest/dev/RequesterPaysBuckets.html). The following operations are related to `GetBucketRequestPayment`: + [ListObjects](https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjects.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` GET /?requestPayment HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-expected-bucket-owner: ExpectedBucketOwner ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_GetBucketRequestPayment_RequestSyntax) ** The name of the bucket for which to get the payment request configuration Required: Yes ** [x-amz-expected-bucket-owner](#API_GetBucketRequestPayment_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ## Request Body The request does not have a request body. ## Response Syntax ``` HTTP/1.1 200 string ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response. The following data is returned in XML format by the service. ** [RequestPaymentConfiguration](#API_GetBucketRequestPayment_ResponseSyntax) ** Root level tag for the RequestPaymentConfiguration parameters. Required: Yes ** [Payer](#API_GetBucketRequestPayment_ResponseSyntax) ** Specifies who pays for the download and request fees. Type: String Valid Values: `Requester | BucketOwner` ## Examples ### Sample Request The following request returns the payer for the bucket, `amzn-s3-demo-bucket`. ``` GET ?requestPayment HTTP/1.1 Host: amzn-s3-demo-bucket.s3..amazonaws.com Date: Wed, 01 Mar 2009 12:00:00 GMT Authorization: authorization string ``` ### Sample Response This response shows that the bucket is a Requester Pays bucket, meaning the person requesting a download from this bucket pays the transfer fees. ``` HTTP/1.1 200 OK x-amz-id-2: YgIPIfBiKa2bj0KMg95r/0zo3emzU4dzsD4rcKCHQUAdQkf3ShJTOOpXUueF6QKo x-amz-request-id: 236A8905248E5A01 Date: Wed, 01 Mar 2009 12:00:00 GMT Content-Type: [type] Content-Length: 0 Connection: close Server: AmazonS3 Requester ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/GetBucketRequestPayment) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/GetBucketRequestPayment) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/GetBucketRequestPayment) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/GetBucketRequestPayment) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/GetBucketRequestPayment) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/GetBucketRequestPayment) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/GetBucketRequestPayment) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/GetBucketRequestPayment) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/GetBucketRequestPayment) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/GetBucketRequestPayment) # GetBucketTagging **Note** This operation is not supported for directory buckets. Returns the tag set associated with the general purpose bucket. To use this operation, you must have permission to perform the `s3:GetBucketTagging` action. By default, the bucket owner has this permission and can grant this permission to others. `GetBucketTagging` has the following special error: + Error code: `NoSuchTagSet` + Description: There is no tag set associated with the bucket. The following operations are related to `GetBucketTagging`: + [PutBucketTagging](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketTagging.html) + [DeleteBucketTagging](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketTagging.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` GET /?tagging HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-expected-bucket-owner: ExpectedBucketOwner ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_GetBucketTagging_RequestSyntax) ** The name of the bucket for which to get the tagging information. Required: Yes ** [x-amz-expected-bucket-owner](#API_GetBucketTagging_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ## Request Body The request does not have a request body. ## Response Syntax ``` HTTP/1.1 200 string string ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response. The following data is returned in XML format by the service. ** [Tagging](#API_GetBucketTagging_ResponseSyntax) ** Root level tag for the Tagging parameters. Required: Yes ** [TagSet](#API_GetBucketTagging_ResponseSyntax) ** Contains the tag set. Type: Array of [Tag](API_Tag.md) data types ## Examples ### Sample Request The following request returns the tag set of the specified bucket. ``` GET ?tagging HTTP/1.1 Host: amzn-s3-demo-bucket.s3..amazonaws.com Date: Wed, 28 Oct 2009 22:32:00 GMT Authorization: authorization string ``` ### Sample Response Delete the metric configuration with a specified ID, which disables the CloudWatch metrics with the `ExampleMetrics` value for the `FilterId` dimension. ``` HTTP/1.1 200 OK Date: Wed, 25 Nov 2009 12:00:00 GMT Connection: close Server: AmazonS3 Project Project One User jsmith ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/GetBucketTagging) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/GetBucketTagging) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/GetBucketTagging) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/GetBucketTagging) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/GetBucketTagging) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/GetBucketTagging) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/GetBucketTagging) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/GetBucketTagging) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/GetBucketTagging) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/GetBucketTagging) # GetBucketVersioning **Note** This operation is not supported for directory buckets. Returns the versioning state of a bucket. To retrieve the versioning state of a bucket, you must be the bucket owner. This implementation also returns the MFA Delete status of the versioning state. If the MFA Delete status is `enabled`, the bucket owner must use an authentication device to change the versioning state of the bucket. The following operations are related to `GetBucketVersioning`: + [GetObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html) + [PutObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html) + [DeleteObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` GET /?versioning HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-expected-bucket-owner: ExpectedBucketOwner ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_GetBucketVersioning_RequestSyntax) ** The name of the bucket for which to get the versioning information. Required: Yes ** [x-amz-expected-bucket-owner](#API_GetBucketVersioning_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ## Request Body The request does not have a request body. ## Response Syntax ``` HTTP/1.1 200 string string ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response. The following data is returned in XML format by the service. ** [VersioningConfiguration](#API_GetBucketVersioning_ResponseSyntax) ** Root level tag for the VersioningConfiguration parameters. Required: Yes ** [MFADelete](#API_GetBucketVersioning_ResponseSyntax) ** Specifies whether MFA delete is enabled in the bucket versioning configuration. This element is only returned if the bucket has been configured with MFA delete. If the bucket has never been so configured, this element is not returned. Type: String Valid Values: `Enabled | Disabled` ** [Status](#API_GetBucketVersioning_ResponseSyntax) ** The versioning state of the bucket. Type: String Valid Values: `Enabled | Suspended` ## Examples ### Example This example returns the versioning state of `amzn-s3-demo-bucket`. ``` GET /?versioning HTTP/1.1 Host:amzn-s3-demo-bucket.s3..amazonaws.com Date: Wed, 12 Oct 2009 17:50:00 GMT Authorization: authorization string Content-Type: text/plain ``` ### Example There are three versioning states: If you enabled versioning on a bucket, the response is: ``` Enabled ``` ### Example If you suspended versioning on a bucket, the response is: ``` Suspended ``` ### Example If you never enabled (or suspended) versioning on a bucket, the response is: ``` ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/GetBucketVersioning) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/GetBucketVersioning) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/GetBucketVersioning) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/GetBucketVersioning) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/GetBucketVersioning) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/GetBucketVersioning) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/GetBucketVersioning) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/GetBucketVersioning) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/GetBucketVersioning) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/GetBucketVersioning) # GetBucketWebsite **Note** This operation is not supported for directory buckets. Returns the website configuration for a bucket. To host website on Amazon S3, you can configure a bucket as website by adding a website configuration. For more information about hosting websites, see [Hosting Websites on Amazon S3](https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html). This GET action requires the `S3:GetBucketWebsite` permission. By default, only the bucket owner can read the bucket website configuration. However, bucket owners can allow other users to read the website configuration by writing a bucket policy granting them the `S3:GetBucketWebsite` permission. The following operations are related to `GetBucketWebsite`: + [DeleteBucketWebsite](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketWebsite.html) + [PutBucketWebsite](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketWebsite.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` GET /?website HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-expected-bucket-owner: ExpectedBucketOwner ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_GetBucketWebsite_RequestSyntax) ** The bucket name for which to get the website configuration. Required: Yes ** [x-amz-expected-bucket-owner](#API_GetBucketWebsite_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ## Request Body The request does not have a request body. ## Response Syntax ``` HTTP/1.1 200 string string string string string string string string string string string ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response. The following data is returned in XML format by the service. ** [WebsiteConfiguration](#API_GetBucketWebsite_ResponseSyntax) ** Root level tag for the WebsiteConfiguration parameters. Required: Yes ** [ErrorDocument](#API_GetBucketWebsite_ResponseSyntax) ** The object key name of the website error document to use for 4XX class errors. Type: [ErrorDocument](API_ErrorDocument.md) data type ** [IndexDocument](#API_GetBucketWebsite_ResponseSyntax) ** The name of the index document for the website (for example `index.html`). Type: [IndexDocument](API_IndexDocument.md) data type ** [RedirectAllRequestsTo](#API_GetBucketWebsite_ResponseSyntax) ** Specifies the redirect behavior of all requests to a website endpoint of an Amazon S3 bucket. Type: [RedirectAllRequestsTo](API_RedirectAllRequestsTo.md) data type ** [RoutingRules](#API_GetBucketWebsite_ResponseSyntax) ** Rules that define when a redirect is applied and the redirect behavior. Type: Array of [RoutingRule](API_RoutingRule.md) data types ## Examples ### Sample Request This request retrieves website configuration on the specified bucket. ``` GET ?website HTTP/1.1 Host: amzn-s3-demo-bucket.s3..amazonaws.com Date: Thu, 27 Jan 2011 00:49:20 GMT Authorization: AWS AKIAIOSFODNN7EXAMPLE:n0Nhek72Ufg/u7Sm5C1dqRLs8XX= ``` ### Sample Response This example illustrates one usage of GetBucketWebsite. ``` HTTP/1.1 200 OK x-amz-id-2: YgIPIfBiKa2bj0KMgUAdQkf3ShJTOOpXUueF6QKo x-amz-request-id: 3848CD259D811111 Date: Thu, 27 Jan 2011 00:49:26 GMT Content-Length: 240 Content-Type: application/xml Transfer-Encoding: chunked Server: AmazonS3 index.html 404.html ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/GetBucketWebsite) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/GetBucketWebsite) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/GetBucketWebsite) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/GetBucketWebsite) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/GetBucketWebsite) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/GetBucketWebsite) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/GetBucketWebsite) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/GetBucketWebsite) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/GetBucketWebsite) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/GetBucketWebsite) # GetObject Retrieves an object from Amazon S3. In the `GetObject` request, specify the full key name for the object. **General purpose buckets** - Both the virtual-hosted-style requests and the path-style requests are supported. For a virtual hosted-style request example, if you have the object `photos/2006/February/sample.jpg`, specify the object key name as `/photos/2006/February/sample.jpg`. For a path-style request example, if you have the object `photos/2006/February/sample.jpg` in the bucket named `examplebucket`, specify the object key name as `/examplebucket/photos/2006/February/sample.jpg`. For more information about request types, see [HTTP Host Header Bucket Specification](https://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html#VirtualHostingSpecifyBucket) in the *Amazon S3 User Guide*. **Directory buckets** - Only virtual-hosted-style requests are supported. For a virtual hosted-style request example, if you have the object `photos/2006/February/sample.jpg` in the bucket named `amzn-s3-demo-bucket--usw2-az1--x-s3`, specify the object key name as `/photos/2006/February/sample.jpg`. Also, when you make requests to this API operation, your requests are sent to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format `https://bucket-name.s3express-zone-id.region-code.amazonaws.com/key-name `. Path-style requests are not supported. For more information about endpoints in Availability Zones, see [Regional and Zonal endpoints for directory buckets in Availability Zones](https://docs.aws.amazon.com/AmazonS3/latest/userguide/endpoint-directory-buckets-AZ.html) in the *Amazon S3 User Guide*. For more information about endpoints in Local Zones, see [Concepts for directory buckets in Local Zones](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-lzs-for-directory-buckets.html) in the *Amazon S3 User Guide*. Permissions + **General purpose bucket permissions** - You must have the required permissions in a policy. To use `GetObject`, you must have the `READ` access to the object (or version). If you grant `READ` access to the anonymous user, the `GetObject` operation returns the object without using an authorization header. For more information, see [Specifying permissions in a policy](https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html) in the *Amazon S3 User Guide*. If you include a `versionId` in your request header, you must have the `s3:GetObjectVersion` permission to access a specific version of an object. The `s3:GetObject` permission is not required in this scenario. If you request the current version of an object without a specific `versionId` in the request header, only the `s3:GetObject` permission is required. The `s3:GetObjectVersion` permission is not required in this scenario. If the object that you request doesn’t exist, the error that Amazon S3 returns depends on whether you also have the `s3:ListBucket` permission. + If you have the `s3:ListBucket` permission on the bucket, Amazon S3 returns an HTTP status code `404 Not Found` error. + If you don’t have the `s3:ListBucket` permission, Amazon S3 returns an HTTP status code `403 Access Denied` error. + **Directory bucket permissions** - To grant access to this API operation on a directory bucket, we recommend that you use the [https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) API operation for session-based authorization. Specifically, you grant the `s3express:CreateSession` permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the `CreateSession` API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another `CreateSession` API call to generate a new session token for use. AWS CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see [https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). If the object is encrypted using SSE-KMS, you must also have the `kms:GenerateDataKey` and `kms:Decrypt` permissions in IAM identity-based policies and AWS KMS key policies for the AWS KMS key. Storage classes If the object you are retrieving is stored in the S3 Glacier Flexible Retrieval storage class, the S3 Glacier Deep Archive storage class, the S3 Intelligent-Tiering Archive Access tier, or the S3 Intelligent-Tiering Deep Archive Access tier, before you can retrieve the object you must first restore a copy using [RestoreObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html). Otherwise, this operation returns an `InvalidObjectState` error. For information about restoring archived objects, see [Restoring Archived Objects](https://docs.aws.amazon.com/AmazonS3/latest/dev/restoring-objects.html) in the *Amazon S3 User Guide*. **Directory buckets ** - Directory buckets only support `EXPRESS_ONEZONE` (the S3 Express One Zone storage class) in Availability Zones and `ONEZONE_IA` (the S3 One Zone-Infrequent Access storage class) in Dedicated Local Zones. Unsupported storage class values won't write a destination object and will respond with the HTTP status code `400 Bad Request`. Encryption Encryption request headers, like `x-amz-server-side-encryption`, should not be sent for the `GetObject` requests, if your object uses server-side encryption with Amazon S3 managed encryption keys (SSE-S3), server-side encryption with AWS Key Management Service (AWS KMS) keys (SSE-KMS), or dual-layer server-side encryption with AWS KMS keys (DSSE-KMS). If you include the header in your `GetObject` requests for the object that uses these types of keys, you’ll get an HTTP `400 Bad Request` error. **Directory buckets** - For directory buckets, there are only two supported options for server-side encryption: SSE-S3 and SSE-KMS. SSE-C isn't supported. For more information, see [Protecting data with server-side encryption](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-serv-side-encryption.html) in the *Amazon S3 User Guide*. Overriding response header values through the request There are times when you want to override certain response header values of a `GetObject` response. For example, you might override the `Content-Disposition` response header value through your `GetObject` request. You can override values for a set of response headers. These modified response header values are included only in a successful response, that is, when the HTTP status code `200 OK` is returned. The headers you can override using the following query parameters in the request are a subset of the headers that Amazon S3 accepts when you create an object. The response headers that you can override for the `GetObject` response are `Cache-Control`, `Content-Disposition`, `Content-Encoding`, `Content-Language`, `Content-Type`, and `Expires`. To override values for a set of response headers in the `GetObject` response, you can use the following query parameters in the request. + `response-cache-control` + `response-content-disposition` + `response-content-encoding` + `response-content-language` + `response-content-type` + `response-expires` When you use these parameters, you must sign the request by using either an Authorization header or a presigned URL. These parameters cannot be used with an unsigned (anonymous) request. HTTP Host header syntax **Directory buckets ** - The HTTP Host header syntax is ` Bucket-name.s3express-zone-id.region-code.amazonaws.com`. The following operations are related to `GetObject`: + [ListBuckets](https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBuckets.html) + [GetObjectAcl](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAcl.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` GET /Key+?partNumber=PartNumber&response-cache-control=ResponseCacheControl&response-content-disposition=ResponseContentDisposition&response-content-encoding=ResponseContentEncoding&response-content-language=ResponseContentLanguage&response-content-type=ResponseContentType&response-expires=ResponseExpires&versionId=VersionId HTTP/1.1 Host: Bucket.s3.amazonaws.com If-Match: IfMatch If-Modified-Since: IfModifiedSince If-None-Match: IfNoneMatch If-Unmodified-Since: IfUnmodifiedSince Range: Range x-amz-server-side-encryption-customer-algorithm: SSECustomerAlgorithm x-amz-server-side-encryption-customer-key: SSECustomerKey x-amz-server-side-encryption-customer-key-MD5: SSECustomerKeyMD5 x-amz-request-payer: RequestPayer x-amz-expected-bucket-owner: ExpectedBucketOwner x-amz-checksum-mode: ChecksumMode ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_GetObject_RequestSyntax) ** The bucket name containing the object. **Directory buckets** - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format ` Bucket-name.s3express-zone-id.region-code.amazonaws.com`. Path-style requests are not supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must follow the format ` bucket-base-name--zone-id--x-s3` (for example, ` amzn-s3-demo-bucket--usw2-az1--x-s3`). For information about bucket naming restrictions, see [Directory bucket naming rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) in the *Amazon S3 User Guide*. **Access points** - When you use this action with an access point for general purpose buckets, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When you use this action with an access point for directory buckets, you must provide the access point name in place of the bucket name. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com. When using this action with an access point through the AWS SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see [Using access points](https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) in the *Amazon S3 User Guide*. **Object Lambda access points** - When you use this action with an Object Lambda access point, you must direct requests to the Object Lambda access point hostname. The Object Lambda access point hostname takes the form *AccessPointName*-*AccountId*.s3-object-lambda.*Region*.amazonaws.com. Object Lambda access points are not supported by directory buckets. **S3 on Outposts** - When you use this action with S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form ` AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com`. When you use this action with S3 on Outposts, the destination bucket must be the Outposts access point ARN or the access point alias. For more information about S3 on Outposts, see [What is S3 on Outposts?](https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) in the *Amazon S3 User Guide*. Required: Yes ** [If-Match](#API_GetObject_RequestSyntax) ** Return the object only if its entity tag (ETag) is the same as the one specified in this header; otherwise, return a `412 Precondition Failed` error. If both of the `If-Match` and `If-Unmodified-Since` headers are present in the request as follows: `If-Match` condition evaluates to `true`, and; `If-Unmodified-Since` condition evaluates to `false`; then, S3 returns `200 OK` and the data requested. For more information about conditional requests, see [RFC 7232](https://tools.ietf.org/html/rfc7232). ** [If-Modified-Since](#API_GetObject_RequestSyntax) ** Return the object only if it has been modified since the specified time; otherwise, return a `304 Not Modified` error. If both of the `If-None-Match` and `If-Modified-Since` headers are present in the request as follows:` If-None-Match` condition evaluates to `false`, and; `If-Modified-Since` condition evaluates to `true`; then, S3 returns `304 Not Modified` status code. For more information about conditional requests, see [RFC 7232](https://tools.ietf.org/html/rfc7232). ** [If-None-Match](#API_GetObject_RequestSyntax) ** Return the object only if its entity tag (ETag) is different from the one specified in this header; otherwise, return a `304 Not Modified` error. If both of the `If-None-Match` and `If-Modified-Since` headers are present in the request as follows:` If-None-Match` condition evaluates to `false`, and; `If-Modified-Since` condition evaluates to `true`; then, S3 returns `304 Not Modified` HTTP status code. For more information about conditional requests, see [RFC 7232](https://tools.ietf.org/html/rfc7232). ** [If-Unmodified-Since](#API_GetObject_RequestSyntax) ** Return the object only if it has not been modified since the specified time; otherwise, return a `412 Precondition Failed` error. If both of the `If-Match` and `If-Unmodified-Since` headers are present in the request as follows: `If-Match` condition evaluates to `true`, and; `If-Unmodified-Since` condition evaluates to `false`; then, S3 returns `200 OK` and the data requested. For more information about conditional requests, see [RFC 7232](https://tools.ietf.org/html/rfc7232). ** [Key](#API_GetObject_RequestSyntax) ** Key of the object to get. Length Constraints: Minimum length of 1. Required: Yes ** [partNumber](#API_GetObject_RequestSyntax) ** Part number of the object being read. This is a positive integer between 1 and 10,000. Effectively performs a 'ranged' GET request for the part specified. Useful for downloading just a part of an object. ** [Range](#API_GetObject_RequestSyntax) ** Downloads the specified byte range of an object. For more information about the HTTP Range header, see [https://www.rfc-editor.org/rfc/rfc9110.html\$1name-range](https://www.rfc-editor.org/rfc/rfc9110.html#name-range). Amazon S3 doesn't support retrieving multiple ranges of data per `GET` request. ** [response-cache-control](#API_GetObject_RequestSyntax) ** Sets the `Cache-Control` header of the response. ** [response-content-disposition](#API_GetObject_RequestSyntax) ** Sets the `Content-Disposition` header of the response. ** [response-content-encoding](#API_GetObject_RequestSyntax) ** Sets the `Content-Encoding` header of the response. ** [response-content-language](#API_GetObject_RequestSyntax) ** Sets the `Content-Language` header of the response. ** [response-content-type](#API_GetObject_RequestSyntax) ** Sets the `Content-Type` header of the response. ** [response-expires](#API_GetObject_RequestSyntax) ** Sets the `Expires` header of the response. ** [versionId](#API_GetObject_RequestSyntax) ** Version ID used to reference a specific version of the object. By default, the `GetObject` operation returns the current version of an object. To return a different version, use the `versionId` subresource. + If you include a `versionId` in your request header, you must have the `s3:GetObjectVersion` permission to access a specific version of an object. The `s3:GetObject` permission is not required in this scenario. + If you request the current version of an object without a specific `versionId` in the request header, only the `s3:GetObject` permission is required. The `s3:GetObjectVersion` permission is not required in this scenario. + **Directory buckets** - S3 Versioning isn't enabled and supported for directory buckets. For this API operation, only the `null` value of the version ID is supported by directory buckets. You can only specify `null` to the `versionId` query parameter in the request. For more information about versioning, see [PutBucketVersioning](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketVersioning.html). ** [x-amz-checksum-mode](#API_GetObject_RequestSyntax) ** To retrieve the checksum, this mode must be enabled. Valid Values: `ENABLED` ** [x-amz-expected-bucket-owner](#API_GetObject_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ** [x-amz-request-payer](#API_GetObject_RequestSyntax) ** Confirms that the requester knows that they will be charged for the request. Bucket owners need not specify this parameter in their requests. If either the source or destination S3 bucket has Requester Pays enabled, the requester will pay for the corresponding charges. For information about downloading objects from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets](https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) in the *Amazon S3 User Guide*. This functionality is not supported for directory buckets. Valid Values: `requester` ** [x-amz-server-side-encryption-customer-algorithm](#API_GetObject_RequestSyntax) ** Specifies the algorithm to use when decrypting the object (for example, `AES256`). If you encrypt an object by using server-side encryption with customer-provided encryption keys (SSE-C) when you store the object in Amazon S3, then when you GET the object, you must use the following headers: + `x-amz-server-side-encryption-customer-algorithm` + `x-amz-server-side-encryption-customer-key` + `x-amz-server-side-encryption-customer-key-MD5` For more information about SSE-C, see [Server-Side Encryption (Using Customer-Provided Encryption Keys)](https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html) in the *Amazon S3 User Guide*. This functionality is not supported for directory buckets. ** [x-amz-server-side-encryption-customer-key](#API_GetObject_RequestSyntax) ** Specifies the customer-provided encryption key that you originally provided for Amazon S3 to encrypt the data before storing it. This value is used to decrypt the object when recovering it and must match the one used when storing the data. The key must be appropriate for use with the algorithm specified in the `x-amz-server-side-encryption-customer-algorithm` header. If you encrypt an object by using server-side encryption with customer-provided encryption keys (SSE-C) when you store the object in Amazon S3, then when you GET the object, you must use the following headers: + `x-amz-server-side-encryption-customer-algorithm` + `x-amz-server-side-encryption-customer-key` + `x-amz-server-side-encryption-customer-key-MD5` For more information about SSE-C, see [Server-Side Encryption (Using Customer-Provided Encryption Keys)](https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html) in the *Amazon S3 User Guide*. This functionality is not supported for directory buckets. ** [x-amz-server-side-encryption-customer-key-MD5](#API_GetObject_RequestSyntax) ** Specifies the 128-bit MD5 digest of the customer-provided encryption key according to RFC 1321. Amazon S3 uses this header for a message integrity check to ensure that the encryption key was transmitted without error. If you encrypt an object by using server-side encryption with customer-provided encryption keys (SSE-C) when you store the object in Amazon S3, then when you GET the object, you must use the following headers: + `x-amz-server-side-encryption-customer-algorithm` + `x-amz-server-side-encryption-customer-key` + `x-amz-server-side-encryption-customer-key-MD5` For more information about SSE-C, see [Server-Side Encryption (Using Customer-Provided Encryption Keys)](https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html) in the *Amazon S3 User Guide*. This functionality is not supported for directory buckets. ## Request Body The request does not have a request body. ## Response Syntax ``` HTTP/1.1 200 x-amz-delete-marker: DeleteMarker accept-ranges: AcceptRanges x-amz-expiration: Expiration x-amz-restore: Restore Last-Modified: LastModified Content-Length: ContentLength ETag: ETag x-amz-checksum-crc32: ChecksumCRC32 x-amz-checksum-crc32c: ChecksumCRC32C x-amz-checksum-crc64nvme: ChecksumCRC64NVME x-amz-checksum-sha1: ChecksumSHA1 x-amz-checksum-sha256: ChecksumSHA256 x-amz-checksum-type: ChecksumType x-amz-missing-meta: MissingMeta x-amz-version-id: VersionId Cache-Control: CacheControl Content-Disposition: ContentDisposition Content-Encoding: ContentEncoding Content-Language: ContentLanguage Content-Range: ContentRange Content-Type: ContentType Expires: Expires x-amz-website-redirect-location: WebsiteRedirectLocation x-amz-server-side-encryption: ServerSideEncryption x-amz-server-side-encryption-customer-algorithm: SSECustomerAlgorithm x-amz-server-side-encryption-customer-key-MD5: SSECustomerKeyMD5 x-amz-server-side-encryption-aws-kms-key-id: SSEKMSKeyId x-amz-server-side-encryption-bucket-key-enabled: BucketKeyEnabled x-amz-storage-class: StorageClass x-amz-request-charged: RequestCharged x-amz-replication-status: ReplicationStatus x-amz-mp-parts-count: PartsCount x-amz-tagging-count: TagCount x-amz-object-lock-mode: ObjectLockMode x-amz-object-lock-retain-until-date: ObjectLockRetainUntilDate x-amz-object-lock-legal-hold: ObjectLockLegalHoldStatus Body ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response. The response returns the following HTTP headers. ** [accept-ranges](#API_GetObject_ResponseSyntax) ** Indicates that a range of bytes was specified in the request. ** [Cache-Control](#API_GetObject_ResponseSyntax) ** Specifies caching behavior along the request/reply chain. ** [Content-Disposition](#API_GetObject_ResponseSyntax) ** Specifies presentational information for the object. ** [Content-Encoding](#API_GetObject_ResponseSyntax) ** Indicates what content encodings have been applied to the object and thus what decoding mechanisms must be applied to obtain the media-type referenced by the Content-Type header field. ** [Content-Language](#API_GetObject_ResponseSyntax) ** The language the content is in. ** [Content-Length](#API_GetObject_ResponseSyntax) ** Size of the body in bytes. ** [Content-Range](#API_GetObject_ResponseSyntax) ** The portion of the object returned in the response. ** [Content-Type](#API_GetObject_ResponseSyntax) ** A standard MIME type describing the format of the object data. ** [ETag](#API_GetObject_ResponseSyntax) ** An entity tag (ETag) is an opaque identifier assigned by a web server to a specific version of a resource found at a URL. ** [Expires](#API_GetObject_ResponseSyntax) ** The date and time at which the object is no longer cacheable. ** [Last-Modified](#API_GetObject_ResponseSyntax) ** Date and time when the object was last modified. **General purpose buckets ** - When you specify a `versionId` of the object in your request, if the specified version in the request is a delete marker, the response returns a `405 Method Not Allowed` error and the `Last-Modified: timestamp` response header. ** [x-amz-checksum-crc32](#API_GetObject_ResponseSyntax) ** The Base64 encoded, 32-bit `CRC32` checksum of the object. This checksum is only present if the object was uploaded with the object. For more information, see [ Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) in the *Amazon S3 User Guide*. ** [x-amz-checksum-crc32c](#API_GetObject_ResponseSyntax) ** The Base64 encoded, 32-bit `CRC32C` checksum of the object. This checksum is only present if the checksum was uploaded with the object. For more information, see [ Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) in the *Amazon S3 User Guide*. ** [x-amz-checksum-crc64nvme](#API_GetObject_ResponseSyntax) ** The Base64 encoded, 64-bit `CRC64NVME` checksum of the object. For more information, see [Checking object integrity in the Amazon S3 User Guide](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html). ** [x-amz-checksum-sha1](#API_GetObject_ResponseSyntax) ** The Base64 encoded, 160-bit `SHA1` digest of the object. This checksum is only present if the checksum was uploaded with the object. For more information, see [ Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) in the *Amazon S3 User Guide*. ** [x-amz-checksum-sha256](#API_GetObject_ResponseSyntax) ** The Base64 encoded, 256-bit `SHA256` digest of the object. This checksum is only present if the checksum was uploaded with the object. For more information, see [ Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) in the *Amazon S3 User Guide*. ** [x-amz-checksum-type](#API_GetObject_ResponseSyntax) ** The checksum type, which determines how part-level checksums are combined to create an object-level checksum for multipart objects. You can use this header response to verify that the checksum type that is received is the same checksum type that was specified in the `CreateMultipartUpload` request. For more information, see [Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) in the *Amazon S3 User Guide*. Valid Values: `COMPOSITE | FULL_OBJECT` ** [x-amz-delete-marker](#API_GetObject_ResponseSyntax) ** Indicates whether the object retrieved was (true) or was not (false) a Delete Marker. If false, this response header does not appear in the response. + If the current version of the object is a delete marker, Amazon S3 behaves as if the object was deleted and includes `x-amz-delete-marker: true` in the response. + If the specified version in the request is a delete marker, the response returns a `405 Method Not Allowed` error and the `Last-Modified: timestamp` response header. ** [x-amz-expiration](#API_GetObject_ResponseSyntax) ** If the object expiration is configured (see [https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html)), the response includes this header. It includes the `expiry-date` and `rule-id` key-value pairs providing object expiration information. The value of the `rule-id` is URL-encoded. Object expiration information is not returned in directory buckets and this header returns the value "`NotImplemented`" in all responses for directory buckets. ** [x-amz-missing-meta](#API_GetObject_ResponseSyntax) ** This is set to the number of metadata entries not returned in the headers that are prefixed with `x-amz-meta-`. This can happen if you create metadata using an API like SOAP that supports more flexible metadata than the REST API. For example, using SOAP, you can create metadata whose values are not legal HTTP headers. This functionality is not supported for directory buckets. ** [x-amz-mp-parts-count](#API_GetObject_ResponseSyntax) ** The count of parts this object has. This value is only returned if you specify `partNumber` in your request and the object was uploaded as a multipart upload. ** [x-amz-object-lock-legal-hold](#API_GetObject_ResponseSyntax) ** Indicates whether this object has an active legal hold. This field is only returned if you have permission to view an object's legal hold status. This functionality is not supported for directory buckets. Valid Values: `ON | OFF` ** [x-amz-object-lock-mode](#API_GetObject_ResponseSyntax) ** The Object Lock mode that's currently in place for this object. This functionality is not supported for directory buckets. Valid Values: `GOVERNANCE | COMPLIANCE` ** [x-amz-object-lock-retain-until-date](#API_GetObject_ResponseSyntax) ** The date and time when this object's Object Lock will expire. This functionality is not supported for directory buckets. ** [x-amz-replication-status](#API_GetObject_ResponseSyntax) ** Amazon S3 can return this if your request involves a bucket that is either a source or destination in a replication rule. This functionality is not supported for directory buckets. Valid Values: `COMPLETE | PENDING | FAILED | REPLICA | COMPLETED` ** [x-amz-request-charged](#API_GetObject_ResponseSyntax) ** If present, indicates that the requester was successfully charged for the request. For more information, see [Using Requester Pays buckets for storage transfers and usage](https://docs.aws.amazon.com/AmazonS3/latest/userguide/RequesterPaysBuckets.html) in the *Amazon Simple Storage Service user guide*. This functionality is not supported for directory buckets. Valid Values: `requester` ** [x-amz-restore](#API_GetObject_ResponseSyntax) ** Provides information about object restoration action and expiration time of the restored object copy. This functionality is not supported for directory buckets. Directory buckets only support `EXPRESS_ONEZONE` (the S3 Express One Zone storage class) in Availability Zones and `ONEZONE_IA` (the S3 One Zone-Infrequent Access storage class) in Dedicated Local Zones. ** [x-amz-server-side-encryption](#API_GetObject_ResponseSyntax) ** The server-side encryption algorithm used when you store this object in Amazon S3 or Amazon FSx. When accessing data stored in Amazon FSx file systems using S3 access points, the only valid server side encryption option is `aws:fsx`. Valid Values: `AES256 | aws:fsx | aws:kms | aws:kms:dsse` ** [x-amz-server-side-encryption-aws-kms-key-id](#API_GetObject_ResponseSyntax) ** If present, indicates the ID of the KMS key that was used for object encryption. ** [x-amz-server-side-encryption-bucket-key-enabled](#API_GetObject_ResponseSyntax) ** Indicates whether the object uses an S3 Bucket Key for server-side encryption with AWS Key Management Service (AWS KMS) keys (SSE-KMS). ** [x-amz-server-side-encryption-customer-algorithm](#API_GetObject_ResponseSyntax) ** If server-side encryption with a customer-provided encryption key was requested, the response will include this header to confirm the encryption algorithm that's used. This functionality is not supported for directory buckets. ** [x-amz-server-side-encryption-customer-key-MD5](#API_GetObject_ResponseSyntax) ** If server-side encryption with a customer-provided encryption key was requested, the response will include this header to provide the round-trip message integrity verification of the customer-provided encryption key. This functionality is not supported for directory buckets. ** [x-amz-storage-class](#API_GetObject_ResponseSyntax) ** Provides storage class information of the object. Amazon S3 returns this header for all objects except for S3 Standard storage class objects. **Directory buckets ** - Directory buckets only support `EXPRESS_ONEZONE` (the S3 Express One Zone storage class) in Availability Zones and `ONEZONE_IA` (the S3 One Zone-Infrequent Access storage class) in Dedicated Local Zones. Valid Values: `STANDARD | REDUCED_REDUNDANCY | STANDARD_IA | ONEZONE_IA | INTELLIGENT_TIERING | GLACIER | DEEP_ARCHIVE | OUTPOSTS | GLACIER_IR | SNOW | EXPRESS_ONEZONE | FSX_OPENZFS | FSX_ONTAP` ** [x-amz-tagging-count](#API_GetObject_ResponseSyntax) ** The number of tags, if any, on the object, when you have the relevant permission to read object tags. You can use [GetObjectTagging](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectTagging.html) to retrieve the tag set associated with an object. This functionality is not supported for directory buckets. ** [x-amz-version-id](#API_GetObject_ResponseSyntax) ** Version ID of the object. This functionality is not supported for directory buckets. ** [x-amz-website-redirect-location](#API_GetObject_ResponseSyntax) ** If the bucket is configured as a website, redirects requests for this object to another object in the same bucket or to an external URL. Amazon S3 stores the value of this header in the object metadata. This functionality is not supported for directory buckets. The following data is returned in binary format by the service. ** [Body](#API_GetObject_ResponseSyntax) ** ## Errors ** InvalidObjectState ** Object is archived and inaccessible until restored. If the object you are retrieving is stored in the S3 Glacier Flexible Retrieval storage class, the S3 Glacier Deep Archive storage class, the S3 Intelligent-Tiering Archive Access tier, or the S3 Intelligent-Tiering Deep Archive Access tier, before you can retrieve the object you must first restore a copy using [RestoreObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html). Otherwise, this operation returns an `InvalidObjectState` error. For information about restoring archived objects, see [Restoring Archived Objects](https://docs.aws.amazon.com/AmazonS3/latest/dev/restoring-objects.html) in the *Amazon S3 User Guide*. HTTP Status Code: 403 ** NoSuchKey ** The specified key does not exist. HTTP Status Code: 404 ## Examples ### Sample Request for general purpose buckets The following request returns the object `my-image.jpg`. ``` GET /my-image.jpg HTTP/1.1 Host: amzn-s3-demo-bucket.s3..amazonaws.com Date: Mon, 3 Oct 2016 22:32:00 GMT Authorization: authorization string ``` ### Sample Response for general purpose buckets This example illustrates one usage of GetObject. ``` HTTP/1.1 200 OK x-amz-id-2: eftixk72aD6Ap51TnqcoF8eFidJG9Z/2mkiDFu8yU9AS1ed4OpIszj7UDNEHGran x-amz-request-id: 318BC8BC148832E5 Date: Mon, 3 Oct 2016 22:32:00 GMT Last-Modified: Wed, 12 Oct 2009 17:50:00 GMT ETag: "fba9dede5f27731c9771645a39863328" Content-Length: 434234 [434234 bytes of object data] ``` ### Sample Response for general purpose buckets: Object with associated tags If the object had tags associated with it, Amazon S3 returns the `x-amz-tagging-count` header with tag count. ``` HTTP/1.1 200 OK x-amz-id-2: eftixk72aD6Ap51TnqcoF8eFidJG9Z/2mkiDFu8yU9AS1ed4OpIszj7UDNEHGran x-amz-request-id: 318BC8BC148832E5 Date: Mon, 3 Oct 2016 22:32:00 GMT Last-Modified: Wed, 12 Oct 2009 17:50:00 GMT ETag: "fba9dede5f27731c9771645a39863328" Content-Length: 434234 x-amz-tagging-count: 2 [434234 bytes of object data] ``` ### Sample Response for general purpose buckets: Object with an expiration If the object had expiration set using lifecycle configuration, you get the following response with the `x-amz-expiration` header. ``` HTTP/1.1 200 OK x-amz-id-2: eftixk72aD6Ap51TnqcoF8eFidJG9Z/2mkiDFu8yU9AS1ed4OpIszj7UDNEHGran x-amz-request-id: 318BC8BC148832E5 Date: Wed, 28 Oct 2009 22:32:00 GMT Last-Modified: Wed, 12 Oct 2009 17:50:00 GMT x-amz-expiration: expiry-date="Fri, 23 Dec 2012 00:00:00 GMT", rule-id="picture-deletion-rule" ETag: "fba9dede5f27731c9771645a39863328" Content-Length: 434234 Content-Type: text/plain [434234 bytes of object data] ``` ### Sample Response for general purpose buckets: If an object is archived in the S3 Glacier Flexible Retrieval or S3 Glacier Deep Archive storage classes If the object you are retrieving is stored in the S3 Glacier Flexible Retrieval or S3 Glacier Deep Archive storage classes, you must first restore a copy using [RestoreObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html). Otherwise, this action returns an `InvalidObjectState` error. ``` HTTP/1.1 403 Forbidden x-amz-request-id: CD4BD8A1310A11B3 x-amz-id-2: m9RDbQU0+RRBTjOUN1ChQ1eqMUnr9dv8b+KP6I2gHfRJZSTSrMCoRP8RtPRzX9mb Content-Type: application/xml Date: Mon, 12 Nov 2012 23:53:21 GMT Server: Amazon S3 Content-Length: 231 InvalidObjectState The action is not valid for the object's storage class 9FEFFF118E15B86F WVQ5kzhiT+oiUfDCOiOYv8W4Tk9eNcxWi/MK+hTS/av34Xy4rBU3zsavf0aaaaa ``` ### Sample Response for general purpose buckets: If an object is archived with the S3 Intelligent-Tiering Archive or S3 Intelligent-Tiering Deep Archive tiers If the object you are retrieving is stored in the S3 Intelligent-Tiering Archive or S3 Intelligent-Tiering Deep Archive tiers, you must first restore a copy using [RestoreObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html). Otherwise, this action returns an `InvalidObjectState` error. When restoring from Archive Access or Deep Archive Access tiers, the response will include `StorageClass` and `AccessTier` elements. Access tier valid values are `ARCHIVE_ACCESS` and `DEEP_ARCHIVE_ACCESS`. There is no syntax change if there is an ongoing restore. ``` HTTP/1.1 403 Forbidden x-amz-request-id: CB6AW8C4332B23B7 x-amz-id-2: n3RRfT90+PJDUhut3nhGW2ehfhfNU5f55c+a2ceCC36ab7c7fe3a71Q273b9Q45b1R5 Content-Type: application/xml Date: Mon, 12 Nov 2012 23:53:21 GMT Server: Amazon S3 Content-Length: 231 InvalidObjectState The action is not valid for the object's access tier INTELLIGENT_TIERING ARCHIVE_ACCESS 9FEFFF118E15B86F WVQ5kzhiT+oiUfDCOiOYv8W4Tk9eNcxWi/MK+hTS/av34Xy4rBU3zsavf0aaaaa ``` ### Sample Response for general purpose buckets: If the Latest Object Is a Delete Marker Notice that the delete marker returns a 404 Not Found error. ``` HTTP/1.1 404 Not Found x-amz-request-id: 318BC8BC148832E5 x-amz-id-2: eftixk72aD6Ap51Tnqzj7UDNEHGran x-amz-version-id: 3GL4kqtJlcpXroDTDm3vjVBH40Nr8X8g x-amz-delete-marker: true Date: Wed, 28 Oct 2009 22:32:00 GMT Content-Type: text/plain Connection: close Server: AmazonS3 ``` ### Sample Request for general purpose buckets: Getting a specified version of an object The following request returns the specified version of an object. ``` GET /myObject?versionId=3/L4kqtJlcpXroDTDmpUMLUo HTTP/1.1 Host: bucket.s3..amazonaws.com Date: Wed, 28 Oct 2009 22:32:00 GMT Authorization: authorization string ``` ### Sample Response for general purpose buckets: GET a versioned object This example illustrates one usage of GetObject. ``` HTTP/1.1 200 OK x-amz-id-2: eftixk72aD6Ap54OpIszj7UDNEHGran x-amz-request-id: 318BC8BC148832E5 Date: Wed, 28 Oct 2009 22:32:00 GMT Last-Modified: Sun, 1 Jan 2006 12:00:00 GMT x-amz-version-id: 3/L4kqtJlcpXroDTDmJ+rmSpXd3QBpUMLUo ETag: "fba9dede5f27731c9771645a39863328" Content-Length: 434234 Content-Type: text/plain Connection: close Server: AmazonS3 [434234 bytes of object data] ``` ### Sample Request for general purpose buckets: Parameters altering response header values The following request specifies all the query string parameters in a GET request overriding the response header values. ``` GET /Junk3.txt?response-cache-control=No-cache&response-content-disposition=attachment%3B%20filename%3Dtesting.txt&response-content-encoding=x-gzip&response-content-language=mi%2C%20en&response-expires=Thu%2C%2001%20Dec%201994%2016:00:00%20GMT HTTP/1.1 x-amz-date: Sun, 19 Dec 2010 01:53:44 GMT Accept: */* Authorization: AWS AKIAIOSFODNN7EXAMPLE:aaStE6nKnw8ihhiIdReoXYlMamW= ``` ### Sample Response for general purpose buckets: With overridden response header values The following request specifies all the query string parameters in a GET request overriding the response header values. ``` HTTP/1.1 200 OK x-amz-id-2: SIidWAK3hK+Il3/Qqiu1ZKEuegzLAAspwsgwnwygb9GgFseeFHL5CII8NXSrfWW2 x-amz-request-id: 881B1CBD9DF17WA1 Date: Sun, 19 Dec 2010 01:54:01 GMT x-amz-meta-param1: value 1 x-amz-meta-param2: value 2 Cache-Control: No-cache Content-Language: mi, en Expires: Thu, 01 Dec 1994 16:00:00 GMT Content-Disposition: attachment; filename=testing.txt Content-Encoding: x-gzip Last-Modified: Fri, 17 Dec 2010 18:10:41 GMT ETag: "0332bee1a7bf845f176c5c0d1ae7cf07" Accept-Ranges: bytes Content-Type: text/plain Content-Length: 22 Server: AmazonS3 [object data not shown] ``` ### Sample Request for general purpose buckets: Range header The following request specifies the HTTP Range header to retrieve the first 10 bytes of an object. For more information about the HTTP Range header, see [https://www.rfc-editor.org/rfc/rfc9110.html\$1name-range](https://www.rfc-editor.org/rfc/rfc9110.html#name-range). **Note** Amazon S3 doesn't support retrieving multiple ranges of data per `GET` request. ``` GET /example-object HTTP/1.1 Host: amzn-s3-demo-bucket.s3..amazonaws.com x-amz-date: Fri, 28 Jan 2011 21:32:02 GMT Range: bytes=0-9 Authorization: AWS AKIAIOSFODNN7EXAMPLE:Yxg83MZaEgh3OZ3l0rLo5RTX11o= Sample Response with Specified Range of the Object Bytes ``` ### Sample Response for general purpose buckets In the following sample response, note that the header values are set to the values specified in the true request. ``` HTTP/1.1 206 Partial Content x-amz-id-2: MzRISOwyjmnupCzjI1WC06l5TTAzm7/JypPGXLh0OVFGcJaaO3KW/hRAqKOpIEEp x-amz-request-id: 47622117804B3E11 Date: Fri, 28 Jan 2011 21:32:09 GMT x-amz-meta-title: the title Last-Modified: Fri, 28 Jan 2011 20:10:32 GMT ETag: "b2419b1e3fd45d596ee22bdf62aaaa2f" Accept-Ranges: bytes Content-Range: bytes 0-9/443 Content-Type: text/plain Content-Length: 10 Server: AmazonS3 [10 bytes of object data] ``` ### Sample Request for general purpose buckets: Get an object stored using server-side encryption with customer-provided encryption keys If an object is stored in Amazon S3 using server-side encryption with customer-provided encryption keys, Amazon S3 needs encryption information so that it can decrypt the object before sending it to you in response to a GET request. You provide the encryption information in your GET request using the relevant headers, as shown in the following example request. ``` GET /example-object HTTP/1.1 Host: amzn-s3-demo-bucket.s3..amazonaws.com Accept: */* Authorization:authorization string Date: Wed, 28 May 2014 19:24:44 +0000 x-amz-server-side-encryption-customer-key:g0lCfA3Dv40jZz5SQJ1ZukLRFqtI5WorC/8SEKEXAMPLE x-amz-server-side-encryption-customer-key-MD5:ZjQrne1X/iTcskbY2m3example x-amz-server-side-encryption-customer-algorithm:AES256 ``` ### Sample Response for general purpose buckets The following sample response shows some of the response headers Amazon S3 returns. Note that it includes the encryption information in the response. ``` HTTP/1.1 200 OK x-amz-id-2: ka5jRm8X3N12ZiY29Z989zg2tNSJPMcK+to7jNjxImXBbyChqc6tLAv+sau7Vjzh x-amz-request-id: 195157E3E073D3F9 Date: Wed, 28 May 2014 19:24:45 GMT Last-Modified: Wed, 28 May 2014 19:21:01 GMT ETag: "c12022c9a3c6d3a28d29d90933a2b096" x-amz-server-side-encryption-customer-algorithm: AES256 x-amz-server-side-encryption-customer-key-MD5: ZjQrne1X/iTcskbY2m3example ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/GetObject) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/GetObject) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/GetObject) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/GetObject) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/GetObject) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/GetObject) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/GetObject) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/GetObject) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/GetObject) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/GetObject) # GetObjectAcl **Note** This operation is not supported for directory buckets. Returns the access control list (ACL) of an object. To use this operation, you must have `s3:GetObjectAcl` permissions or `READ_ACP` access to the object. For more information, see [Mapping of ACL permissions and access policy permissions](https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#acl-access-policy-permission-mapping) in the *Amazon S3 User Guide* This functionality is not supported for Amazon S3 on Outposts. By default, GET returns ACL information about the current version of an object. To return ACL information about a different version, use the versionId subresource. **Note** If your bucket uses the bucket owner enforced setting for S3 Object Ownership, requests to read ACLs are still supported and return the `bucket-owner-full-control` ACL with the owner being the account that created the bucket. For more information, see [ Controlling object ownership and disabling ACLs](https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html) in the *Amazon S3 User Guide*. The following operations are related to `GetObjectAcl`: + [GetObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html) + [GetObjectAttributes](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAttributes.html) + [DeleteObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html) + [PutObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` GET /{Key+}?acl&versionId=VersionId HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-request-payer: RequestPayer x-amz-expected-bucket-owner: ExpectedBucketOwner ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_GetObjectAcl_RequestSyntax) ** The bucket name that contains the object for which to get the ACL information. **Access points** - When you use this action with an access point for general purpose buckets, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When you use this action with an access point for directory buckets, you must provide the access point name in place of the bucket name. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com. When using this action with an access point through the AWS SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see [Using access points](https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) in the *Amazon S3 User Guide*. Required: Yes ** [Key](#API_GetObjectAcl_RequestSyntax) ** The key of the object for which to get the ACL information. Length Constraints: Minimum length of 1. Required: Yes ** [versionId](#API_GetObjectAcl_RequestSyntax) ** Version ID used to reference a specific version of the object. This functionality is not supported for directory buckets. ** [x-amz-expected-bucket-owner](#API_GetObjectAcl_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ** [x-amz-request-payer](#API_GetObjectAcl_RequestSyntax) ** Confirms that the requester knows that they will be charged for the request. Bucket owners need not specify this parameter in their requests. If either the source or destination S3 bucket has Requester Pays enabled, the requester will pay for the corresponding charges. For information about downloading objects from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets](https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) in the *Amazon S3 User Guide*. This functionality is not supported for directory buckets. Valid Values: `requester` ## Request Body The request does not have a request body. ## Response Syntax ``` HTTP/1.1 200 x-amz-request-charged: RequestCharged string string string string string string string string ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response. The response returns the following HTTP headers. ** [x-amz-request-charged](#API_GetObjectAcl_ResponseSyntax) ** If present, indicates that the requester was successfully charged for the request. For more information, see [Using Requester Pays buckets for storage transfers and usage](https://docs.aws.amazon.com/AmazonS3/latest/userguide/RequesterPaysBuckets.html) in the *Amazon Simple Storage Service user guide*. This functionality is not supported for directory buckets. Valid Values: `requester` The following data is returned in XML format by the service. ** [AccessControlPolicy](#API_GetObjectAcl_ResponseSyntax) ** Root level tag for the AccessControlPolicy parameters. Required: Yes ** [Grants](#API_GetObjectAcl_ResponseSyntax) ** A list of grants. Type: Array of [Grant](API_Grant.md) data types ** [Owner](#API_GetObjectAcl_ResponseSyntax) ** Container for the bucket owner's ID. Type: [Owner](API_Owner.md) data type ## Errors ** NoSuchKey ** The specified key does not exist. HTTP Status Code: 404 ## Examples ### Sample Request The following request returns information, including the ACL, of the object `my-image.jpg`. ``` GET /my-image.jpg?acl HTTP/1.1 Host: bucket.s3..amazonaws.com Date: Wed, 28 Oct 2009 22:32:00 GMT Authorization: authorization string ``` ### Sample Response This example illustrates one usage of GetObjectAcl. ``` HTTP/1.1 200 OK x-amz-id-2: eftixk72aD6Ap51TnqcoF8eFidJG9Z/2mkiDFu8yU9AS1ed4OpIszj7UDNEHGran x-amz-request-id: 318BC8BC148832E5 x-amz-version-id: 4HL4kqtJlcpXroDTDmJ+rmSpXd3dIbrHY+MTRCxf3vjVBH40Nrjfkd Date: Wed, 28 Oct 2009 22:32:00 GMT Last-Modified: Sun, 1 Jan 2006 12:00:00 GMT Content-Length: 124 Content-Type: text/plain Connection: close Server: AmazonS3 75aa57f09aa0c8caeab4f8c24e99d10f8e7faeebf76c078efc7c6caea54ba06a 75aa57f09aa0c8caeab4f8c24e99d10f8e7faeebf76c078efc7c6caea54ba06a CanonicalUser FULL_CONTROL ``` ### Sample Request: Getting the ACL of the specific version of an object The following request returns information, including the ACL, of the specified version of the object, my-image.jpg. ``` GET /my-image.jpg?versionId=3/L4kqtJlcpXroDVBH40Nr8X8gdRQBpUMLUo&acl HTTP/1.1 Host: bucket.s3..amazonaws.com Date: Wed, 28 Oct 2009 22:32:00 GMT Authorization: authorization string ``` ### Sample Response: Showing the ACL of the specific version This example illustrates one usage of GetObjectAcl. ``` HTTP/1.1 200 OK x-amz-id-2: eftixk72aD6Ap51TnqcoF8eFidJG9Z/2mkiDFu8yU9AS1ed4OpIszj7UDNEHGran x-amz-request-id: 318BC8BC148832E5 Date: Wed, 28 Oct 2009 22:32:00 GMT Last-Modified: Sun, 1 Jan 2006 12:00:00 GMT x-amz-version-id: 3/L4kqtJlcpXroDTDmJ+rmSpXd3dIbrHY+MTRCxf3vjVBH40Nr8X8gdRQBpUMLUo Content-Length: 124 Content-Type: text/plain Connection: close Server: AmazonS3 75aa57f09aa0c8caeab4f8c24e99d10f8e7faeebf76c078efc7c6caea54ba06a 75aa57f09aa0c8caeab4f8c24e99d10f8e7faeebf76c078efc7c6caea54ba06a CanonicalUser FULL_CONTROL ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/GetObjectAcl) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/GetObjectAcl) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/GetObjectAcl) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/GetObjectAcl) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/GetObjectAcl) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/GetObjectAcl) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/GetObjectAcl) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/GetObjectAcl) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/GetObjectAcl) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/GetObjectAcl) # GetObjectAttributes Retrieves all of the metadata from an object without returning the object itself. This operation is useful if you're interested only in an object's metadata. `GetObjectAttributes` combines the functionality of `HeadObject` and `ListParts`. All of the data returned with both of those individual calls can be returned with a single call to `GetObjectAttributes`. **Note** **Directory buckets** - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format `https://amzn-s3-demo-bucket.s3express-zone-id.region-code.amazonaws.com/key-name `. Path-style requests are not supported. For more information about endpoints in Availability Zones, see [Regional and Zonal endpoints for directory buckets in Availability Zones](https://docs.aws.amazon.com/AmazonS3/latest/userguide/endpoint-directory-buckets-AZ.html) in the *Amazon S3 User Guide*. For more information about endpoints in Local Zones, see [Concepts for directory buckets in Local Zones](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-lzs-for-directory-buckets.html) in the *Amazon S3 User Guide*. Permissions + **General purpose bucket permissions** - To use `GetObjectAttributes`, you must have READ access to the object. The other permissions that you need to use this operation depend on whether the bucket is versioned and if a version ID is passed in the `GetObjectAttributes` request. + If you pass a version ID in your request, you need both the `s3:GetObjectVersion` and `s3:GetObjectVersionAttributes` permissions. + If you do not pass a version ID in your request, you need the `s3:GetObject` and `s3:GetObjectAttributes` permissions. For more information, see [Specifying Permissions in a Policy](https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html) in the *Amazon S3 User Guide*. If the object that you request does not exist, the error Amazon S3 returns depends on whether you also have the `s3:ListBucket` permission. + If you have the `s3:ListBucket` permission on the bucket, Amazon S3 returns an HTTP status code `404 Not Found` ("no such key") error. + If you don't have the `s3:ListBucket` permission, Amazon S3 returns an HTTP status code `403 Forbidden` ("access denied") error. + **Directory bucket permissions** - To grant access to this API operation on a directory bucket, we recommend that you use the [https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) API operation for session-based authorization. Specifically, you grant the `s3express:CreateSession` permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the `CreateSession` API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another `CreateSession` API call to generate a new session token for use. AWS CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see [https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). If the object is encrypted with SSE-KMS, you must also have the `kms:GenerateDataKey` and `kms:Decrypt` permissions in IAM identity-based policies and AWS KMS key policies for the AWS KMS key. Encryption Encryption request headers, like `x-amz-server-side-encryption`, should not be sent for `HEAD` requests if your object uses server-side encryption with AWS Key Management Service (AWS KMS) keys (SSE-KMS), dual-layer server-side encryption with AWS KMS keys (DSSE-KMS), or server-side encryption with Amazon S3 managed encryption keys (SSE-S3). The `x-amz-server-side-encryption` header is used when you `PUT` an object to S3 and want to specify the encryption method. If you include this header in a `GET` request for an object that uses these types of keys, you’ll get an HTTP `400 Bad Request` error. It's because the encryption method can't be changed when you retrieve the object. If you encrypted an object when you stored the object in Amazon S3 by using server-side encryption with customer-provided encryption keys (SSE-C), then when you retrieve the metadata from the object, you must use the following headers. These headers provide the server with the encryption key required to retrieve the object's metadata. The headers are: + `x-amz-server-side-encryption-customer-algorithm` + `x-amz-server-side-encryption-customer-key` + `x-amz-server-side-encryption-customer-key-MD5` For more information about SSE-C, see [Server-Side Encryption (Using Customer-Provided Encryption Keys)](https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html) in the *Amazon S3 User Guide*. **Directory bucket permissions** - For directory buckets, there are only two supported options for server-side encryption: server-side encryption with Amazon S3 managed keys (SSE-S3) (`AES256`) and server-side encryption with AWS KMS keys (SSE-KMS) (`aws:kms`). We recommend that the bucket's default encryption uses the desired encryption configuration and you don't override the bucket default encryption in your `CreateSession` requests or `PUT` object requests. Then, new objects are automatically encrypted with the desired encryption settings. For more information, see [Protecting data with server-side encryption](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-serv-side-encryption.html) in the *Amazon S3 User Guide*. For more information about the encryption overriding behaviors in directory buckets, see [Specifying server-side encryption with AWS KMS for new object uploads](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-specifying-kms-encryption.html). Versioning **Directory buckets** - S3 Versioning isn't enabled and supported for directory buckets. For this API operation, only the `null` value of the version ID is supported by directory buckets. You can only specify `null` to the `versionId` query parameter in the request. Conditional request headers Consider the following when using request headers: + If both of the `If-Match` and `If-Unmodified-Since` headers are present in the request as follows, then Amazon S3 returns the HTTP status code `200 OK` and the data requested: + `If-Match` condition evaluates to `true`. + `If-Unmodified-Since` condition evaluates to `false`. For more information about conditional requests, see [RFC 7232](https://tools.ietf.org/html/rfc7232). + If both of the `If-None-Match` and `If-Modified-Since` headers are present in the request as follows, then Amazon S3 returns the HTTP status code `304 Not Modified`: + `If-None-Match` condition evaluates to `false`. + `If-Modified-Since` condition evaluates to `true`. For more information about conditional requests, see [RFC 7232](https://tools.ietf.org/html/rfc7232). HTTP Host header syntax **Directory buckets ** - The HTTP Host header syntax is ` Bucket-name.s3express-zone-id.region-code.amazonaws.com`. The following actions are related to `GetObjectAttributes`: + [GetObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html) + [GetObjectAcl](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAcl.html) + [GetObjectLegalHold](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectLegalHold.html) + [GetObjectLockConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectLockConfiguration.html) + [GetObjectRetention](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectRetention.html) + [GetObjectTagging](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectTagging.html) + [HeadObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_HeadObject.html) + [ListParts](https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` GET /{Key+}?attributes&versionId=VersionId HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-max-parts: MaxParts x-amz-part-number-marker: PartNumberMarker x-amz-server-side-encryption-customer-algorithm: SSECustomerAlgorithm x-amz-server-side-encryption-customer-key: SSECustomerKey x-amz-server-side-encryption-customer-key-MD5: SSECustomerKeyMD5 x-amz-request-payer: RequestPayer x-amz-expected-bucket-owner: ExpectedBucketOwner x-amz-object-attributes: ObjectAttributes ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_GetObjectAttributes_RequestSyntax) ** The name of the bucket that contains the object. **Directory buckets** - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format ` Bucket-name.s3express-zone-id.region-code.amazonaws.com`. Path-style requests are not supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must follow the format ` bucket-base-name--zone-id--x-s3` (for example, ` amzn-s3-demo-bucket--usw2-az1--x-s3`). For information about bucket naming restrictions, see [Directory bucket naming rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) in the *Amazon S3 User Guide*. **Access points** - When you use this action with an access point for general purpose buckets, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When you use this action with an access point for directory buckets, you must provide the access point name in place of the bucket name. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com. When using this action with an access point through the AWS SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see [Using access points](https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) in the *Amazon S3 User Guide*. Object Lambda access points are not supported by directory buckets. **S3 on Outposts** - When you use this action with S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form ` AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com`. When you use this action with S3 on Outposts, the destination bucket must be the Outposts access point ARN or the access point alias. For more information about S3 on Outposts, see [What is S3 on Outposts?](https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) in the *Amazon S3 User Guide*. Required: Yes ** [Key](#API_GetObjectAttributes_RequestSyntax) ** The object key. Length Constraints: Minimum length of 1. Required: Yes ** [versionId](#API_GetObjectAttributes_RequestSyntax) ** The version ID used to reference a specific version of the object. S3 Versioning isn't enabled and supported for directory buckets. For this API operation, only the `null` value of the version ID is supported by directory buckets. You can only specify `null` to the `versionId` query parameter in the request. ** [x-amz-expected-bucket-owner](#API_GetObjectAttributes_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ** [x-amz-max-parts](#API_GetObjectAttributes_RequestSyntax) ** Sets the maximum number of parts to return. For more information, see [Uploading and copying objects using multipart upload in Amazon S3 ](https://docs.aws.amazon.com/AmazonS3/latest/userguide/mpuoverview.html) in the *Amazon Simple Storage Service user guide*. ** [x-amz-object-attributes](#API_GetObjectAttributes_RequestSyntax) ** Specifies the fields at the root level that you want returned in the response. Fields that you do not specify are not returned. Valid Values: `ETag | Checksum | ObjectParts | StorageClass | ObjectSize` Required: Yes ** [x-amz-part-number-marker](#API_GetObjectAttributes_RequestSyntax) ** Specifies the part after which listing should begin. Only parts with higher part numbers will be listed. For more information, see [Uploading and copying objects using multipart upload in Amazon S3 ](https://docs.aws.amazon.com/AmazonS3/latest/userguide/mpuoverview.html) in the *Amazon Simple Storage Service user guide*. ** [x-amz-request-payer](#API_GetObjectAttributes_RequestSyntax) ** Confirms that the requester knows that they will be charged for the request. Bucket owners need not specify this parameter in their requests. If either the source or destination S3 bucket has Requester Pays enabled, the requester will pay for the corresponding charges. For information about downloading objects from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets](https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) in the *Amazon S3 User Guide*. This functionality is not supported for directory buckets. Valid Values: `requester` ** [x-amz-server-side-encryption-customer-algorithm](#API_GetObjectAttributes_RequestSyntax) ** Specifies the algorithm to use when encrypting the object (for example, AES256). This functionality is not supported for directory buckets. ** [x-amz-server-side-encryption-customer-key](#API_GetObjectAttributes_RequestSyntax) ** Specifies the customer-provided encryption key for Amazon S3 to use in encrypting data. This value is used to store the object and then it is discarded; Amazon S3 does not store the encryption key. The key must be appropriate for use with the algorithm specified in the `x-amz-server-side-encryption-customer-algorithm` header. This functionality is not supported for directory buckets. ** [x-amz-server-side-encryption-customer-key-MD5](#API_GetObjectAttributes_RequestSyntax) ** Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. Amazon S3 uses this header for a message integrity check to ensure that the encryption key was transmitted without error. This functionality is not supported for directory buckets. ## Request Body The request does not have a request body. ## Response Syntax ``` HTTP/1.1 200 x-amz-delete-marker: DeleteMarker Last-Modified: LastModified x-amz-version-id: VersionId x-amz-request-charged: RequestCharged string string string string string string string boolean integer integer integer string string string string string integer long ... integer string long ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response. The response returns the following HTTP headers. ** [Last-Modified](#API_GetObjectAttributes_ResponseSyntax) ** Date and time when the object was last modified. ** [x-amz-delete-marker](#API_GetObjectAttributes_ResponseSyntax) ** Specifies whether the object retrieved was (`true`) or was not (`false`) a delete marker. If `false`, this response header does not appear in the response. To learn more about delete markers, see [Working with delete markers](https://docs.aws.amazon.com/AmazonS3/latest/userguide/DeleteMarker.html). This functionality is not supported for directory buckets. ** [x-amz-request-charged](#API_GetObjectAttributes_ResponseSyntax) ** If present, indicates that the requester was successfully charged for the request. For more information, see [Using Requester Pays buckets for storage transfers and usage](https://docs.aws.amazon.com/AmazonS3/latest/userguide/RequesterPaysBuckets.html) in the *Amazon Simple Storage Service user guide*. This functionality is not supported for directory buckets. Valid Values: `requester` ** [x-amz-version-id](#API_GetObjectAttributes_ResponseSyntax) ** The version ID of the object. This functionality is not supported for directory buckets. The following data is returned in XML format by the service. ** [GetObjectAttributesResponse](#API_GetObjectAttributes_ResponseSyntax) ** Root level tag for the GetObjectAttributesResponse parameters. Required: Yes ** [Checksum](#API_GetObjectAttributes_ResponseSyntax) ** The checksum or digest of the object. Type: [Checksum](API_Checksum.md) data type ** [ETag](#API_GetObjectAttributes_ResponseSyntax) ** An ETag is an opaque identifier assigned by a web server to a specific version of a resource found at a URL. Type: String ** [ObjectParts](#API_GetObjectAttributes_ResponseSyntax) ** A collection of parts associated with a multipart upload. Type: [GetObjectAttributesParts](API_GetObjectAttributesParts.md) data type ** [ObjectSize](#API_GetObjectAttributes_ResponseSyntax) ** The size of the object in bytes. Type: Long ** [StorageClass](#API_GetObjectAttributes_ResponseSyntax) ** Provides the storage class information of the object. Amazon S3 returns this header for all objects except for S3 Standard storage class objects. For more information, see [Storage Classes](https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html). **Directory buckets** - Directory buckets only support `EXPRESS_ONEZONE` (the S3 Express One Zone storage class) in Availability Zones and `ONEZONE_IA` (the S3 One Zone-Infrequent Access storage class) in Dedicated Local Zones. Type: String Valid Values: `STANDARD | REDUCED_REDUNDANCY | STANDARD_IA | ONEZONE_IA | INTELLIGENT_TIERING | GLACIER | DEEP_ARCHIVE | OUTPOSTS | GLACIER_IR | SNOW | EXPRESS_ONEZONE | FSX_OPENZFS | FSX_ONTAP` ## Errors ** NoSuchKey ** The specified key does not exist. HTTP Status Code: 404 ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/GetObjectAttributes) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/GetObjectAttributes) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/GetObjectAttributes) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/GetObjectAttributes) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/GetObjectAttributes) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/GetObjectAttributes) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/GetObjectAttributes) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/GetObjectAttributes) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/GetObjectAttributes) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/GetObjectAttributes) # GetObjectLegalHold **Note** This operation is not supported for directory buckets. Gets an object's current legal hold status. For more information, see [Locking Objects](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html). This functionality is not supported for Amazon S3 on Outposts. The following action is related to `GetObjectLegalHold`: + [GetObjectAttributes](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAttributes.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` GET /{Key+}?legal-hold&versionId=VersionId HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-request-payer: RequestPayer x-amz-expected-bucket-owner: ExpectedBucketOwner ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_GetObjectLegalHold_RequestSyntax) ** The bucket name containing the object whose legal hold status you want to retrieve. **Access points** - When you use this action with an access point for general purpose buckets, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When you use this action with an access point for directory buckets, you must provide the access point name in place of the bucket name. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com. When using this action with an access point through the AWS SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see [Using access points](https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) in the *Amazon S3 User Guide*. Required: Yes ** [Key](#API_GetObjectLegalHold_RequestSyntax) ** The key name for the object whose legal hold status you want to retrieve. Length Constraints: Minimum length of 1. Required: Yes ** [versionId](#API_GetObjectLegalHold_RequestSyntax) ** The version ID of the object whose legal hold status you want to retrieve. ** [x-amz-expected-bucket-owner](#API_GetObjectLegalHold_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ** [x-amz-request-payer](#API_GetObjectLegalHold_RequestSyntax) ** Confirms that the requester knows that they will be charged for the request. Bucket owners need not specify this parameter in their requests. If either the source or destination S3 bucket has Requester Pays enabled, the requester will pay for the corresponding charges. For information about downloading objects from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets](https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) in the *Amazon S3 User Guide*. This functionality is not supported for directory buckets. Valid Values: `requester` ## Request Body The request does not have a request body. ## Response Syntax ``` HTTP/1.1 200 string ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response. The following data is returned in XML format by the service. ** [LegalHold](#API_GetObjectLegalHold_ResponseSyntax) ** Root level tag for the LegalHold parameters. Required: Yes ** [Status](#API_GetObjectLegalHold_ResponseSyntax) ** Indicates whether the specified object has a legal hold in place. Type: String Valid Values: `ON | OFF` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/GetObjectLegalHold) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/GetObjectLegalHold) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/GetObjectLegalHold) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/GetObjectLegalHold) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/GetObjectLegalHold) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/GetObjectLegalHold) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/GetObjectLegalHold) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/GetObjectLegalHold) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/GetObjectLegalHold) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/GetObjectLegalHold) # GetObjectLockConfiguration **Note** This operation is not supported for directory buckets. Gets the Object Lock configuration for a bucket. The rule specified in the Object Lock configuration will be applied by default to every new object placed in the specified bucket. For more information, see [Locking Objects](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html). The following action is related to `GetObjectLockConfiguration`: + [GetObjectAttributes](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAttributes.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` GET /?object-lock HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-expected-bucket-owner: ExpectedBucketOwner ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_GetObjectLockConfiguration_RequestSyntax) ** The bucket whose Object Lock configuration you want to retrieve. **Access points** - When you use this action with an access point for general purpose buckets, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When you use this action with an access point for directory buckets, you must provide the access point name in place of the bucket name. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com. When using this action with an access point through the AWS SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see [Using access points](https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) in the *Amazon S3 User Guide*. Required: Yes ** [x-amz-expected-bucket-owner](#API_GetObjectLockConfiguration_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ## Request Body The request does not have a request body. ## Response Syntax ``` HTTP/1.1 200 string integer string integer ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response. The following data is returned in XML format by the service. ** [ObjectLockConfiguration](#API_GetObjectLockConfiguration_ResponseSyntax) ** Root level tag for the ObjectLockConfiguration parameters. Required: Yes ** [ObjectLockEnabled](#API_GetObjectLockConfiguration_ResponseSyntax) ** Indicates whether this bucket has an Object Lock configuration enabled. Enable `ObjectLockEnabled` when you apply `ObjectLockConfiguration` to a bucket. Type: String Valid Values: `Enabled` ** [Rule](#API_GetObjectLockConfiguration_ResponseSyntax) ** Specifies the Object Lock rule for the specified object. Enable the this rule when you apply `ObjectLockConfiguration` to a bucket. Bucket settings require both a mode and a period. The period can be either `Days` or `Years` but you must select one. You cannot specify `Days` and `Years` at the same time. Type: [ObjectLockRule](API_ObjectLockRule.md) data type ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/GetObjectLockConfiguration) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/GetObjectLockConfiguration) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/GetObjectLockConfiguration) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/GetObjectLockConfiguration) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/GetObjectLockConfiguration) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/GetObjectLockConfiguration) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/GetObjectLockConfiguration) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/GetObjectLockConfiguration) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/GetObjectLockConfiguration) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/GetObjectLockConfiguration) # GetObjectRetention **Note** This operation is not supported for directory buckets. Retrieves an object's retention settings. For more information, see [Locking Objects](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html). This functionality is not supported for Amazon S3 on Outposts. The following action is related to `GetObjectRetention`: + [GetObjectAttributes](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAttributes.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` GET /{Key+}?retention&versionId=VersionId HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-request-payer: RequestPayer x-amz-expected-bucket-owner: ExpectedBucketOwner ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_GetObjectRetention_RequestSyntax) ** The bucket name containing the object whose retention settings you want to retrieve. **Access points** - When you use this action with an access point for general purpose buckets, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When you use this action with an access point for directory buckets, you must provide the access point name in place of the bucket name. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com. When using this action with an access point through the AWS SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see [Using access points](https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) in the *Amazon S3 User Guide*. Required: Yes ** [Key](#API_GetObjectRetention_RequestSyntax) ** The key name for the object whose retention settings you want to retrieve. Length Constraints: Minimum length of 1. Required: Yes ** [versionId](#API_GetObjectRetention_RequestSyntax) ** The version ID for the object whose retention settings you want to retrieve. ** [x-amz-expected-bucket-owner](#API_GetObjectRetention_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ** [x-amz-request-payer](#API_GetObjectRetention_RequestSyntax) ** Confirms that the requester knows that they will be charged for the request. Bucket owners need not specify this parameter in their requests. If either the source or destination S3 bucket has Requester Pays enabled, the requester will pay for the corresponding charges. For information about downloading objects from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets](https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) in the *Amazon S3 User Guide*. This functionality is not supported for directory buckets. Valid Values: `requester` ## Request Body The request does not have a request body. ## Response Syntax ``` HTTP/1.1 200 string timestamp ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response. The following data is returned in XML format by the service. ** [Retention](#API_GetObjectRetention_ResponseSyntax) ** Root level tag for the Retention parameters. Required: Yes ** [Mode](#API_GetObjectRetention_ResponseSyntax) ** Indicates the Retention mode for the specified object. Type: String Valid Values: `GOVERNANCE | COMPLIANCE` ** [RetainUntilDate](#API_GetObjectRetention_ResponseSyntax) ** The date on which this Object Lock Retention will expire. Type: Timestamp ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/GetObjectRetention) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/GetObjectRetention) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/GetObjectRetention) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/GetObjectRetention) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/GetObjectRetention) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/GetObjectRetention) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/GetObjectRetention) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/GetObjectRetention) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/GetObjectRetention) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/GetObjectRetention) # GetObjectTagging **Note** This operation is not supported for directory buckets. Returns the tag-set of an object. You send the GET request against the tagging subresource associated with the object. To use this operation, you must have permission to perform the `s3:GetObjectTagging` action. By default, the GET action returns information about current version of an object. For a versioned bucket, you can have multiple versions of an object in your bucket. To retrieve tags of any other version, use the versionId query parameter. You also need permission for the `s3:GetObjectVersionTagging` action. By default, the bucket owner has this permission and can grant this permission to others. For information about the Amazon S3 object tagging feature, see [Object Tagging](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-tagging.html). The following actions are related to `GetObjectTagging`: + [DeleteObjectTagging](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObjectTagging.html) + [GetObjectAttributes](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAttributes.html) + [PutObjectTagging](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObjectTagging.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` GET /{Key+}?tagging&versionId=VersionId HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-expected-bucket-owner: ExpectedBucketOwner x-amz-request-payer: RequestPayer ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_GetObjectTagging_RequestSyntax) ** The bucket name containing the object for which to get the tagging information. **Access points** - When you use this action with an access point for general purpose buckets, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When you use this action with an access point for directory buckets, you must provide the access point name in place of the bucket name. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com. When using this action with an access point through the AWS SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see [Using access points](https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) in the *Amazon S3 User Guide*. **S3 on Outposts** - When you use this action with S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form ` AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com`. When you use this action with S3 on Outposts, the destination bucket must be the Outposts access point ARN or the access point alias. For more information about S3 on Outposts, see [What is S3 on Outposts?](https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) in the *Amazon S3 User Guide*. Required: Yes ** [Key](#API_GetObjectTagging_RequestSyntax) ** Object key for which to get the tagging information. Length Constraints: Minimum length of 1. Required: Yes ** [versionId](#API_GetObjectTagging_RequestSyntax) ** The versionId of the object for which to get the tagging information. ** [x-amz-expected-bucket-owner](#API_GetObjectTagging_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ** [x-amz-request-payer](#API_GetObjectTagging_RequestSyntax) ** Confirms that the requester knows that they will be charged for the request. Bucket owners need not specify this parameter in their requests. If either the source or destination S3 bucket has Requester Pays enabled, the requester will pay for the corresponding charges. For information about downloading objects from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets](https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) in the *Amazon S3 User Guide*. This functionality is not supported for directory buckets. Valid Values: `requester` ## Request Body The request does not have a request body. ## Response Syntax ``` HTTP/1.1 200 x-amz-version-id: VersionId string string ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response. The response returns the following HTTP headers. ** [x-amz-version-id](#API_GetObjectTagging_ResponseSyntax) ** The versionId of the object for which you got the tagging information. The following data is returned in XML format by the service. ** [Tagging](#API_GetObjectTagging_ResponseSyntax) ** Root level tag for the Tagging parameters. Required: Yes ** [TagSet](#API_GetObjectTagging_ResponseSyntax) ** Contains the tag set. Type: Array of [Tag](API_Tag.md) data types ## Examples ### Sample Request The following request returns the tag set of the specified object. ``` GET /example-object?tagging HTTP/1.1 Host: examplebucket.s3..amazonaws.com Date: Thu, 22 Sep 2016 21:33:08 GMT Authorization: authorization string ``` ### Sample Response This example illustrates one usage of GetObjectTagging. ``` HTTP/1.1 200 OK Date: Thu, 22 Sep 2016 21:33:08 GMT Connection: close Server: AmazonS3 tag1 val1 tag2 val2 ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/GetObjectTagging) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/GetObjectTagging) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/GetObjectTagging) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/GetObjectTagging) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/GetObjectTagging) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/GetObjectTagging) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/GetObjectTagging) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/GetObjectTagging) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/GetObjectTagging) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/GetObjectTagging) # GetObjectTorrent **Note** This operation is not supported for directory buckets. Returns torrent files from a bucket. BitTorrent can save you bandwidth when you're distributing large files. **Note** You can get torrent only for objects that are less than 5 GB in size, and that are not encrypted using server-side encryption with a customer-provided encryption key. To use GET, you must have READ access to the object. This functionality is not supported for Amazon S3 on Outposts. The following action is related to `GetObjectTorrent`: + [GetObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` GET /{Key+}?torrent HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-request-payer: RequestPayer x-amz-expected-bucket-owner: ExpectedBucketOwner ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_GetObjectTorrent_RequestSyntax) ** The name of the bucket containing the object for which to get the torrent files. Required: Yes ** [Key](#API_GetObjectTorrent_RequestSyntax) ** The object key for which to get the information. Length Constraints: Minimum length of 1. Required: Yes ** [x-amz-expected-bucket-owner](#API_GetObjectTorrent_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ** [x-amz-request-payer](#API_GetObjectTorrent_RequestSyntax) ** Confirms that the requester knows that they will be charged for the request. Bucket owners need not specify this parameter in their requests. If either the source or destination S3 bucket has Requester Pays enabled, the requester will pay for the corresponding charges. For information about downloading objects from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets](https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) in the *Amazon S3 User Guide*. This functionality is not supported for directory buckets. Valid Values: `requester` ## Request Body The request does not have a request body. ## Response Syntax ``` HTTP/1.1 200 x-amz-request-charged: RequestCharged Body ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response. The response returns the following HTTP headers. ** [x-amz-request-charged](#API_GetObjectTorrent_ResponseSyntax) ** If present, indicates that the requester was successfully charged for the request. For more information, see [Using Requester Pays buckets for storage transfers and usage](https://docs.aws.amazon.com/AmazonS3/latest/userguide/RequesterPaysBuckets.html) in the *Amazon Simple Storage Service user guide*. This functionality is not supported for directory buckets. Valid Values: `requester` The following data is returned in binary format by the service. ** [Body](#API_GetObjectTorrent_ResponseSyntax) ** ## Examples ### Getting torrent files in a bucket This example retrieves the `Torrent` file for the `Nelson` object in the `quotes` bucket. ``` GET /quotes/Nelson?torrent HTTP/1.0 Host: bucket.s3..amazonaws.com Date: Wed, 28 Oct 2009 22:32:00 GMT Authorization: authorization string ``` ### Sample Response This example illustrates one usage of GetObjectTorrent. ``` HTTP/1.1 200 OK x-amz-request-id: 7CD745EBB7AB5ED9 Date: Wed, 25 Nov 2009 12:00:00 GMT Content-Disposition: attachment; filename=Nelson.torrent; Content-Type: application/x-bittorrent Content-Length: 537 Server: AmazonS3 ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/GetObjectTorrent) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/GetObjectTorrent) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/GetObjectTorrent) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/GetObjectTorrent) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/GetObjectTorrent) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/GetObjectTorrent) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/GetObjectTorrent) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/GetObjectTorrent) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/GetObjectTorrent) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/GetObjectTorrent) # GetPublicAccessBlock **Note** This operation is not supported for directory buckets. Retrieves the `PublicAccessBlock` configuration for an Amazon S3 bucket. This operation returns the bucket-level configuration only. To understand the effective public access behavior, you must also consider account-level settings (which may inherit from organization-level policies). To use this operation, you must have the `s3:GetBucketPublicAccessBlock` permission. For more information about Amazon S3 permissions, see [Specifying Permissions in a Policy](https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html). **Important** When Amazon S3 evaluates the `PublicAccessBlock` configuration for a bucket or an object, it checks the `PublicAccessBlock` configuration for both the bucket (or the bucket that contains the object) and the bucket owner's account. Account-level settings automatically inherit from organization-level policies when present. If the `PublicAccessBlock` settings are different between the bucket and the account, Amazon S3 uses the most restrictive combination of the bucket-level and account-level settings. For more information about when Amazon S3 considers a bucket or an object public, see [The Meaning of "Public"](https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status). The following operations are related to `GetPublicAccessBlock`: + [Using Amazon S3 Block Public Access](https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html) + [PutPublicAccessBlock](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutPublicAccessBlock.html) + [GetPublicAccessBlock](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetPublicAccessBlock.html) + [DeletePublicAccessBlock](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeletePublicAccessBlock.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` GET /?publicAccessBlock HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-expected-bucket-owner: ExpectedBucketOwner ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_GetPublicAccessBlock_RequestSyntax) ** The name of the Amazon S3 bucket whose `PublicAccessBlock` configuration you want to retrieve. Required: Yes ** [x-amz-expected-bucket-owner](#API_GetPublicAccessBlock_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ## Request Body The request does not have a request body. ## Response Syntax ``` HTTP/1.1 200 boolean boolean boolean boolean ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response. The following data is returned in XML format by the service. ** [PublicAccessBlockConfiguration](#API_GetPublicAccessBlock_ResponseSyntax) ** Root level tag for the PublicAccessBlockConfiguration parameters. Required: Yes ** [BlockPublicAcls](#API_GetPublicAccessBlock_ResponseSyntax) ** Specifies whether Amazon S3 should block public access control lists (ACLs) for this bucket and objects in this bucket. Setting this element to `TRUE` causes the following behavior: + PUT Bucket ACL and PUT Object ACL calls fail if the specified ACL is public. + PUT Object calls fail if the request includes a public ACL. + PUT Bucket calls fail if the request includes a public ACL. Enabling this setting doesn't affect existing policies or ACLs. Type: Boolean ** [BlockPublicPolicy](#API_GetPublicAccessBlock_ResponseSyntax) ** Specifies whether Amazon S3 should block public bucket policies for this bucket. Setting this element to `TRUE` causes Amazon S3 to reject calls to PUT Bucket policy if the specified bucket policy allows public access. Enabling this setting doesn't affect existing bucket policies. Type: Boolean ** [IgnorePublicAcls](#API_GetPublicAccessBlock_ResponseSyntax) ** Specifies whether Amazon S3 should ignore public ACLs for this bucket and objects in this bucket. Setting this element to `TRUE` causes Amazon S3 to ignore all public ACLs on this bucket and objects in this bucket. Enabling this setting doesn't affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set. Type: Boolean ** [RestrictPublicBuckets](#API_GetPublicAccessBlock_ResponseSyntax) ** Specifies whether Amazon S3 should restrict public bucket policies for this bucket. Setting this element to `TRUE` restricts access to this bucket to only AWS service principals and authorized users within this account if the bucket has a public policy. Enabling this setting doesn't affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked. Type: Boolean ## Examples ### Sample Request The following request gets a bucket `PublicAccessBlock` configuration. ``` GET /?publicAccessBlock HTTP/1.1 Host: .s3..amazonaws.com x-amz-date: Authorization: ``` ### Sample Response This example illustrates one usage of GetPublicAccessBlock. ``` HTTP/1.1 200 OK x-amz-id-2: ITnGT1y4REXAMPLEPi4hklTXouTf0hccUjo0iCPEXAMPLEutBj3M7fPGlWO2SEWp x-amz-request-id: 51991EXAMPLE5321 Date: Thu, 15 Nov 2016 00:17:22 GMT Server: AmazonS3 Content-Length: 0 TRUE FALSE FALSE FALSE ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/GetPublicAccessBlock) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/GetPublicAccessBlock) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/GetPublicAccessBlock) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/GetPublicAccessBlock) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/GetPublicAccessBlock) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/GetPublicAccessBlock) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/GetPublicAccessBlock) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/GetPublicAccessBlock) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/GetPublicAccessBlock) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/GetPublicAccessBlock) # HeadBucket You can use this operation to determine if a bucket exists and if you have permission to access it. The action returns a `200 OK` HTTP status code if the bucket exists and you have permission to access it. You can make a `HeadBucket` call on any bucket name to any Region in the partition, and regardless of the permissions on the bucket, you will receive a response header with the correct bucket location so that you can then make a proper, signed request to the appropriate Regional endpoint. **Note** If the bucket doesn't exist or you don't have permission to access it, the `HEAD` request returns a generic `400 Bad Request`, `403 Forbidden`, or `404 Not Found` HTTP status code. A message body isn't included, so you can't determine the exception beyond these HTTP response codes. Authentication and authorization **General purpose buckets** - Request to public buckets that grant the s3:ListBucket permission publicly do not need to be signed. All other `HeadBucket` requests must be authenticated and signed by using IAM credentials (access key ID and secret access key for the IAM identities). All headers with the `x-amz-` prefix, including `x-amz-copy-source`, must be signed. For more information, see [REST Authentication](https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html). **Directory buckets** - You must use IAM credentials to authenticate and authorize your access to the `HeadBucket` API operation, instead of using the temporary security credentials through the `CreateSession` API operation. AWS CLI or SDKs handles authentication and authorization on your behalf. Permissions + **General purpose bucket permissions** - To use this operation, you must have permissions to perform the `s3:ListBucket` action. The bucket owner has this permission by default and can grant this permission to others. For more information about permissions, see [Managing access permissions to your Amazon S3 resources](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html) in the *Amazon S3 User Guide*. + **Directory bucket permissions** - You must have the ** `s3express:CreateSession` ** permission in the `Action` element of a policy. If no session mode is specified, the session will be created with the maximum allowable privilege, attempting `ReadWrite` first, then `ReadOnly` if `ReadWrite` is not permitted. If you want to explicitly restrict the access to be read-only, you can set the `s3express:SessionMode` condition key to `ReadOnly` on the bucket. For more information about example bucket policies, see [Example bucket policies for S3 Express One Zone](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-example-bucket-policies.html) and [AWS Identity and Access Management (IAM) identity-based policies for S3 Express One Zone](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-identity-policies.html) in the *Amazon S3 User Guide*. HTTP Host header syntax **Directory buckets ** - The HTTP Host header syntax is ` Bucket-name.s3express-zone-id.region-code.amazonaws.com`. You must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format `https://bucket-name.s3express-zone-id.region-code.amazonaws.com`. Path-style requests are not supported. For more information about endpoints in Availability Zones, see [Regional and Zonal endpoints for directory buckets in Availability Zones](https://docs.aws.amazon.com/AmazonS3/latest/userguide/endpoint-directory-buckets-AZ.html) in the *Amazon S3 User Guide*. For more information about endpoints in Local Zones, see [Concepts for directory buckets in Local Zones](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-lzs-for-directory-buckets.html) in the *Amazon S3 User Guide*. **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` HEAD / HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-expected-bucket-owner: ExpectedBucketOwner ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_HeadBucket_RequestSyntax) ** The bucket name. **Directory buckets** - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format ` Bucket-name.s3express-zone-id.region-code.amazonaws.com`. Path-style requests are not supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must follow the format ` bucket-base-name--zone-id--x-s3` (for example, ` amzn-s3-demo-bucket--usw2-az1--x-s3`). For information about bucket naming restrictions, see [Directory bucket naming rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) in the *Amazon S3 User Guide*. **Access points** - When you use this action with an access point for general purpose buckets, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When you use this action with an access point for directory buckets, you must provide the access point name in place of the bucket name. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com. When using this action with an access point through the AWS SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see [Using access points](https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) in the *Amazon S3 User Guide*. **Object Lambda access points** - When you use this API operation with an Object Lambda access point, provide the alias of the Object Lambda access point in place of the bucket name. If the Object Lambda access point alias in a request is not valid, the error code `InvalidAccessPointAliasError` is returned. For more information about `InvalidAccessPointAliasError`, see [List of Error Codes](https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList). Object Lambda access points are not supported by directory buckets. **S3 on Outposts** - When you use this action with S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form ` AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com`. When you use this action with S3 on Outposts, the destination bucket must be the Outposts access point ARN or the access point alias. For more information about S3 on Outposts, see [What is S3 on Outposts?](https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) in the *Amazon S3 User Guide*. Required: Yes ** [x-amz-expected-bucket-owner](#API_HeadBucket_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ## Request Body The request does not have a request body. ## Response Syntax ``` HTTP/1.1 200 x-amz-bucket-arn: BucketArn x-amz-bucket-location-type: BucketLocationType x-amz-bucket-location-name: BucketLocationName x-amz-bucket-region: BucketRegion x-amz-access-point-alias: AccessPointAlias ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response. The response returns the following HTTP headers. ** [x-amz-access-point-alias](#API_HeadBucket_ResponseSyntax) ** Indicates whether the bucket name used in the request is an access point alias. For directory buckets, the value of this field is `false`. ** [x-amz-bucket-arn](#API_HeadBucket_ResponseSyntax) ** The Amazon Resource Name (ARN) of the S3 bucket. ARNs uniquely identify AWS resources across all of AWS. This parameter is only supported for S3 directory buckets. For more information, see [Using tags with directory buckets](https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-tagging.html). Length Constraints: Minimum length of 1. Maximum length of 128. Pattern: `arn:[^:]+:(s3|s3express):.*` ** [x-amz-bucket-location-name](#API_HeadBucket_ResponseSyntax) ** The name of the location where the bucket will be created. For directory buckets, the Zone ID of the Availability Zone or the Local Zone where the bucket is created. An example Zone ID value for an Availability Zone is `usw2-az1`. This functionality is only supported by directory buckets. ** [x-amz-bucket-location-type](#API_HeadBucket_ResponseSyntax) ** The type of location where the bucket is created. This functionality is only supported by directory buckets. Valid Values: `AvailabilityZone | LocalZone` ** [x-amz-bucket-region](#API_HeadBucket_ResponseSyntax) ** The Region that the bucket is located. Length Constraints: Minimum length of 0. Maximum length of 20. ## Errors ** NoSuchBucket ** The specified bucket does not exist. HTTP Status Code: 404 ## Examples ### Sample Request for general purpose buckets This example illustrates one usage of HeadBucket. ``` HEAD / HTTP/1.1 Date: Fri, 10 Feb 2012 21:34:55 GMT Authorization: authorization string Host: myawsbucket.s3.amazonaws.com Connection: Keep-Alive ``` ### Sample responses for general purpose buckets This example illustrates one usage of HeadBucket. ``` HTTP/1.1 200 OK x-amz-id-2: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY x-amz-request-id: 28PG2CEB32F5EE25 x-amz-bucket-region: us-west-2 x-amz-access-point-alias: false Date: Fri, 10 2012 21:34:56 GMT Server: AmazonS3 ``` ``` HTTP/1.1 301 Moved Permanantly x-amz-id-2: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY x-amz-request-id: M8H3G2AJ0V6NQ8AJ Date: Tue, 06 May 2025 21:29:41 GMT x-amz-bucket-region: us-east-1 x-amz-access-point-alias: false Server: AmazonS3 ``` ``` HTTP/1.1 403 Forbidden x-amz-bucket-region: us-east-1 x-amz-request-id: P6K9QSW8EN5YEPS x-amz-id-2: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY Date: Tue, 06 May 2025 21:24:51 GMT Server: AmazonS3 ``` ### Example of anonymous request response This example illustrates one usage of HeadBucket. ``` HTTP/1.1 403 Forbidden x-amz-bucket-region: us-east-1 x-amz-request-id: 7B3WF90PGN6J8F2 x-amz-id-2: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY Date: Tue, 06 May 2025 21:55:02 GMT Server: AmazonS3 ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/HeadBucket) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/HeadBucket) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/HeadBucket) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/HeadBucket) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/HeadBucket) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/HeadBucket) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/HeadBucket) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/HeadBucket) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/HeadBucket) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/HeadBucket) # HeadObject The `HEAD` operation retrieves metadata from an object without returning the object itself. This operation is useful if you're interested only in an object's metadata. **Note** A `HEAD` request has the same options as a `GET` operation on an object. The response is identical to the `GET` response except that there is no response body. Because of this, if the `HEAD` request generates an error, it returns a generic code, such as `400 Bad Request`, `403 Forbidden`, `404 Not Found`, `405 Method Not Allowed`, `412 Precondition Failed`, or `304 Not Modified`. It's not possible to retrieve the exact exception of these error codes. Request headers are limited to 8 KB in size. For more information, see [Common Request Headers](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTCommonRequestHeaders.html). Permissions + **General purpose bucket permissions** - To use `HEAD`, you must have the `s3:GetObject` permission. You need the relevant read object (or version) permission for this operation. For more information, see [Actions, resources, and condition keys for Amazon S3](https://docs.aws.amazon.com/AmazonS3/latest/dev/list_amazons3.html) in the *Amazon S3 User Guide*. For more information about the permissions to S3 API operations by S3 resource types, see [Required permissions for Amazon S3 API operations](/AmazonS3/latest/userguide/using-with-s3-policy-actions.html) in the *Amazon S3 User Guide*. If the object you request doesn't exist, the error that Amazon S3 returns depends on whether you also have the `s3:ListBucket` permission. + If you have the `s3:ListBucket` permission on the bucket, Amazon S3 returns an HTTP status code `404 Not Found` error. + If you don’t have the `s3:ListBucket` permission, Amazon S3 returns an HTTP status code `403 Forbidden` error. + **Directory bucket permissions** - To grant access to this API operation on a directory bucket, we recommend that you use the [https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) API operation for session-based authorization. Specifically, you grant the `s3express:CreateSession` permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the `CreateSession` API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another `CreateSession` API call to generate a new session token for use. AWS CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see [https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). If you enable `x-amz-checksum-mode` in the request and the object is encrypted with AWS Key Management Service (AWS KMS), you must also have the `kms:GenerateDataKey` and `kms:Decrypt` permissions in IAM identity-based policies and AWS KMS key policies for the AWS KMS key to retrieve the checksum of the object. Encryption Encryption request headers, like `x-amz-server-side-encryption`, should not be sent for `HEAD` requests if your object uses server-side encryption with AWS Key Management Service (AWS KMS) keys (SSE-KMS), dual-layer server-side encryption with AWS KMS keys (DSSE-KMS), or server-side encryption with Amazon S3 managed encryption keys (SSE-S3). The `x-amz-server-side-encryption` header is used when you `PUT` an object to S3 and want to specify the encryption method. If you include this header in a `HEAD` request for an object that uses these types of keys, you’ll get an HTTP `400 Bad Request` error. It's because the encryption method can't be changed when you retrieve the object. If you encrypt an object by using server-side encryption with customer-provided encryption keys (SSE-C) when you store the object in Amazon S3, then when you retrieve the metadata from the object, you must use the following headers to provide the encryption key for the server to be able to retrieve the object's metadata. The headers are: + `x-amz-server-side-encryption-customer-algorithm` + `x-amz-server-side-encryption-customer-key` + `x-amz-server-side-encryption-customer-key-MD5` For more information about SSE-C, see [Server-Side Encryption (Using Customer-Provided Encryption Keys)](https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html) in the *Amazon S3 User Guide*. **Directory bucket ** - For directory buckets, there are only two supported options for server-side encryption: SSE-S3 and SSE-KMS. SSE-C isn't supported. For more information, see [Protecting data with server-side encryption](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-serv-side-encryption.html) in the *Amazon S3 User Guide*. Versioning + If the current version of the object is a delete marker, Amazon S3 behaves as if the object was deleted and includes `x-amz-delete-marker: true` in the response. + If the specified version is a delete marker, the response returns a `405 Method Not Allowed` error and the `Last-Modified: timestamp` response header. + **Directory buckets** - Delete marker is not supported for directory buckets. + **Directory buckets** - S3 Versioning isn't enabled and supported for directory buckets. For this API operation, only the `null` value of the version ID is supported by directory buckets. You can only specify `null` to the `versionId` query parameter in the request. HTTP Host header syntax **Directory buckets ** - The HTTP Host header syntax is ` Bucket-name.s3express-zone-id.region-code.amazonaws.com`. For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format `https://amzn-s3-demo-bucket.s3express-zone-id.region-code.amazonaws.com/key-name `. Path-style requests are not supported. For more information about endpoints in Availability Zones, see [Regional and Zonal endpoints for directory buckets in Availability Zones](https://docs.aws.amazon.com/AmazonS3/latest/userguide/endpoint-directory-buckets-AZ.html) in the *Amazon S3 User Guide*. For more information about endpoints in Local Zones, see [Concepts for directory buckets in Local Zones](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-lzs-for-directory-buckets.html) in the *Amazon S3 User Guide*. The following actions are related to `HeadObject`: + [GetObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html) + [GetObjectAttributes](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAttributes.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` HEAD /Key+?partNumber=PartNumber&response-cache-control=ResponseCacheControl&response-content-disposition=ResponseContentDisposition&response-content-encoding=ResponseContentEncoding&response-content-language=ResponseContentLanguage&response-content-type=ResponseContentType&response-expires=ResponseExpires&versionId=VersionId HTTP/1.1 Host: Bucket.s3.amazonaws.com If-Match: IfMatch If-Modified-Since: IfModifiedSince If-None-Match: IfNoneMatch If-Unmodified-Since: IfUnmodifiedSince Range: Range x-amz-server-side-encryption-customer-algorithm: SSECustomerAlgorithm x-amz-server-side-encryption-customer-key: SSECustomerKey x-amz-server-side-encryption-customer-key-MD5: SSECustomerKeyMD5 x-amz-request-payer: RequestPayer x-amz-expected-bucket-owner: ExpectedBucketOwner x-amz-checksum-mode: ChecksumMode ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_HeadObject_RequestSyntax) ** The name of the bucket that contains the object. **Directory buckets** - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format ` Bucket-name.s3express-zone-id.region-code.amazonaws.com`. Path-style requests are not supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must follow the format ` bucket-base-name--zone-id--x-s3` (for example, ` amzn-s3-demo-bucket--usw2-az1--x-s3`). For information about bucket naming restrictions, see [Directory bucket naming rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) in the *Amazon S3 User Guide*. **Access points** - When you use this action with an access point for general purpose buckets, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When you use this action with an access point for directory buckets, you must provide the access point name in place of the bucket name. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com. When using this action with an access point through the AWS SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see [Using access points](https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) in the *Amazon S3 User Guide*. Object Lambda access points are not supported by directory buckets. **S3 on Outposts** - When you use this action with S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form ` AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com`. When you use this action with S3 on Outposts, the destination bucket must be the Outposts access point ARN or the access point alias. For more information about S3 on Outposts, see [What is S3 on Outposts?](https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) in the *Amazon S3 User Guide*. Required: Yes ** [If-Match](#API_HeadObject_RequestSyntax) ** Return the object only if its entity tag (ETag) is the same as the one specified; otherwise, return a 412 (precondition failed) error. If both of the `If-Match` and `If-Unmodified-Since` headers are present in the request as follows: + `If-Match` condition evaluates to `true`, and; + `If-Unmodified-Since` condition evaluates to `false`; Then Amazon S3 returns `200 OK` and the data requested. For more information about conditional requests, see [RFC 7232](https://tools.ietf.org/html/rfc7232). ** [If-Modified-Since](#API_HeadObject_RequestSyntax) ** Return the object only if it has been modified since the specified time; otherwise, return a 304 (not modified) error. If both of the `If-None-Match` and `If-Modified-Since` headers are present in the request as follows: + `If-None-Match` condition evaluates to `false`, and; + `If-Modified-Since` condition evaluates to `true`; Then Amazon S3 returns the `304 Not Modified` response code. For more information about conditional requests, see [RFC 7232](https://tools.ietf.org/html/rfc7232). ** [If-None-Match](#API_HeadObject_RequestSyntax) ** Return the object only if its entity tag (ETag) is different from the one specified; otherwise, return a 304 (not modified) error. If both of the `If-None-Match` and `If-Modified-Since` headers are present in the request as follows: + `If-None-Match` condition evaluates to `false`, and; + `If-Modified-Since` condition evaluates to `true`; Then Amazon S3 returns the `304 Not Modified` response code. For more information about conditional requests, see [RFC 7232](https://tools.ietf.org/html/rfc7232). ** [If-Unmodified-Since](#API_HeadObject_RequestSyntax) ** Return the object only if it has not been modified since the specified time; otherwise, return a 412 (precondition failed) error. If both of the `If-Match` and `If-Unmodified-Since` headers are present in the request as follows: + `If-Match` condition evaluates to `true`, and; + `If-Unmodified-Since` condition evaluates to `false`; Then Amazon S3 returns `200 OK` and the data requested. For more information about conditional requests, see [RFC 7232](https://tools.ietf.org/html/rfc7232). ** [Key](#API_HeadObject_RequestSyntax) ** The object key. Length Constraints: Minimum length of 1. Required: Yes ** [partNumber](#API_HeadObject_RequestSyntax) ** Part number of the object being read. This is a positive integer between 1 and 10,000. Effectively performs a 'ranged' HEAD request for the part specified. Useful querying about the size of the part and the number of parts in this object. ** [Range](#API_HeadObject_RequestSyntax) ** HeadObject returns only the metadata for an object. If the Range is satisfiable, only the `ContentLength` is affected in the response. If the Range is not satisfiable, S3 returns a `416 - Requested Range Not Satisfiable` error. ** [response-cache-control](#API_HeadObject_RequestSyntax) ** Sets the `Cache-Control` header of the response. ** [response-content-disposition](#API_HeadObject_RequestSyntax) ** Sets the `Content-Disposition` header of the response. ** [response-content-encoding](#API_HeadObject_RequestSyntax) ** Sets the `Content-Encoding` header of the response. ** [response-content-language](#API_HeadObject_RequestSyntax) ** Sets the `Content-Language` header of the response. ** [response-content-type](#API_HeadObject_RequestSyntax) ** Sets the `Content-Type` header of the response. ** [response-expires](#API_HeadObject_RequestSyntax) ** Sets the `Expires` header of the response. ** [versionId](#API_HeadObject_RequestSyntax) ** Version ID used to reference a specific version of the object. For directory buckets in this API operation, only the `null` value of the version ID is supported. ** [x-amz-checksum-mode](#API_HeadObject_RequestSyntax) ** To retrieve the checksum, this parameter must be enabled. **General purpose buckets** - If you enable checksum mode and the object is uploaded with a [checksum](https://docs.aws.amazon.com/AmazonS3/latest/API/API_Checksum.html) and encrypted with an AWS Key Management Service (AWS KMS) key, you must have permission to use the `kms:Decrypt` action to retrieve the checksum. **Directory buckets** - If you enable `ChecksumMode` and the object is encrypted with AWS Key Management Service (AWS KMS), you must also have the `kms:GenerateDataKey` and `kms:Decrypt` permissions in IAM identity-based policies and AWS KMS key policies for the AWS KMS key to retrieve the checksum of the object. Valid Values: `ENABLED` ** [x-amz-expected-bucket-owner](#API_HeadObject_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ** [x-amz-request-payer](#API_HeadObject_RequestSyntax) ** Confirms that the requester knows that they will be charged for the request. Bucket owners need not specify this parameter in their requests. If either the source or destination S3 bucket has Requester Pays enabled, the requester will pay for the corresponding charges. For information about downloading objects from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets](https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) in the *Amazon S3 User Guide*. This functionality is not supported for directory buckets. Valid Values: `requester` ** [x-amz-server-side-encryption-customer-algorithm](#API_HeadObject_RequestSyntax) ** Specifies the algorithm to use when encrypting the object (for example, AES256). This functionality is not supported for directory buckets. ** [x-amz-server-side-encryption-customer-key](#API_HeadObject_RequestSyntax) ** Specifies the customer-provided encryption key for Amazon S3 to use in encrypting data. This value is used to store the object and then it is discarded; Amazon S3 does not store the encryption key. The key must be appropriate for use with the algorithm specified in the `x-amz-server-side-encryption-customer-algorithm` header. This functionality is not supported for directory buckets. ** [x-amz-server-side-encryption-customer-key-MD5](#API_HeadObject_RequestSyntax) ** Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. Amazon S3 uses this header for a message integrity check to ensure that the encryption key was transmitted without error. This functionality is not supported for directory buckets. ## Request Body The request does not have a request body. ## Response Syntax ``` HTTP/1.1 200 x-amz-delete-marker: DeleteMarker accept-ranges: AcceptRanges x-amz-expiration: Expiration x-amz-restore: Restore x-amz-archive-status: ArchiveStatus Last-Modified: LastModified Content-Length: ContentLength x-amz-checksum-crc32: ChecksumCRC32 x-amz-checksum-crc32c: ChecksumCRC32C x-amz-checksum-crc64nvme: ChecksumCRC64NVME x-amz-checksum-sha1: ChecksumSHA1 x-amz-checksum-sha256: ChecksumSHA256 x-amz-checksum-type: ChecksumType ETag: ETag x-amz-missing-meta: MissingMeta x-amz-version-id: VersionId Cache-Control: CacheControl Content-Disposition: ContentDisposition Content-Encoding: ContentEncoding Content-Language: ContentLanguage Content-Type: ContentType Content-Range: ContentRange Expires: Expires x-amz-website-redirect-location: WebsiteRedirectLocation x-amz-server-side-encryption: ServerSideEncryption x-amz-server-side-encryption-customer-algorithm: SSECustomerAlgorithm x-amz-server-side-encryption-customer-key-MD5: SSECustomerKeyMD5 x-amz-server-side-encryption-aws-kms-key-id: SSEKMSKeyId x-amz-server-side-encryption-bucket-key-enabled: BucketKeyEnabled x-amz-storage-class: StorageClass x-amz-request-charged: RequestCharged x-amz-replication-status: ReplicationStatus x-amz-mp-parts-count: PartsCount x-amz-tagging-count: TagCount x-amz-object-lock-mode: ObjectLockMode x-amz-object-lock-retain-until-date: ObjectLockRetainUntilDate x-amz-object-lock-legal-hold: ObjectLockLegalHoldStatus ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response. The response returns the following HTTP headers. ** [accept-ranges](#API_HeadObject_ResponseSyntax) ** Indicates that a range of bytes was specified. ** [Cache-Control](#API_HeadObject_ResponseSyntax) ** Specifies caching behavior along the request/reply chain. ** [Content-Disposition](#API_HeadObject_ResponseSyntax) ** Specifies presentational information for the object. ** [Content-Encoding](#API_HeadObject_ResponseSyntax) ** Indicates what content encodings have been applied to the object and thus what decoding mechanisms must be applied to obtain the media-type referenced by the Content-Type header field. ** [Content-Language](#API_HeadObject_ResponseSyntax) ** The language the content is in. ** [Content-Length](#API_HeadObject_ResponseSyntax) ** Size of the body in bytes. ** [Content-Range](#API_HeadObject_ResponseSyntax) ** The portion of the object returned in the response for a `GET` request. ** [Content-Type](#API_HeadObject_ResponseSyntax) ** A standard MIME type describing the format of the object data. ** [ETag](#API_HeadObject_ResponseSyntax) ** An entity tag (ETag) is an opaque identifier assigned by a web server to a specific version of a resource found at a URL. ** [Expires](#API_HeadObject_ResponseSyntax) ** The date and time at which the object is no longer cacheable. ** [Last-Modified](#API_HeadObject_ResponseSyntax) ** Date and time when the object was last modified. ** [x-amz-archive-status](#API_HeadObject_ResponseSyntax) ** The archive state of the head object. This functionality is not supported for directory buckets. Valid Values: `ARCHIVE_ACCESS | DEEP_ARCHIVE_ACCESS` ** [x-amz-checksum-crc32](#API_HeadObject_ResponseSyntax) ** The Base64 encoded, 32-bit `CRC32 checksum` of the object. This checksum is only present if the checksum was uploaded with the object. When you use an API operation on an object that was uploaded using multipart uploads, this value may not be a direct checksum value of the full object. Instead, it's a calculation based on the checksum values of each individual part. For more information about how checksums are calculated with multipart uploads, see [ Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) in the *Amazon S3 User Guide*. ** [x-amz-checksum-crc32c](#API_HeadObject_ResponseSyntax) ** The Base64 encoded, 32-bit `CRC32C` checksum of the object. This checksum is only present if the checksum was uploaded with the object. When you use an API operation on an object that was uploaded using multipart uploads, this value may not be a direct checksum value of the full object. Instead, it's a calculation based on the checksum values of each individual part. For more information about how checksums are calculated with multipart uploads, see [ Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) in the *Amazon S3 User Guide*. ** [x-amz-checksum-crc64nvme](#API_HeadObject_ResponseSyntax) ** The Base64 encoded, 64-bit `CRC64NVME` checksum of the object. For more information, see [Checking object integrity in the Amazon S3 User Guide](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html). ** [x-amz-checksum-sha1](#API_HeadObject_ResponseSyntax) ** The Base64 encoded, 160-bit `SHA1` digest of the object. This checksum is only present if the checksum was uploaded with the object. When you use the API operation on an object that was uploaded using multipart uploads, this value may not be a direct checksum value of the full object. Instead, it's a calculation based on the checksum values of each individual part. For more information about how checksums are calculated with multipart uploads, see [ Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) in the *Amazon S3 User Guide*. ** [x-amz-checksum-sha256](#API_HeadObject_ResponseSyntax) ** The Base64 encoded, 256-bit `SHA256` digest of the object. This checksum is only present if the checksum was uploaded with the object. When you use an API operation on an object that was uploaded using multipart uploads, this value may not be a direct checksum value of the full object. Instead, it's a calculation based on the checksum values of each individual part. For more information about how checksums are calculated with multipart uploads, see [ Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) in the *Amazon S3 User Guide*. ** [x-amz-checksum-type](#API_HeadObject_ResponseSyntax) ** The checksum type, which determines how part-level checksums are combined to create an object-level checksum for multipart objects. You can use this header response to verify that the checksum type that is received is the same checksum type that was specified in `CreateMultipartUpload` request. For more information, see [Checking object integrity in the Amazon S3 User Guide](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html). Valid Values: `COMPOSITE | FULL_OBJECT` ** [x-amz-delete-marker](#API_HeadObject_ResponseSyntax) ** Specifies whether the object retrieved was (true) or was not (false) a Delete Marker. If false, this response header does not appear in the response. This functionality is not supported for directory buckets. ** [x-amz-expiration](#API_HeadObject_ResponseSyntax) ** If the object expiration is configured (see [https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html)), the response includes this header. It includes the `expiry-date` and `rule-id` key-value pairs providing object expiration information. The value of the `rule-id` is URL-encoded. Object expiration information is not returned in directory buckets and this header returns the value "`NotImplemented`" in all responses for directory buckets. ** [x-amz-missing-meta](#API_HeadObject_ResponseSyntax) ** This is set to the number of metadata entries not returned in `x-amz-meta` headers. This can happen if you create metadata using an API like SOAP that supports more flexible metadata than the REST API. For example, using SOAP, you can create metadata whose values are not legal HTTP headers. This functionality is not supported for directory buckets. ** [x-amz-mp-parts-count](#API_HeadObject_ResponseSyntax) ** The count of parts this object has. This value is only returned if you specify `partNumber` in your request and the object was uploaded as a multipart upload. ** [x-amz-object-lock-legal-hold](#API_HeadObject_ResponseSyntax) ** Specifies whether a legal hold is in effect for this object. This header is only returned if the requester has the `s3:GetObjectLegalHold` permission. This header is not returned if the specified version of this object has never had a legal hold applied. For more information about S3 Object Lock, see [Object Lock](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html). This functionality is not supported for directory buckets. Valid Values: `ON | OFF` ** [x-amz-object-lock-mode](#API_HeadObject_ResponseSyntax) ** The Object Lock mode, if any, that's in effect for this object. This header is only returned if the requester has the `s3:GetObjectRetention` permission. For more information about S3 Object Lock, see [Object Lock](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html). This functionality is not supported for directory buckets. Valid Values: `GOVERNANCE | COMPLIANCE` ** [x-amz-object-lock-retain-until-date](#API_HeadObject_ResponseSyntax) ** The date and time when the Object Lock retention period expires. This header is only returned if the requester has the `s3:GetObjectRetention` permission. This functionality is not supported for directory buckets. ** [x-amz-replication-status](#API_HeadObject_ResponseSyntax) ** Amazon S3 can return this header if your request involves a bucket that is either a source or a destination in a replication rule. In replication, you have a source bucket on which you configure replication and destination bucket or buckets where Amazon S3 stores object replicas. When you request an object (`GetObject`) or object metadata (`HeadObject`) from these buckets, Amazon S3 will return the `x-amz-replication-status` header in the response as follows: + **If requesting an object from the source bucket**, Amazon S3 will return the `x-amz-replication-status` header if the object in your request is eligible for replication. For example, suppose that in your replication configuration, you specify object prefix `TaxDocs` requesting Amazon S3 to replicate objects with key prefix `TaxDocs`. Any objects you upload with this key name prefix, for example `TaxDocs/document1.pdf`, are eligible for replication. For any object request with this key name prefix, Amazon S3 will return the `x-amz-replication-status` header with value PENDING, COMPLETED or FAILED indicating object replication status. + **If requesting an object from a destination bucket**, Amazon S3 will return the `x-amz-replication-status` header with value REPLICA if the object in your request is a replica that Amazon S3 created and there is no replica modification replication in progress. + **When replicating objects to multiple destination buckets**, the `x-amz-replication-status` header acts differently. The header of the source object will only return a value of COMPLETED when replication is successful to all destinations. The header will remain at value PENDING until replication has completed for all destinations. If one or more destinations fails replication the header will return FAILED. For more information, see [Replication](https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html). This functionality is not supported for directory buckets. Valid Values: `COMPLETE | PENDING | FAILED | REPLICA | COMPLETED` ** [x-amz-request-charged](#API_HeadObject_ResponseSyntax) ** If present, indicates that the requester was successfully charged for the request. For more information, see [Using Requester Pays buckets for storage transfers and usage](https://docs.aws.amazon.com/AmazonS3/latest/userguide/RequesterPaysBuckets.html) in the *Amazon Simple Storage Service user guide*. This functionality is not supported for directory buckets. Valid Values: `requester` ** [x-amz-restore](#API_HeadObject_ResponseSyntax) ** If the object is an archived object (an object whose storage class is GLACIER), the response includes this header if either the archive restoration is in progress (see [RestoreObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html) or an archive copy is already restored. If an archive copy is already restored, the header value indicates when Amazon S3 is scheduled to delete the object copy. For example: `x-amz-restore: ongoing-request="false", expiry-date="Fri, 21 Dec 2012 00:00:00 GMT"` If the object restoration is in progress, the header returns the value `ongoing-request="true"`. For more information about archiving objects, see [Transitioning Objects: General Considerations](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html#lifecycle-transition-general-considerations). This functionality is not supported for directory buckets. Directory buckets only support `EXPRESS_ONEZONE` (the S3 Express One Zone storage class) in Availability Zones and `ONEZONE_IA` (the S3 One Zone-Infrequent Access storage class) in Dedicated Local Zones. ** [x-amz-server-side-encryption](#API_HeadObject_ResponseSyntax) ** The server-side encryption algorithm used when you store this object in Amazon S3 or Amazon FSx. When accessing data stored in Amazon FSx file systems using S3 access points, the only valid server side encryption option is `aws:fsx`. Valid Values: `AES256 | aws:fsx | aws:kms | aws:kms:dsse` ** [x-amz-server-side-encryption-aws-kms-key-id](#API_HeadObject_ResponseSyntax) ** If present, indicates the ID of the KMS key that was used for object encryption. ** [x-amz-server-side-encryption-bucket-key-enabled](#API_HeadObject_ResponseSyntax) ** Indicates whether the object uses an S3 Bucket Key for server-side encryption with AWS Key Management Service (AWS KMS) keys (SSE-KMS). ** [x-amz-server-side-encryption-customer-algorithm](#API_HeadObject_ResponseSyntax) ** If server-side encryption with a customer-provided encryption key was requested, the response will include this header to confirm the encryption algorithm that's used. This functionality is not supported for directory buckets. ** [x-amz-server-side-encryption-customer-key-MD5](#API_HeadObject_ResponseSyntax) ** If server-side encryption with a customer-provided encryption key was requested, the response will include this header to provide the round-trip message integrity verification of the customer-provided encryption key. This functionality is not supported for directory buckets. ** [x-amz-storage-class](#API_HeadObject_ResponseSyntax) ** Provides storage class information of the object. Amazon S3 returns this header for all objects except for S3 Standard storage class objects. For more information, see [Storage Classes](https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html). **Directory buckets ** - Directory buckets only support `EXPRESS_ONEZONE` (the S3 Express One Zone storage class) in Availability Zones and `ONEZONE_IA` (the S3 One Zone-Infrequent Access storage class) in Dedicated Local Zones. Valid Values: `STANDARD | REDUCED_REDUNDANCY | STANDARD_IA | ONEZONE_IA | INTELLIGENT_TIERING | GLACIER | DEEP_ARCHIVE | OUTPOSTS | GLACIER_IR | SNOW | EXPRESS_ONEZONE | FSX_OPENZFS | FSX_ONTAP` ** [x-amz-tagging-count](#API_HeadObject_ResponseSyntax) ** The number of tags, if any, on the object, when you have the relevant permission to read object tags. You can use [GetObjectTagging](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectTagging.html) to retrieve the tag set associated with an object. This functionality is not supported for directory buckets. ** [x-amz-version-id](#API_HeadObject_ResponseSyntax) ** Version ID of the object. This functionality is not supported for directory buckets. ** [x-amz-website-redirect-location](#API_HeadObject_ResponseSyntax) ** If the bucket is configured as a website, redirects requests for this object to another object in the same bucket or to an external URL. Amazon S3 stores the value of this header in the object metadata. This functionality is not supported for directory buckets. ## Errors ** NoSuchKey ** The specified key does not exist. HTTP Status Code: 404 ## Examples ### Sample Request for general purpose buckets The following request returns the metadata of an object. ``` HEAD /my-image.jpg HTTP/1.1 Host: bucket.s3..amazonaws.com Date: Wed, 28 Oct 2009 22:32:00 GMT Authorization: AWS AKIAIOSFODNN7EXAMPLE:02236Q3V0RonhpaBX5sCYVf1bNRuU= ``` ### Sample Response for general purpose buckets This example illustrates one usage of HeadObject. ``` HTTP/1.1 200 OK x-amz-id-2: ef8yU9AS1ed4OpIszj7UDNEHGran x-amz-request-id: 318BC8BC143432E5 x-amz-version-id: 3HL4kqtJlcpXroDTDmjVBH40Nrjfkd Date: Wed, 28 Oct 2009 22:32:00 GMT Last-Modified: Sun, 1 Jan 2006 12:00:00 GMT ETag: "fba9dede5f27731c9771645a39863328" Content-Length: 434234 Content-Type: text/plain Connection: close Server: AmazonS3 ``` ### Sample Response for general purpose buckets: With an expiration tag If the object is scheduled to expire according to a lifecycle configuration set on the bucket, the response returns the `x-amz-expiration` tag with information about when Amazon S3 will delete the object. For more information, see [Transitioning Objects: General Considerations](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html#lifecycle-transition-general-considerations). ``` HTTP/1.1 200 OK x-amz-id-2: azQRZtQJ2m1P8R+TIsG9h0VuC/DmiSJmjXUMq7snk+LKSJeurtmfzSlGhR46GzSJ x-amz-request-id: 0EFF61CCE3F24A26 Date: Mon, 17 Dec 2012 02:26:39 GMT Last-Modified: Mon, 17 Dec 2012 02:14:10 GMT x-amz-expiration: expiry-date="Fri, 21 Dec 2012 00:00:00 GMT", rule-id="Rule for testfile.txt" ETag: "54b0c58c7ce9f2a8b551351102ee0938" Accept-Ranges: bytes Content-Type: text/plain Content-Length: 14 Server: AmazonS3 ``` ### Sample Request for general purpose buckets: Getting metadata from a specified version of an object The following request returns the metadata of the specified version of an object. ``` HEAD /my-image.jpg?versionId=3HL4kqCxf3vjVBH40Nrjfkd HTTP/1.1 Host: bucket.s3..amazonaws.com Date: Wed, 28 Oct 2009 22:32:00 GMT Authorization: AWS AKIAIOSFODNN7EXAMPLE:02236Q3V0WpaBX5sCYVf1bNRuU= ``` ### Sample Response for general purpose buckets: To a versioned HEAD request This example illustrates one usage of HeadObject. ``` HTTP/1.1 200 OK x-amz-id-2: eftixk72aD6Ap51TnqcoF8epIszj7UDNEHGran x-amz-request-id: 318BC8BC143432E5 x-amz-version-id: 3HL4kqtJlcpXrof3vjVBH40Nrjfkd Date: Wed, 28 Oct 2009 22:32:00 GMT Last-Modified: Sun, 1 Jan 2006 12:00:00 GMT ETag: "fba9dede5f27731c9771645a39863328" Content-Length: 434234 Content-Type: text/plain Connection: close Server: AmazonS3 ``` ### Sample Request for general purpose buckets: For an S3 Glacier object For an archived object, the `x-amz-restore` header provides the date when the restored copy expires, as shown in the following response. Even if the object is stored in S3 Glacier, all object metadata is still available. ``` HEAD /my-image.jpg HTTP/1.1 Host: bucket.s3..amazonaws.com Date: 13 Nov 2012 00:28:38 GMT Authorization: AWS AKIAIOSFODNN7EXAMPLE:02236Q3V0RonhpaBX5sCYVf1bNRuU= ``` ### Sample Response for general purpose buckets: S3 Glacier object If the object is already restored, the `x-amz-restore` header provides the date when the restored copy will expire, as shown in the following response. ``` HTTP/1.1 200 OK x-amz-id-2: FSVaTMjrmBp3Izs1NnwBZeu7M19iI8UbxMbi0A8AirHANJBo+hEftBuiESACOMJp x-amz-request-id: E5CEFCB143EB505A Date: Tue, 13 Nov 2012 00:28:38 GMT Last-Modified: Mon, 15 Oct 2012 21:58:07 GMT x-amz-restore: ongoing-request="false", expiry-date="Wed, 07 Nov 2012 00:00:00 GMT" ETag: "1accb31fcf202eba0c0f41fa2f09b4d7" Accept-Ranges: bytes Content-Type: binary/octet-stream Content-Length: 300 Server: AmazonS3 ``` ### Sample Response for general purpose buckets: In-progress restoration If the restoration is in progress, the `x-amz-restore` header returns a message accordingly. ``` HTTP/1.1 200 OK x-amz-id-2: b+V2mDiMHTdy1myoUBpctvmJl95H9U/OSUm/jRtHxjh0+pCk5SvByL4xu2TDv4GM x-amz-request-id: E2E7B6AEE4E9BD2B Date: Tue, 13 Nov 2012 00:43:32 GMT Last-Modified: Sat, 20 Oct 2012 21:28:27 GMT x-amz-restore: ongoing-request="true" ETag: "1accb31fcf202eba0c0f41fa2f09b4d7" Accept-Ranges: bytes Content-Type: binary/octet-stream Content-Length: 300 Server: AmazonS3 ``` ### Sample Response for general purpose buckets: Object archived using S3 Intelligent-Tiering If an object is stored using the S3 Intelligent-Tiering storage class and is currently in one of the archive tiers, then this action shows the current tier using the `x-amz-archive-status` header. ``` HTTP/1.1 200 OK x-amz-id-2: FSVaTMjrmBp3Izs1NnwBZeu7M19iI8UbxMbi0A8AirHANJBo+hEftBuiESACOMJp x-amz-request-id: E5CEFCB143EB505A Date: Fri, 13 Nov 2020 00:28:38 GMT Last-Modified: Mon, 15 Oct 2012 21:58:07 GMT ETag: "1accb31fcf202eba0c0f41fa2f09b4d7" x-amz-storage-class: 'INTELLIGENT_TIERING' x-amz-archive-status: 'ARCHIVE_ACCESS' Accept-Ranges: bytes Content-Type: binary/octet-stream Content-Length: 300 Server: AmazonS3 ``` ### Sample Response for general purpose buckets: Object archived using S3 Intelligent-Tiering with restore in progress If an object is stored using the S3 Intelligent-Tiering storage class and is currently in the process of being restored from one of the archive tiers, then this action shows the current tier using the `x-amz-archive-status` header and the current restore status using the `x-amz-restore` header. ``` HTTP/1.1 200 OK x-amz-id-2: FSVaTMjrmBp3Izs1NnwBZeu7M19iI8UbxMbi0A8AirHANJBo+hEftBuiESACOMJp x-amz-request-id: E5CEFCB143EB505A Date: Fri, 13 Nov 2020 00:28:38 GMT Last-Modified: Mon, 15 Oct 2012 21:58:07 GMT ETag: "1accb31fcf202eba0c0f41fa2f09b4d7" x-amz-storage-class: 'INTELLIGENT_TIERING' x-amz-archive-status: 'ARCHIVE_ACCESS' x-amz-restore: 'ongoing-request="true"' x-amz-restore-request-date: 'Fri, 13 Nov 2020 00:20:00 GMT' Accept-Ranges: bytes Content-Type: binary/octet-stream Content-Length: 300 Server: AmazonS3 ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/HeadObject) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/HeadObject) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/HeadObject) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/HeadObject) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/HeadObject) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/HeadObject) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/HeadObject) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/HeadObject) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/HeadObject) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/HeadObject) # ListBucketAnalyticsConfigurations **Note** This operation is not supported for directory buckets. Lists the analytics configurations for the bucket. You can have up to 1,000 analytics configurations per bucket. This action supports list pagination and does not return more than 100 configurations at a time. You should always check the `IsTruncated` element in the response. If there are no more configurations to list, `IsTruncated` is set to false. If there are more configurations to list, `IsTruncated` is set to true, and there will be a value in `NextContinuationToken`. You use the `NextContinuationToken` value to continue the pagination of the list by passing the value in continuation-token in the request to `GET` the next page. To use this operation, you must have permissions to perform the `s3:GetAnalyticsConfiguration` action. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see [Permissions Related to Bucket Subresource Operations](https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) and [Managing Access Permissions to Your Amazon S3 Resources](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html). For information about Amazon S3 analytics feature, see [Amazon S3 Analytics – Storage Class Analysis](https://docs.aws.amazon.com/AmazonS3/latest/dev/analytics-storage-class.html). The following operations are related to `ListBucketAnalyticsConfigurations`: + [GetBucketAnalyticsConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketAnalyticsConfiguration.html) + [DeleteBucketAnalyticsConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketAnalyticsConfiguration.html) + [PutBucketAnalyticsConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketAnalyticsConfiguration.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` GET /?analytics&continuation-token=ContinuationToken HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-expected-bucket-owner: ExpectedBucketOwner ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_ListBucketAnalyticsConfigurations_RequestSyntax) ** The name of the bucket from which analytics configurations are retrieved. Required: Yes ** [continuation-token](#API_ListBucketAnalyticsConfigurations_RequestSyntax) ** The `ContinuationToken` that represents a placeholder from where this request should begin. ** [x-amz-expected-bucket-owner](#API_ListBucketAnalyticsConfigurations_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ## Request Body The request does not have a request body. ## Response Syntax ``` HTTP/1.1 200 boolean string string string string string ... string string string string string string string string string ... ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response. The following data is returned in XML format by the service. ** [ListBucketAnalyticsConfigurationResult](#API_ListBucketAnalyticsConfigurations_ResponseSyntax) ** Root level tag for the ListBucketAnalyticsConfigurationResult parameters. Required: Yes ** [AnalyticsConfiguration](#API_ListBucketAnalyticsConfigurations_ResponseSyntax) ** The list of analytics configurations for a bucket. Type: Array of [AnalyticsConfiguration](API_AnalyticsConfiguration.md) data types ** [ContinuationToken](#API_ListBucketAnalyticsConfigurations_ResponseSyntax) ** The marker that is used as a starting point for this analytics configuration list response. This value is present if it was sent in the request. Type: String ** [IsTruncated](#API_ListBucketAnalyticsConfigurations_ResponseSyntax) ** Indicates whether the returned list of analytics configurations is complete. A value of true indicates that the list is not complete and the NextContinuationToken will be provided for a subsequent request. Type: Boolean ** [NextContinuationToken](#API_ListBucketAnalyticsConfigurations_ResponseSyntax) ** `NextContinuationToken` is sent when `isTruncated` is true, which indicates that there are more analytics configurations to list. The next request must include this `NextContinuationToken`. The token is obfuscated and is not a usable value. Type: String ## Examples ### Sample Request Delete the metric configuration with a specified ID, which disables the CloudWatch metrics with the `ExampleMetrics` value for the `FilterId` dimension. ``` GET /?analytics HTTP/1.1 Host: example-bucket.s3..amazonaws.com x-amz-date: 20160430T233541Z Authorization: authorization string ``` ### Sample Response This example illustrates one usage of ListBucketAnalyticsConfigurations. ``` HTTP/1.1 200 OK x-amz-id-2: gyB+3jRPnrkN98ZajxHXr3u7EFM67bNgSAxexeEHndCX/7GRnfTXxReKUQF28IfP x-amz-request-id: 3B3C7C725673C630 Date: Sat, 30 Apr 2016 23:29:37 GMT Content-Length: length Server: AmazonS3 list1 images/ dog corgi V_1 CSV 123456789012 arn:aws:s3:::destination-bucket destination-prefix report1 images/ dog bulldog V_1 CSV 123456789012 arn:aws:s3:::destination-bucket destination-prefix ... false ... true ... ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/ListBucketAnalyticsConfigurations) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/ListBucketAnalyticsConfigurations) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/ListBucketAnalyticsConfigurations) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/ListBucketAnalyticsConfigurations) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/ListBucketAnalyticsConfigurations) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/ListBucketAnalyticsConfigurations) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/ListBucketAnalyticsConfigurations) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/ListBucketAnalyticsConfigurations) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/ListBucketAnalyticsConfigurations) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/ListBucketAnalyticsConfigurations) # ListBucketIntelligentTieringConfigurations **Note** This operation is not supported for directory buckets. Lists the S3 Intelligent-Tiering configuration from the specified bucket. The S3 Intelligent-Tiering storage class is designed to optimize storage costs by automatically moving data to the most cost-effective storage access tier, without performance impact or operational overhead. S3 Intelligent-Tiering delivers automatic cost savings in three low latency and high throughput access tiers. To get the lowest storage cost on data that can be accessed in minutes to hours, you can choose to activate additional archiving capabilities. The S3 Intelligent-Tiering storage class is the ideal storage class for data with unknown, changing, or unpredictable access patterns, independent of object size or retention period. If the size of an object is less than 128 KB, it is not monitored and not eligible for auto-tiering. Smaller objects can be stored, but they are always charged at the Frequent Access tier rates in the S3 Intelligent-Tiering storage class. For more information, see [Storage class for automatically optimizing frequently and infrequently accessed objects](https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html#sc-dynamic-data-access). Operations related to `ListBucketIntelligentTieringConfigurations` include: + [DeleteBucketIntelligentTieringConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketIntelligentTieringConfiguration.html) + [PutBucketIntelligentTieringConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketIntelligentTieringConfiguration.html) + [GetBucketIntelligentTieringConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketIntelligentTieringConfiguration.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` GET /?intelligent-tiering&continuation-token=ContinuationToken HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-expected-bucket-owner: ExpectedBucketOwner ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_ListBucketIntelligentTieringConfigurations_RequestSyntax) ** The name of the Amazon S3 bucket whose configuration you want to modify or retrieve. Required: Yes ** [continuation-token](#API_ListBucketIntelligentTieringConfigurations_RequestSyntax) ** The `ContinuationToken` that represents a placeholder from where this request should begin. ** [x-amz-expected-bucket-owner](#API_ListBucketIntelligentTieringConfigurations_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ## Request Body The request does not have a request body. ## Response Syntax ``` HTTP/1.1 200 boolean string string string string string ... string string string string string string integer ... ... ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response. The following data is returned in XML format by the service. ** [ListBucketIntelligentTieringConfigurationsOutput](#API_ListBucketIntelligentTieringConfigurations_ResponseSyntax) ** Root level tag for the ListBucketIntelligentTieringConfigurationsOutput parameters. Required: Yes ** [ContinuationToken](#API_ListBucketIntelligentTieringConfigurations_ResponseSyntax) ** The `ContinuationToken` that represents a placeholder from where this request should begin. Type: String ** [IntelligentTieringConfiguration](#API_ListBucketIntelligentTieringConfigurations_ResponseSyntax) ** The list of S3 Intelligent-Tiering configurations for a bucket. Type: Array of [IntelligentTieringConfiguration](API_IntelligentTieringConfiguration.md) data types ** [IsTruncated](#API_ListBucketIntelligentTieringConfigurations_ResponseSyntax) ** Indicates whether the returned list of analytics configurations is complete. A value of `true` indicates that the list is not complete and the `NextContinuationToken` will be provided for a subsequent request. Type: Boolean ** [NextContinuationToken](#API_ListBucketIntelligentTieringConfigurations_ResponseSyntax) ** The marker used to continue this inventory configuration listing. Use the `NextContinuationToken` from this response to continue the listing in a subsequent request. The continuation token is an opaque value that Amazon S3 understands. Type: String ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/ListBucketIntelligentTieringConfigurations) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/ListBucketIntelligentTieringConfigurations) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/ListBucketIntelligentTieringConfigurations) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/ListBucketIntelligentTieringConfigurations) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/ListBucketIntelligentTieringConfigurations) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/ListBucketIntelligentTieringConfigurations) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/ListBucketIntelligentTieringConfigurations) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/ListBucketIntelligentTieringConfigurations) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/ListBucketIntelligentTieringConfigurations) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/ListBucketIntelligentTieringConfigurations) # ListBucketInventoryConfigurations **Note** This operation is not supported for directory buckets. Returns a list of S3 Inventory configurations for the bucket. You can have up to 1,000 inventory configurations per bucket. This action supports list pagination and does not return more than 100 configurations at a time. Always check the `IsTruncated` element in the response. If there are no more configurations to list, `IsTruncated` is set to false. If there are more configurations to list, `IsTruncated` is set to true, and there is a value in `NextContinuationToken`. You use the `NextContinuationToken` value to continue the pagination of the list by passing the value in continuation-token in the request to `GET` the next page. To use this operation, you must have permissions to perform the `s3:GetInventoryConfiguration` action. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see [Permissions Related to Bucket Subresource Operations](https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) and [Managing Access Permissions to Your Amazon S3 Resources](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html). For information about the Amazon S3 inventory feature, see [Amazon S3 Inventory](https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-inventory.html) The following operations are related to `ListBucketInventoryConfigurations`: + [GetBucketInventoryConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketInventoryConfiguration.html) + [DeleteBucketInventoryConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketInventoryConfiguration.html) + [PutBucketInventoryConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketInventoryConfiguration.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` GET /?inventory&continuation-token=ContinuationToken HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-expected-bucket-owner: ExpectedBucketOwner ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_ListBucketInventoryConfigurations_RequestSyntax) ** The name of the bucket containing the inventory configurations to retrieve. Required: Yes ** [continuation-token](#API_ListBucketInventoryConfigurations_RequestSyntax) ** The marker used to continue an inventory configuration listing that has been truncated. Use the `NextContinuationToken` from a previously truncated list response to continue the listing. The continuation token is an opaque value that Amazon S3 understands. ** [x-amz-expected-bucket-owner](#API_ListBucketInventoryConfigurations_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ## Request Body The request does not have a request body. ## Response Syntax ``` HTTP/1.1 200 string string string

string

string string string string string boolean string string ... boolean string ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response. The following data is returned in XML format by the service. ** [ListInventoryConfigurationsResult](#API_ListBucketInventoryConfigurations_ResponseSyntax) ** Root level tag for the ListInventoryConfigurationsResult parameters. Required: Yes ** [ContinuationToken](#API_ListBucketInventoryConfigurations_ResponseSyntax) ** If sent in the request, the marker that is used as a starting point for this inventory configuration list response. Type: String ** [InventoryConfiguration](#API_ListBucketInventoryConfigurations_ResponseSyntax) ** The list of inventory configurations for a bucket. Type: Array of [InventoryConfiguration](API_InventoryConfiguration.md) data types ** [IsTruncated](#API_ListBucketInventoryConfigurations_ResponseSyntax) ** Tells whether the returned list of inventory configurations is complete. A value of true indicates that the list is not complete and the NextContinuationToken is provided for a subsequent request. Type: Boolean ** [NextContinuationToken](#API_ListBucketInventoryConfigurations_ResponseSyntax) ** The marker used to continue this inventory configuration listing. Use the `NextContinuationToken` from this response to continue the listing in a subsequent request. The continuation token is an opaque value that Amazon S3 understands. Type: String ## Examples ### Sample Request The following request returns the inventory configurations in `example-bucket`. ``` GET /?inventory HTTP/1.1 Host: example-bucket.s3..amazonaws.com x-amz-date: 20160430T233541Z Authorization: authorization string Content-Type: text/plain ``` ### Sample Response Delete the metric configuration with a specified ID, which disables the CloudWatch metrics with the `ExampleMetrics` value for the `FilterId` dimension. ``` HTTP/1.1 200 OK x-amz-id-2: gyB+3jRPnrkN98ZajxHXr3u7EFM67bNgSAxexeEHndCX/7GRnfTXxReKUQF28IfP x-amz-request-id: 3B3C7C725673C630 Date: Sat, 30 Apr 2016 23:29:37 GMT Content-Type: application/xml Content-Length: length Connection: close Server: AmazonS3 report1 true CSV 123456789012 arn:aws:s3:::destination-bucket prefix1 Daily prefix/One All Size LastModifiedDate ETag StorageClass IsMultipartUploaded ReplicationStatus report2 true CSV 123456789012 arn:aws:s3:::bucket2 prefix2 Daily prefix/Two All Size LastModifiedDate ETag StorageClass IsMultipartUploaded ReplicationStatus ObjectLockRetainUntilDate ObjectLockMode ObjectLockLegalHoldStatus report3 true CSV 123456789012 arn:aws:s3:::bucket3 prefix3 Daily prefix/Three All Size LastModifiedDate ETag StorageClass IsMultipartUploaded ReplicationStatus ... false ... true ... ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/ListBucketInventoryConfigurations) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/ListBucketInventoryConfigurations) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/ListBucketInventoryConfigurations) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/ListBucketInventoryConfigurations) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/ListBucketInventoryConfigurations) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/ListBucketInventoryConfigurations) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/ListBucketInventoryConfigurations) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/ListBucketInventoryConfigurations) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/ListBucketInventoryConfigurations) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/ListBucketInventoryConfigurations) # ListBucketMetricsConfigurations Lists the metrics configurations for the bucket. The metrics configurations are only for the request metrics of the bucket and do not provide information on daily storage metrics. You can have up to 1,000 configurations per bucket. **Note** **Directory buckets ** - For directory buckets, you must make requests for this API operation to the Regional endpoint. These endpoints support path-style requests in the format `https://s3express-control.region-code.amazonaws.com/bucket-name `. Virtual-hosted-style requests aren't supported. For more information about endpoints in Availability Zones, see [Regional and Zonal endpoints for directory buckets in Availability Zones](https://docs.aws.amazon.com/AmazonS3/latest/userguide/endpoint-directory-buckets-AZ.html) in the *Amazon S3 User Guide*. For more information about endpoints in Local Zones, see [Concepts for directory buckets in Local Zones](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-lzs-for-directory-buckets.html) in the *Amazon S3 User Guide*. This action supports list pagination and does not return more than 100 configurations at a time. Always check the `IsTruncated` element in the response. If there are no more configurations to list, `IsTruncated` is set to false. If there are more configurations to list, `IsTruncated` is set to true, and there is a value in `NextContinuationToken`. You use the `NextContinuationToken` value to continue the pagination of the list by passing the value in `continuation-token` in the request to `GET` the next page. Permissions To use this operation, you must have permissions to perform the `s3:GetMetricsConfiguration` action. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see [Permissions Related to Bucket Subresource Operations](https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) and [Managing Access Permissions to Your Amazon S3 Resources](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html). + **General purpose bucket permissions** - The `s3:GetMetricsConfiguration` permission is required in a policy. For more information about general purpose buckets permissions, see [Using Bucket Policies and User Policies](https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html) in the *Amazon S3 User Guide*. + **Directory bucket permissions** - To grant access to this API operation, you must have the `s3express:GetMetricsConfiguration` permission in an IAM identity-based policy instead of a bucket policy. Cross-account access to this API operation isn't supported. This operation can only be performed by the AWS account that owns the resource. For more information about directory bucket policies and permissions, see [AWS Identity and Access Management (IAM) for S3 Express One Zone](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam.html) in the *Amazon S3 User Guide*. HTTP Host header syntax **Directory buckets ** - The HTTP Host header syntax is `s3express-control.region-code.amazonaws.com`. For more information about metrics configurations and CloudWatch request metrics, see [Monitoring Metrics with Amazon CloudWatch](https://docs.aws.amazon.com/AmazonS3/latest/dev/cloudwatch-monitoring.html). The following operations are related to `ListBucketMetricsConfigurations`: + [PutBucketMetricsConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketMetricsConfiguration.html) + [GetBucketMetricsConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketMetricsConfiguration.html) + [DeleteBucketMetricsConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketMetricsConfiguration.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` GET /?metrics&continuation-token=ContinuationToken HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-expected-bucket-owner: ExpectedBucketOwner ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_ListBucketMetricsConfigurations_RequestSyntax) ** The name of the bucket containing the metrics configurations to retrieve. **Directory buckets ** - When you use this operation with a directory bucket, you must use path-style requests in the format `https://s3express-control.region-code.amazonaws.com/bucket-name `. Virtual-hosted-style requests aren't supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must also follow the format ` bucket-base-name--zone-id--x-s3` (for example, ` DOC-EXAMPLE-BUCKET--usw2-az1--x-s3`). For information about bucket naming restrictions, see [Directory bucket naming rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) in the *Amazon S3 User Guide* Required: Yes ** [continuation-token](#API_ListBucketMetricsConfigurations_RequestSyntax) ** The marker that is used to continue a metrics configuration listing that has been truncated. Use the `NextContinuationToken` from a previously truncated list response to continue the listing. The continuation token is an opaque value that Amazon S3 understands. ** [x-amz-expected-bucket-owner](#API_ListBucketMetricsConfigurations_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). For directory buckets, this header is not supported in this API operation. If you specify this header, the request fails with the HTTP status code `501 Not Implemented`. ## Request Body The request does not have a request body. ## Response Syntax ``` HTTP/1.1 200 boolean string string string string string string string ... string string string string ... ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response. The following data is returned in XML format by the service. ** [ListMetricsConfigurationsResult](#API_ListBucketMetricsConfigurations_ResponseSyntax) ** Root level tag for the ListMetricsConfigurationsResult parameters. Required: Yes ** [ContinuationToken](#API_ListBucketMetricsConfigurations_ResponseSyntax) ** The marker that is used as a starting point for this metrics configuration list response. This value is present if it was sent in the request. Type: String ** [IsTruncated](#API_ListBucketMetricsConfigurations_ResponseSyntax) ** Indicates whether the returned list of metrics configurations is complete. A value of true indicates that the list is not complete and the NextContinuationToken will be provided for a subsequent request. Type: Boolean ** [MetricsConfiguration](#API_ListBucketMetricsConfigurations_ResponseSyntax) ** The list of metrics configurations for a bucket. Type: Array of [MetricsConfiguration](API_MetricsConfiguration.md) data types ** [NextContinuationToken](#API_ListBucketMetricsConfigurations_ResponseSyntax) ** The marker used to continue a metrics configuration listing that has been truncated. Use the `NextContinuationToken` from a previously truncated list response to continue the listing. The continuation token is an opaque value that Amazon S3 understands. Type: String ## Examples ### Sample Request Delete the metric configuration with a specified ID, which disables the CloudWatch metrics with the `ExampleMetrics` value for the `FilterId` dimension. ``` GET /?metrics HTTP/1.1 Host: examplebucket.s3..amazonaws.com x-amz-date: Thu, 15 Nov 2016 00:17:21 GMT Authorization: signatureValue ``` ### Sample Response Delete the metric configuration with a specified ID, which disables the CloudWatch metrics with the `ExampleMetrics` value for the `FilterId` dimension. ``` HTTP/1.1 200 OK x-amz-id-2: ITnGT1y4REXAMPLEPi4hklTXouTf0hccUjo0iCPEXAMPLEutBj3M7fPGlWO2SEWp x-amz-request-id: 51991EXAMPLE5321 Date: Thu, 15 Nov 2016 00:17:22 GMT Server: AmazonS3 Content-Length: 758 EntireBucket Documents documents/ BlueDocuments documents/ class blue false ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/ListBucketMetricsConfigurations) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/ListBucketMetricsConfigurations) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/ListBucketMetricsConfigurations) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/ListBucketMetricsConfigurations) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/ListBucketMetricsConfigurations) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/ListBucketMetricsConfigurations) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/ListBucketMetricsConfigurations) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/ListBucketMetricsConfigurations) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/ListBucketMetricsConfigurations) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/ListBucketMetricsConfigurations) # ListBuckets **Note** This operation is not supported for directory buckets. Returns a list of all buckets owned by the authenticated sender of the request. To grant IAM permission to use this operation, you must add the `s3:ListAllMyBuckets` policy action. For information about Amazon S3 buckets, see [Creating, configuring, and working with Amazon S3 buckets](https://docs.aws.amazon.com/AmazonS3/latest/userguide/creating-buckets-s3.html). **Important** We strongly recommend using only paginated `ListBuckets` requests. Unpaginated `ListBuckets` requests are only supported for AWS accounts set to the default general purpose bucket quota of 10,000. If you have an approved general purpose bucket quota above 10,000, you must send paginated `ListBuckets` requests to list your account’s buckets. All unpaginated `ListBuckets` requests will be rejected for AWS accounts with a general purpose bucket quota greater than 10,000. **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` GET /?bucket-region=BucketRegion&continuation-token=ContinuationToken&max-buckets=MaxBuckets&prefix=Prefix HTTP/1.1 Host: s3.amazonaws.com ``` ## URI Request Parameters The request uses the following URI parameters. ** [bucket-region](#API_ListBuckets_RequestSyntax) ** Limits the response to buckets that are located in the specified AWS Region. The AWS Region must be expressed according to the AWS Region code, such as `us-west-2` for the US West (Oregon) Region. For a list of the valid values for all of the AWS Regions, see [Regions and Endpoints](https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region). Requests made to a Regional endpoint that is different from the `bucket-region` parameter are not supported. For example, if you want to limit the response to your buckets in Region `us-west-2`, the request must be made to an endpoint in Region `us-west-2`. ** [continuation-token](#API_ListBuckets_RequestSyntax) ** `ContinuationToken` indicates to Amazon S3 that the list is being continued on this bucket with a token. `ContinuationToken` is obfuscated and is not a real key. You can use this `ContinuationToken` for pagination of the list results. Length Constraints: Minimum length of 0. Maximum length of 1024. Required: No. If you specify the `bucket-region`, `prefix`, or `continuation-token` query parameters without using `max-buckets` to set the maximum number of buckets returned in the response, Amazon S3 applies a default page size of 10,000 and provides a continuation token if there are more buckets. ** [max-buckets](#API_ListBuckets_RequestSyntax) ** Maximum number of buckets to be returned in response. When the number is more than the count of buckets that are owned by an AWS account, return all the buckets in response. Valid Range: Minimum value of 1. Maximum value of 10000. ** [prefix](#API_ListBuckets_RequestSyntax) ** Limits the response to bucket names that begin with the specified bucket name prefix. ## Request Body The request does not have a request body. ## Response Syntax ``` HTTP/1.1 200 string string timestamp string string string string string ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response. The following data is returned in XML format by the service. ** [ListAllMyBucketsResult](#API_ListBuckets_ResponseSyntax) ** Root level tag for the ListAllMyBucketsResult parameters. Required: Yes ** [Buckets](#API_ListBuckets_ResponseSyntax) ** The list of buckets owned by the requester. Type: Array of [Bucket](API_Bucket.md) data types ** [ContinuationToken](#API_ListBuckets_ResponseSyntax) ** `ContinuationToken` is included in the response when there are more buckets that can be listed with pagination. The next `ListBuckets` request to Amazon S3 can be continued with this `ContinuationToken`. `ContinuationToken` is obfuscated and is not a real bucket. Type: String ** [Owner](#API_ListBuckets_ResponseSyntax) ** The owner of the buckets listed. Type: [Owner](API_Owner.md) data type ** [Prefix](#API_ListBuckets_ResponseSyntax) ** If `Prefix` was sent with the request, it is included in the response. All bucket names in the response begin with the specified bucket name prefix. Type: String ## Examples ### Example 1: Unpaginated ListBuckets request This example lists all the buckets in your account in a single unpaginated response. Unpaginated requests are only supported for AWS accounts that have the default service quota of 10,000 buckets. If you have an approved general purpose bucket quota that is greater than 10,000 buckets, all unpaginated requests will be rejected for your account. ``` GET / host:s3.us-east-2.amazonaws.com HTTP/1.1 ``` ``` HTTP/1.1 200 OK 2019-12-11T23:32:47+00:00 amzn-s3-demo-bucket 2019-11-10T23:32:13+00:00 amzn-s3-demo-bucket1 AIDACKCEVSQ6C2EXAMPLE ``` ### Example 2: Paginated ListBuckets request The following example request lists all buckets in your account using pagination. It gets the first page of results with the page size set to 1000 buckets. The response returns a `ContinuationToken` that is used in **Example 3** to list the next 1000 buckets. ``` GET /?max-buckets=1000&host:s3.us-east-2.amazonaws.com HTTP/1.1 ``` ``` HTTP/1.1 200 OK 2024-11-14T23:32:47+00:00 amzn-s3-demo-bucket us-east-1 2024-11-14T23:32:13+00:00 amzn-s3-demo-bucket1 us-east-2 AIDACKCEVSQ6C2EXAMPLE eyJNYXJrZXIiOiBudWxsLCAiYm90b190cnVuY2F0ZV9hbW91bnQiOiAxfQ== ``` ### Example 3: Paginated ListBuckets request with continuation token This example request uses the token returned in **Example 2** to return the next 1000 buckets. Continue until there are no more results. If you do not receive a continuation token with your initial paginated ListBuckets request, then your single paginated request returned all of the buckets in your account. ``` GET /?max-buckets=1000&continuation-token=eyJNYXJrZXIiOiBudWxsLCAiYm90b190cnVuY2F0ZV9hbW91bnQiOiAxfQ== host:s3.us-east-2.amazonaws.com HTTP/1.1 ``` ``` HTTP/1.1 200 OK 2024-11-14T23:32:47+00:00 amzn-s3-demo-bucket us-east-1 2024-11-14T23:32:13+00:00 amzn-s3-demo-bucket1 us-east-2 AIDACKCEVSQ6C2EXAMPLE eyJOZXh0VG9rZW4iOiBudWxsLCAiYm90b190cnVuY2F0ZV9hbW91bnQiEXAMPLE= ``` ### Example 4: Paginated ListBuckets request for buckets in US East (Ohio) (us-east-2) The following example lists all the buckets in your account in the `us-east-2` Region. The first paginated response will return up to 1000 buckets. Requests made to a Regional endpoint that is different from the `bucket-region` parameter are not supported. ``` GET /?bucket-region=us-east-2&max-buckets=1000 host:s3.us-east-2.amazonaws.com HTTP/1.1 ``` ``` HTTP/1.1 200 OK 2024-11-14T23:32:47+00:00 DOC-EXAMPLE-BUCKET us-east-2 2024-11-14T23:32:13+00:00 DOC-EXAMPLE-BUCKET1002 us-east-2 AIDACKCEVSQ6C2EXAMPLE eyJOZXh0VG9rZW4iOiBudWxsLCAiYm90b190cnVuY2F0ZV9hbW91bnQiEXAMPLEcd = ``` ### Example 5: Paginated ListBuckets request for buckets in your account that begin with amzn-s3-demo-bucket in US East (Ohio) (us-east-2) The following example lists all the buckets in your account located in the `us-east-2` Region that begin with the `amzn-s3-demo-bucket` bucket prefix. This request uses pagination. ``` GET /?bucket-region=us-east-2&max-buckets=1000&prefix=amzn-s3-demo-bucket host:s3.us-east-2.amazonaws.com HTTP/1.1 ``` ``` HTTP/1.1 200 OK 2024-11-14T23:32:47+00:00 amzn-s3-demo-bucket us-east-2 AIDACKCEVSQ6C2EXAMPLE amzn-s3-demo-bucket eyJOZXh0VG9rZW4iOiBudWxsLCAiYm90b190cnVuY2F0ZV9hbW91bnQiEXAMPLE= ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/ListBuckets) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/ListBuckets) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/ListBuckets) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/ListBuckets) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/ListBuckets) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/ListBuckets) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/ListBuckets) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/ListBuckets) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/ListBuckets) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/ListBuckets) # ListDirectoryBuckets Returns a list of all Amazon S3 directory buckets owned by the authenticated sender of the request. For more information about directory buckets, see [Directory buckets](https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-overview.html) in the *Amazon S3 User Guide*. **Note** **Directory buckets ** - For directory buckets, you must make requests for this API operation to the Regional endpoint. These endpoints support path-style requests in the format `https://s3express-control.region-code.amazonaws.com/bucket-name `. Virtual-hosted-style requests aren't supported. For more information about endpoints in Availability Zones, see [Regional and Zonal endpoints for directory buckets in Availability Zones](https://docs.aws.amazon.com/AmazonS3/latest/userguide/endpoint-directory-buckets-AZ.html) in the *Amazon S3 User Guide*. For more information about endpoints in Local Zones, see [Concepts for directory buckets in Local Zones](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-lzs-for-directory-buckets.html) in the *Amazon S3 User Guide*. Permissions You must have the `s3express:ListAllMyDirectoryBuckets` permission in an IAM identity-based policy instead of a bucket policy. Cross-account access to this API operation isn't supported. This operation can only be performed by the AWS account that owns the resource. For more information about directory bucket policies and permissions, see [AWS Identity and Access Management (IAM) for S3 Express One Zone](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam.html) in the *Amazon S3 User Guide*. HTTP Host header syntax **Directory buckets ** - The HTTP Host header syntax is `s3express-control.region.amazonaws.com`. **Note** The `BucketRegion` response element is not part of the `ListDirectoryBuckets` Response Syntax. **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` GET /?continuation-token=ContinuationToken&max-directory-buckets=MaxDirectoryBuckets HTTP/1.1 Host: s3.amazonaws.com ``` ## URI Request Parameters The request uses the following URI parameters. ** [continuation-token](#API_ListDirectoryBuckets_RequestSyntax) ** `ContinuationToken` indicates to Amazon S3 that the list is being continued on buckets in this account with a token. `ContinuationToken` is obfuscated and is not a real bucket name. You can use this `ContinuationToken` for the pagination of the list results. Length Constraints: Minimum length of 0. Maximum length of 1024. ** [max-directory-buckets](#API_ListDirectoryBuckets_RequestSyntax) ** Maximum number of buckets to be returned in response. When the number is more than the count of buckets that are owned by an AWS account, return all the buckets in response. Valid Range: Minimum value of 0. Maximum value of 1000. ## Request Body The request does not have a request body. ## Response Syntax ``` HTTP/1.1 200 string string timestamp string string ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response. The following data is returned in XML format by the service. ** [ListAllMyDirectoryBucketsResult](#API_ListDirectoryBuckets_ResponseSyntax) ** Root level tag for the ListAllMyDirectoryBucketsResult parameters. Required: Yes ** [Buckets](#API_ListDirectoryBuckets_ResponseSyntax) ** The list of buckets owned by the requester. Type: Array of [Bucket](API_Bucket.md) data types ** [ContinuationToken](#API_ListDirectoryBuckets_ResponseSyntax) ** If `ContinuationToken` was sent with the request, it is included in the response. You can use the returned `ContinuationToken` for pagination of the list response. Type: String Length Constraints: Minimum length of 0. Maximum length of 1024. ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/ListDirectoryBuckets) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/ListDirectoryBuckets) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/ListDirectoryBuckets) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/ListDirectoryBuckets) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/ListDirectoryBuckets) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/ListDirectoryBuckets) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/ListDirectoryBuckets) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/ListDirectoryBuckets) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/ListDirectoryBuckets) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/ListDirectoryBuckets) # ListMultipartUploads This operation lists in-progress multipart uploads in a bucket. An in-progress multipart upload is a multipart upload that has been initiated by the `CreateMultipartUpload` request, but has not yet been completed or aborted. **Note** **Directory buckets** - If multipart uploads in a directory bucket are in progress, you can't delete the bucket until all the in-progress multipart uploads are aborted or completed. To delete these in-progress multipart uploads, use the `ListMultipartUploads` operation to list the in-progress multipart uploads in the bucket and use the `AbortMultipartUpload` operation to abort all the in-progress multipart uploads. The `ListMultipartUploads` operation returns a maximum of 1,000 multipart uploads in the response. The limit of 1,000 multipart uploads is also the default value. You can further limit the number of uploads in a response by specifying the `max-uploads` request parameter. If there are more than 1,000 multipart uploads that satisfy your `ListMultipartUploads` request, the response returns an `IsTruncated` element with the value of `true`, a `NextKeyMarker` element, and a `NextUploadIdMarker` element. To list the remaining multipart uploads, you need to make subsequent `ListMultipartUploads` requests. In these requests, include two query parameters: `key-marker` and `upload-id-marker`. Set the value of `key-marker` to the `NextKeyMarker` value from the previous response. Similarly, set the value of `upload-id-marker` to the `NextUploadIdMarker` value from the previous response. **Note** **Directory buckets** - The `upload-id-marker` element and the `NextUploadIdMarker` element aren't supported by directory buckets. To list the additional multipart uploads, you only need to set the value of `key-marker` to the `NextKeyMarker` value from the previous response. For more information about multipart uploads, see [Uploading Objects Using Multipart Upload](https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html) in the *Amazon S3 User Guide*. **Note** **Directory buckets** - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format `https://amzn-s3-demo-bucket.s3express-zone-id.region-code.amazonaws.com/key-name `. Path-style requests are not supported. For more information about endpoints in Availability Zones, see [Regional and Zonal endpoints for directory buckets in Availability Zones](https://docs.aws.amazon.com/AmazonS3/latest/userguide/endpoint-directory-buckets-AZ.html) in the *Amazon S3 User Guide*. For more information about endpoints in Local Zones, see [Concepts for directory buckets in Local Zones](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-lzs-for-directory-buckets.html) in the *Amazon S3 User Guide*. Permissions + **General purpose bucket permissions** - For information about permissions required to use the multipart upload API, see [Multipart Upload and Permissions](https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html) in the *Amazon S3 User Guide*. + **Directory bucket permissions** - To grant access to this API operation on a directory bucket, we recommend that you use the [https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) API operation for session-based authorization. Specifically, you grant the `s3express:CreateSession` permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the `CreateSession` API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another `CreateSession` API call to generate a new session token for use. AWS CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see [https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). Sorting of multipart uploads in response + **General purpose bucket** - In the `ListMultipartUploads` response, the multipart uploads are sorted based on two criteria: + Key-based sorting - Multipart uploads are initially sorted in ascending order based on their object keys. + Time-based sorting - For uploads that share the same object key, they are further sorted in ascending order based on the upload initiation time. Among uploads with the same key, the one that was initiated first will appear before the ones that were initiated later. + **Directory bucket** - In the `ListMultipartUploads` response, the multipart uploads aren't sorted lexicographically based on the object keys. HTTP Host header syntax **Directory buckets ** - The HTTP Host header syntax is ` Bucket-name.s3express-zone-id.region-code.amazonaws.com`. The following operations are related to `ListMultipartUploads`: + [CreateMultipartUpload](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html) + [UploadPart](https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html) + [CompleteMultipartUpload](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html) + [ListParts](https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html) + [AbortMultipartUpload](https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` GET /?uploads&delimiter=Delimiter&encoding-type=EncodingType&key-marker=KeyMarker&max-uploads=MaxUploads&prefix=Prefix&upload-id-marker=UploadIdMarker HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-expected-bucket-owner: ExpectedBucketOwner x-amz-request-payer: RequestPayer ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_ListMultipartUploads_RequestSyntax) ** The name of the bucket to which the multipart upload was initiated. **Directory buckets** - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format ` Bucket-name.s3express-zone-id.region-code.amazonaws.com`. Path-style requests are not supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must follow the format ` bucket-base-name--zone-id--x-s3` (for example, ` amzn-s3-demo-bucket--usw2-az1--x-s3`). For information about bucket naming restrictions, see [Directory bucket naming rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) in the *Amazon S3 User Guide*. **Access points** - When you use this action with an access point for general purpose buckets, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When you use this action with an access point for directory buckets, you must provide the access point name in place of the bucket name. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com. When using this action with an access point through the AWS SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see [Using access points](https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) in the *Amazon S3 User Guide*. Object Lambda access points are not supported by directory buckets. **S3 on Outposts** - When you use this action with S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form ` AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com`. When you use this action with S3 on Outposts, the destination bucket must be the Outposts access point ARN or the access point alias. For more information about S3 on Outposts, see [What is S3 on Outposts?](https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) in the *Amazon S3 User Guide*. Required: Yes ** [delimiter](#API_ListMultipartUploads_RequestSyntax) ** Character you use to group keys. All keys that contain the same string between the prefix, if specified, and the first occurrence of the delimiter after the prefix are grouped under a single result element, `CommonPrefixes`. If you don't specify the prefix parameter, then the substring starts at the beginning of the key. The keys that are grouped under `CommonPrefixes` result element are not returned elsewhere in the response. `CommonPrefixes` is filtered out from results if it is not lexicographically greater than the key-marker. **Directory buckets** - For directory buckets, `/` is the only supported delimiter. ** [encoding-type](#API_ListMultipartUploads_RequestSyntax) ** Encoding type used by Amazon S3 to encode the [object keys](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html) in the response. Responses are encoded only in UTF-8. An object key can contain any Unicode character. However, the XML 1.0 parser can't parse certain characters, such as characters with an ASCII value from 0 to 10. For characters that aren't supported in XML 1.0, you can add this parameter to request that Amazon S3 encode the keys in the response. For more information about characters to avoid in object key names, see [Object key naming guidelines](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-guidelines). When using the URL encoding type, non-ASCII characters that are used in an object's key name will be percent-encoded according to UTF-8 code values. For example, the object `test_file(3).png` will appear as `test_file%283%29.png`. Valid Values: `url` ** [key-marker](#API_ListMultipartUploads_RequestSyntax) ** Specifies the multipart upload after which listing should begin. + **General purpose buckets** - For general purpose buckets, `key-marker` is an object key. Together with `upload-id-marker`, this parameter specifies the multipart upload after which listing should begin. If `upload-id-marker` is not specified, only the keys lexicographically greater than the specified `key-marker` will be included in the list. If `upload-id-marker` is specified, any multipart uploads for a key equal to the `key-marker` might also be included, provided those multipart uploads have upload IDs lexicographically greater than the specified `upload-id-marker`. + **Directory buckets** - For directory buckets, `key-marker` is obfuscated and isn't a real object key. The `upload-id-marker` parameter isn't supported by directory buckets. To list the additional multipart uploads, you only need to set the value of `key-marker` to the `NextKeyMarker` value from the previous response. In the `ListMultipartUploads` response, the multipart uploads aren't sorted lexicographically based on the object keys. ** [max-uploads](#API_ListMultipartUploads_RequestSyntax) ** Sets the maximum number of multipart uploads, from 1 to 1,000, to return in the response body. 1,000 is the maximum number of uploads that can be returned in a response. ** [prefix](#API_ListMultipartUploads_RequestSyntax) ** Lists in-progress uploads only for those keys that begin with the specified prefix. You can use prefixes to separate a bucket into different grouping of keys. (You can think of using `prefix` to make groups in the same way that you'd use a folder in a file system.) **Directory buckets** - For directory buckets, only prefixes that end in a delimiter (`/`) are supported. ** [upload-id-marker](#API_ListMultipartUploads_RequestSyntax) ** Together with key-marker, specifies the multipart upload after which listing should begin. If key-marker is not specified, the upload-id-marker parameter is ignored. Otherwise, any multipart uploads for a key equal to the key-marker might be included in the list only if they have an upload ID lexicographically greater than the specified `upload-id-marker`. This functionality is not supported for directory buckets. ** [x-amz-expected-bucket-owner](#API_ListMultipartUploads_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ** [x-amz-request-payer](#API_ListMultipartUploads_RequestSyntax) ** Confirms that the requester knows that they will be charged for the request. Bucket owners need not specify this parameter in their requests. If either the source or destination S3 bucket has Requester Pays enabled, the requester will pay for the corresponding charges. For information about downloading objects from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets](https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) in the *Amazon S3 User Guide*. This functionality is not supported for directory buckets. Valid Values: `requester` ## Request Body The request does not have a request body. ## Response Syntax ``` HTTP/1.1 200 x-amz-request-charged: RequestCharged string string string string string string string integer boolean string string timestamp string string string string string string string ... string ... string ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response. The response returns the following HTTP headers. ** [x-amz-request-charged](#API_ListMultipartUploads_ResponseSyntax) ** If present, indicates that the requester was successfully charged for the request. For more information, see [Using Requester Pays buckets for storage transfers and usage](https://docs.aws.amazon.com/AmazonS3/latest/userguide/RequesterPaysBuckets.html) in the *Amazon Simple Storage Service user guide*. This functionality is not supported for directory buckets. Valid Values: `requester` The following data is returned in XML format by the service. ** [ListMultipartUploadsResult](#API_ListMultipartUploads_ResponseSyntax) ** Root level tag for the ListMultipartUploadsResult parameters. Required: Yes ** [Bucket](#API_ListMultipartUploads_ResponseSyntax) ** The name of the bucket to which the multipart upload was initiated. Does not return the access point ARN or access point alias if used. Type: String ** [CommonPrefixes](#API_ListMultipartUploads_ResponseSyntax) ** If you specify a delimiter in the request, then the result returns each distinct key prefix containing the delimiter in a `CommonPrefixes` element. The distinct key prefixes are returned in the `Prefix` child element. **Directory buckets** - For directory buckets, only prefixes that end in a delimiter (`/`) are supported. Type: Array of [CommonPrefix](API_CommonPrefix.md) data types ** [Delimiter](#API_ListMultipartUploads_ResponseSyntax) ** Contains the delimiter you specified in the request. If you don't specify a delimiter in your request, this element is absent from the response. **Directory buckets** - For directory buckets, `/` is the only supported delimiter. Type: String ** [EncodingType](#API_ListMultipartUploads_ResponseSyntax) ** Encoding type used by Amazon S3 to encode object keys in the response. If you specify the `encoding-type` request parameter, Amazon S3 includes this element in the response, and returns encoded key name values in the following response elements: `Delimiter`, `KeyMarker`, `Prefix`, `NextKeyMarker`, `Key`. Type: String Valid Values: `url` ** [IsTruncated](#API_ListMultipartUploads_ResponseSyntax) ** Indicates whether the returned list of multipart uploads is truncated. A value of true indicates that the list was truncated. The list can be truncated if the number of multipart uploads exceeds the limit allowed or specified by max uploads. Type: Boolean ** [KeyMarker](#API_ListMultipartUploads_ResponseSyntax) ** The key at or after which the listing began. Type: String ** [MaxUploads](#API_ListMultipartUploads_ResponseSyntax) ** Maximum number of multipart uploads that could have been included in the response. Type: Integer ** [NextKeyMarker](#API_ListMultipartUploads_ResponseSyntax) ** When a list is truncated, this element specifies the value that should be used for the key-marker request parameter in a subsequent request. Type: String ** [NextUploadIdMarker](#API_ListMultipartUploads_ResponseSyntax) ** When a list is truncated, this element specifies the value that should be used for the `upload-id-marker` request parameter in a subsequent request. This functionality is not supported for directory buckets. Type: String ** [Prefix](#API_ListMultipartUploads_ResponseSyntax) ** When a prefix is provided in the request, this field contains the specified prefix. The result contains only keys starting with the specified prefix. **Directory buckets** - For directory buckets, only prefixes that end in a delimiter (`/`) are supported. Type: String ** [Upload](#API_ListMultipartUploads_ResponseSyntax) ** Container for elements related to a particular multipart upload. A response can contain zero or more `Upload` elements. Type: Array of [MultipartUpload](API_MultipartUpload.md) data types ** [UploadIdMarker](#API_ListMultipartUploads_ResponseSyntax) ** Together with key-marker, specifies the multipart upload after which listing should begin. If key-marker is not specified, the upload-id-marker parameter is ignored. Otherwise, any multipart uploads for a key equal to the key-marker might be included in the list only if they have an upload ID lexicographically greater than the specified `upload-id-marker`. This functionality is not supported for directory buckets. Type: String ## Examples ### Sample Request for general purpose buckets The following request lists three multipart uploads. The request specifies the `max-uploads` request parameter to set the maximum number of multipart uploads to return in the response body. ``` GET /?uploads&max-uploads=3 HTTP/1.1 Host: example-bucket.s3..amazonaws.com Date: Mon, 1 Nov 2010 20:34:56 GMT Authorization: authorization string ``` ### Sample Response for general purpose buckets The following sample response indicates that the multipart upload list was truncated and provides the `NextKeyMarker` and the `NextUploadIdMarker` elements. You specify these values in your subsequent requests to read the next set of multipart uploads. That is, send a subsequent request specifying `key-marker=my-movie2.m2ts` (value of the `NextKeyMarker` element) and `upload-id-marker=YW55IGlkZWEgd2h5IGVsdmluZydzIHVwbG9hZCBmYWlsZWQ` (value of the `NextUploadIdMarker`). The sample response also shows a case of two multipart uploads in progress with the same key (`my-movie.m2ts`). That is, the response shows two uploads with the same key. This response shows the uploads sorted by key, and within each key the uploads are sorted in ascending order by the time the multipart upload was initiated. ``` HTTP/1.1 200 OK x-amz-id-2: Uuag1LuByRx9e6j5Onimru9pO4ZVKnJ2Qz7/C1NPcfTWAtRPfTaOFg== x-amz-request-id: 656c76696e6727732072657175657374 Date: Mon, 1 Nov 2010 20:34:56 GMT Content-Length: 1330 Connection: keep-alive Server: AmazonS3 bucket my-movie.m2ts YW55IGlkZWEgd2h5IGVsdmluZydzIHVwbG9hZCBmYWlsZWQ 3 true my-divisor XMgbGlrZSBlbHZpbmcncyBub3QgaGF2aW5nIG11Y2ggbHVjaw arn:aws:iam::111122223333:user/user1-11111a31-17b5-4fb7-9df5-b111111f13de 75aa57f09aa0c8caeab4f8c24e99d10f8e7faeebf76c078efc7c6caea54ba06a STANDARD 2010-11-10T20:48:33.000Z my-movie.m2ts VXBsb2FkIElEIGZvciBlbHZpbmcncyBteS1tb3ZpZS5tMnRzIHVwbG9hZA b1d16700c70b0b05597d7acd6a3f92be b1d16700c70b0b05597d7acd6a3f92be STANDARD 2010-11-10T20:48:33.000Z my-movie.m2ts YW55IGlkZWEgd2h5IGVsdmluZydzIHVwbG9hZCBmYWlsZWQ arn:aws:iam::444455556666:user/user1-22222a31-17b5-4fb7-9df5-b222222f13de b1d16700c70b0b05597d7acd6a3f92be STANDARD 2010-11-10T20:49:33.000Z ``` ### Sample Request for general purpose buckets: Using the delimiter and the prefix parameters Assume you have a multipart upload in progress for the following keys in your bucket, `example-bucket`. + photos/2006/January/sample.jpg + photos/2006/February/sample.jpg + photos/2006/March/sample.jpg + videos/2006/March/sample.wmv + sample.jpg The following list multipart upload request specifies the delimiter parameter with value "/". ``` GET /?uploads&delimiter=/ HTTP/1.1 Host: example-bucket.s3..amazonaws.com Date: Mon, 1 Nov 2010 20:34:56 GMT Authorization: authorization string ``` ### Sample Response for general purpose buckets The following sample response lists multipart uploads on the specified bucket, `example-bucket`. The response returns multipart upload for the `sample.jpg` key in an `` element. However, because all the other keys contain the specified delimiter, a distinct substring, from the beginning of the key to the first occurrence of the delimiter, from each of these keys is returned in a element. The key substrings, `photos/` and `videos/` in the element, indicate that there are one or more in-progress multipart uploads with these key prefixes. This is a useful scenario if you use key prefixes for your objects to create a logical folder like structure. In this case, you can interpret the result as the folders `photos/` and `videos/` have one or more multipart uploads in progress. ``` example-bucket sample.jpg Agw4MJT6ZPAVxpY0SAuGN7q4uWJJM22ZYg1N99trdp4tpO88.PT6.MhO0w2E17eutfAvQfQWoajgE_W2gpcxQw-- / 1000 false sample.jpg Agw4MJT6ZPAVxpY0SAuGN7q4uWJJM22ZYg1N99trdp4tpO88.PT6.MhO0w2E17eutfAvQfQWoajgE_W2gpcxQw-- 314133b66967d86f031c7249d1d9a80249109428335cd0ef1cdc487b4566cb1b 314133b66967d86f031c7249d1d9a80249109428335cd0ef1cdc487b4566cb1b STANDARD 2010-11-26T19:24:17.000Z photos/ videos/ ``` ### Sample Request for general purpose buckets In addition to the delimiter parameter, you can filter results by adding a prefix parameter as shown in the following request. ``` GET /?uploads&delimiter=/&prefix=photos/2006/ HTTP/1.1 Host: example-bucket.s3..amazonaws.com Date: Mon, 1 Nov 2010 20:34:56 GMT Authorization: authorization string ``` ### Sample Response for general purpose buckets In this case, the response will include only multipart uploads for keys that start with the specified prefix. The value returned in the element is a substring from the beginning of the key to the first occurrence of the specified delimiter after the prefix. ``` example-bucket / photos/2006/ 1000 false photos/2006/February/ photos/2006/January/ photos/2006/March/ ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/ListMultipartUploads) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/ListMultipartUploads) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/ListMultipartUploads) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/ListMultipartUploads) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/ListMultipartUploads) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/ListMultipartUploads) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/ListMultipartUploads) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/ListMultipartUploads) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/ListMultipartUploads) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/ListMultipartUploads) # ListObjects **Note** This operation is not supported for directory buckets. Returns some or all (up to 1,000) of the objects in a bucket. You can use the request parameters as selection criteria to return a subset of the objects in a bucket. A 200 OK response can contain valid or invalid XML. Be sure to design your application to parse the contents of the response and handle it appropriately. **Important** This action has been revised. We recommend that you use the newer version, [ListObjectsV2](https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjectsV2.html), when developing applications. For backward compatibility, Amazon S3 continues to support `ListObjects`. The following operations are related to `ListObjects`: + [ListObjectsV2](https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjectsV2.html) + [GetObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html) + [PutObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html) + [CreateBucket](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html) + [ListBuckets](https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBuckets.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` GET /?delimiter=Delimiter&encoding-type=EncodingType&marker=Marker&max-keys=MaxKeys&prefix=Prefix HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-request-payer: RequestPayer x-amz-expected-bucket-owner: ExpectedBucketOwner x-amz-optional-object-attributes: OptionalObjectAttributes ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_ListObjects_RequestSyntax) ** The name of the bucket containing the objects. **Directory buckets** - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format ` Bucket-name.s3express-zone-id.region-code.amazonaws.com`. Path-style requests are not supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must follow the format ` bucket-base-name--zone-id--x-s3` (for example, ` amzn-s3-demo-bucket--usw2-az1--x-s3`). For information about bucket naming restrictions, see [Directory bucket naming rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) in the *Amazon S3 User Guide*. **Access points** - When you use this action with an access point for general purpose buckets, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When you use this action with an access point for directory buckets, you must provide the access point name in place of the bucket name. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com. When using this action with an access point through the AWS SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see [Using access points](https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) in the *Amazon S3 User Guide*. Object Lambda access points are not supported by directory buckets. **S3 on Outposts** - When you use this action with S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form ` AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com`. When you use this action with S3 on Outposts, the destination bucket must be the Outposts access point ARN or the access point alias. For more information about S3 on Outposts, see [What is S3 on Outposts?](https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) in the *Amazon S3 User Guide*. Required: Yes ** [delimiter](#API_ListObjects_RequestSyntax) ** A delimiter is a character that you use to group keys. `CommonPrefixes` is filtered out from results if it is not lexicographically greater than the key-marker. ** [encoding-type](#API_ListObjects_RequestSyntax) ** Encoding type used by Amazon S3 to encode the [object keys](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html) in the response. Responses are encoded only in UTF-8. An object key can contain any Unicode character. However, the XML 1.0 parser can't parse certain characters, such as characters with an ASCII value from 0 to 10. For characters that aren't supported in XML 1.0, you can add this parameter to request that Amazon S3 encode the keys in the response. For more information about characters to avoid in object key names, see [Object key naming guidelines](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-guidelines). When using the URL encoding type, non-ASCII characters that are used in an object's key name will be percent-encoded according to UTF-8 code values. For example, the object `test_file(3).png` will appear as `test_file%283%29.png`. Valid Values: `url` ** [marker](#API_ListObjects_RequestSyntax) ** Marker is where you want Amazon S3 to start listing from. Amazon S3 starts listing after this specified key. Marker can be any key in the bucket. ** [max-keys](#API_ListObjects_RequestSyntax) ** Sets the maximum number of keys returned in the response. By default, the action returns up to 1,000 key names. The response might contain fewer keys but will never contain more. ** [prefix](#API_ListObjects_RequestSyntax) ** Limits the response to keys that begin with the specified prefix. ** [x-amz-expected-bucket-owner](#API_ListObjects_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ** [x-amz-optional-object-attributes](#API_ListObjects_RequestSyntax) ** Specifies the optional fields that you want returned in the response. Fields that you do not specify are not returned. Valid Values: `RestoreStatus` ** [x-amz-request-payer](#API_ListObjects_RequestSyntax) ** Confirms that the requester knows that she or he will be charged for the list objects request. Bucket owners need not specify this parameter in their requests. Valid Values: `requester` ## Request Body The request does not have a request body. ## Response Syntax ``` HTTP/1.1 200 x-amz-request-charged: RequestCharged boolean string string string ... string string string timestamp string string boolean timestamp long string ... string string string integer string ... string ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response. The response returns the following HTTP headers. ** [x-amz-request-charged](#API_ListObjects_ResponseSyntax) ** If present, indicates that the requester was successfully charged for the request. For more information, see [Using Requester Pays buckets for storage transfers and usage](https://docs.aws.amazon.com/AmazonS3/latest/userguide/RequesterPaysBuckets.html) in the *Amazon Simple Storage Service user guide*. This functionality is not supported for directory buckets. Valid Values: `requester` The following data is returned in XML format by the service. ** [ListBucketResult](#API_ListObjects_ResponseSyntax) ** Root level tag for the ListBucketResult parameters. Required: Yes ** [CommonPrefixes](#API_ListObjects_ResponseSyntax) ** All of the keys (up to 1,000) rolled up in a common prefix count as a single return when calculating the number of returns. A response can contain `CommonPrefixes` only if you specify a delimiter. `CommonPrefixes` contains all (if there are any) keys between `Prefix` and the next occurrence of the string specified by the delimiter. `CommonPrefixes` lists keys that act like subdirectories in the directory specified by `Prefix`. For example, if the prefix is `notes/` and the delimiter is a slash (`/`), as in `notes/summer/july`, the common prefix is `notes/summer/`. All of the keys that roll up into a common prefix count as a single return when calculating the number of returns. Type: Array of [CommonPrefix](API_CommonPrefix.md) data types ** [Contents](#API_ListObjects_ResponseSyntax) ** Metadata about each object returned. Type: Array of [Object](API_Object.md) data types ** [Delimiter](#API_ListObjects_ResponseSyntax) ** Causes keys that contain the same string between the prefix and the first occurrence of the delimiter to be rolled up into a single result element in the `CommonPrefixes` collection. These rolled-up keys are not returned elsewhere in the response. Each rolled-up result counts as only one return against the `MaxKeys` value. Type: String ** [EncodingType](#API_ListObjects_ResponseSyntax) ** Encoding type used by Amazon S3 to encode the [object keys](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html) in the response. Responses are encoded only in UTF-8. An object key can contain any Unicode character. However, the XML 1.0 parser can't parse certain characters, such as characters with an ASCII value from 0 to 10. For characters that aren't supported in XML 1.0, you can add this parameter to request that Amazon S3 encode the keys in the response. For more information about characters to avoid in object key names, see [Object key naming guidelines](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-guidelines). When using the URL encoding type, non-ASCII characters that are used in an object's key name will be percent-encoded according to UTF-8 code values. For example, the object `test_file(3).png` will appear as `test_file%283%29.png`. Type: String Valid Values: `url` ** [IsTruncated](#API_ListObjects_ResponseSyntax) ** A flag that indicates whether Amazon S3 returned all of the results that satisfied the search criteria. Type: Boolean ** [Marker](#API_ListObjects_ResponseSyntax) ** Indicates where in the bucket listing begins. Marker is included in the response if it was sent with the request. Type: String ** [MaxKeys](#API_ListObjects_ResponseSyntax) ** The maximum number of keys returned in the response body. Type: Integer ** [Name](#API_ListObjects_ResponseSyntax) ** The bucket name. Type: String ** [NextMarker](#API_ListObjects_ResponseSyntax) ** When the response is truncated (the `IsTruncated` element value in the response is `true`), you can use the key name in this field as the `marker` parameter in the subsequent request to get the next set of objects. Amazon S3 lists objects in alphabetical order. This element is returned only if you have the `delimiter` request parameter specified. If the response does not include the `NextMarker` element and it is truncated, you can use the value of the last `Key` element in the response as the `marker` parameter in the subsequent request to get the next set of object keys. Type: String ** [Prefix](#API_ListObjects_ResponseSyntax) ** Keys that begin with the indicated prefix. Type: String ## Errors ** NoSuchBucket ** The specified bucket does not exist. HTTP Status Code: 404 ## Examples ### Sample Request This request returns the objects in `BucketName`. ``` GET / HTTP/1.1 Host: BucketName.s3..amazonaws.com Date: Wed, 12 Oct 2009 17:50:00 GMT Authorization: authorization string Content-Type: text/plain ``` ### Sample Response This example illustrates one usage of ListObjects. ``` bucket 1000 false my-image.jpg 2009-10-12T17:50:30.000Z "fba9dede5f27731c9771645a39863328" 434234 STANDARD 75aa57f09aa0c8caeab4f8c24e99d10f8e7faeebf76c078efc7c6caea54ba06a my-third-image.jpg 2009-10-12T17:50:30.000Z "1b2cf535f27731c974343645a3985328" 64994 STANDARD_IA 75aa57f09aa0c8caeab4f8c24e99d10f8e7faeebf76c078efc7c6caea54ba06a ``` ### Sample Request: Using request parameters This example lists up to 40 keys in the `quotes` bucket that start with `N` and occur lexicographically after `Ned`. ``` GET /?prefix=N&marker=Ned&max-keys=40 HTTP/1.1 Host: quotes.s3..amazonaws.com Date: Wed, 01 Mar 2006 12:00:00 GMT Authorization: authorization string ``` ### Sample Response This example illustrates one usage of ListObjects. ``` HTTP/1.1 200 OK x-amz-id-2: gyB+3jRPnrkN98ZajxHXr3u7EFM67bNgSAxexeEHndCX/7GRnfTXxReKUQF28IfP x-amz-request-id: 3B3C7C725673C630 Date: Wed, 01 Mar 2006 12:00:00 GMT Content-Type: application/xml Content-Length: 302 Connection: close Server: AmazonS3 quotes N Ned 40 false Nelson 2006-01-01T12:00:00.000Z "828ef3fdfa96f00ad9f27c383fc9ac7f" 5 STANDARD bcaf161ca5fb16fd081034f Neo 2006-01-01T12:00:00.000Z "828ef3fdfa96f00ad9f27c383fc9ac7f" 4 STANDARD bcaf1ffd86a5fb16fd081034f ``` ### Sample Request: Using a prefix and delimiter For this example, we assume that you have the following keys in your bucket: + `sample.jpg` + `photos/2006/January/sample.jpg` + `photos/2006/February/sample2.jpg` + `photos/2006/February/sample3.jpg` + `photos/2006/February/sample4.jpg` The following `GET` request specifies the `delimiter` parameter with a value of `/`. ``` GET /?delimiter=/ HTTP/1.1 Host: example-bucket.s3..amazonaws.com Date: Wed, 01 Mar 2006 12:00:00 GMT Authorization: authorization string ``` ### Sample Response The key `sample.jpg` does not contain the delimiter character, and Amazon S3 returns it in the `Contents` element in the response. However, all of the other keys contain the delimiter character. Amazon S3 groups these keys and returns a single `CommonPrefixes` element with the `Prefix` value `photos/`, which is a substring from the beginning of these keys to the first occurrence of the specified delimiter. ``` example-bucket 1000 / false sample.jpg 2011-02-26T01:56:20.000Z "bf1d737a4d46a19f3bced6905cc8b902" 142863 canonical-user-id STANDARD photos/ ``` ### Sample Request The following `GET` request specifies the `delimiter` parameter with the value `/`, and the `prefix` parameter with the value `photos/2006/`. ``` GET /?prefix=photos/2006/&delimiter=/ HTTP/1.1 Host: example-bucket.s3..amazonaws.com Date: Wed, 01 Mar 2006 12:00:00 GMT Authorization: authorization string ``` ### Sample Response In response, Amazon S3 returns only the keys that start with the specified prefix. Amazon S3 uses the delimiter character to group keys that contain the same substring until the first occurrence of the delimiter character after the specified prefix. For each such key group, Amazon S3 returns one `CommonPrefixes` element in the response. The keys grouped under this `CommonPrefixes` element are not returned elsewhere in the response. The value returned in the `CommonPrefixes` element is a substring that starts at the beginning of the key and ends at the first occurrence of the specified delimiter after the prefix. ``` example-bucket photos/2006/ 1000 / false photos/2006/February/ photos/2006/January/ ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/ListObjects) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/ListObjects) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/ListObjects) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/ListObjects) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/ListObjects) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/ListObjects) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/ListObjects) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/ListObjects) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/ListObjects) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/ListObjects) # ListObjectsV2 Returns some or all (up to 1,000) of the objects in a bucket with each request. You can use the request parameters as selection criteria to return a subset of the objects in a bucket. A `200 OK` response can contain valid or invalid XML. Make sure to design your application to parse the contents of the response and handle it appropriately. For more information about listing objects, see [Listing object keys programmatically](https://docs.aws.amazon.com/AmazonS3/latest/userguide/ListingKeysUsingAPIs.html) in the *Amazon S3 User Guide*. To get a list of your buckets, see [ListBuckets](https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBuckets.html). **Note** **General purpose bucket** - For general purpose buckets, `ListObjectsV2` doesn't return prefixes that are related only to in-progress multipart uploads. **Directory buckets** - For directory buckets, `ListObjectsV2` response includes the prefixes that are related only to in-progress multipart uploads. **Directory buckets** - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format `https://amzn-s3-demo-bucket.s3express-zone-id.region-code.amazonaws.com/key-name `. Path-style requests are not supported. For more information about endpoints in Availability Zones, see [Regional and Zonal endpoints for directory buckets in Availability Zones](https://docs.aws.amazon.com/AmazonS3/latest/userguide/endpoint-directory-buckets-AZ.html) in the *Amazon S3 User Guide*. For more information about endpoints in Local Zones, see [Concepts for directory buckets in Local Zones](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-lzs-for-directory-buckets.html) in the *Amazon S3 User Guide*. Permissions + **General purpose bucket permissions** - To use this operation, you must have READ access to the bucket. You must have permission to perform the `s3:ListBucket` action. The bucket owner has this permission by default and can grant this permission to others. For more information about permissions, see [Permissions Related to Bucket Subresource Operations](https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) and [Managing Access Permissions to Your Amazon S3 Resources](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html) in the *Amazon S3 User Guide*. + **Directory bucket permissions** - To grant access to this API operation on a directory bucket, we recommend that you use the [https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) API operation for session-based authorization. Specifically, you grant the `s3express:CreateSession` permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the `CreateSession` API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another `CreateSession` API call to generate a new session token for use. AWS CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see [https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). Sorting order of returned objects + **General purpose bucket** - For general purpose buckets, `ListObjectsV2` returns objects in lexicographical order based on their key names. + **Directory bucket** - For directory buckets, `ListObjectsV2` does not return objects in lexicographical order. HTTP Host header syntax **Directory buckets ** - The HTTP Host header syntax is ` Bucket-name.s3express-zone-id.region-code.amazonaws.com`. **Important** This section describes the latest revision of this action. We recommend that you use this revised API operation for application development. For backward compatibility, Amazon S3 continues to support the prior version of this API operation, [ListObjects](https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjects.html). The following operations are related to `ListObjectsV2`: + [GetObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html) + [PutObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html) + [CreateBucket](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` GET /?list-type=2&continuation-token=ContinuationToken&delimiter=Delimiter&encoding-type=EncodingType&fetch-owner=FetchOwner&max-keys=MaxKeys&prefix=Prefix&start-after=StartAfter HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-request-payer: RequestPayer x-amz-expected-bucket-owner: ExpectedBucketOwner x-amz-optional-object-attributes: OptionalObjectAttributes ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_ListObjectsV2_RequestSyntax) ** **Directory buckets** - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format ` Bucket-name.s3express-zone-id.region-code.amazonaws.com`. Path-style requests are not supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must follow the format ` bucket-base-name--zone-id--x-s3` (for example, ` amzn-s3-demo-bucket--usw2-az1--x-s3`). For information about bucket naming restrictions, see [Directory bucket naming rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) in the *Amazon S3 User Guide*. **Access points** - When you use this action with an access point for general purpose buckets, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When you use this action with an access point for directory buckets, you must provide the access point name in place of the bucket name. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com. When using this action with an access point through the AWS SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see [Using access points](https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) in the *Amazon S3 User Guide*. Object Lambda access points are not supported by directory buckets. **S3 on Outposts** - When you use this action with S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form ` AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com`. When you use this action with S3 on Outposts, the destination bucket must be the Outposts access point ARN or the access point alias. For more information about S3 on Outposts, see [What is S3 on Outposts?](https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) in the *Amazon S3 User Guide*. Required: Yes ** [continuation-token](#API_ListObjectsV2_RequestSyntax) ** `ContinuationToken` indicates to Amazon S3 that the list is being continued on this bucket with a token. `ContinuationToken` is obfuscated and is not a real key. You can use this `ContinuationToken` for pagination of the list results. ** [delimiter](#API_ListObjectsV2_RequestSyntax) ** A delimiter is a character that you use to group keys. `CommonPrefixes` is filtered out from results if it is not lexicographically greater than the `StartAfter` value. + **Directory buckets** - For directory buckets, `/` is the only supported delimiter. + **Directory buckets ** - When you query `ListObjectsV2` with a delimiter during in-progress multipart uploads, the `CommonPrefixes` response parameter contains the prefixes that are associated with the in-progress multipart uploads. For more information about multipart uploads, see [Multipart Upload Overview](https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html) in the *Amazon S3 User Guide*. ** [encoding-type](#API_ListObjectsV2_RequestSyntax) ** Encoding type used by Amazon S3 to encode the [object keys](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html) in the response. Responses are encoded only in UTF-8. An object key can contain any Unicode character. However, the XML 1.0 parser can't parse certain characters, such as characters with an ASCII value from 0 to 10. For characters that aren't supported in XML 1.0, you can add this parameter to request that Amazon S3 encode the keys in the response. For more information about characters to avoid in object key names, see [Object key naming guidelines](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-guidelines). When using the URL encoding type, non-ASCII characters that are used in an object's key name will be percent-encoded according to UTF-8 code values. For example, the object `test_file(3).png` will appear as `test_file%283%29.png`. Valid Values: `url` ** [fetch-owner](#API_ListObjectsV2_RequestSyntax) ** The owner field is not present in `ListObjectsV2` by default. If you want to return the owner field with each key in the result, then set the `FetchOwner` field to `true`. **Directory buckets** - For directory buckets, the bucket owner is returned as the object owner for all objects. ** [max-keys](#API_ListObjectsV2_RequestSyntax) ** Sets the maximum number of keys returned in the response. By default, the action returns up to 1,000 key names. The response might contain fewer keys but will never contain more. ** [prefix](#API_ListObjectsV2_RequestSyntax) ** Limits the response to keys that begin with the specified prefix. **Directory buckets** - For directory buckets, only prefixes that end in a delimiter (`/`) are supported. ** [start-after](#API_ListObjectsV2_RequestSyntax) ** StartAfter is where you want Amazon S3 to start listing from. Amazon S3 starts listing after this specified key. StartAfter can be any key in the bucket. This functionality is not supported for directory buckets. ** [x-amz-expected-bucket-owner](#API_ListObjectsV2_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ** [x-amz-optional-object-attributes](#API_ListObjectsV2_RequestSyntax) ** Specifies the optional fields that you want returned in the response. Fields that you do not specify are not returned. This functionality is not supported for directory buckets. Valid Values: `RestoreStatus` ** [x-amz-request-payer](#API_ListObjectsV2_RequestSyntax) ** Confirms that the requester knows that she or he will be charged for the list objects request in V2 style. Bucket owners need not specify this parameter in their requests. This functionality is not supported for directory buckets. Valid Values: `requester` ## Request Body The request does not have a request body. ## Response Syntax ``` HTTP/1.1 200 x-amz-request-charged: RequestCharged boolean string ... string string string timestamp string string boolean timestamp long string ... string string string integer string ... string integer string string string ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response. The response returns the following HTTP headers. ** [x-amz-request-charged](#API_ListObjectsV2_ResponseSyntax) ** If present, indicates that the requester was successfully charged for the request. For more information, see [Using Requester Pays buckets for storage transfers and usage](https://docs.aws.amazon.com/AmazonS3/latest/userguide/RequesterPaysBuckets.html) in the *Amazon Simple Storage Service user guide*. This functionality is not supported for directory buckets. Valid Values: `requester` The following data is returned in XML format by the service. ** [ListBucketResult](#API_ListObjectsV2_ResponseSyntax) ** Root level tag for the ListBucketResult parameters. Required: Yes ** [CommonPrefixes](#API_ListObjectsV2_ResponseSyntax) ** All of the keys (up to 1,000) that share the same prefix are grouped together. When counting the total numbers of returns by this API operation, this group of keys is considered as one item. A response can contain `CommonPrefixes` only if you specify a delimiter. `CommonPrefixes` contains all (if there are any) keys between `Prefix` and the next occurrence of the string specified by a delimiter. `CommonPrefixes` lists keys that act like subdirectories in the directory specified by `Prefix`. For example, if the prefix is `notes/` and the delimiter is a slash (`/`) as in `notes/summer/july`, the common prefix is `notes/summer/`. All of the keys that roll up into a common prefix count as a single return when calculating the number of returns. + **Directory buckets** - For directory buckets, only prefixes that end in a delimiter (`/`) are supported. + **Directory buckets ** - When you query `ListObjectsV2` with a delimiter during in-progress multipart uploads, the `CommonPrefixes` response parameter contains the prefixes that are associated with the in-progress multipart uploads. For more information about multipart uploads, see [Multipart Upload Overview](https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html) in the *Amazon S3 User Guide*. Type: Array of [CommonPrefix](API_CommonPrefix.md) data types ** [Contents](#API_ListObjectsV2_ResponseSyntax) ** Metadata about each object returned. Type: Array of [Object](API_Object.md) data types ** [ContinuationToken](#API_ListObjectsV2_ResponseSyntax) ** If `ContinuationToken` was sent with the request, it is included in the response. You can use the returned `ContinuationToken` for pagination of the list response. Type: String ** [Delimiter](#API_ListObjectsV2_ResponseSyntax) ** Causes keys that contain the same string between the `prefix` and the first occurrence of the delimiter to be rolled up into a single result element in the `CommonPrefixes` collection. These rolled-up keys are not returned elsewhere in the response. Each rolled-up result counts as only one return against the `MaxKeys` value. **Directory buckets** - For directory buckets, `/` is the only supported delimiter. Type: String ** [EncodingType](#API_ListObjectsV2_ResponseSyntax) ** Encoding type used by Amazon S3 to encode object key names in the XML response. If you specify the `encoding-type` request parameter, Amazon S3 includes this element in the response, and returns encoded key name values in the following response elements: `Delimiter, Prefix, Key,` and `StartAfter`. Type: String Valid Values: `url` ** [IsTruncated](#API_ListObjectsV2_ResponseSyntax) ** Set to `false` if all of the results were returned. Set to `true` if more keys are available to return. If the number of results exceeds that specified by `MaxKeys`, all of the results might not be returned. Type: Boolean ** [KeyCount](#API_ListObjectsV2_ResponseSyntax) ** `KeyCount` is the number of keys returned with this request. `KeyCount` will always be less than or equal to the `MaxKeys` field. For example, if you ask for 50 keys, your result will include 50 keys or fewer. Type: Integer ** [MaxKeys](#API_ListObjectsV2_ResponseSyntax) ** Sets the maximum number of keys returned in the response. By default, the action returns up to 1,000 key names. The response might contain fewer keys but will never contain more. Type: Integer ** [Name](#API_ListObjectsV2_ResponseSyntax) ** The bucket name. Type: String ** [NextContinuationToken](#API_ListObjectsV2_ResponseSyntax) ** `NextContinuationToken` is sent when `isTruncated` is true, which means there are more keys in the bucket that can be listed. The next list requests to Amazon S3 can be continued with this `NextContinuationToken`. `NextContinuationToken` is obfuscated and is not a real key Type: String ** [Prefix](#API_ListObjectsV2_ResponseSyntax) ** Keys that begin with the indicated prefix. **Directory buckets** - For directory buckets, only prefixes that end in a delimiter (`/`) are supported. Type: String ** [StartAfter](#API_ListObjectsV2_ResponseSyntax) ** If StartAfter was sent with the request, it is included in the response. This functionality is not supported for directory buckets. Type: String ## Errors ** NoSuchBucket ** The specified bucket does not exist. HTTP Status Code: 404 ## Examples ### Sample Request for general purpose buckets: Listing keys This request returns the objects in `bucket`. The request specifies the `list-type` parameter, which indicates version 2 of the API operation. ``` GET /?list-type=2 HTTP/1.1 Host: bucket.s3..amazonaws.com x-amz-date: 20160430T233541Z Authorization: authorization string Content-Type: text/plain ``` ### Sample Response for general purpose buckets This example illustrates one usage of ListObjectsV2. ``` bucket 205 1000 false my-image.jpg 2009-10-12T17:50:30.000Z "fba9dede5f27731c9771645a39863328" 434234 STANDARD ... ... ``` ### Sample Request for general purpose buckets: Listing keys using the max-keys, prefix, and start-after parameters In addition to the `list-type` parameter that indicates version 2 of the API operation, the request also specifies additional parameters to retrieve up to three keys in the `quotes` bucket that start with `E` and occur lexicographically after `ExampleGuide.pdf`. ``` GET /?list-type=2&max-keys=3&prefix=E&start-after=ExampleGuide.pdf HTTP/1.1 Host: quotes.s3..amazonaws.com x-amz-date: 20160430T232933Z Authorization: authorization string ``` ### Sample Response for general purpose buckets This example illustrates one usage of ListObjectsV2. ``` HTTP/1.1 200 OK x-amz-id-2: gyB+3jRPnrkN98ZajxHXr3u7EFM67bNgSAxexeEHndCX/7GRnfTXxReKUQF28IfP x-amz-request-id: 3B3C7C725673C630 Date: Sat, 30 Apr 2016 23:29:37 GMT Content-Type: application/xml Content-Length: length Connection: close Server: AmazonS3 quotes E ExampleGuide.pdf 1 3 false ExampleObject.txt 2013-09-17T18:07:53.000Z "599bab3ed2c697f1d26842727561fd94" 857 REDUCED_REDUNDANCY ``` ### Sample Request for general purpose buckets: Listing keys by using the prefix and delimiter parameters This example illustrates the use of the `prefix` and the `delimiter` parameters in the request. For this example, we assume that you have the following keys in your bucket: + `sample.jpg` + `photos/2006/January/sample.jpg` + `photos/2006/February/sample2.jpg` + `photos/2006/February/sample3.jpg` + `photos/2006/February/sample4.jpg` The following `GET` request specifies the `delimiter` parameter with a value of `/`. ``` GET /?list-type=2&delimiter=/ HTTP/1.1 Host: example-bucket.s3..amazonaws.com x-amz-date: 20160430T235931Z Authorization: authorization string ``` ### Sample Response for general purpose buckets The key `sample.jpg` does not contain the delimiter character, and Amazon S3 returns it in the `Contents` element in the response. However, all of the other keys contain the delimiter character. Amazon S3 groups these keys and returns a single `CommonPrefixes` element with the `Prefix` value `photos/`. The `Prefix` element is a substring that starts at the beginning of these keys and ends at the first occurrence of the specified delimiter. ``` example-bucket 2 1000 / false sample.jpg 2011-02-26T01:56:20.000Z "bf1d737a4d46a19f3bced6905cc8b902" 142863 STANDARD photos/ ``` ### Sample Request for general purpose buckets The following request specifies the `delimiter` parameter with the value `/`, and the `prefix` parameter with the value `photos/2006/`. ``` GET /?list-type=2&prefix=photos/2006/&delimiter=/ HTTP/1.1 Host: example-bucket.s3..amazonaws.com x-amz-date: 20160501T000433Z Authorization: authorization string ``` ### Sample Response for general purpose buckets In response, Amazon S3 returns only the keys that start with the specified prefix. Further, Amazon S3 uses the delimiter character to group keys that contain the same substring until the first occurrence of the delimiter character after the specified prefix. For each such key group, Amazon S3 returns one `CommonPrefixes` element in the response. The keys grouped under this `CommonPrefixes` element are not returned elsewhere in the response. The `Prefix` value returned in the `CommonPrefixes` element is a substring that starts at the beginning of the key and ends at the first occurrence of the specified delimiter after the prefix. **Note** If you created folders by using the Amazon S3 console, you will see an additional 0-byte object with a key of `photos/2006/`. This object is created because of the way that the console supports folder structures. For more information, see [Organizing objects in the Amazon S3 console using folders](https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-folders.html) in the *Amazon S3 User Guide*. ``` example-bucket photos/2006/ 2 1000 / false photos/2006/February/ photos/2006/January/ ``` ### Sample Request for general purpose buckets: Using a continuation token In this example, the initial request returns more than 1,000 keys. In response to this request, Amazon S3 returns the `IsTruncated` element with the value set to `true` and with a `NextContinuationToken` element. ``` GET /?list-type=2 HTTP/1.1 Host: bucket.s3..amazonaws.com Date: Mon, 02 May 2016 23:17:07 GMT Authorization: authorization string ``` ### Sample Response for general purpose buckets: Using a continuation token This example illustrates one usage of ListObjectsV2. ``` HTTP/1.1 200 OK x-amz-id-2: gyB+3jRPnrkN98ZajxHXr3u7EFM67bNgSAxexeEHndCX/7GRnfTXxReKUQF28IfP x-amz-request-id: 3B3C7C725673C630 Date: Sat, 30 Apr 2016 23:29:37 GMT Content-Type: application/xml Content-Length: length Connection: close Server: AmazonS3 bucket 1ueGcxLPRx1Tr/XYExHnhbYLgveDs2J/wm36Hy4vbOwM= 1000 1000 true happyface.jpg 2014-11-21T19:40:05.000Z "70ee1738b6b21e2c8a43f3a5ab0eee71" 11 STANDARD ... ``` ### Sample request for general purpose buckets In the following subsequent request, we include a `continuation-token` query parameter in the request with the value of the `NextContinuationToken` element from the preceding response. ``` GET /?list-type=2 HTTP/1.1 GET /?list-type=2&continuation-token=1ueGcxLPRx1Tr/XYExHnhbYLgveDs2J/wm36Hy4vbOwM= HTTP/1.1 Host: bucket.s3..amazonaws.com Date: Mon, 02 May 2016 23:17:07 GMT Authorization: authorization string ``` ### Sample response for general purpose buckets: Amazon S3 returns a list of the next set of keys starting where the previous request ended. ``` HTTP/1.1 200 OK x-amz-id-2: gyB+3jRPnrkN98ZajxHXr3u7EFM67bNgSAxexeEHndCX/7GRnfTXxReKUQF28IfP x-amz-request-id: 3B3C7C725673C630 Date: Sat, 30 Apr 2016 23:29:37 GMT Content-Type: application/xml Content-Length: length Connection: close Server: AmazonS3 bucket 1ueGcxLPRx1Tr/XYExHnhbYLgveDs2J/wm36Hy4vbOwM= 112 1000 false happyfacex.jpg 2014-11-21T19:40:05.000Z "70ee1738b6b21e2c8a43f3a5ab0eee71" 1111 STANDARD ... ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/ListObjectsV2) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/ListObjectsV2) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/ListObjectsV2) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/ListObjectsV2) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/ListObjectsV2) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/ListObjectsV2) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/ListObjectsV2) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/ListObjectsV2) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/ListObjectsV2) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/ListObjectsV2) # ListObjectVersions **Note** This operation is not supported for directory buckets. Returns metadata about all versions of the objects in a bucket. You can also use request parameters as selection criteria to return metadata about a subset of all the object versions. **Important** To use this operation, you must have permission to perform the `s3:ListBucketVersions` action. Be aware of the name difference. **Note** A `200 OK` response can contain valid or invalid XML. Make sure to design your application to parse the contents of the response and handle it appropriately. To use this operation, you must have READ access to the bucket. The following operations are related to `ListObjectVersions`: + [ListObjectsV2](https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjectsV2.html) + [GetObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html) + [PutObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html) + [DeleteObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` GET /?versions&delimiter=Delimiter&encoding-type=EncodingType&key-marker=KeyMarker&max-keys=MaxKeys&prefix=Prefix&version-id-marker=VersionIdMarker HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-expected-bucket-owner: ExpectedBucketOwner x-amz-request-payer: RequestPayer x-amz-optional-object-attributes: OptionalObjectAttributes ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_ListObjectVersions_RequestSyntax) ** The bucket name that contains the objects. Required: Yes ** [delimiter](#API_ListObjectVersions_RequestSyntax) ** A delimiter is a character that you specify to group keys. All keys that contain the same string between the `prefix` and the first occurrence of the delimiter are grouped under a single result element in `CommonPrefixes`. These groups are counted as one result against the `max-keys` limitation. These keys are not returned elsewhere in the response. `CommonPrefixes` is filtered out from results if it is not lexicographically greater than the key-marker. ** [encoding-type](#API_ListObjectVersions_RequestSyntax) ** Encoding type used by Amazon S3 to encode the [object keys](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html) in the response. Responses are encoded only in UTF-8. An object key can contain any Unicode character. However, the XML 1.0 parser can't parse certain characters, such as characters with an ASCII value from 0 to 10. For characters that aren't supported in XML 1.0, you can add this parameter to request that Amazon S3 encode the keys in the response. For more information about characters to avoid in object key names, see [Object key naming guidelines](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-guidelines). When using the URL encoding type, non-ASCII characters that are used in an object's key name will be percent-encoded according to UTF-8 code values. For example, the object `test_file(3).png` will appear as `test_file%283%29.png`. Valid Values: `url` ** [key-marker](#API_ListObjectVersions_RequestSyntax) ** Specifies the key to start with when listing objects in a bucket. ** [max-keys](#API_ListObjectVersions_RequestSyntax) ** Sets the maximum number of keys returned in the response. By default, the action returns up to 1,000 key names. The response might contain fewer keys but will never contain more. If additional keys satisfy the search criteria, but were not returned because `max-keys` was exceeded, the response contains `true`. To return the additional keys, see `key-marker` and `version-id-marker`. ** [prefix](#API_ListObjectVersions_RequestSyntax) ** Use this parameter to select only those keys that begin with the specified prefix. You can use prefixes to separate a bucket into different groupings of keys. (You can think of using `prefix` to make groups in the same way that you'd use a folder in a file system.) You can use `prefix` with `delimiter` to roll up numerous objects into a single result under `CommonPrefixes`. ** [version-id-marker](#API_ListObjectVersions_RequestSyntax) ** Specifies the object version you want to start listing from. ** [x-amz-expected-bucket-owner](#API_ListObjectVersions_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ** [x-amz-optional-object-attributes](#API_ListObjectVersions_RequestSyntax) ** Specifies the optional fields that you want returned in the response. Fields that you do not specify are not returned. Valid Values: `RestoreStatus` ** [x-amz-request-payer](#API_ListObjectVersions_RequestSyntax) ** Confirms that the requester knows that they will be charged for the request. Bucket owners need not specify this parameter in their requests. If either the source or destination S3 bucket has Requester Pays enabled, the requester will pay for the corresponding charges. For information about downloading objects from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets](https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) in the *Amazon S3 User Guide*. This functionality is not supported for directory buckets. Valid Values: `requester` ## Request Body The request does not have a request body. ## Response Syntax ``` HTTP/1.1 200 x-amz-request-charged: RequestCharged boolean string string string string string ... string string boolean string timestamp string string boolean timestamp long string string ... boolean string timestamp string string string ... string string string integer string ... string ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response. The response returns the following HTTP headers. ** [x-amz-request-charged](#API_ListObjectVersions_ResponseSyntax) ** If present, indicates that the requester was successfully charged for the request. For more information, see [Using Requester Pays buckets for storage transfers and usage](https://docs.aws.amazon.com/AmazonS3/latest/userguide/RequesterPaysBuckets.html) in the *Amazon Simple Storage Service user guide*. This functionality is not supported for directory buckets. Valid Values: `requester` The following data is returned in XML format by the service. ** [ListVersionsResult](#API_ListObjectVersions_ResponseSyntax) ** Root level tag for the ListVersionsResult parameters. Required: Yes ** [CommonPrefixes](#API_ListObjectVersions_ResponseSyntax) ** All of the keys rolled up into a common prefix count as a single return when calculating the number of returns. Type: Array of [CommonPrefix](API_CommonPrefix.md) data types ** [DeleteMarker](#API_ListObjectVersions_ResponseSyntax) ** Container for an object that is a delete marker. To learn more about delete markers, see [Working with delete markers](https://docs.aws.amazon.com/AmazonS3/latest/userguide/DeleteMarker.html). Type: Array of [DeleteMarkerEntry](API_DeleteMarkerEntry.md) data types ** [Delimiter](#API_ListObjectVersions_ResponseSyntax) ** The delimiter grouping the included keys. A delimiter is a character that you specify to group keys. All keys that contain the same string between the prefix and the first occurrence of the delimiter are grouped under a single result element in `CommonPrefixes`. These groups are counted as one result against the `max-keys` limitation. These keys are not returned elsewhere in the response. Type: String ** [EncodingType](#API_ListObjectVersions_ResponseSyntax) ** Encoding type used by Amazon S3 to encode object key names in the XML response. If you specify the `encoding-type` request parameter, Amazon S3 includes this element in the response, and returns encoded key name values in the following response elements: `KeyMarker, NextKeyMarker, Prefix, Key`, and `Delimiter`. Type: String Valid Values: `url` ** [IsTruncated](#API_ListObjectVersions_ResponseSyntax) ** A flag that indicates whether Amazon S3 returned all of the results that satisfied the search criteria. If your results were truncated, you can make a follow-up paginated request by using the `NextKeyMarker` and `NextVersionIdMarker` response parameters as a starting place in another request to return the rest of the results. Type: Boolean ** [KeyMarker](#API_ListObjectVersions_ResponseSyntax) ** Marks the last key returned in a truncated response. Type: String ** [MaxKeys](#API_ListObjectVersions_ResponseSyntax) ** Specifies the maximum number of objects to return. Type: Integer ** [Name](#API_ListObjectVersions_ResponseSyntax) ** The bucket name. Type: String ** [NextKeyMarker](#API_ListObjectVersions_ResponseSyntax) ** When the number of responses exceeds the value of `MaxKeys`, `NextKeyMarker` specifies the first key not returned that satisfies the search criteria. Use this value for the key-marker request parameter in a subsequent request. Type: String ** [NextVersionIdMarker](#API_ListObjectVersions_ResponseSyntax) ** When the number of responses exceeds the value of `MaxKeys`, `NextVersionIdMarker` specifies the first object version not returned that satisfies the search criteria. Use this value for the `version-id-marker` request parameter in a subsequent request. Type: String ** [Prefix](#API_ListObjectVersions_ResponseSyntax) ** Selects objects that start with the value supplied by this parameter. Type: String ** [Version](#API_ListObjectVersions_ResponseSyntax) ** Container for version information. Type: Array of [ObjectVersion](API_ObjectVersion.md) data types ** [VersionIdMarker](#API_ListObjectVersions_ResponseSyntax) ** Marks the last version of the key returned in a truncated response. Type: String ## Examples ### Sample Request The following request returns all of the versions of all of the objects in the specified bucket. ``` GET /?versions HTTP/1.1 Host: BucketName.s3..amazonaws.com Date: Wed, 28 Oct 2009 22:32:00 +0000 Authorization: authorization string (see Authenticating Requests (AWS Signature Version 4)) ``` ### Sample Response This example illustrates one usage of ListObjectVersions. ``` bucket my 5 false my-image.jpg 3/L4kqtJl40Nr8X8gdRQBpUMLUo true 2009-10-12T17:50:30.000Z "fba9dede5f27731c9771645a39863328" 434234 STANDARD 75aa57f09aa0c8caeab4f8c24e99d10f8e7faeebf76c078efc7c6caea54ba06a my-second-image.jpg 03jpff543dhffds434rfdsFDN943fdsFkdmqnh892 true 2009-11-12T17:50:30.000Z 75aa57f09aa0c8caeab4f8c24e99d10f8e7faeebf76c078efc7c6caea54ba06a my-second-image.jpg QUpfdndhfd8438MNFDN93jdnJFkdmqnh893 false 2009-10-10T17:50:30.000Z "9b2cf535f27731c974343645a3985328" 166434 STANDARD 75aa57f09aa0c8caeab4f8c24e99d10f8e7faeebf76c078efc7c6caea54ba06a my-third-image.jpg 03jpff543dhffds434rfdsFDN943fdsFkdmqnh892 true 2009-10-15T17:50:30.000Z 75aa57f09aa0c8caeab4f8c24e99d10f8e7faeebf76c078efc7c6caea54ba06a my-third-image.jpg UIORUnfndfhnw89493jJFJ false 2009-10-11T12:50:30.000Z "772cf535f27731c974343645a3985328" 64 STANDARD 75aa57f09aa0c8caeab4f8c24e99d10f8e7faeebf76c078efc7c6caea54ba06a ``` ### Sample Request The following request returns objects in the order that they were stored, returning the most recently stored object first, starting with the value for `key-marker`. ``` GET /?versions&key-marker=key2 HTTP/1.1 Host: s3.amazonaws.com Pragma: no-cache Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */* Date: Thu, 10 Dec 2009 22:46:32 +0000 Authorization: signatureValue ``` ### Sample Response This example illustrates one usage of ListObjectVersions. ``` mtp-versioning-fresh key2 1000 false key3 I5VhmK6CDDdQ5Pwfe1gcHZWmHDpcv7gfmfc29UBxsKU. true 2009-12-09T00:19:04.000Z "396fefef536d5ce46c7537ecf978a360" 217 75aa57f09aa0c8caeab4f8c24e99d10f8e7faeebf76c078efc7c6caea54ba06a STANDARD sourcekey qDhprLU80sAlCFLu2DWgXAEDgKzWarn-HS_JU0TvYqs. true 2009-12-10T16:38:11.000Z 75aa57f09aa0c8caeab4f8c24e99d10f8e7faeebf76c078efc7c6caea54ba06a sourcekey wxxQ7ezLaL5JN2Sislq66Syxxo0k7uHTUpb9qiiMxNg. false 2009-12-10T16:37:44.000Z "396fefef536d5ce46c7537ecf978a360" 217 75aa57f09aa0c8caeab4f8c24e99d10f8e7faeebf76c078efc7c6caea54ba06a STANDARD ``` ### Sample Request Using the prefix Parameter This example returns objects whose keys begin with `source`. ``` GET /?versions&prefix=source HTTP/1.1 Host: bucket.s3..amazonaws.com Date: Wed, 28 Oct 2009 22:32:00 +0000 Authorization: authorization string ``` ### Sample Response This example illustrates one usage of ListObjectVersions. ``` mtp-versioning-fresh source 1000 false sourcekey qDhprLU80sAlCFLu2DWgXAEDgKzWarn-HS_JU0TvYqs. true 2009-12-10T16:38:11.000Z 75aa57f09aa0c8caeab4f8c24e99d10f8e7faeebf76c078efc7c6caea54ba06a sourcekey wxxQ7ezLaL5JN2Sislq66Syxxo0k7uHTUpb9qiiMxNg. false 2009-12-10T16:37:44.000Z "396fefef536d5ce46c7537ecf978a360" 217 75aa57f09aa0c8caeab4f8c24e99d10f8e7faeebf76c078efc7c6caea54ba06a STANDARD ``` ### Sample Request: Using the key-marker and version-id-marker Parameters The following example returns objects starting at the specified key (`key-marker`) and version ID (`version-id-marker`). ``` GET /?versions&key-marker=key3&version-id-marker=t46ZenlYTZBnj HTTP/1.1 Host: bucket.s3..amazonaws.com Date: Wed, 28 Oct 2009 22:32:00 +0000 Authorization: signatureValue ``` ### Sample Response This example illustrates one usage of ListObjectVersions. ``` mtp-versioning-fresh key3 t46ZenlYTZBnj 1000 false sourcekey qDhprLU80sAlCFLu2DWgXAEDgKzWarn-HS_JU0TvYqs. true 2009-12-10T16:38:11.000Z 75aa57f09aa0c8caeab4f8c24e99d10f8e7faeebf76c078efc7c6caea54ba06a sourcekey wxxQ7ezLaL5JN2Sislq66Syxxo0k7uHTUpb9qiiMxNg. false 2009-12-10T16:37:44.000Z "396fefef536d5ce46c7537ecf978a360" 217 75aa57f09aa0c8caeab4f8c24e99d10f8e7faeebf76c078efc7c6caea54ba06a STANDARD ``` ### Sample Request: Using the key-marker, version-id-marker, and max-keys Parameters The following request returns up to three (the value of `max-keys`) objects starting with the key specified by `key-marker` and the version ID specified by `version-id-marker`. ``` GET /?versions&key-marker=key3&version-id-marker=t46Z0menlYTZBnj&max-keys=3 Host: bucket.s3..amazonaws.com Date: Wed, 28 Oct 2009 22:32:00 +0000 Authorization: authorization string ``` ### Sample Response This example illustrates one usage of ListObjectVersions. ``` mtp-versioning-fresh key3 null key3 d-d309mfjFrUmoQ0DBsVqmcMV15OI. 3 true key3 8XECiENpj8pydEDJdd-_VRrvaGKAHOaGMNW7tg6UViI. false 2009-12-09T00:18:23.000Z "396fefef536d5ce46c7537ecf978a360" 217 75aa57f09aa0c8caeab4f8c24e99d10f8e7faeebf76c078efc7c6caea54ba06a STANDARD key3 d-d309mfjFri40QYukDozqBt3UmoQ0DBsVqmcMV15OI. false 2009-12-09T00:18:08.000Z "396fefef536d5ce46c7537ecf978a360" 217 75aa57f09aa0c8caeab4f8c24e99d10f8e7faeebf76c078efc7c6caea54ba06a STANDARD ``` ### Sample Request: Using the delimiter and prefix Parameters Assume you have the following keys in your bucket, `example-bucket`. `photos/2006/January/sample.jpg` `photos/2006/February/sample.jpg` `photos/2006/March/sample.jpg` `videos/2006/March/sample.wmv` `sample.jpg` The following `GET` versions request specifies the `delimiter` parameter with the value `/`. ``` GET /?versions&delimiter=/ HTTP/1.1 Host: example-bucket.s3..amazonaws.com Date: Wed, 02 Feb 2011 20:34:56 GMT Authorization: authorization string ``` ### Sample Response The list of keys from the specified bucket is shown in the following response. The response returns the `sample.jpg` key in a `Version` element. However, because all the other keys contain the specified delimiter, a distinct substring, from the beginning of the key to the first occurrence of the delimiter, from each of these keys is returned in a `CommonPrefixes` element. The key substrings, `photos/` and `videos/`, in the `CommonPrefixes` element indicate that there are one or more keys with these key prefixes. This is a useful scenario if you use key prefixes for your objects to create a logical folder-like structure. In this case, you can interpret the result as the folders `photos/` and `videos/` have one or more objects. ``` mvbucketwithversionon1 1000 / false Sample.jpg toxMzQlBsGyGCz1YuMWMp90cdXLzqOCH true 2011-02-02T18:46:20.000Z "3305f2cfc46c0f04559748bb039d69ae" 3191 852b113e7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc display-name STANDARD photos/ videos/ ``` ### Example In addition to the `delimiter` parameter, you can filter results by adding a `prefix` parameter as shown in the following request. ``` GET /?versions&prefix=photos/2006/&delimiter=/ HTTP/1.1 Host: example-bucket.s3..amazonaws.com Date: Wed, 02 Feb 2011 19:34:02 GMT Authorization: authorization string ``` ### Example In this case, the response will include only object keys that start with the specified prefix. The value returned in the `CommonPrefixes` element is a substring from the beginning of the key to the first occurrence of the specified delimiter after the prefix. **Note** If you created folders by using the Amazon S3 console, you will see an additional 0-byte object with a key of `photos/2006/`. This object is created because of the way that the console supports folder structures. For more information, see [Organizing objects in the Amazon S3 console using folders](https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-folders.html) in the *Amazon S3 User Guide*. ``` example-bucket photos/2006/ 1000 / false photos/2006/February/ photos/2006/January/ photos/2006/March/ ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/ListObjectVersions) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/ListObjectVersions) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/ListObjectVersions) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/ListObjectVersions) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/ListObjectVersions) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/ListObjectVersions) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/ListObjectVersions) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/ListObjectVersions) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/ListObjectVersions) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/ListObjectVersions) # ListParts Lists the parts that have been uploaded for a specific multipart upload. To use this operation, you must provide the `upload ID` in the request. You obtain this uploadID by sending the initiate multipart upload request through [CreateMultipartUpload](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html). The `ListParts` request returns a maximum of 1,000 uploaded parts. The limit of 1,000 parts is also the default value. You can restrict the number of parts in a response by specifying the `max-parts` request parameter. If your multipart upload consists of more than 1,000 parts, the response returns an `IsTruncated` field with the value of `true`, and a `NextPartNumberMarker` element. To list remaining uploaded parts, in subsequent `ListParts` requests, include the `part-number-marker` query string parameter and set its value to the `NextPartNumberMarker` field value from the previous response. For more information on multipart uploads, see [Uploading Objects Using Multipart Upload](https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html) in the *Amazon S3 User Guide*. **Note** **Directory buckets** - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format `https://amzn-s3-demo-bucket.s3express-zone-id.region-code.amazonaws.com/key-name `. Path-style requests are not supported. For more information about endpoints in Availability Zones, see [Regional and Zonal endpoints for directory buckets in Availability Zones](https://docs.aws.amazon.com/AmazonS3/latest/userguide/endpoint-directory-buckets-AZ.html) in the *Amazon S3 User Guide*. For more information about endpoints in Local Zones, see [Concepts for directory buckets in Local Zones](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-lzs-for-directory-buckets.html) in the *Amazon S3 User Guide*. Permissions + **General purpose bucket permissions** - For information about permissions required to use the multipart upload API, see [Multipart Upload and Permissions](https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html) in the *Amazon S3 User Guide*. If the upload was created using server-side encryption with AWS Key Management Service (AWS KMS) keys (SSE-KMS) or dual-layer server-side encryption with AWS KMS keys (DSSE-KMS), you must have permission to the `kms:Decrypt` action for the `ListParts` request to succeed. + **Directory bucket permissions** - To grant access to this API operation on a directory bucket, we recommend that you use the [https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) API operation for session-based authorization. Specifically, you grant the `s3express:CreateSession` permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the `CreateSession` API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another `CreateSession` API call to generate a new session token for use. AWS CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see [https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). HTTP Host header syntax **Directory buckets ** - The HTTP Host header syntax is ` Bucket-name.s3express-zone-id.region-code.amazonaws.com`. The following operations are related to `ListParts`: + [CreateMultipartUpload](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html) + [UploadPart](https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html) + [CompleteMultipartUpload](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html) + [AbortMultipartUpload](https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html) + [GetObjectAttributes](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAttributes.html) + [ListMultipartUploads](https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListMultipartUploads.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` GET /Key+?max-parts=MaxParts&part-number-marker=PartNumberMarker&uploadId=UploadId HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-request-payer: RequestPayer x-amz-expected-bucket-owner: ExpectedBucketOwner x-amz-server-side-encryption-customer-algorithm: SSECustomerAlgorithm x-amz-server-side-encryption-customer-key: SSECustomerKey x-amz-server-side-encryption-customer-key-MD5: SSECustomerKeyMD5 ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_ListParts_RequestSyntax) ** The name of the bucket to which the parts are being uploaded. **Directory buckets** - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format ` Bucket-name.s3express-zone-id.region-code.amazonaws.com`. Path-style requests are not supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must follow the format ` bucket-base-name--zone-id--x-s3` (for example, ` amzn-s3-demo-bucket--usw2-az1--x-s3`). For information about bucket naming restrictions, see [Directory bucket naming rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) in the *Amazon S3 User Guide*. **Access points** - When you use this action with an access point for general purpose buckets, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When you use this action with an access point for directory buckets, you must provide the access point name in place of the bucket name. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com. When using this action with an access point through the AWS SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see [Using access points](https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) in the *Amazon S3 User Guide*. Object Lambda access points are not supported by directory buckets. **S3 on Outposts** - When you use this action with S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form ` AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com`. When you use this action with S3 on Outposts, the destination bucket must be the Outposts access point ARN or the access point alias. For more information about S3 on Outposts, see [What is S3 on Outposts?](https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) in the *Amazon S3 User Guide*. Required: Yes ** [Key](#API_ListParts_RequestSyntax) ** Object key for which the multipart upload was initiated. Length Constraints: Minimum length of 1. Required: Yes ** [max-parts](#API_ListParts_RequestSyntax) ** Sets the maximum number of parts to return. ** [part-number-marker](#API_ListParts_RequestSyntax) ** Specifies the part after which listing should begin. Only parts with higher part numbers will be listed. ** [uploadId](#API_ListParts_RequestSyntax) ** Upload ID identifying the multipart upload whose parts are being listed. Required: Yes ** [x-amz-expected-bucket-owner](#API_ListParts_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ** [x-amz-request-payer](#API_ListParts_RequestSyntax) ** Confirms that the requester knows that they will be charged for the request. Bucket owners need not specify this parameter in their requests. If either the source or destination S3 bucket has Requester Pays enabled, the requester will pay for the corresponding charges. For information about downloading objects from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets](https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) in the *Amazon S3 User Guide*. This functionality is not supported for directory buckets. Valid Values: `requester` ** [x-amz-server-side-encryption-customer-algorithm](#API_ListParts_RequestSyntax) ** The server-side encryption (SSE) algorithm used to encrypt the object. This parameter is needed only when the object was created using a checksum algorithm. For more information, see [Protecting data using SSE-C keys](https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html) in the *Amazon S3 User Guide*. This functionality is not supported for directory buckets. ** [x-amz-server-side-encryption-customer-key](#API_ListParts_RequestSyntax) ** The server-side encryption (SSE) customer managed key. This parameter is needed only when the object was created using a checksum algorithm. For more information, see [Protecting data using SSE-C keys](https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html) in the *Amazon S3 User Guide*. This functionality is not supported for directory buckets. ** [x-amz-server-side-encryption-customer-key-MD5](#API_ListParts_RequestSyntax) ** The MD5 server-side encryption (SSE) customer managed key. This parameter is needed only when the object was created using a checksum algorithm. For more information, see [Protecting data using SSE-C keys](https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html) in the *Amazon S3 User Guide*. This functionality is not supported for directory buckets. ## Request Body The request does not have a request body. ## Response Syntax ``` HTTP/1.1 200 x-amz-abort-date: AbortDate x-amz-abort-rule-id: AbortRuleId x-amz-request-charged: RequestCharged string string string integer integer integer boolean string string string string string string timestamp integer long ... string string string string string string string ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response. The response returns the following HTTP headers. ** [x-amz-abort-date](#API_ListParts_ResponseSyntax) ** If the bucket has a lifecycle rule configured with an action to abort incomplete multipart uploads and the prefix in the lifecycle rule matches the object name in the request, then the response includes this header indicating when the initiated multipart upload will become eligible for abort operation. For more information, see [Aborting Incomplete Multipart Uploads Using a Bucket Lifecycle Configuration](https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config). The response will also include the `x-amz-abort-rule-id` header that will provide the ID of the lifecycle configuration rule that defines this action. This functionality is not supported for directory buckets. ** [x-amz-abort-rule-id](#API_ListParts_ResponseSyntax) ** This header is returned along with the `x-amz-abort-date` header. It identifies applicable lifecycle configuration rule that defines the action to abort incomplete multipart uploads. This functionality is not supported for directory buckets. ** [x-amz-request-charged](#API_ListParts_ResponseSyntax) ** If present, indicates that the requester was successfully charged for the request. For more information, see [Using Requester Pays buckets for storage transfers and usage](https://docs.aws.amazon.com/AmazonS3/latest/userguide/RequesterPaysBuckets.html) in the *Amazon Simple Storage Service user guide*. This functionality is not supported for directory buckets. Valid Values: `requester` The following data is returned in XML format by the service. ** [ListPartsResult](#API_ListParts_ResponseSyntax) ** Root level tag for the ListPartsResult parameters. Required: Yes ** [Bucket](#API_ListParts_ResponseSyntax) ** The name of the bucket to which the multipart upload was initiated. Does not return the access point ARN or access point alias if used. Type: String ** [ChecksumAlgorithm](#API_ListParts_ResponseSyntax) ** The algorithm that was used to create a checksum of the object. Type: String Valid Values: `CRC32 | CRC32C | SHA1 | SHA256 | CRC64NVME` ** [ChecksumType](#API_ListParts_ResponseSyntax) ** The checksum type, which determines how part-level checksums are combined to create an object-level checksum for multipart objects. You can use this header response to verify that the checksum type that is received is the same checksum type that was specified in `CreateMultipartUpload` request. For more information, see [Checking object integrity in the Amazon S3 User Guide](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html). Type: String Valid Values: `COMPOSITE | FULL_OBJECT` ** [Initiator](#API_ListParts_ResponseSyntax) ** Container element that identifies who initiated the multipart upload. If the initiator is an AWS account, this element provides the same information as the `Owner` element. If the initiator is an IAM User, this element provides the user ARN. Type: [Initiator](API_Initiator.md) data type ** [IsTruncated](#API_ListParts_ResponseSyntax) ** Indicates whether the returned list of parts is truncated. A true value indicates that the list was truncated. A list can be truncated if the number of parts exceeds the limit returned in the MaxParts element. Type: Boolean ** [Key](#API_ListParts_ResponseSyntax) ** Object key for which the multipart upload was initiated. Type: String Length Constraints: Minimum length of 1. ** [MaxParts](#API_ListParts_ResponseSyntax) ** Maximum number of parts that were allowed in the response. Type: Integer ** [NextPartNumberMarker](#API_ListParts_ResponseSyntax) ** When a list is truncated, this element specifies the last part in the list, as well as the value to use for the `part-number-marker` request parameter in a subsequent request. Type: Integer ** [Owner](#API_ListParts_ResponseSyntax) ** Container element that identifies the object owner, after the object is created. If multipart upload is initiated by an IAM user, this element provides the parent account ID. **Directory buckets** - The bucket owner is returned as the object owner for all the parts. Type: [Owner](API_Owner.md) data type ** [Part](#API_ListParts_ResponseSyntax) ** Container for elements related to a particular part. A response can contain zero or more `Part` elements. Type: Array of [Part](API_Part.md) data types ** [PartNumberMarker](#API_ListParts_ResponseSyntax) ** Specifies the part after which listing should begin. Only parts with higher part numbers will be listed. Type: Integer ** [StorageClass](#API_ListParts_ResponseSyntax) ** The class of storage used to store the uploaded object. **Directory buckets** - Directory buckets only support `EXPRESS_ONEZONE` (the S3 Express One Zone storage class) in Availability Zones and `ONEZONE_IA` (the S3 One Zone-Infrequent Access storage class) in Dedicated Local Zones. Type: String Valid Values: `STANDARD | REDUCED_REDUNDANCY | STANDARD_IA | ONEZONE_IA | INTELLIGENT_TIERING | GLACIER | DEEP_ARCHIVE | OUTPOSTS | GLACIER_IR | SNOW | EXPRESS_ONEZONE | FSX_OPENZFS | FSX_ONTAP` ** [UploadId](#API_ListParts_ResponseSyntax) ** Upload ID identifying the multipart upload whose parts are being listed. Type: String ## Examples ### Sample Request for general purpose buckets Assume you have uploaded parts with sequential part numbers starting with 1. The following List Parts request specifies `max-parts` and `part-number-marker` query parameters. The request lists the first two parts that follow part number 1, that is, you will get parts 2 and 3 in the response. If more parts exist, the result is a truncated result and therefore the response will return an `IsTruncated` element with the value `true`. The response will also return the `NextPartNumberMarker` element with the value `3`, which should be used for the value of the `part-number-marker` request query string parameter in the next ListParts request. ``` GET /example-object?uploadId=XXBsb2FkIElEIGZvciBlbHZpbmcncyVcdS1tb3ZpZS5tMnRzEEEwbG9hZA&max-parts=2&part-number-marker=1 HTTP/1.1 Host: example-bucket.s3..amazonaws.com Date: Mon, 1 Nov 2010 20:34:56 GMT Authorization: authorization string ``` ### Sample Response for general purpose buckets This example illustrates one usage of ListParts. ``` HTTP/1.1 200 OK x-amz-id-2: Uuag1LuByRx9e6j5Onimru9pO4ZVKnJ2Qz7/C1NPcfTWAtRPfTaOFg== x-amz-request-id: 656c76696e6727732072657175657374 Date: Mon, 1 Nov 2010 20:34:56 GMT Content-Length: 985 Connection: keep-alive Server: AmazonS3 example-bucket example-object XXBsb2FkIElEIGZvciBlbHZpbmcncyVcdS1tb3ZpZS5tMnRzEEEwbG9hZA arn:aws:iam::111122223333:user/some-user-11116a31-17b5-4fb7-9df5-b288870f11xx 75aa57f09aa0c8caeab4f8c24e99d10f8e7faeebf76c078efc7c6caea54ba06a STANDARD 1 3 2 true 2 2010-11-10T20:48:34.000Z "7778aef83f66abc1fa1e8477f296d394" 10485760 3 2010-11-10T20:48:33.000Z "aaaa18db4cc2f85cedef654fccc4a4x8" 10485760 ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/ListParts) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/ListParts) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/ListParts) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/ListParts) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/ListParts) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/ListParts) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/ListParts) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/ListParts) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/ListParts) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/ListParts) # PutBucketAbac Sets the attribute-based access control (ABAC) property of the general purpose bucket. You must have `s3:PutBucketABAC` permission to perform this action. When you enable ABAC, you can use tags for access control on your buckets. Additionally, when ABAC is enabled, you must use the [TagResource](https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_TagResource.html) and [UntagResource](https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_UntagResource.html) actions to manage tags on your buckets. You can nolonger use the [PutBucketTagging](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketTagging.html) and [DeleteBucketTagging](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketTagging.html) actions to tag your bucket. For more information, see [Enabling ABAC in general purpose buckets](https://docs.aws.amazon.com/AmazonS3/latest/userguide/buckets-tagging-enable-abac.html). ## Request Syntax ``` PUT /?abac HTTP/1.1 Host: Bucket.s3.amazonaws.com Content-MD5: ContentMD5 x-amz-sdk-checksum-algorithm: ChecksumAlgorithm x-amz-expected-bucket-owner: ExpectedBucketOwner string ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_PutBucketAbac_RequestSyntax) ** The name of the general purpose bucket. Required: Yes ** [Content-MD5](#API_PutBucketAbac_RequestSyntax) ** The MD5 hash of the `PutBucketAbac` request body. For requests made using the AWS Command Line Interface (CLI) or AWS SDKs, this field is calculated automatically. ** [x-amz-expected-bucket-owner](#API_PutBucketAbac_RequestSyntax) ** The AWS account ID of the general purpose bucket's owner. ** [x-amz-sdk-checksum-algorithm](#API_PutBucketAbac_RequestSyntax) ** Indicates the algorithm that you want Amazon S3 to use to create the checksum. For more information, see [ Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) in the *Amazon S3 User Guide*. Valid Values: `CRC32 | CRC32C | SHA1 | SHA256 | CRC64NVME` ## Request Body The request accepts the following data in XML format. ** [AbacStatus](#API_PutBucketAbac_RequestSyntax) ** Root level tag for the AbacStatus parameters. Required: Yes ** [Status](#API_PutBucketAbac_RequestSyntax) ** The ABAC status of the general purpose bucket. Type: String Valid Values: `Enabled | Disabled` Required: No ## Response Syntax ``` HTTP/1.1 200 ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body. ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/PutBucketAbac) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/PutBucketAbac) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/PutBucketAbac) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/PutBucketAbac) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/PutBucketAbac) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/PutBucketAbac) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/PutBucketAbac) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/PutBucketAbac) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/PutBucketAbac) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/PutBucketAbac) # PutBucketAccelerateConfiguration **Note** This operation is not supported for directory buckets. Sets the accelerate configuration of an existing bucket. Amazon S3 Transfer Acceleration is a bucket-level feature that enables you to perform faster data transfers to Amazon S3. To use this operation, you must have permission to perform the `s3:PutAccelerateConfiguration` action. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see [Permissions Related to Bucket Subresource Operations](https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) and [Managing Access Permissions to Your Amazon S3 Resources](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html). The Transfer Acceleration state of a bucket can be set to one of the following two values: + Enabled – Enables accelerated data transfers to the bucket. + Suspended – Disables accelerated data transfers to the bucket. The [GetBucketAccelerateConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketAccelerateConfiguration.html) action returns the transfer acceleration state of a bucket. After setting the Transfer Acceleration state of a bucket to Enabled, it might take up to thirty minutes before the data transfer rates to the bucket increase. The name of the bucket used for Transfer Acceleration must be DNS-compliant and must not contain periods ("."). For more information about transfer acceleration, see [Transfer Acceleration](https://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html). The following operations are related to `PutBucketAccelerateConfiguration`: + [GetBucketAccelerateConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketAccelerateConfiguration.html) + [CreateBucket](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` PUT /?accelerate HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-expected-bucket-owner: ExpectedBucketOwner x-amz-sdk-checksum-algorithm: ChecksumAlgorithm string ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_PutBucketAccelerateConfiguration_RequestSyntax) ** The name of the bucket for which the accelerate configuration is set. Required: Yes ** [x-amz-expected-bucket-owner](#API_PutBucketAccelerateConfiguration_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ** [x-amz-sdk-checksum-algorithm](#API_PutBucketAccelerateConfiguration_RequestSyntax) ** Indicates the algorithm used to create the checksum for the request when you use the SDK. This header will not provide any additional functionality if you don't use the SDK. When you send this header, there must be a corresponding `x-amz-checksum` or `x-amz-trailer` header sent. Otherwise, Amazon S3 fails the request with the HTTP status code `400 Bad Request`. For more information, see [Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) in the *Amazon S3 User Guide*. If you provide an individual checksum, Amazon S3 ignores any provided `ChecksumAlgorithm` parameter. Valid Values: `CRC32 | CRC32C | SHA1 | SHA256 | CRC64NVME` ## Request Body The request accepts the following data in XML format. ** [AccelerateConfiguration](#API_PutBucketAccelerateConfiguration_RequestSyntax) ** Root level tag for the AccelerateConfiguration parameters. Required: Yes ** [Status](#API_PutBucketAccelerateConfiguration_RequestSyntax) ** Specifies the transfer acceleration status of the bucket. Type: String Valid Values: `Enabled | Suspended` Required: No ## Response Syntax ``` HTTP/1.1 200 ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body. ## Examples ### Sample Request: Add transfer acceleration configuration to set acceleration status The following is an example of a `PUT /?accelerate` request that enables transfer acceleration for the bucket named `examplebucket`. ``` PUT /?accelerate HTTP/1.1 Host: examplebucket.s3..amazonaws.com Date: Mon, 11 Apr 2016 12:00:00 GMT Authorization: authorization string Content-Type: text/plain Content-Length: length Enabled ``` ### Sample Response This example illustrates one usage of PutBucketAccelerateConfiguration. ``` HTTP/1.1 200 OK x-amz-id-2: YgIPIfBiKa2bj0KMg95r/0zo3emzU4dzsD4rcKCHQUAdQkf3ShJTOOpXUueF6QKo x-amz-request-id: 236A8905248E5A01 Date: Mon, 11 Apr 2016 12:00:00 GMT Content-Length: 0 Server: AmazonS3 ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/PutBucketAccelerateConfiguration) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/PutBucketAccelerateConfiguration) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/PutBucketAccelerateConfiguration) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/PutBucketAccelerateConfiguration) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/PutBucketAccelerateConfiguration) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/PutBucketAccelerateConfiguration) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/PutBucketAccelerateConfiguration) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/PutBucketAccelerateConfiguration) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/PutBucketAccelerateConfiguration) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/PutBucketAccelerateConfiguration) # PutBucketAcl **Important** End of support notice: As of October 1, 2025, Amazon S3 has discontinued support for Email Grantee Access Control Lists (ACLs). If you attempt to use an Email Grantee ACL in a request after October 1, 2025, the request will receive an `HTTP 405` (Method Not Allowed) error. This change affects the following AWS Regions: US East (N. Virginia), US West (N. California), US West (Oregon), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Europe (Ireland), and South America (São Paulo). **Note** This operation is not supported for directory buckets. Sets the permissions on an existing bucket using access control lists (ACL). For more information, see [Using ACLs](https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html). To set the ACL of a bucket, you must have the `WRITE_ACP` permission. You can use one of the following two ways to set a bucket's permissions: + Specify the ACL in the request body + Specify permissions using request headers **Note** You cannot specify access permission using both the body and the request headers. Depending on your application needs, you may choose to set the ACL on a bucket using either the request body or the headers. For example, if you have an existing application that updates a bucket ACL using the request body, then you can continue to use that approach. **Important** If your bucket uses the bucket owner enforced setting for S3 Object Ownership, ACLs are disabled and no longer affect permissions. You must use policies to grant access to your bucket and the objects in it. Requests to set ACLs or update ACLs fail and return the `AccessControlListNotSupported` error code. Requests to read ACLs are still supported. For more information, see [Controlling object ownership](https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html) in the *Amazon S3 User Guide*. Permissions You can set access permissions by using one of the following methods: + Specify a canned ACL with the `x-amz-acl` request header. Amazon S3 supports a set of predefined ACLs, known as *canned ACLs*. Each canned ACL has a predefined set of grantees and permissions. Specify the canned ACL name as the value of `x-amz-acl`. If you use this header, you cannot use other access control-specific headers in your request. For more information, see [Canned ACL](https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL). + Specify access permissions explicitly with the `x-amz-grant-read`, `x-amz-grant-read-acp`, `x-amz-grant-write-acp`, and `x-amz-grant-full-control` headers. When using these headers, you specify explicit access permissions and grantees (AWS accounts or Amazon S3 groups) who will receive the permission. If you use these ACL-specific headers, you cannot use the `x-amz-acl` header to set a canned ACL. These parameters map to the set of permissions that Amazon S3 supports in an ACL. For more information, see [Access Control List (ACL) Overview](https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html). You specify each grantee as a type=value pair, where the type is one of the following: + `id` – if the value specified is the canonical user ID of an AWS account + `uri` – if you are granting permissions to a predefined group + `emailAddress` – if the value specified is the email address of an AWS account **Note** Using email addresses to specify a grantee is only supported in the following AWS Regions: US East (N. Virginia) US West (N. California) US West (Oregon) Asia Pacific (Singapore) Asia Pacific (Sydney) Asia Pacific (Tokyo) Europe (Ireland) South America (São Paulo) For a list of all the Amazon S3 supported Regions and endpoints, see [Regions and Endpoints](https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) in the AWS General Reference. For example, the following `x-amz-grant-write` header grants create, overwrite, and delete objects permission to LogDelivery group predefined by Amazon S3 and two AWS accounts identified by their email addresses. `x-amz-grant-write: uri="http://acs.amazonaws.com/groups/s3/LogDelivery", id="111122223333", id="555566667777" ` You can use either a canned ACL or specify access permissions explicitly. You cannot do both. Grantee Values You can specify the person (grantee) to whom you're assigning access rights (using request elements) in the following ways. For examples of how to specify these grantee values in JSON format, see the AWS CLI example in [ Enabling Amazon S3 server access logging](https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-server-access-logging.html) in the *Amazon S3 User Guide*. + By the person's ID: `<>ID<><>GranteesEmail<> ` DisplayName is optional and ignored in the request + By URI: `<>http://acs.amazonaws.com/groups/global/AuthenticatedUsers<>` + By Email address: `<>Grantees@email.com<>&` The grantee is resolved to the CanonicalUser and, in a response to a GET Object acl request, appears as the CanonicalUser. **Note** Using email addresses to specify a grantee is only supported in the following AWS Regions: US East (N. Virginia) US West (N. California) US West (Oregon) Asia Pacific (Singapore) Asia Pacific (Sydney) Asia Pacific (Tokyo) Europe (Ireland) South America (São Paulo) For a list of all the Amazon S3 supported Regions and endpoints, see [Regions and Endpoints](https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) in the AWS General Reference. The following operations are related to `PutBucketAcl`: + [CreateBucket](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html) + [DeleteBucket](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html) + [GetObjectAcl](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAcl.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` PUT /?acl HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-acl: ACL Content-MD5: ContentMD5 x-amz-sdk-checksum-algorithm: ChecksumAlgorithm x-amz-grant-full-control: GrantFullControl x-amz-grant-read: GrantRead x-amz-grant-read-acp: GrantReadACP x-amz-grant-write: GrantWrite x-amz-grant-write-acp: GrantWriteACP x-amz-expected-bucket-owner: ExpectedBucketOwner string string string string string string string string ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_PutBucketAcl_RequestSyntax) ** The bucket to which to apply the ACL. Required: Yes ** [Content-MD5](#API_PutBucketAcl_RequestSyntax) ** The Base64 encoded 128-bit `MD5` digest of the data. This header must be used as a message integrity check to verify that the request body was not corrupted in transit. For more information, go to [RFC 1864.](http://www.ietf.org/rfc/rfc1864.txt) For requests made using the AWS Command Line Interface (CLI) or AWS SDKs, this field is calculated automatically. ** [x-amz-acl](#API_PutBucketAcl_RequestSyntax) ** The canned ACL to apply to the bucket. Valid Values: `private | public-read | public-read-write | authenticated-read` ** [x-amz-expected-bucket-owner](#API_PutBucketAcl_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ** [x-amz-grant-full-control](#API_PutBucketAcl_RequestSyntax) ** Allows grantee the read, write, read ACP, and write ACP permissions on the bucket. ** [x-amz-grant-read](#API_PutBucketAcl_RequestSyntax) ** Allows grantee to list the objects in the bucket. ** [x-amz-grant-read-acp](#API_PutBucketAcl_RequestSyntax) ** Allows grantee to read the bucket ACL. ** [x-amz-grant-write](#API_PutBucketAcl_RequestSyntax) ** Allows grantee to create new objects in the bucket. For the bucket and object owners of existing objects, also allows deletions and overwrites of those objects. ** [x-amz-grant-write-acp](#API_PutBucketAcl_RequestSyntax) ** Allows grantee to write the ACL for the applicable bucket. ** [x-amz-sdk-checksum-algorithm](#API_PutBucketAcl_RequestSyntax) ** Indicates the algorithm used to create the checksum for the request when you use the SDK. This header will not provide any additional functionality if you don't use the SDK. When you send this header, there must be a corresponding `x-amz-checksum` or `x-amz-trailer` header sent. Otherwise, Amazon S3 fails the request with the HTTP status code `400 Bad Request`. For more information, see [Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) in the *Amazon S3 User Guide*. If you provide an individual checksum, Amazon S3 ignores any provided `ChecksumAlgorithm` parameter. Valid Values: `CRC32 | CRC32C | SHA1 | SHA256 | CRC64NVME` ## Request Body The request accepts the following data in XML format. ** [AccessControlPolicy](#API_PutBucketAcl_RequestSyntax) ** Root level tag for the AccessControlPolicy parameters. Required: Yes ** [Grants](#API_PutBucketAcl_RequestSyntax) ** A list of grants. Type: Array of [Grant](API_Grant.md) data types Required: No ** [Owner](#API_PutBucketAcl_RequestSyntax) ** Container for the bucket owner's display name and ID. Type: [Owner](API_Owner.md) data type Required: No ## Response Syntax ``` HTTP/1.1 200 ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body. ## Examples ### Sample Request: Access permissions specified in the body The following request grants access permission to the existing `examplebucket` bucket. The request specifies the ACL in the body. In addition to granting full control to the bucket owner, the XML specifies the following grants. + Grant the `AllUsers` group READ permission on the bucket. + Grant the `LogDelivery` group WRITE permission on the bucket. + Grant an AWS account, identified by email address, WRITE\$1ACP permission. + Grant an AWS account, identified by canonical user ID, READ\$1ACP permission. ``` PUT ?acl HTTP/1.1 Host: examplebucket.s3..amazonaws.com Content-Length: 1660 x-amz-date: Thu, 12 Apr 2012 20:04:21 GMT Authorization: authorization string 852b113e7a2f25102679df27bb0ae12b3f85be6BucketOwnerCanonicalUserID OwnerDisplayName 852b113e7a2f25102679df27bb0ae12b3f85be6BucketOwnerCanonicalUserID OwnerDisplayName FULL_CONTROL http://acs.amazonaws.com/groups/global/AllUsers READ http://acs.amazonaws.com/groups/s3/LogDelivery WRITE xyz@amazon.com WRITE_ACP f30716ab7115dcb44a5ef76e9d74b8e20567f63TestAccountCanonicalUserID READ_ACP ``` ### Sample Response This example illustrates one usage of PutBucketAcl. ``` HTTP/1.1 200 OK x-amz-id-2: NxqO3PNiMHXXGwjgv15LLgUoAmPVmG0xtZw2sxePXLhpIvcyouXDrcQUaWWXcOK0 x-amz-request-id: C651BC9B4E1BD401 Date: Thu, 12 Apr 2012 20:04:28 GMT Content-Length: 0 Server: AmazonS3 ``` ### Sample Request: Access permissions specified using headers The following request uses ACL-specific request headers to grant the following permissions: + Write permission to the Amazon S3 `LogDelivery` group and an AWS account identified by the email `xyz@amazon.com`. + Read permission to the Amazon S3 `AllUsers` group ``` PUT ?acl HTTP/1.1 Host: examplebucket.s3..amazonaws.com x-amz-date: Sun, 29 Apr 2012 22:00:57 GMT x-amz-grant-write: uri="http://acs.amazonaws.com/groups/s3/LogDelivery", emailAddress="xyz@amazon.com" x-amz-grant-read: uri="http://acs.amazonaws.com/groups/global/AllUsers" Accept: */* Authorization: authorization string ``` ### Sample Response This example illustrates one usage of PutBucketAcl. ``` HTTP/1.1 200 OK x-amz-id-2: 0w9iImt23VF9s6QofOTDzelF7mrryz7d04Mw23FQCi4O205Zw28Zn+d340/RytoQ x-amz-request-id: A6A8F01A38EC7138 Date: Sun, 29 Apr 2012 22:01:10 GMT Content-Length: 0 Server: AmazonS3 ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/PutBucketAcl) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/PutBucketAcl) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/PutBucketAcl) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/PutBucketAcl) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/PutBucketAcl) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/PutBucketAcl) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/PutBucketAcl) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/PutBucketAcl) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/PutBucketAcl) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/PutBucketAcl) # PutBucketAnalyticsConfiguration **Note** This operation is not supported for directory buckets. Sets an analytics configuration for the bucket (specified by the analytics configuration ID). You can have up to 1,000 analytics configurations per bucket. You can choose to have storage class analysis export analysis reports sent to a comma-separated values (CSV) flat file. See the `DataExport` request element. Reports are updated daily and are based on the object filters that you configure. When selecting data export, you specify a destination bucket and an optional destination prefix where the file is written. You can export the data to a destination bucket in a different account. However, the destination bucket must be in the same Region as the bucket that you are making the PUT analytics configuration to. For more information, see [Amazon S3 Analytics – Storage Class Analysis](https://docs.aws.amazon.com/AmazonS3/latest/dev/analytics-storage-class.html). **Important** You must create a bucket policy on the destination bucket where the exported file is written to grant permissions to Amazon S3 to write objects to the bucket. For an example policy, see [Granting Permissions for Amazon S3 Inventory and Storage Class Analysis](https://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html#example-bucket-policies-use-case-9). To use this operation, you must have permissions to perform the `s3:PutAnalyticsConfiguration` action. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see [Permissions Related to Bucket Subresource Operations](https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) and [Managing Access Permissions to Your Amazon S3 Resources](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html). `PutBucketAnalyticsConfiguration` has the following special errors: + + *HTTP Error: HTTP 400 Bad Request* + *Code: InvalidArgument* + *Cause: Invalid argument.* + + *HTTP Error: HTTP 400 Bad Request* + *Code: TooManyConfigurations* + *Cause: You are attempting to create a new configuration but have already reached the 1,000-configuration limit.* + + *HTTP Error: HTTP 403 Forbidden* + *Code: AccessDenied* + *Cause: You are not the owner of the specified bucket, or you do not have the s3:PutAnalyticsConfiguration bucket permission to set the configuration on the bucket.* The following operations are related to `PutBucketAnalyticsConfiguration`: + [GetBucketAnalyticsConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketAnalyticsConfiguration.html) + [DeleteBucketAnalyticsConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketAnalyticsConfiguration.html) + [ListBucketAnalyticsConfigurations](https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketAnalyticsConfigurations.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` PUT /?analytics&id=Id HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-expected-bucket-owner: ExpectedBucketOwner string string string string ... string string string string string string string string ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_PutBucketAnalyticsConfiguration_RequestSyntax) ** The name of the bucket to which an analytics configuration is stored. Required: Yes ** [id](#API_PutBucketAnalyticsConfiguration_RequestSyntax) ** The ID that identifies the analytics configuration. Required: Yes ** [x-amz-expected-bucket-owner](#API_PutBucketAnalyticsConfiguration_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ## Request Body The request accepts the following data in XML format. ** [AnalyticsConfiguration](#API_PutBucketAnalyticsConfiguration_RequestSyntax) ** Root level tag for the AnalyticsConfiguration parameters. Required: Yes ** [Filter](#API_PutBucketAnalyticsConfiguration_RequestSyntax) ** The filter used to describe a set of objects for analyses. A filter must have exactly one prefix, one tag, or one conjunction (AnalyticsAndOperator). If no filter is provided, all objects will be considered in any analysis. Type: [AnalyticsFilter](API_AnalyticsFilter.md) data type Required: No ** [Id](#API_PutBucketAnalyticsConfiguration_RequestSyntax) ** The ID that identifies the analytics configuration. Type: String Required: Yes ** [StorageClassAnalysis](#API_PutBucketAnalyticsConfiguration_RequestSyntax) ** Contains data related to access patterns to be collected and made available to analyze the tradeoffs between different storage classes. Type: [StorageClassAnalysis](API_StorageClassAnalysis.md) data type Required: Yes ## Response Syntax ``` HTTP/1.1 200 ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body. ## Examples ### Example 1: Creating an analytics configuration The following PUT request for the bucket `examplebucket` creates a new or replaces an existing analytics configuration with the ID `report1`. The configuration is defined in the request body. ``` PUT /?analytics&id=report1 HTTP/1.1 Host: examplebucket.s3..amazonaws.com Date: Mon, 31 Oct 2016 12:00:00 GMT Authorization: authorization string Content-Length: length report1 images/ dog corgi V_1 CSV 123456789012 arn:aws:s3:::destination-bucket destination-prefix ``` ### Sample Response This example illustrates one usage of PutBucketAnalyticsConfiguration. ``` HTTP/1.1 200 OK x-amz-id-2: YgIPIfBiKa2bj0KMg95r/0zo3emzU4dzsD4rcKCHQUAdQkf3ShJTOOpXUueF6QKo x-amz-request-id: 236A8905248E5A01 Date: Mon, 31 Oct 2016 12:00:00 GMT Content-Length: 0 Server: AmazonS3 ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/PutBucketAnalyticsConfiguration) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/PutBucketAnalyticsConfiguration) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/PutBucketAnalyticsConfiguration) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/PutBucketAnalyticsConfiguration) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/PutBucketAnalyticsConfiguration) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/PutBucketAnalyticsConfiguration) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/PutBucketAnalyticsConfiguration) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/PutBucketAnalyticsConfiguration) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/PutBucketAnalyticsConfiguration) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/PutBucketAnalyticsConfiguration) # PutBucketCors **Note** This operation is not supported for directory buckets. Sets the `cors` configuration for your bucket. If the configuration exists, Amazon S3 replaces it. To use this operation, you must be allowed to perform the `s3:PutBucketCORS` action. By default, the bucket owner has this permission and can grant it to others. You set this configuration on a bucket so that the bucket can service cross-origin requests. For example, you might want to enable a request whose origin is `http://www.example.com` to access your Amazon S3 bucket at `my.example.bucket.com` by using the browser's `XMLHttpRequest` capability. To enable cross-origin resource sharing (CORS) on a bucket, you add the `cors` subresource to the bucket. The `cors` subresource is an XML document in which you configure rules that identify origins and the HTTP methods that can be executed on your bucket. The document is limited to 64 KB in size. When Amazon S3 receives a cross-origin request (or a pre-flight OPTIONS request) against a bucket, it evaluates the `cors` configuration on the bucket and uses the first `CORSRule` rule that matches the incoming browser request to enable a cross-origin request. For a rule to match, the following conditions must be met: + The request's `Origin` header must match `AllowedOrigin` elements. + The request method (for example, GET, PUT, HEAD, and so on) or the `Access-Control-Request-Method` header in case of a pre-flight `OPTIONS` request must be one of the `AllowedMethod` elements. + Every header specified in the `Access-Control-Request-Headers` request header of a pre-flight request must match an `AllowedHeader` element. For more information about CORS, go to [Enabling Cross-Origin Resource Sharing](https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html) in the *Amazon S3 User Guide*. The following operations are related to `PutBucketCors`: + [GetBucketCors](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketCors.html) + [DeleteBucketCors](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketCors.html) + [RESTOPTIONSobject](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTOPTIONSobject.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` PUT /?cors HTTP/1.1 Host: Bucket.s3.amazonaws.com Content-MD5: ContentMD5 x-amz-sdk-checksum-algorithm: ChecksumAlgorithm x-amz-expected-bucket-owner: ExpectedBucketOwner string ... string ... string ... string ... string integer ... ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_PutBucketCors_RequestSyntax) ** Specifies the bucket impacted by the `cors`configuration. Required: Yes ** [Content-MD5](#API_PutBucketCors_RequestSyntax) ** The Base64 encoded 128-bit `MD5` digest of the data. This header must be used as a message integrity check to verify that the request body was not corrupted in transit. For more information, go to [RFC 1864.](http://www.ietf.org/rfc/rfc1864.txt) For requests made using the AWS Command Line Interface (CLI) or AWS SDKs, this field is calculated automatically. ** [x-amz-expected-bucket-owner](#API_PutBucketCors_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ** [x-amz-sdk-checksum-algorithm](#API_PutBucketCors_RequestSyntax) ** Indicates the algorithm used to create the checksum for the request when you use the SDK. This header will not provide any additional functionality if you don't use the SDK. When you send this header, there must be a corresponding `x-amz-checksum` or `x-amz-trailer` header sent. Otherwise, Amazon S3 fails the request with the HTTP status code `400 Bad Request`. For more information, see [Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) in the *Amazon S3 User Guide*. If you provide an individual checksum, Amazon S3 ignores any provided `ChecksumAlgorithm` parameter. Valid Values: `CRC32 | CRC32C | SHA1 | SHA256 | CRC64NVME` ## Request Body The request accepts the following data in XML format. ** [CORSConfiguration](#API_PutBucketCors_RequestSyntax) ** Root level tag for the CORSConfiguration parameters. Required: Yes ** [CORSRule](#API_PutBucketCors_RequestSyntax) ** A set of origins and methods (cross-origin access that you want to allow). You can add up to 100 rules to the configuration. Type: Array of [CORSRule](API_CORSRule.md) data types Required: Yes ## Response Syntax ``` HTTP/1.1 200 ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body. ## Examples ### Example: CORS configuration on a bucket with two rules + The first `CORSRule` allows cross-origin PUT, POST, and DELETE requests whose origin is `http://www.example.com` origins. The rule also allows all headers in a pre-flight OPTIONS request through the `Access-Control-Request-Headers` header. Therefore, in response to any pre-flight OPTIONS request, Amazon S3 will return any requested headers. + The second rule allows cross-origin GET requests from all the origins. The '\$1' wildcard character refers to all origins. ``` http://www.example.com PUT POST DELETE * * GET ``` ### Example: CORS configuration allows cross-origin PUT and POST requests from http://www.example.com The `cors` configuration also allows additional optional configuration parameters as shown in the following cors configuration on a bucket. For example, In the preceding configuration, `CORSRule` includes the following additional optional parameters: + `MaxAgeSeconds`—Specifies the time in seconds that the browser will cache an Amazon S3 response to a pre-flight OPTIONS request for the specified resource. In this example, this parameter is 3000 seconds. Caching enables the browsers to avoid sending pre-flight OPTIONS request to Amazon S3 for repeated requests. + `ExposeHeader`—Identifies the response header (in this case `x-amz-server-side-encryption`) that you want customers to be able to access from their applications (for example, from a JavaScript `XMLHttpRequest` object). ``` http://www.example.com PUT POST DELETE * 3000 x-amz-server-side-encryption ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/PutBucketCors) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/PutBucketCors) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/PutBucketCors) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/PutBucketCors) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/PutBucketCors) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/PutBucketCors) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/PutBucketCors) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/PutBucketCors) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/PutBucketCors) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/PutBucketCors) # PutBucketEncryption This operation configures default encryption and Amazon S3 Bucket Keys for an existing bucket. You can also [block encryption types](https://docs.aws.amazon.com/AmazonS3/latest/API/API_BlockedEncryptionTypes.html) using this operation. **Note** **Directory buckets ** - For directory buckets, you must make requests for this API operation to the Regional endpoint. These endpoints support path-style requests in the format `https://s3express-control.region-code.amazonaws.com/bucket-name `. Virtual-hosted-style requests aren't supported. For more information about endpoints in Availability Zones, see [Regional and Zonal endpoints for directory buckets in Availability Zones](https://docs.aws.amazon.com/AmazonS3/latest/userguide/endpoint-directory-buckets-AZ.html) in the *Amazon S3 User Guide*. For more information about endpoints in Local Zones, see [Concepts for directory buckets in Local Zones](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-lzs-for-directory-buckets.html) in the *Amazon S3 User Guide*. By default, all buckets have a default encryption configuration that uses server-side encryption with Amazon S3 managed keys (SSE-S3). **Note** **General purpose buckets** You can optionally configure default encryption for a bucket by using server-side encryption with AWS Key Management Service (AWS KMS) keys (SSE-KMS) or dual-layer server-side encryption with AWS KMS keys (DSSE-KMS). If you specify default encryption by using SSE-KMS, you can also configure [Amazon S3 Bucket Keys](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html). For information about the bucket default encryption feature, see [Amazon S3 Bucket Default Encryption](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html) in the *Amazon S3 User Guide*. If you use PutBucketEncryption to set your [default bucket encryption](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html) to SSE-KMS, you should verify that your KMS key ID is correct. Amazon S3 doesn't validate the KMS key ID provided in PutBucketEncryption requests. **Directory buckets ** - You can optionally configure default encryption for a bucket by using server-side encryption with AWS Key Management Service (AWS KMS) keys (SSE-KMS). We recommend that the bucket's default encryption uses the desired encryption configuration and you don't override the bucket default encryption in your `CreateSession` requests or `PUT` object requests. Then, new objects are automatically encrypted with the desired encryption settings. For more information about the encryption overriding behaviors in directory buckets, see [Specifying server-side encryption with AWS KMS for new object uploads](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-specifying-kms-encryption.html). Your SSE-KMS configuration can only support 1 [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) per directory bucket's lifetime. The [AWS managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk) (`aws/s3`) isn't supported. S3 Bucket Keys are always enabled for `GET` and `PUT` operations in a directory bucket and can’t be disabled. S3 Bucket Keys aren't supported, when you copy SSE-KMS encrypted objects from general purpose buckets to directory buckets, from directory buckets to general purpose buckets, or between directory buckets, through [CopyObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html), [UploadPartCopy](https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html), [the Copy operation in Batch Operations](https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-objects-Batch-Ops), or [the import jobs](https://docs.aws.amazon.com/AmazonS3/latest/userguide/create-import-job). In this case, Amazon S3 makes a call to AWS KMS every time a copy request is made for a KMS-encrypted object. When you specify an [AWS KMS customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) for encryption in your directory bucket, only use the key ID or key ARN. The key alias format of the KMS key isn't supported. For directory buckets, if you use PutBucketEncryption to set your [default bucket encryption](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html) to SSE-KMS, Amazon S3 validates the KMS key ID provided in PutBucketEncryption requests. **Important** If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then AWS KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner. Also, this action requires AWS Signature Version 4. For more information, see [ Authenticating Requests (AWS Signature Version 4)](https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html). Permissions + **General purpose bucket permissions** - The `s3:PutEncryptionConfiguration` permission is required in a policy. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see [Permissions Related to Bucket Operations](https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) and [Managing Access Permissions to Your Amazon S3 Resources](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html) in the *Amazon S3 User Guide*. + **Directory bucket permissions** - To grant access to this API operation, you must have the `s3express:PutEncryptionConfiguration` permission in an IAM identity-based policy instead of a bucket policy. Cross-account access to this API operation isn't supported. This operation can only be performed by the AWS account that owns the resource. For more information about directory bucket policies and permissions, see [AWS Identity and Access Management (IAM) for S3 Express One Zone](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam.html) in the *Amazon S3 User Guide*. To set a directory bucket default encryption with SSE-KMS, you must also have the `kms:GenerateDataKey` and the `kms:Decrypt` permissions in IAM identity-based policies and AWS KMS key policies for the target AWS KMS key. HTTP Host header syntax **Directory buckets ** - The HTTP Host header syntax is `s3express-control.region-code.amazonaws.com`. The following operations are related to `PutBucketEncryption`: + [GetBucketEncryption](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketEncryption.html) + [DeleteBucketEncryption](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketEncryption.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` PUT /?encryption HTTP/1.1 Host: Bucket.s3.amazonaws.com Content-MD5: ContentMD5 x-amz-sdk-checksum-algorithm: ChecksumAlgorithm x-amz-expected-bucket-owner: ExpectedBucketOwner string string string ... boolean ... ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_PutBucketEncryption_RequestSyntax) ** Specifies default encryption for a bucket using server-side encryption with different key options. **Directory buckets ** - When you use this operation with a directory bucket, you must use path-style requests in the format `https://s3express-control.region-code.amazonaws.com/bucket-name `. Virtual-hosted-style requests aren't supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must also follow the format ` bucket-base-name--zone-id--x-s3` (for example, ` DOC-EXAMPLE-BUCKET--usw2-az1--x-s3`). For information about bucket naming restrictions, see [Directory bucket naming rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) in the *Amazon S3 User Guide* Required: Yes ** [Content-MD5](#API_PutBucketEncryption_RequestSyntax) ** The Base64 encoded 128-bit `MD5` digest of the server-side encryption configuration. For requests made using the AWS Command Line Interface (CLI) or AWS SDKs, this field is calculated automatically. This functionality is not supported for directory buckets. ** [x-amz-expected-bucket-owner](#API_PutBucketEncryption_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). For directory buckets, this header is not supported in this API operation. If you specify this header, the request fails with the HTTP status code `501 Not Implemented`. ** [x-amz-sdk-checksum-algorithm](#API_PutBucketEncryption_RequestSyntax) ** Indicates the algorithm used to create the checksum for the request when you use the SDK. This header will not provide any additional functionality if you don't use the SDK. When you send this header, there must be a corresponding `x-amz-checksum` or `x-amz-trailer` header sent. Otherwise, Amazon S3 fails the request with the HTTP status code `400 Bad Request`. For more information, see [Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) in the *Amazon S3 User Guide*. If you provide an individual checksum, Amazon S3 ignores any provided `ChecksumAlgorithm` parameter. For directory buckets, when you use AWS SDKs, `CRC32` is the default checksum algorithm that's used for performance. Valid Values: `CRC32 | CRC32C | SHA1 | SHA256 | CRC64NVME` ## Request Body The request accepts the following data in XML format. ** [ServerSideEncryptionConfiguration](#API_PutBucketEncryption_RequestSyntax) ** Root level tag for the ServerSideEncryptionConfiguration parameters. Required: Yes ** [Rule](#API_PutBucketEncryption_RequestSyntax) ** Container for information about a particular server-side encryption configuration rule. Type: Array of [ServerSideEncryptionRule](API_ServerSideEncryptionRule.md) data types Required: Yes ## Response Syntax ``` HTTP/1.1 200 ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body. ## Examples In the request, you specify the encryption configuration in the request body. The encryption configuration is specified as XML, as shown in the following examples that show setting encryption using SSE-S3, SSE-KMS, or DSSE-KMS. ### Request Body for Setting SSE-S3 for general purpose buckets This example illustrates one usage of PutBucketEncryption. ``` AES256 ``` ### Request Body for Setting SSE-KMS for general purpose buckets This example illustrates one usage of PutBucketEncryption. ``` aws:kms:dsse arn:aws:kms:us-east-1:1234/5678example ``` ### Set the Default Encryption Configuration for an S3 general purpose bucket The following is an example of a PUT /? encryption request that specifies to use SSE-KMS encryption. ``` PUT /?encryption HTTP/1.1 Host: examplebucket.s3.amazonaws.com Date: Wed, 06 Sep 2017 12:00:00 GMT Authorization: authorization Content-Length: length aws:kms arn:aws:kms:us-east-1:1234/5678example ``` ### Block SSE-C encryption for a bucket The following is an example of a request to prevent writing new objects to the bucket that uses server-side encryption with customer-provided keys (SSE-C). For more information, see [Blocking or unblocking SSE-C for a general purpose bucket](https://docs.aws.amazon.com/AmazonS3/latest/userguide/blocking-unblocking-s3-c-encryption-gpb.html). **Note** To allow the use of SSE-C encryption in your write requests to a bucket, pass the value `NONE` instead of `SSE-C`. ``` SSE-C ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/PutBucketEncryption) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/PutBucketEncryption) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/PutBucketEncryption) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/PutBucketEncryption) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/PutBucketEncryption) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/PutBucketEncryption) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/PutBucketEncryption) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/PutBucketEncryption) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/PutBucketEncryption) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/PutBucketEncryption) # PutBucketIntelligentTieringConfiguration **Note** This operation is not supported for directory buckets. Puts a S3 Intelligent-Tiering configuration to the specified bucket. You can have up to 1,000 S3 Intelligent-Tiering configurations per bucket. The S3 Intelligent-Tiering storage class is designed to optimize storage costs by automatically moving data to the most cost-effective storage access tier, without performance impact or operational overhead. S3 Intelligent-Tiering delivers automatic cost savings in three low latency and high throughput access tiers. To get the lowest storage cost on data that can be accessed in minutes to hours, you can choose to activate additional archiving capabilities. The S3 Intelligent-Tiering storage class is the ideal storage class for data with unknown, changing, or unpredictable access patterns, independent of object size or retention period. If the size of an object is less than 128 KB, it is not monitored and not eligible for auto-tiering. Smaller objects can be stored, but they are always charged at the Frequent Access tier rates in the S3 Intelligent-Tiering storage class. For more information, see [Storage class for automatically optimizing frequently and infrequently accessed objects](https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html#sc-dynamic-data-access). Operations related to `PutBucketIntelligentTieringConfiguration` include: + [DeleteBucketIntelligentTieringConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketIntelligentTieringConfiguration.html) + [GetBucketIntelligentTieringConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketIntelligentTieringConfiguration.html) + [ListBucketIntelligentTieringConfigurations](https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketIntelligentTieringConfigurations.html) **Note** You only need S3 Intelligent-Tiering enabled on a bucket if you want to automatically move objects stored in the S3 Intelligent-Tiering storage class to the Archive Access or Deep Archive Access tier. `PutBucketIntelligentTieringConfiguration` has the following special errors: HTTP 400 Bad Request Error *Code:* InvalidArgument *Cause:* Invalid Argument HTTP 400 Bad Request Error *Code:* TooManyConfigurations *Cause:* You are attempting to create a new configuration but have already reached the 1,000-configuration limit. HTTP 403 Forbidden Error *Cause:* You are not the owner of the specified bucket, or you do not have the `s3:PutIntelligentTieringConfiguration` bucket permission to set the configuration on the bucket. **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` PUT /?intelligent-tiering&id=Id HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-expected-bucket-owner: ExpectedBucketOwner string string string string ... string string string string string integer ... ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_PutBucketIntelligentTieringConfiguration_RequestSyntax) ** The name of the Amazon S3 bucket whose configuration you want to modify or retrieve. Required: Yes ** [id](#API_PutBucketIntelligentTieringConfiguration_RequestSyntax) ** The ID used to identify the S3 Intelligent-Tiering configuration. Required: Yes ** [x-amz-expected-bucket-owner](#API_PutBucketIntelligentTieringConfiguration_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ## Request Body The request accepts the following data in XML format. ** [IntelligentTieringConfiguration](#API_PutBucketIntelligentTieringConfiguration_RequestSyntax) ** Root level tag for the IntelligentTieringConfiguration parameters. Required: Yes ** [Filter](#API_PutBucketIntelligentTieringConfiguration_RequestSyntax) ** Specifies a bucket filter. The configuration only includes objects that meet the filter's criteria. Type: [IntelligentTieringFilter](API_IntelligentTieringFilter.md) data type Required: No ** [Id](#API_PutBucketIntelligentTieringConfiguration_RequestSyntax) ** The ID used to identify the S3 Intelligent-Tiering configuration. Type: String Required: Yes ** [Status](#API_PutBucketIntelligentTieringConfiguration_RequestSyntax) ** Specifies the status of the configuration. Type: String Valid Values: `Enabled | Disabled` Required: Yes ** [Tiering](#API_PutBucketIntelligentTieringConfiguration_RequestSyntax) ** Specifies the S3 Intelligent-Tiering storage class tier of the configuration. Type: Array of [Tiering](API_Tiering.md) data types Required: Yes ## Response Syntax ``` HTTP/1.1 200 ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body. ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/PutBucketIntelligentTieringConfiguration) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/PutBucketIntelligentTieringConfiguration) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/PutBucketIntelligentTieringConfiguration) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/PutBucketIntelligentTieringConfiguration) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/PutBucketIntelligentTieringConfiguration) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/PutBucketIntelligentTieringConfiguration) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/PutBucketIntelligentTieringConfiguration) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/PutBucketIntelligentTieringConfiguration) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/PutBucketIntelligentTieringConfiguration) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/PutBucketIntelligentTieringConfiguration) # PutBucketInventoryConfiguration **Note** This operation is not supported for directory buckets. This implementation of the `PUT` action adds an S3 Inventory configuration (identified by the inventory ID) to the bucket. You can have up to 1,000 inventory configurations per bucket. Amazon S3 inventory generates inventories of the objects in the bucket on a daily or weekly basis, and the results are published to a flat file. The bucket that is inventoried is called the *source* bucket, and the bucket where the inventory flat file is stored is called the *destination* bucket. The *destination* bucket must be in the same AWS Region as the *source* bucket. When you configure an inventory for a *source* bucket, you specify the *destination* bucket where you want the inventory to be stored, and whether to generate the inventory daily or weekly. You can also configure what object metadata to include and whether to inventory all object versions or only current versions. For more information, see [Amazon S3 Inventory](https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-inventory.html) in the Amazon S3 User Guide. **Important** You must create a bucket policy on the *destination* bucket to grant permissions to Amazon S3 to write objects to the bucket in the defined location. For an example policy, see [ Granting Permissions for Amazon S3 Inventory and Storage Class Analysis](https://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html#example-bucket-policies-use-case-9). Permissions To use this operation, you must have permission to perform the `s3:PutInventoryConfiguration` action. The bucket owner has this permission by default and can grant this permission to others. The `s3:PutInventoryConfiguration` permission allows a user to create an [S3 Inventory](https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage-inventory.html) report that includes all object metadata fields available and to specify the destination bucket to store the inventory. A user with read access to objects in the destination bucket can also access all object metadata fields that are available in the inventory report. To restrict access to an inventory report, see [Restricting access to an Amazon S3 Inventory report](https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html#example-bucket-policies-use-case-10) in the *Amazon S3 User Guide*. For more information about the metadata fields available in S3 Inventory, see [Amazon S3 Inventory lists](https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage-inventory.html#storage-inventory-contents) in the *Amazon S3 User Guide*. For more information about permissions, see [Permissions related to bucket subresource operations](https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) and [Identity and access management in Amazon S3](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html) in the *Amazon S3 User Guide*. `PutBucketInventoryConfiguration` has the following special errors: HTTP 400 Bad Request Error *Code:* InvalidArgument *Cause:* Invalid Argument HTTP 400 Bad Request Error *Code:* TooManyConfigurations *Cause:* You are attempting to create a new configuration but have already reached the 1,000-configuration limit. HTTP 403 Forbidden Error *Cause:* You are not the owner of the specified bucket, or you do not have the `s3:PutInventoryConfiguration` bucket permission to set the configuration on the bucket. The following operations are related to `PutBucketInventoryConfiguration`: + [GetBucketInventoryConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketInventoryConfiguration.html) + [DeleteBucketInventoryConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketInventoryConfiguration.html) + [ListBucketInventoryConfigurations](https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketInventoryConfigurations.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` PUT /?inventory&id=Id HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-expected-bucket-owner: ExpectedBucketOwner string string

string

string string boolean string string string string string ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_PutBucketInventoryConfiguration_RequestSyntax) ** The name of the bucket where the inventory configuration will be stored. Required: Yes ** [id](#API_PutBucketInventoryConfiguration_RequestSyntax) ** The ID used to identify the inventory configuration. Required: Yes ** [x-amz-expected-bucket-owner](#API_PutBucketInventoryConfiguration_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ## Request Body The request accepts the following data in XML format. ** [InventoryConfiguration](#API_PutBucketInventoryConfiguration_RequestSyntax) ** Root level tag for the InventoryConfiguration parameters. Required: Yes ** [Destination](#API_PutBucketInventoryConfiguration_RequestSyntax) ** Contains information about where to publish the inventory results. Type: [InventoryDestination](API_InventoryDestination.md) data type Required: Yes ** [Filter](#API_PutBucketInventoryConfiguration_RequestSyntax) ** Specifies an inventory filter. The inventory only includes objects that meet the filter's criteria. Type: [InventoryFilter](API_InventoryFilter.md) data type Required: No ** [Id](#API_PutBucketInventoryConfiguration_RequestSyntax) ** The ID used to identify the inventory configuration. Type: String Required: Yes ** [IncludedObjectVersions](#API_PutBucketInventoryConfiguration_RequestSyntax) ** Object versions to include in the inventory list. If set to `All`, the list includes all the object versions, which adds the version-related fields `VersionId`, `IsLatest`, and `DeleteMarker` to the list. If set to `Current`, the list does not contain these version-related fields. Type: String Valid Values: `All | Current` Required: Yes ** [IsEnabled](#API_PutBucketInventoryConfiguration_RequestSyntax) ** Specifies whether the inventory is enabled or disabled. If set to `True`, an inventory list is generated. If set to `False`, no inventory list is generated. Type: Boolean Required: Yes ** [OptionalFields](#API_PutBucketInventoryConfiguration_RequestSyntax) ** Contains the optional fields that are included in the inventory results. Type: Array of strings Valid Values: `Size | LastModifiedDate | StorageClass | ETag | IsMultipartUploaded | ReplicationStatus | EncryptionStatus | ObjectLockRetainUntilDate | ObjectLockMode | ObjectLockLegalHoldStatus | IntelligentTieringAccessTier | BucketKeyStatus | ChecksumAlgorithm | ObjectAccessControlList | ObjectOwner | LifecycleExpirationDate` Required: No ** [Schedule](#API_PutBucketInventoryConfiguration_RequestSyntax) ** Specifies the schedule for generating inventory results. Type: [InventorySchedule](API_InventorySchedule.md) data type Required: Yes ## Response Syntax ``` HTTP/1.1 200 ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body. ## Examples ### Example: Create an inventory configuration The following `PUT` request and response for the bucket `examplebucket` creates a new or replaces an existing inventory configuration with the ID `report1`. The configuration is defined in the request body. ``` PUT /?inventory&id=report1 HTTP/1.1 Host: examplebucket.s3..amazonaws.com Date: Mon, 31 Oct 2016 12:00:00 GMT Authorization: authorization string Content-Length: length report1 true filterPrefix CSV 123456789012 arn:aws:s3:::destination-bucket prefix1

arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab

Daily All Size LastModifiedDate ETag StorageClass IsMultipartUploaded ReplicationStatus EncryptionStatus ObjectLockRetainUntilDate ObjectLockMode ObjectLockLegalHoldStatus ``` ``` HTTP/1.1 200 OK x-amz-id-2: YgIPIfBiKa2bj0KMg95r/0zo3emzU4dzsD4rcKCHQUAdQkf3ShJTOOpXUueF6QKo x-amz-request-id: 236A8905248E5A01 Date: Mon, 31 Oct 2016 12:00:00 GMT Content-Length: 0 Server: AmazonS3 ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/PutBucketInventoryConfiguration) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/PutBucketInventoryConfiguration) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/PutBucketInventoryConfiguration) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/PutBucketInventoryConfiguration) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/PutBucketInventoryConfiguration) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/PutBucketInventoryConfiguration) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/PutBucketInventoryConfiguration) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/PutBucketInventoryConfiguration) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/PutBucketInventoryConfiguration) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/PutBucketInventoryConfiguration) # PutBucketLifecycle **Note** This operation is not supported for directory buckets. **Important** For an updated version of this API, see [PutBucketLifecycleConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html). This version has been deprecated. Existing lifecycle configurations will work. For new lifecycle configurations, use the updated API. **Note** This operation is not supported for directory buckets. Creates a new lifecycle configuration for the bucket or replaces an existing lifecycle configuration. For information about lifecycle configuration, see [Object Lifecycle Management](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html) in the *Amazon S3 User Guide*. By default, all Amazon S3 resources, including buckets, objects, and related subresources (for example, lifecycle configuration and website configuration) are private. Only the resource owner, the AWS account that created the resource, can access it. The resource owner can optionally grant access permissions to others by writing an access policy. For this operation, users must get the `s3:PutLifecycleConfiguration` permission. You can also explicitly deny permissions. Explicit denial also supersedes any other permissions. If you want to prevent users or accounts from removing or deleting objects from your bucket, you must deny them permissions for the following actions: + `s3:DeleteObject` + `s3:DeleteObjectVersion` + `s3:PutLifecycleConfiguration` For more information about permissions, see [Managing Access Permissions to your Amazon S3 Resources](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html) in the *Amazon S3 User Guide*. For more examples of transitioning objects to storage classes such as STANDARD\$1IA or ONEZONE\$1IA, see [Examples of Lifecycle Configuration](https://docs.aws.amazon.com/AmazonS3/latest/dev/intro-lifecycle-rules.html#lifecycle-configuration-examples). The following operations are related to `PutBucketLifecycle`: + [GetBucketLifecycle](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycle.html)(Deprecated) + [GetBucketLifecycleConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycleConfiguration.html) + [RestoreObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html) + By default, a resource owner—in this case, a bucket owner, which is the AWS account that created the bucket—can perform any of the operations. A resource owner can also grant others permission to perform the operation. For more information, see the following topics in the Amazon S3 User Guide: + [Specifying Permissions in a Policy](https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html) + [Managing Access Permissions to your Amazon S3 Resources](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` PUT /?lifecycle HTTP/1.1 Host: Bucket.s3.amazonaws.com Content-MD5: ContentMD5 x-amz-sdk-checksum-algorithm: ChecksumAlgorithm x-amz-expected-bucket-owner: ExpectedBucketOwner integer timestamp integer boolean string integer integer integer integer string string string timestamp integer string ... ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_PutBucketLifecycle_RequestSyntax) ** Required: Yes ** [Content-MD5](#API_PutBucketLifecycle_RequestSyntax) ** For requests made using the AWS Command Line Interface (CLI) or AWS SDKs, this field is calculated automatically. ** [x-amz-expected-bucket-owner](#API_PutBucketLifecycle_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ** [x-amz-sdk-checksum-algorithm](#API_PutBucketLifecycle_RequestSyntax) ** Indicates the algorithm used to create the checksum for the request when you use the SDK. This header will not provide any additional functionality if you don't use the SDK. When you send this header, there must be a corresponding `x-amz-checksum` or `x-amz-trailer` header sent. Otherwise, Amazon S3 fails the request with the HTTP status code `400 Bad Request`. For more information, see [Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) in the *Amazon S3 User Guide*. If you provide an individual checksum, Amazon S3 ignores any provided `ChecksumAlgorithm` parameter. Valid Values: `CRC32 | CRC32C | SHA1 | SHA256 | CRC64NVME` ## Request Body The request accepts the following data in XML format. ** [LifecycleConfiguration](#API_PutBucketLifecycle_RequestSyntax) ** Root level tag for the LifecycleConfiguration parameters. Required: Yes ** [Rule](#API_PutBucketLifecycle_RequestSyntax) ** Specifies lifecycle configuration rules for an Amazon S3 bucket. Type: Array of [Rule](API_Rule.md) data types Required: Yes ## Response Syntax ``` HTTP/1.1 200 ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body. ## Examples ### Sample Request: Body of a basic lifecycle configuration In the request, you specify the lifecycle configuration in the request body. The lifecycle configuration is specified as XML. The following is an example of a basic lifecycle configuration. It specifies one rule. The `Prefix` in the rule identifies objects to which the rule applies. The rule also specifies two actions (`Transition` and `Expiration`). Each action specifies a time line when Amazon S3 should perform the action. The Status indicates whether the rule is enabled or disabled. ``` sample-rule key-prefix rule-status value storage class value ``` ### Sample Request: Body of a lifecycle configuration specifying noncurrent versions If the state of your bucket is versioning-enabled or versioning-suspended, you can have many versions of the same object: one current version and zero or more noncurrent versions. The following lifecycle configuration specifies the actions (`NoncurrentVersionTransition`, `NoncurrentVersionExpiration`) that are specific to noncurrent object versions. ``` sample-rule key-prefix rule-status value storage class value ``` ### Sample Request: Body of a lifecycle configuration that specifies a rule with AbortIncompleteMultipartUpload You can use the multipart upload to upload large objects in parts. For more information about multipart uploads, see [Multipart Upload Overview](https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html) in the *Amazon S3 User Guide*. With lifecycle configuration, you can tell Amazon S3 to abort incomplete multipart uploads, which are identified by the key name prefix specified in the rule, if they don't complete within a specified number of days. When Amazon S3 aborts a multipart upload, it deletes all parts associated with the upload. This ensures that you don't have incomplete multipart uploads that have left parts stored in Amazon S3, so you don't have to pay storage costs for them. The following is an example lifecycle configuration that specifies a rule with the `AbortIncompleteMultipartUpload` action. This action tells Amazon S3 to abort incomplete multipart uploads seven days after initiation. ``` sample-rule SomeKeyPrefix rule-status 7 ``` ### Add lifecycle configuration to a bucket that is not versioning-enabled The following is a sample `PUT /?lifecycle` request that adds the lifecycle configuration to the `examplebucket` bucket. The lifecycle configuration specifies two rules, each with one action: + The `Transition` action tells Amazon S3 to transition objects with the "documents/" prefix to the GLACIER storage class 30 days after creation. + The `Expiration` action tells Amazon S3 to delete objects with the "logs/" prefix 365 days after creation. The sample response follows the sample request. ``` PUT /?lifecycle HTTP/1.1 Host: examplebucket.s3..amazonaws.com x-amz-date: Wed, 14 May 2014 02:11:21 GMT Content-MD5: q6yJDlIkcBaGGfb3QLY69A== Authorization: authorization string Content-Length: 415 id1 documents/ Enabled 30 GLACIER id2 logs/ Enabled 365 ``` ``` HTTP/1.1 200 OK x-amz-id-2: r+qR7+nhXtJDDIJ0JJYcd+1j5nM/rUFiiiZ/fNbDOsd3JUE8NWMLNHXmvPfwMpdc x-amz-request-id: 9E26D08072A8EF9E Date: Wed, 14 May 2014 02:11:22 GMT Content-Length: 0 Server: AmazonS3 ``` ### Add lifecycle configuration to a bucket that is versioning-enabled The following is a sample PUT /?lifecycle request that adds the lifecycle configuration to the `examplebucket` bucket. The lifecycle configuration specifies two rules, each with one action. You specify these actions when your bucket is versioning-enabled or versioning is suspended: + The `NoncurrentVersionExpiration` action tells Amazon S3 to expire noncurrent versions of objects with the "logs/" prefix 100 days after the objects become noncurrent. + The `NoncurrentVersionTransition` action tells Amazon S3 to transition noncurrent versions of objects with the "documents/" prefix to the GLACIER storage class 30 days after they become noncurrent. The sample response follows the sample request. ``` PUT /?lifecycle HTTP/1.1 Host: examplebucket.s3..amazonaws.com x-amz-date: Wed, 14 May 2014 02:21:48 GMT Content-MD5: 96rxH9mDqVNKkaZDddgnw== Authorization: authorization string Content-Length: 598 id1 logs/ Enabled 1 TransitionSoonAfterBecomingNonCurrent documents/ Enabled 0 GLACIER ``` ``` HTTP/1.1 200 OK x-amz-id-2: aXQ+KbIrmMmoO//3bMdDTw/CnjArwje+J49Hf+j44yRb/VmbIkgIO5A+PT98Cp/6k07hf+LD2mY= x-amz-request-id: 02D7EC4C10381EB1 Date: Wed, 14 May 2014 02:21:50 GMT Content-Length: 0 Server: AmazonS3 ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/PutBucketLifecycle) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/PutBucketLifecycle) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/PutBucketLifecycle) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/PutBucketLifecycle) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/PutBucketLifecycle) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/PutBucketLifecycle) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/PutBucketLifecycle) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/PutBucketLifecycle) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/PutBucketLifecycle) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/PutBucketLifecycle) # PutBucketLifecycleConfiguration Creates a new lifecycle configuration for the bucket or replaces an existing lifecycle configuration. Keep in mind that this will overwrite an existing lifecycle configuration, so if you want to retain any configuration details, they must be included in the new lifecycle configuration. For information about lifecycle configuration, see [Managing your storage lifecycle](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html). **Note** Bucket lifecycle configuration now supports specifying a lifecycle rule using an object key name prefix, one or more object tags, object size, or any combination of these. Accordingly, this section describes the latest API. The previous version of the API supported filtering based only on an object key name prefix, which is supported for backward compatibility. For the related API description, see [PutBucketLifecycle](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycle.html). Rules You specify the lifecycle configuration in your request body. The lifecycle configuration is specified as XML consisting of one or more rules. An Amazon S3 Lifecycle configuration can have up to 1,000 rules. This limit is not adjustable. Bucket lifecycle configuration supports specifying a lifecycle rule using an object key name prefix, one or more object tags, object size, or any combination of these. Accordingly, this section describes the latest API. The previous version of the API supported filtering based only on an object key name prefix, which is supported for backward compatibility for general purpose buckets. For the related API description, see [PutBucketLifecycle](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycle.html). Lifecyle configurations for directory buckets only support expiring objects and cancelling multipart uploads. Expiring of versioned objects,transitions and tag filters are not supported. A lifecycle rule consists of the following: + A filter identifying a subset of objects to which the rule applies. The filter can be based on a key name prefix, object tags, object size, or any combination of these. + A status indicating whether the rule is in effect. + One or more lifecycle transition and expiration actions that you want Amazon S3 to perform on the objects identified by the filter. If the state of your bucket is versioning-enabled or versioning-suspended, you can have many versions of the same object (one current version and zero or more noncurrent versions). Amazon S3 provides predefined actions that you can specify for current and noncurrent object versions. For more information, see [Object Lifecycle Management](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html) and [Lifecycle Configuration Elements](https://docs.aws.amazon.com/AmazonS3/latest/dev/intro-lifecycle-rules.html). Permissions + **General purpose bucket permissions** - By default, all Amazon S3 resources are private, including buckets, objects, and related subresources (for example, lifecycle configuration and website configuration). Only the resource owner (that is, the AWS account that created it) can access the resource. The resource owner can optionally grant access permissions to others by writing an access policy. For this operation, a user must have the `s3:PutLifecycleConfiguration` permission. You can also explicitly deny permissions. An explicit deny also supersedes any other permissions. If you want to block users or accounts from removing or deleting objects from your bucket, you must deny them permissions for the following actions: + `s3:DeleteObject` + `s3:DeleteObjectVersion` + `s3:PutLifecycleConfiguration` For more information about permissions, see [Managing Access Permissions to Your Amazon S3 Resources](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html). + **Directory bucket permissions** - You must have the `s3express:PutLifecycleConfiguration` permission in an IAM identity-based policy to use this operation. Cross-account access to this API operation isn't supported. The resource owner can optionally grant access permissions to others by creating a role or user for them as long as they are within the same account as the owner and resource. For more information about directory bucket policies and permissions, see [Authorizing Regional endpoint APIs with IAM](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam.html) in the *Amazon S3 User Guide*. **Note** **Directory buckets ** - For directory buckets, you must make requests for this API operation to the Regional endpoint. These endpoints support path-style requests in the format `https://s3express-control.region-code.amazonaws.com/bucket-name `. Virtual-hosted-style requests aren't supported. For more information about endpoints in Availability Zones, see [Regional and Zonal endpoints for directory buckets in Availability Zones](https://docs.aws.amazon.com/AmazonS3/latest/userguide/endpoint-directory-buckets-AZ.html) in the *Amazon S3 User Guide*. For more information about endpoints in Local Zones, see [Concepts for directory buckets in Local Zones](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-lzs-for-directory-buckets.html) in the *Amazon S3 User Guide*. HTTP Host header syntax **Directory buckets ** - The HTTP Host header syntax is `s3express-control.region.amazonaws.com`. The following operations are related to `PutBucketLifecycleConfiguration`: + [GetBucketLifecycleConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycleConfiguration.html) + [DeleteBucketLifecycle](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketLifecycle.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` PUT /?lifecycle HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-sdk-checksum-algorithm: ChecksumAlgorithm x-amz-expected-bucket-owner: ExpectedBucketOwner x-amz-transition-default-minimum-object-size: TransitionDefaultMinimumObjectSize integer timestamp integer boolean long long string string string ... long long string string string string integer integer integer integer string ... string string timestamp integer string ... ... ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_PutBucketLifecycleConfiguration_RequestSyntax) ** The name of the bucket for which to set the configuration. Required: Yes ** [x-amz-expected-bucket-owner](#API_PutBucketLifecycleConfiguration_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). This parameter applies to general purpose buckets only. It is not supported for directory bucket lifecycle configurations. ** [x-amz-sdk-checksum-algorithm](#API_PutBucketLifecycleConfiguration_RequestSyntax) ** Indicates the algorithm used to create the checksum for the request when you use the SDK. This header will not provide any additional functionality if you don't use the SDK. When you send this header, there must be a corresponding `x-amz-checksum` or `x-amz-trailer` header sent. Otherwise, Amazon S3 fails the request with the HTTP status code `400 Bad Request`. For more information, see [Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) in the *Amazon S3 User Guide*. If you provide an individual checksum, Amazon S3 ignores any provided `ChecksumAlgorithm` parameter. Valid Values: `CRC32 | CRC32C | SHA1 | SHA256 | CRC64NVME` ** [x-amz-transition-default-minimum-object-size](#API_PutBucketLifecycleConfiguration_RequestSyntax) ** Indicates which default minimum object size behavior is applied to the lifecycle configuration. This parameter applies to general purpose buckets only. It is not supported for directory bucket lifecycle configurations. + `all_storage_classes_128K` - Objects smaller than 128 KB will not transition to any storage class by default. + `varies_by_storage_class` - Objects smaller than 128 KB will transition to Glacier Flexible Retrieval or Glacier Deep Archive storage classes. By default, all other storage classes will prevent transitions smaller than 128 KB. To customize the minimum object size for any transition you can add a filter that specifies a custom `ObjectSizeGreaterThan` or `ObjectSizeLessThan` in the body of your transition rule. Custom filters always take precedence over the default transition behavior. Valid Values: `varies_by_storage_class | all_storage_classes_128K` ## Request Body The request accepts the following data in XML format. ** [LifecycleConfiguration](#API_PutBucketLifecycleConfiguration_RequestSyntax) ** Root level tag for the LifecycleConfiguration parameters. Required: Yes ** [Rule](#API_PutBucketLifecycleConfiguration_RequestSyntax) ** A lifecycle rule for individual objects in an Amazon S3 bucket. Type: Array of [LifecycleRule](API_LifecycleRule.md) data types Required: Yes ## Response Syntax ``` HTTP/1.1 200 x-amz-transition-default-minimum-object-size: TransitionDefaultMinimumObjectSize ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response. The response returns the following HTTP headers. ** [x-amz-transition-default-minimum-object-size](#API_PutBucketLifecycleConfiguration_ResponseSyntax) ** Indicates which default minimum object size behavior is applied to the lifecycle configuration. This parameter applies to general purpose buckets only. It is not supported for directory bucket lifecycle configurations. + `all_storage_classes_128K` - Objects smaller than 128 KB will not transition to any storage class by default. + `varies_by_storage_class` - Objects smaller than 128 KB will transition to Glacier Flexible Retrieval or Glacier Deep Archive storage classes. By default, all other storage classes will prevent transitions smaller than 128 KB. To customize the minimum object size for any transition you can add a filter that specifies a custom `ObjectSizeGreaterThan` or `ObjectSizeLessThan` in the body of your transition rule. Custom filters always take precedence over the default transition behavior. Valid Values: `varies_by_storage_class | all_storage_classes_128K` ## Examples ### Example 1: Add lifecycle configuration - bucket not versioning-enabled The following lifecycle configuration for a general purpose bucket specifies two rules, each with one action. + The `Transition` action requests Amazon S3 to transition objects with the "documents/" prefix to the GLACIER storage class 30 days after creation. + The `Expiration` action requests Amazon S3 to delete objects with the "logs/" prefix 365 days after creation. ``` id1 documents/ Enabled 30 GLACIER id2 logs/ Enabled 365 ``` ### Example 2: Adding a lifecycle configuration to a general purpose bucket The following is a sample `PUT /?lifecycle` request that adds the preceding lifecycle configuration to a general purpose bucket. ``` PUT /?lifecycle HTTP/1.1 Host: examplebucket.s3..amazonaws.com x-amz-date: Wed, 14 May 2014 02:11:21 GMT Content-MD5: q6yJDlIkcBaGGfb3QLY69A== Authorization: authorization string Content-Length: 415 id1 documents/ Enabled 30 GLACIER id2 logs/ Enabled 365 ``` ### Sample Response This example illustrates one usage of PutBucketLifecycleConfiguration. ``` HTTP/1.1 200 OK x-amz-id-2: r+qR7+nhXtJDDIJ0JJYcd+1j5nM/rUFiiiZ/fNbDOsd3JUE8NWMLNHXmvPfwMpdc x-amz-request-id: 9E26D08072A8EF9E Date: Wed, 14 May 2014 02:11:22 GMT Content-Length: 0 Server: AmazonS3 ``` ### Example 3: Add a lifecycle configuration - bucket is versioning-enabled The following lifecycle configuration for a general purpose bucket specifies two rules, each with one action for Amazon S3 to perform. You specify these actions when your bucket is versioning-enabled or versioning is suspended: + The `NoncurrentVersionExpiration` action requests Amazon S3 to expire noncurrent versions of objects with the "logs/" prefix 100 days after the objects become noncurrent. + The `NoncurrentVersionTransition` action requests Amazon S3 to transition noncurrent versions of objects with the "documents/" prefix to the GLACIER storage class 30 days after they become noncurrent. ``` DeleteAfterBecomingNonCurrent logs/ Enabled 100 TransitionAfterBecomingNonCurrent documents/ Enabled 30 GLACIER ``` ### Example 4: Add a lifecycle configuration to a general purpose bucket The following is a sample `PUT /?lifecycle` request that adds the preceding lifecycle configuration to a `examplebucket` bucket. ``` PUT /?lifecycle HTTP/1.1 Host: examplebucket.s3..amazonaws.com x-amz-date: Wed, 14 May 2014 02:21:48 GMT Content-MD5: 96rxH9mDqVNKkaZDddgnw== Authorization: authorization string Content-Length: 598 DeleteAfterBecomingNonCurrent logs/ Enabled 1 TransitionSoonAfterBecomingNonCurrent documents/ Enabled 0 GLACIER ``` ### Sample Response This example illustrates one usage of PutBucketLifecycleConfiguration. ``` HTTP/1.1 200 OK x-amz-id-2: aXQ+KbIrmMmoO//3bMdDTw/CnjArwje+J49Hf+j44yRb/VmbIkgIO5A+PT98Cp/6k07hf+LD2mY= x-amz-request-id: 02D7EC4C10381EB1 Date: Wed, 14 May 2014 02:21:50 GMT Content-Length: 0 Server: AmazonS3 ``` ### Example 5: Add a lifecycle configuration to a directory bucket The following lifecycle configuration specifies two rules, each with one action for Amazon S3 to perform: + The `Expiration` action requests Amazon S3 to expire objects with object size between 500B to 64000B and the `"myprefix/"` prefix 7 days after their creation. + The `AbortIncompleteMultipartUpload` action requests Amazon S3 to abort incomplete multipart uploads 3 days after their initiation. ``` PUT /?lifecycle HTTP/1.1 Host: s3express-control.us-west-2.amazonaws.com x-amz-sdk-checksum-algorithm: CRC32 x-amz-checksum-crc32: UCqxTw== Lifecycle expiration rule myprefix/ 500 64000 Enabled 7 MPU Rule another_prefix/ Enabled 3 ``` ### Sample Response This example illustrates one usage of `PutBucketLifecycleConfiguration` in directory buckets ``` HTTP/1.1 200 OK Server: AmazonS3 x-amz-request-id: 02D7EC4C10381EB1 x-amz-id-2: kc3B1Ns0xqzIdJNd Content-Type: application/xml Content-Length: 0 Date: Tue, 12 Nov 2024 18:59:45 GMT ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/PutBucketLifecycleConfiguration) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/PutBucketLifecycleConfiguration) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/PutBucketLifecycleConfiguration) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/PutBucketLifecycleConfiguration) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/PutBucketLifecycleConfiguration) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/PutBucketLifecycleConfiguration) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/PutBucketLifecycleConfiguration) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/PutBucketLifecycleConfiguration) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/PutBucketLifecycleConfiguration) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/PutBucketLifecycleConfiguration) # PutBucketLogging **Important** End of support notice: As of October 1, 2025, Amazon S3 has discontinued support for Email Grantee Access Control Lists (ACLs). If you attempt to use an Email Grantee ACL in a request after October 1, 2025, the request will receive an `HTTP 405` (Method Not Allowed) error. This change affects the following AWS Regions: US East (N. Virginia), US West (N. California), US West (Oregon), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Europe (Ireland), and South America (São Paulo). **Note** This operation is not supported for directory buckets. Set the logging parameters for a bucket and to specify permissions for who can view and modify the logging parameters. All logs are saved to buckets in the same AWS Region as the source bucket. To set the logging status of a bucket, you must be the bucket owner. The bucket owner is automatically granted FULL\$1CONTROL to all logs. You use the `Grantee` request element to grant access to other people. The `Permissions` request element specifies the kind of access the grantee has to the logs. **Important** If the target bucket for log delivery uses the bucket owner enforced setting for S3 Object Ownership, you can't use the `Grantee` request element to grant access to others. Permissions can only be granted using policies. For more information, see [Permissions for server access log delivery](https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-server-access-logging.html#grant-log-delivery-permissions-general) in the *Amazon S3 User Guide*. Grantee Values You can specify the person (grantee) to whom you're assigning access rights (by using request elements) in the following ways. For examples of how to specify these grantee values in JSON format, see the AWS CLI example in [ Enabling Amazon S3 server access logging](https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-server-access-logging.html) in the *Amazon S3 User Guide*. + By the person's ID: `<>ID<><>GranteesEmail<> ` `DisplayName` is optional and ignored in the request. + By Email address: ` <>Grantees@email.com<>` The grantee is resolved to the `CanonicalUser` and, in a response to a `GETObjectAcl` request, appears as the CanonicalUser. + By URI: `<>http://acs.amazonaws.com/groups/global/AuthenticatedUsers<>` To enable logging, you use `LoggingEnabled` and its children request elements. To disable logging, you use an empty `BucketLoggingStatus` request element: `` For more information about server access logging, see [Server Access Logging](https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerLogs.html) in the *Amazon S3 User Guide*. For more information about creating a bucket, see [CreateBucket](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html). For more information about returning the logging status of a bucket, see [GetBucketLogging](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLogging.html). The following operations are related to `PutBucketLogging`: + [PutObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html) + [DeleteBucket](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html) + [CreateBucket](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html) + [GetBucketLogging](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLogging.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` PUT /?logging HTTP/1.1 Host: Bucket.s3.amazonaws.com Content-MD5: ContentMD5 x-amz-sdk-checksum-algorithm: ChecksumAlgorithm x-amz-expected-bucket-owner: ExpectedBucketOwner string string string string string string string string string ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_PutBucketLogging_RequestSyntax) ** The name of the bucket for which to set the logging parameters. Required: Yes ** [Content-MD5](#API_PutBucketLogging_RequestSyntax) ** The MD5 hash of the `PutBucketLogging` request body. For requests made using the AWS Command Line Interface (CLI) or AWS SDKs, this field is calculated automatically. ** [x-amz-expected-bucket-owner](#API_PutBucketLogging_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ** [x-amz-sdk-checksum-algorithm](#API_PutBucketLogging_RequestSyntax) ** Indicates the algorithm used to create the checksum for the request when you use the SDK. This header will not provide any additional functionality if you don't use the SDK. When you send this header, there must be a corresponding `x-amz-checksum` or `x-amz-trailer` header sent. Otherwise, Amazon S3 fails the request with the HTTP status code `400 Bad Request`. For more information, see [Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) in the *Amazon S3 User Guide*. If you provide an individual checksum, Amazon S3 ignores any provided `ChecksumAlgorithm` parameter. Valid Values: `CRC32 | CRC32C | SHA1 | SHA256 | CRC64NVME` ## Request Body The request accepts the following data in XML format. ** [BucketLoggingStatus](#API_PutBucketLogging_RequestSyntax) ** Root level tag for the BucketLoggingStatus parameters. Required: Yes ** [LoggingEnabled](#API_PutBucketLogging_RequestSyntax) ** Describes where logs are stored and the prefix that Amazon S3 assigns to all log object keys for a bucket. For more information, see [PUT Bucket logging](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTlogging.html) in the *Amazon S3 API Reference*. Type: [LoggingEnabled](API_LoggingEnabled.md) data type Required: No ## Response Syntax ``` HTTP/1.1 200 ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body. ## Examples ### Sample Request This request enables logging and gives the grantee of the bucket READ access to the logs. Buckets that use the bucket owner enforced setting for Object Ownership to disable ACLs don't support target grants. For more information, see [Permissions for server access log delivery](https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-server-access-logging.html#grant-log-delivery-permissions-general) in the *Amazon S3 User Guide*. ``` PUT ?logging HTTP/1.1 Host: quotes.s3..amazonaws.com Content-Length: 214 Date: Wed, 25 Nov 2009 12:00:00 GMT Authorization: authorization string mybucketlogs mybucket-access_log-/ user@company.com READ ``` ### Sample Response This example illustrates one usage of PutBucketLogging. ``` HTTP/1.1 200 OK x-amz-id-2: YgIPIfBiKa2bj0KMg95r/0zo3emzU4dzsD4rcKCHQUAdQkf3ShJTOOpXUueF6QKo x-amz-request-id: 236A8905248E5A01 Date: Wed, 01 Mar 2006 12:00:00 GMT ``` ### Sample Request: Disabling logging This request disables logging on the bucket `quotes`. ``` PUT ?logging HTTP/1.1 Host: quotes.s3..amazonaws.com Content-Length: 214 Date: Wed, 25 Nov 2009 12:00:00 GMT Authorization: authorization string ``` ### Sample Response This example illustrates one usage of PutBucketLogging. ``` HTTP/1.1 200 OK x-amz-id-2: YgIPIfBiKa2bj0KMg95r/0zo3emzU4dzsD4rcKCHQUAdQkf3ShJTOOpXUueF6QKo x-amz-request-id: 236A8905248E5A01 Date: Wed, 01 Mar 2006 12:00:00 GMT ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/PutBucketLogging) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/PutBucketLogging) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/PutBucketLogging) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/PutBucketLogging) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/PutBucketLogging) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/PutBucketLogging) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/PutBucketLogging) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/PutBucketLogging) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/PutBucketLogging) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/PutBucketLogging) # PutBucketMetricsConfiguration Sets a metrics configuration (specified by the metrics configuration ID) for the bucket. You can have up to 1,000 metrics configurations per bucket. If you're updating an existing metrics configuration, note that this is a full replacement of the existing metrics configuration. If you don't include the elements you want to keep, they are erased. **Note** **Directory buckets ** - For directory buckets, you must make requests for this API operation to the Regional endpoint. These endpoints support path-style requests in the format `https://s3express-control.region-code.amazonaws.com/bucket-name `. Virtual-hosted-style requests aren't supported. For more information about endpoints in Availability Zones, see [Regional and Zonal endpoints for directory buckets in Availability Zones](https://docs.aws.amazon.com/AmazonS3/latest/userguide/endpoint-directory-buckets-AZ.html) in the *Amazon S3 User Guide*. For more information about endpoints in Local Zones, see [Concepts for directory buckets in Local Zones](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-lzs-for-directory-buckets.html) in the *Amazon S3 User Guide*. Permissions To use this operation, you must have permissions to perform the `s3:PutMetricsConfiguration` action. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see [Permissions Related to Bucket Subresource Operations](https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) and [Managing Access Permissions to Your Amazon S3 Resources](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html). + **General purpose bucket permissions** - The `s3:PutMetricsConfiguration` permission is required in a policy. For more information about general purpose buckets permissions, see [Using Bucket Policies and User Policies](https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html) in the *Amazon S3 User Guide*. + **Directory bucket permissions** - To grant access to this API operation, you must have the `s3express:PutMetricsConfiguration` permission in an IAM identity-based policy instead of a bucket policy. Cross-account access to this API operation isn't supported. This operation can only be performed by the AWS account that owns the resource. For more information about directory bucket policies and permissions, see [AWS Identity and Access Management (IAM) for S3 Express One Zone](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam.html) in the *Amazon S3 User Guide*. HTTP Host header syntax **Directory buckets ** - The HTTP Host header syntax is `s3express-control.region-code.amazonaws.com`. For information about CloudWatch request metrics for Amazon S3, see [Monitoring Metrics with Amazon CloudWatch](https://docs.aws.amazon.com/AmazonS3/latest/dev/cloudwatch-monitoring.html). The following operations are related to `PutBucketMetricsConfiguration`: + [DeleteBucketMetricsConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketMetricsConfiguration.html) + [GetBucketMetricsConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketMetricsConfiguration.html) + [ListBucketMetricsConfigurations](https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketMetricsConfigurations.html) `PutBucketMetricsConfiguration` has the following special error: + Error code: `TooManyConfigurations` + Description: You are attempting to create a new configuration but have already reached the 1,000-configuration limit. + HTTP Status Code: HTTP 400 Bad Request **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` PUT /?metrics&id=Id HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-expected-bucket-owner: ExpectedBucketOwner string string string string string string ... string string string ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_PutBucketMetricsConfiguration_RequestSyntax) ** The name of the bucket for which the metrics configuration is set. **Directory buckets ** - When you use this operation with a directory bucket, you must use path-style requests in the format `https://s3express-control.region-code.amazonaws.com/bucket-name `. Virtual-hosted-style requests aren't supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must also follow the format ` bucket-base-name--zone-id--x-s3` (for example, ` DOC-EXAMPLE-BUCKET--usw2-az1--x-s3`). For information about bucket naming restrictions, see [Directory bucket naming rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) in the *Amazon S3 User Guide* Required: Yes ** [id](#API_PutBucketMetricsConfiguration_RequestSyntax) ** The ID used to identify the metrics configuration. The ID has a 64 character limit and can only contain letters, numbers, periods, dashes, and underscores. Required: Yes ** [x-amz-expected-bucket-owner](#API_PutBucketMetricsConfiguration_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). For directory buckets, this header is not supported in this API operation. If you specify this header, the request fails with the HTTP status code `501 Not Implemented`. ## Request Body The request accepts the following data in XML format. ** [MetricsConfiguration](#API_PutBucketMetricsConfiguration_RequestSyntax) ** Root level tag for the MetricsConfiguration parameters. Required: Yes ** [Filter](#API_PutBucketMetricsConfiguration_RequestSyntax) ** Specifies a metrics configuration filter. The metrics configuration will only include objects that meet the filter's criteria. A filter must be a prefix, an object tag, an access point ARN, or a conjunction (MetricsAndOperator). Metrics configurations for directory buckets do not support tag filters. Type: [MetricsFilter](API_MetricsFilter.md) data type Required: No ** [Id](#API_PutBucketMetricsConfiguration_RequestSyntax) ** The ID used to identify the metrics configuration. The ID has a 64 character limit and can only contain letters, numbers, periods, dashes, and underscores. Type: String Required: Yes ## Response Syntax ``` HTTP/1.1 200 ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body. ## Examples ### First Sample Request Put a metric configuration that enables metrics for an entire bucket. ``` PUT /?metrics&id=EntireBucket HTTP/1.1 Host: examplebucket.s3..amazonaws.com x-amz-date: Thu, 15 Nov 2016 00:17:21 GMT Authorization: signatureValue Content-Length: 159 EntireBucket ``` ### First Sample Response This example illustrates one usage of PutBucketMetricsConfiguration. ``` HTTP/1.1 204 No Content x-amz-id-2: ITnGT1y4REXAMPLEPi4hklTXouTf0hccUjo0iCPEXAMPLEutBj3M7fPGlWO2SEWp x-amz-request-id: 51991EXAMPLE5321 Date: Thu, 15 Nov 2016 00:17:22 GMT Server: AmazonS3 ``` ### Second Sample Request Put a metrics configuration that enables metrics for objects that start with a particular prefix and also have specific tags applied. ``` PUT /?metrics&id=ImportantBlueDocuments HTTP/1.1 Host: examplebucket.s3..amazonaws.com x-amz-date: Thu, 15 Nov 2016 00:17:29 GMT Authorization: signatureValue Content-Length: 480 ImportantBlueDocuments documents/ priority high class blue ``` ### Second Sample Response This example illustrates one usage of PutBucketMetricsConfiguration. ``` HTTP/1.1 204 No Content x-amz-id-2: ITnGT1y4REXAMPLEPi4hklTXouTf0hccUjo0iCPEXAMPLEutBj3M7fPGlWO2SEWp x-amz-request-id: 51991EXAMPLE5321 Date: Thu, 15 Nov 2016 00:17:29 GMT Server: AmazonS3 ``` ### Third Sample Request Put a metrics configuration that enables metrics for a specific access point. ``` PUT /?metrics&id=ImportantDocumentsAccessPoint HTTP/1.1 Host: examplebucket.s3..amazonaws.com x-amz-date: Thu, 26 Aug 2021 00:17:29 GMT Authorization: signatureValue Content-Length: 480 ImportantDocumentsAccessPoint arn:aws:s3:us-west-2:123456789012:accesspoint/test ``` ### Thirds Sample Response This example illustrates one usage of PutBucketMetricsConfiguration. ``` HTTP/1.1 204 No Content x-amz-id-2: ITnGT1y4REXAMPLEPi4hklTXouTf0hccUjo0iCPEXAMPLEutBj3M7fPGlWO2SEWp x-amz-request-id: 51991EXAMPLE5321 Date: Thu, 26 Aug 2021 00:17:29 GMT Server: AmazonS3 ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/PutBucketMetricsConfiguration) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/PutBucketMetricsConfiguration) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/PutBucketMetricsConfiguration) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/PutBucketMetricsConfiguration) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/PutBucketMetricsConfiguration) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/PutBucketMetricsConfiguration) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/PutBucketMetricsConfiguration) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/PutBucketMetricsConfiguration) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/PutBucketMetricsConfiguration) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/PutBucketMetricsConfiguration) # PutBucketNotification **Note** This operation is not supported for directory buckets. No longer used, see the [PutBucketNotificationConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketNotificationConfiguration.html) operation. ## Request Syntax ``` PUT /?notification HTTP/1.1 Host: Bucket.s3.amazonaws.com Content-MD5: ContentMD5 x-amz-sdk-checksum-algorithm: ChecksumAlgorithm x-amz-expected-bucket-owner: ExpectedBucketOwner string string ... string string string string ... string string string string string ... string string ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_PutBucketNotification_RequestSyntax) ** The name of the bucket. Required: Yes ** [Content-MD5](#API_PutBucketNotification_RequestSyntax) ** The MD5 hash of the `PutPublicAccessBlock` request body. For requests made using the AWS Command Line Interface (CLI) or AWS SDKs, this field is calculated automatically. ** [x-amz-expected-bucket-owner](#API_PutBucketNotification_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ** [x-amz-sdk-checksum-algorithm](#API_PutBucketNotification_RequestSyntax) ** Indicates the algorithm used to create the checksum for the request when you use the SDK. This header will not provide any additional functionality if you don't use the SDK. When you send this header, there must be a corresponding `x-amz-checksum` or `x-amz-trailer` header sent. Otherwise, Amazon S3 fails the request with the HTTP status code `400 Bad Request`. For more information, see [Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) in the *Amazon S3 User Guide*. If you provide an individual checksum, Amazon S3 ignores any provided `ChecksumAlgorithm` parameter. Valid Values: `CRC32 | CRC32C | SHA1 | SHA256 | CRC64NVME` ## Request Body The request accepts the following data in XML format. ** [NotificationConfiguration](#API_PutBucketNotification_RequestSyntax) ** Root level tag for the NotificationConfiguration parameters. Required: Yes ** [CloudFunctionConfiguration](#API_PutBucketNotification_RequestSyntax) ** Container for specifying the AWS Lambda notification configuration. Type: [CloudFunctionConfiguration](API_CloudFunctionConfiguration.md) data type Required: No ** [QueueConfiguration](#API_PutBucketNotification_RequestSyntax) ** This data type is deprecated. This data type specifies the configuration for publishing messages to an Amazon Simple Queue Service (Amazon SQS) queue when Amazon S3 detects specified events. Type: [QueueConfigurationDeprecated](API_QueueConfigurationDeprecated.md) data type Required: No ** [TopicConfiguration](#API_PutBucketNotification_RequestSyntax) ** This data type is deprecated. A container for specifying the configuration for publication of messages to an Amazon Simple Notification Service (Amazon SNS) topic when Amazon S3 detects specified events. Type: [TopicConfigurationDeprecated](API_TopicConfigurationDeprecated.md) data type Required: No ## Response Syntax ``` HTTP/1.1 200 ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body. ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/PutBucketNotification) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/PutBucketNotification) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/PutBucketNotification) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/PutBucketNotification) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/PutBucketNotification) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/PutBucketNotification) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/PutBucketNotification) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/PutBucketNotification) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/PutBucketNotification) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/PutBucketNotification) # PutBucketNotificationConfiguration **Note** This operation is not supported for directory buckets. Enables notifications of specified events for a bucket. For more information about event notifications, see [Configuring Event Notifications](https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html). Using this API, you can replace an existing notification configuration. The configuration is an XML file that defines the event types that you want Amazon S3 to publish and the destination where you want Amazon S3 to publish an event notification when it detects an event of the specified type. By default, your bucket has no event notifications configured. That is, the notification configuration will be an empty `NotificationConfiguration`. `` `` This action replaces the existing notification configuration with the configuration you include in the request body. After Amazon S3 receives this request, it first verifies that any Amazon Simple Notification Service (Amazon SNS) or Amazon Simple Queue Service (Amazon SQS) destination exists, and that the bucket owner has permission to publish to it by sending a test notification. In the case of AWS Lambda destinations, Amazon S3 verifies that the Lambda function permissions grant Amazon S3 permission to invoke the function from the Amazon S3 bucket. For more information, see [Configuring Notifications for Amazon S3 Events](https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html). You can disable notifications by adding the empty NotificationConfiguration element. For more information about the number of event notification configurations that you can create per bucket, see [Amazon S3 service quotas](https://docs.aws.amazon.com/general/latest/gr/s3.html#limits_s3) in * AWS General Reference*. By default, only the bucket owner can configure notifications on a bucket. However, bucket owners can use a bucket policy to grant permission to other users to set this configuration with the required `s3:PutBucketNotification` permission. **Note** The PUT notification is an atomic operation. For example, suppose your notification configuration includes SNS topic, SQS queue, and Lambda function configurations. When you send a PUT request with this configuration, Amazon S3 sends test messages to your SNS topic. If the message fails, the entire PUT action will fail, and Amazon S3 will not add the configuration to your bucket. If the configuration in the request body includes only one `TopicConfiguration` specifying only the `s3:ReducedRedundancyLostObject` event type, the response will also include the `x-amz-sns-test-message-id` header containing the message ID of the test notification sent to the topic. The following action is related to `PutBucketNotificationConfiguration`: + [GetBucketNotificationConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketNotificationConfiguration.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` PUT /?notification HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-expected-bucket-owner: ExpectedBucketOwner x-amz-skip-destination-validation: SkipDestinationValidation string ... string string ... string string ... string ... string string ... string string ... string ... string string ... string string ... ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_PutBucketNotificationConfiguration_RequestSyntax) ** The name of the bucket. Required: Yes ** [x-amz-expected-bucket-owner](#API_PutBucketNotificationConfiguration_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ** [x-amz-skip-destination-validation](#API_PutBucketNotificationConfiguration_RequestSyntax) ** Skips validation of Amazon SQS, Amazon SNS, and AWS Lambda destinations. True or false value. ## Request Body The request accepts the following data in XML format. ** [NotificationConfiguration](#API_PutBucketNotificationConfiguration_RequestSyntax) ** Root level tag for the NotificationConfiguration parameters. Required: Yes ** [CloudFunctionConfiguration](#API_PutBucketNotificationConfiguration_RequestSyntax) ** Describes the AWS Lambda functions to invoke and the events for which to invoke them. Type: Array of [LambdaFunctionConfiguration](API_LambdaFunctionConfiguration.md) data types Required: No ** [EventBridgeConfiguration](#API_PutBucketNotificationConfiguration_RequestSyntax) ** Enables delivery of events to Amazon EventBridge. Type: [EventBridgeConfiguration](API_EventBridgeConfiguration.md) data type Required: No ** [QueueConfiguration](#API_PutBucketNotificationConfiguration_RequestSyntax) ** The Amazon Simple Queue Service queues to publish messages to and the events for which to publish messages. Type: Array of [QueueConfiguration](API_QueueConfiguration.md) data types Required: No ** [TopicConfiguration](#API_PutBucketNotificationConfiguration_RequestSyntax) ** The topic to which notifications are sent and the events for which notifications are generated. Type: Array of [TopicConfiguration](API_TopicConfiguration.md) data types Required: No ## Response Syntax ``` HTTP/1.1 200 ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body. ## Examples ### Example 1: Configure notification to invoke a cloud function in Lambda The following notification configuration includes CloudFunctionConfiguration, which identifies the event type for which Amazon S3 can invoke a cloud function and the name of the cloud function to invoke. ``` ObjectCreatedEvents arn:aws:lambda:us-west-2:35667example:function:CreateThumbnail s3:ObjectCreated:* ``` ### Example The following PUT uploads the notification configuration. The action replaces the existing notification configuration. ``` PUT http://s3..amazonaws.com/examplebucket?notification= HTTP/1.1 User-Agent: s3curl 2.0 Host: s3.amazonaws.com Pragma: no-cache Accept: */* Proxy-Connection: Keep-Alive Authorization: authorization string Date: Mon, 13 Oct 2014 23:14:52 +0000 Content-Length: length [request body] ``` ### Sample Response This example illustrates one usage of PutBucketNotificationConfiguration. ``` HTTP/1.1 200 OK x-amz-id-2: 8+FlwagBSoT2qpMaGlfCUkRkFR5W3OeS7UhhoBb17j+kqvpS2cSFlgJ5coLd53d2 x-amz-request-id: E5BA4600A3937335 Date: Fri, 31 Oct 2014 01:49:50 GMT Content-Length: 0 Server: AmazonS3 ``` ### Example 2: Configure a notification with multiple destinations The following notification configuration includes the topic and queue configurations: + A topic configuration identifying an SNS topic for Amazon S3 to publish events of the `s3:ReducedRedundancyLostObject` type. + A queue configuration identifying an SQS queue for Amazon S3 to publish events of the `s3:ObjectCreated:*` type. ``` arn:aws:sns:us-east-1:356671443308:s3notificationtopic2 s3:ReducedRedundancyLostObject arn:aws:sqs:us-east-1:356671443308:s3notificationqueue s3:ObjectCreated:* ``` ### Example The following PUT request against the notification subresource of the `examplebucket` bucket sends the preceding notification configuration in the request body. The action replaces the existing notification configuration on the bucket. ``` PUT http://s3..amazonaws.com/examplebucket?notification= HTTP/1.1 User-Agent: s3curl 2.0 Host: s3.amazonaws.com Pragma: no-cache Accept: */* Proxy-Connection: Keep-Alive Authorization: authorization string Date: Mon, 13 Oct 2014 22:58:43 +0000 Content-Length: 391 Expect: 100-continue ``` ### Example 3: Configure a notification with object key name filtering The following notification configuration contains a queue configuration identifying an Amazon SQS queue for Amazon S3 to publish events to of the `s3:ObjectCreated:Put` type. The events will be published whenever an object that has a prefix of `images/` and a `.jpg` suffix is PUT to a bucket. For more examples of notification configurations that use filtering, see [Configuring Event Notifications](https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html). ``` 1 prefix images/ suffix .jpg arn:aws:sqs:us-west-2:444455556666:s3notificationqueue s3:ObjectCreated:Put ``` ### Example The following PUT request against the notification subresource of the `examplebucket` bucket sends the preceding notification configuration in the request body. The action replaces the existing notification configuration on the bucket. ``` PUT http://s3..amazonaws.com/examplebucket?notification= HTTP/1.1 User-Agent: s3curl 2.0 Host: s3.amazonaws.com Pragma: no-cache Accept: */* Proxy-Connection: Keep-Alive Authorization: authorization string Date: Mon, 13 Oct 2014 22:58:43 +0000 Content-Length: length Expect: 100-continue ``` ### Sample Response This example illustrates one usage of PutBucketNotificationConfiguration. ``` HTTP/1.1 200 OK x-amz-id-2: SlvJLkfunoAGILZK3KqHSSUq4kwbudkrROmESoHOpDacULy+cxRoR1Svrfoyvg2A x-amz-request-id: BB1BA8E12D6A80B7 Date: Mon, 13 Oct 2014 22:58:44 GMT Content-Length: 0 Server: AmazonS3 ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/PutBucketNotificationConfiguration) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/PutBucketNotificationConfiguration) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/PutBucketNotificationConfiguration) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/PutBucketNotificationConfiguration) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/PutBucketNotificationConfiguration) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/PutBucketNotificationConfiguration) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/PutBucketNotificationConfiguration) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/PutBucketNotificationConfiguration) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/PutBucketNotificationConfiguration) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/PutBucketNotificationConfiguration) # PutBucketOwnershipControls **Note** This operation is not supported for directory buckets. Creates or modifies `OwnershipControls` for an Amazon S3 bucket. To use this operation, you must have the `s3:PutBucketOwnershipControls` permission. For more information about Amazon S3 permissions, see [Specifying permissions in a policy](https://docs.aws.amazon.com/AmazonS3/latest/user-guide/using-with-s3-actions.html). For information about Amazon S3 Object Ownership, see [Using object ownership](https://docs.aws.amazon.com/AmazonS3/latest/user-guide/about-object-ownership.html). The following operations are related to `PutBucketOwnershipControls`: + [GetBucketOwnershipControls](API_GetBucketOwnershipControls.md) + [DeleteBucketOwnershipControls](API_DeleteBucketOwnershipControls.md) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` PUT /?ownershipControls HTTP/1.1 Host: Bucket.s3.amazonaws.com Content-MD5: ContentMD5 x-amz-expected-bucket-owner: ExpectedBucketOwner x-amz-sdk-checksum-algorithm: ChecksumAlgorithm string ... ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_PutBucketOwnershipControls_RequestSyntax) ** The name of the Amazon S3 bucket whose `OwnershipControls` you want to set. Required: Yes ** [Content-MD5](#API_PutBucketOwnershipControls_RequestSyntax) ** The MD5 hash of the `OwnershipControls` request body. For requests made using the AWS Command Line Interface (CLI) or AWS SDKs, this field is calculated automatically. ** [x-amz-expected-bucket-owner](#API_PutBucketOwnershipControls_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ** [x-amz-sdk-checksum-algorithm](#API_PutBucketOwnershipControls_RequestSyntax) ** Indicates the algorithm used to create the checksum for the object when you use the SDK. This header will not provide any additional functionality if you don't use the SDK. When you send this header, there must be a corresponding `x-amz-checksum-algorithm ` header sent. Otherwise, Amazon S3 fails the request with the HTTP status code `400 Bad Request`. For more information, see [Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) in the *Amazon S3 User Guide*. If you provide an individual checksum, Amazon S3 ignores any provided `ChecksumAlgorithm` parameter. Valid Values: `CRC32 | CRC32C | SHA1 | SHA256 | CRC64NVME` ## Request Body The request accepts the following data in XML format. ** [OwnershipControls](#API_PutBucketOwnershipControls_RequestSyntax) ** Root level tag for the OwnershipControls parameters. Required: Yes ** [Rule](#API_PutBucketOwnershipControls_RequestSyntax) ** The container element for an ownership control rule. Type: Array of [OwnershipControlsRule](API_OwnershipControlsRule.md) data types Required: Yes ## Response Syntax ``` HTTP/1.1 200 ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body. ## Examples ### Sample Request with BucketOwnerEnforced OwnershipControls The following request puts a bucket `OwnershipControls` that specifies BucketOwnerEnforced. ``` PUT /amzn-s3-demo-bucket?ownershipControls= HTTP/1.1 Host:amzn-s3-demo-bucket.s3..amazonaws.com x-amz-date: 20211130T230132Z x-amz-content-sha256: bafb46c18574a73704c8227aef060df1c12ea0d964e19b949d06e9f763805fe2 Authorization: authorization string BucketOwnerEnforced ``` ### Sample Response with BucketOwnerEnforced OwnershipControls This example illustrates one usage of PutBucketOwnershipControls. ``` HTTP/1.1 200 OK x-amz-id-2: zkDVX0gbz8oKcjNz7GPz8XhXkhNArHtA8/WOf5hyEj6SbisSRdqITZvSuAMik7HK4PY+izDZZI0= x-amz-request-id: BK7Y8M3G7Z0RFRCP Date: Tue, 30 Nov 2021 23:01:33 GMT Content-Length: 0 Server: AmazonS3 ``` ### Sample Request with BucketOwnerPreferred OwnershipControls The following request puts a bucket `OwnershipControls` that specifies BucketOwnerPreferred. ``` PUT /amzn-s3-demo-bucket?ownershipControls= HTTP/1.1 Host:amzn-s3-demo-bucket.s3..amazonaws.com x-amz-date: 20200618T230132Z x-amz-content-sha256: bafb46c18574a73704c8227aef060df1c12ea0d964e19b949d06e9f763805fe2 Authorization: authorization string BucketOwnerPreferred ``` ### Sample Response with BucketOwnerPreferred OwnershipControls This example illustrates one usage of PutBucketOwnershipControls. ``` HTTP/1.1 200 OK x-amz-id-2: zkDVX0gbz8oKcjNz7GPz8XhXkhNArHtA8/WOf5hyEj6SbisSRdqITZvSuAMik7HK4PY+izDZZI0= x-amz-request-id: BK7Y8M3G7Z0RFRCP Date: Thu, 18 Jun 2020 23:01:33 GMT Content-Length: 0 Server: AmazonS3 ``` ### Sample Request with ObjectWriter OwnershipControls The following request puts a bucket `OwnershipControls` that specifies ObjectWriter. ``` PUT /amzn-s3-demo-bucket?ownershipControls= HTTP/1.1 Host:amzn-s3-demo-bucket.s3..amazonaws.com x-amz-date: 20200618T230132Z x-amz-content-sha256: bafb46c18574a73704c8227aef060df1c12ea0d964e19b949d06e9f763805fe2 Authorization: authorization string ObjectWriter ``` ### Sample Response with ObjectWriter OwnershipControls This example illustrates one usage of PutBucketOwnershipControls. ``` HTTP/1.1 200 OK x-amz-id-2: zkDVX0gbz8oKcjNz7GPz8XhXkhNArHtA8/WOf5hyEj6SbisSRdqITZvSuAMik7HK4PY+izDZZI0= x-amz-request-id: BK7Y8M3G7Z0RFRCP Date: Thu, 18 Jun 2020 23:01:33 GMT Content-Length: 0 Server: AmazonS3 ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/PutBucketOwnershipControls) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/PutBucketOwnershipControls) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/PutBucketOwnershipControls) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/PutBucketOwnershipControls) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/PutBucketOwnershipControls) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/PutBucketOwnershipControls) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/PutBucketOwnershipControls) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/PutBucketOwnershipControls) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/PutBucketOwnershipControls) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/PutBucketOwnershipControls) # PutBucketPolicy Applies an Amazon S3 bucket policy to an Amazon S3 bucket. **Note** **Directory buckets ** - For directory buckets, you must make requests for this API operation to the Regional endpoint. These endpoints support path-style requests in the format `https://s3express-control.region-code.amazonaws.com/bucket-name `. Virtual-hosted-style requests aren't supported. For more information about endpoints in Availability Zones, see [Regional and Zonal endpoints for directory buckets in Availability Zones](https://docs.aws.amazon.com/AmazonS3/latest/userguide/endpoint-directory-buckets-AZ.html) in the *Amazon S3 User Guide*. For more information about endpoints in Local Zones, see [Concepts for directory buckets in Local Zones](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-lzs-for-directory-buckets.html) in the *Amazon S3 User Guide*. Permissions If you are using an identity other than the root user of the AWS account that owns the bucket, the calling identity must both have the `PutBucketPolicy` permissions on the specified bucket and belong to the bucket owner's account in order to use this operation. If you don't have `PutBucketPolicy` permissions, Amazon S3 returns a `403 Access Denied` error. If you have the correct permissions, but you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a `405 Method Not Allowed` error. To ensure that bucket owners don't inadvertently lock themselves out of their own buckets, the root principal in a bucket owner's AWS account can perform the `GetBucketPolicy`, `PutBucketPolicy`, and `DeleteBucketPolicy` API actions, even if their bucket policy explicitly denies the root principal's access. Bucket owner root principals can only be blocked from performing these API actions by VPC endpoint policies and AWS Organizations policies. + **General purpose bucket permissions** - The `s3:PutBucketPolicy` permission is required in a policy. For more information about general purpose buckets bucket policies, see [Using Bucket Policies and User Policies](https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html) in the *Amazon S3 User Guide*. + **Directory bucket permissions** - To grant access to this API operation, you must have the `s3express:PutBucketPolicy` permission in an IAM identity-based policy instead of a bucket policy. Cross-account access to this API operation isn't supported. This operation can only be performed by the AWS account that owns the resource. For more information about directory bucket policies and permissions, see [AWS Identity and Access Management (IAM) for S3 Express One Zone](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam.html) in the *Amazon S3 User Guide*. Example bucket policies **General purpose buckets example bucket policies** - See [Bucket policy examples](https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html) in the *Amazon S3 User Guide*. **Directory bucket example bucket policies** - See [Example bucket policies for S3 Express One Zone](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-example-bucket-policies.html) in the *Amazon S3 User Guide*. HTTP Host header syntax **Directory buckets ** - The HTTP Host header syntax is `s3express-control.region-code.amazonaws.com`. The following operations are related to `PutBucketPolicy`: + [CreateBucket](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html) + [DeleteBucket](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` PUT /?policy HTTP/1.1 Host: Bucket.s3.amazonaws.com Content-MD5: ContentMD5 x-amz-sdk-checksum-algorithm: ChecksumAlgorithm x-amz-confirm-remove-self-bucket-access: ConfirmRemoveSelfBucketAccess x-amz-expected-bucket-owner: ExpectedBucketOwner { Policy in JSON format } ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_PutBucketPolicy_RequestSyntax) ** The name of the bucket. **Directory buckets ** - When you use this operation with a directory bucket, you must use path-style requests in the format `https://s3express-control.region-code.amazonaws.com/bucket-name `. Virtual-hosted-style requests aren't supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must also follow the format ` bucket-base-name--zone-id--x-s3` (for example, ` DOC-EXAMPLE-BUCKET--usw2-az1--x-s3`). For information about bucket naming restrictions, see [Directory bucket naming rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) in the *Amazon S3 User Guide* Required: Yes ** [Content-MD5](#API_PutBucketPolicy_RequestSyntax) ** The MD5 hash of the request body. For requests made using the AWS Command Line Interface (CLI) or AWS SDKs, this field is calculated automatically. This functionality is not supported for directory buckets. ** [x-amz-confirm-remove-self-bucket-access](#API_PutBucketPolicy_RequestSyntax) ** Set this parameter to true to confirm that you want to remove your permissions to change this bucket policy in the future. This functionality is not supported for directory buckets. ** [x-amz-expected-bucket-owner](#API_PutBucketPolicy_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). For directory buckets, this header is not supported in this API operation. If you specify this header, the request fails with the HTTP status code `501 Not Implemented`. ** [x-amz-sdk-checksum-algorithm](#API_PutBucketPolicy_RequestSyntax) ** Indicates the algorithm used to create the checksum for the request when you use the SDK. This header will not provide any additional functionality if you don't use the SDK. When you send this header, there must be a corresponding `x-amz-checksum-algorithm ` or `x-amz-trailer` header sent. Otherwise, Amazon S3 fails the request with the HTTP status code `400 Bad Request`. For the `x-amz-checksum-algorithm ` header, replace ` algorithm ` with the supported algorithm from the following list: + `CRC32` + `CRC32C` + `CRC64NVME` + `SHA1` + `SHA256` For more information, see [Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) in the *Amazon S3 User Guide*. If the individual checksum value you provide through `x-amz-checksum-algorithm ` doesn't match the checksum algorithm you set through `x-amz-sdk-checksum-algorithm`, Amazon S3 fails the request with a `BadDigest` error. For directory buckets, when you use AWS SDKs, `CRC32` is the default checksum algorithm that's used for performance. Valid Values: `CRC32 | CRC32C | SHA1 | SHA256 | CRC64NVME` ## Request Body The request accepts the following data in JSON format. ** [Policy](#API_PutBucketPolicy_RequestSyntax) ** ## Response Syntax ``` HTTP/1.1 200 ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body. ## Examples ### Sample Request for general purpose buckets The following request shows the PUT individual policy request for the bucket. ``` PUT /?policy HTTP/1.1 Host: bucket.s3..amazonaws.com Date: Tue, 04 Apr 2010 20:34:56 GMT Authorization: authorization string { "Version":"2008-10-17", "Id":"aaaa-bbbb-cccc-dddd", "Statement" : [ { "Effect":"Allow", "Sid":"1", "Principal" : { "AWS":["111122223333","444455556666"] }, "Action":["s3:*"], "Resource":"arn:aws:s3:::bucket/*" } ] } ``` ### Sample Response for general purpose buckets This example illustrates one usage of PutBucketPolicy. ``` HTTP/1.1 204 No Content x-amz-id-2: Uuag1LuByR5Onimru9SAMPLEAtRPfTaOFg== x-amz-request-id: 656c76696e6727732SAMPLE7374 Date: Tue, 04 Apr 2010 20:34:56 GMT Connection: keep-alive Server: AmazonS3 ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/PutBucketPolicy) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/PutBucketPolicy) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/PutBucketPolicy) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/PutBucketPolicy) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/PutBucketPolicy) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/PutBucketPolicy) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/PutBucketPolicy) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/PutBucketPolicy) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/PutBucketPolicy) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/PutBucketPolicy) # PutBucketReplication **Note** This operation is not supported for directory buckets. Creates a replication configuration or replaces an existing one. For more information, see [Replication](https://docs.aws.amazon.com/AmazonS3/latest/dev/replication.html) in the *Amazon S3 User Guide*. Specify the replication configuration in the request body. In the replication configuration, you provide the name of the destination bucket or buckets where you want Amazon S3 to replicate objects, the IAM role that Amazon S3 can assume to replicate objects on your behalf, and other relevant information. You can invoke this request for a specific AWS Region by using the [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requestedregion](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requestedregion) condition key. A replication configuration must include at least one rule, and can contain a maximum of 1,000. Each rule identifies a subset of objects to replicate by filtering the objects in the source bucket. To choose additional subsets of objects to replicate, add a rule for each subset. To specify a subset of the objects in the source bucket to apply a replication rule to, add the Filter element as a child of the Rule element. You can filter objects based on an object key prefix, one or more object tags, or both. When you add the Filter element in the configuration, you must also add the following elements: `DeleteMarkerReplication`, `Status`, and `Priority`. **Note** If you are using an earlier version of the replication configuration, Amazon S3 handles replication of delete markers differently. For more information, see [Backward Compatibility](https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-add-config.html#replication-backward-compat-considerations). For information about enabling versioning on a bucket, see [Using Versioning](https://docs.aws.amazon.com/AmazonS3/latest/dev/Versioning.html). Handling Replication of Encrypted Objects By default, Amazon S3 doesn't replicate objects that are stored at rest using server-side encryption with KMS keys. To replicate AWS KMS-encrypted objects, add the following: `SourceSelectionCriteria`, `SseKmsEncryptedObjects`, `Status`, `EncryptionConfiguration`, and `ReplicaKmsKeyID`. For information about replication configuration, see [Replicating Objects Created with SSE Using KMS keys](https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-config-for-kms-objects.html). For information on `PutBucketReplication` errors, see [List of replication-related error codes](https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ReplicationErrorCodeList) Permissions To create a `PutBucketReplication` request, you must have `s3:PutReplicationConfiguration` permissions for the bucket. By default, a resource owner, in this case the AWS account that created the bucket, can perform this operation. The resource owner can also grant others permissions to perform the operation. For more information about permissions, see [Specifying Permissions in a Policy](https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html) and [Managing Access Permissions to Your Amazon S3 Resources](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html). To perform this operation, the user or role performing the action must have the [iam:PassRole](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_passrole.html) permission. The following operations are related to `PutBucketReplication`: + [GetBucketReplication](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketReplication.html) + [DeleteBucketReplication](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketReplication.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` PUT /?replication HTTP/1.1 Host: Bucket.s3.amazonaws.com Content-MD5: ContentMD5 x-amz-sdk-checksum-algorithm: ChecksumAlgorithm x-amz-bucket-object-lock-token: Token x-amz-expected-bucket-owner: ExpectedBucketOwner string string string string string string integer string string integer string string string string string ... string string string string string integer string string string ... ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_PutBucketReplication_RequestSyntax) ** The name of the bucket Required: Yes ** [Content-MD5](#API_PutBucketReplication_RequestSyntax) ** The Base64 encoded 128-bit `MD5` digest of the data. You must use this header as a message integrity check to verify that the request body was not corrupted in transit. For more information, see [RFC 1864](http://www.ietf.org/rfc/rfc1864.txt). For requests made using the AWS Command Line Interface (CLI) or AWS SDKs, this field is calculated automatically. ** [x-amz-bucket-object-lock-token](#API_PutBucketReplication_RequestSyntax) ** A token to allow Object Lock to be enabled for an existing bucket. ** [x-amz-expected-bucket-owner](#API_PutBucketReplication_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ** [x-amz-sdk-checksum-algorithm](#API_PutBucketReplication_RequestSyntax) ** Indicates the algorithm used to create the checksum for the request when you use the SDK. This header will not provide any additional functionality if you don't use the SDK. When you send this header, there must be a corresponding `x-amz-checksum` or `x-amz-trailer` header sent. Otherwise, Amazon S3 fails the request with the HTTP status code `400 Bad Request`. For more information, see [Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) in the *Amazon S3 User Guide*. If you provide an individual checksum, Amazon S3 ignores any provided `ChecksumAlgorithm` parameter. Valid Values: `CRC32 | CRC32C | SHA1 | SHA256 | CRC64NVME` ## Request Body The request accepts the following data in XML format. ** [ReplicationConfiguration](#API_PutBucketReplication_RequestSyntax) ** Root level tag for the ReplicationConfiguration parameters. Required: Yes ** [Role](#API_PutBucketReplication_RequestSyntax) ** The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role that Amazon S3 assumes when replicating objects. For more information, see [How to Set Up Replication](https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-how-setup.html) in the *Amazon S3 User Guide*. Type: String Required: Yes ** [Rule](#API_PutBucketReplication_RequestSyntax) ** A container for one or more replication rules. A replication configuration must have at least one rule and can contain a maximum of 1,000 rules. Type: Array of [ReplicationRule](API_ReplicationRule.md) data types Required: Yes ## Response Syntax ``` HTTP/1.1 200 ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body. ## Examples ### Sample Request: Add a replication configuration The following is a sample `PUT` request that creates a replication subresource on the specified bucket and saves the replication configuration in it. The replication configuration specifies a rule to replicate objects to the `DOC-EXAMPLE-BUCKET` bucket. The rule includes a filter to replicate only the objects created with the key name prefix TaxDocs and that have two specific tags. After you add a replication configuration to your bucket, Amazon S3 assumes the AWS Identity and Access Management (IAM) role specified in the configuration to replicate objects on behalf of the bucket owner. The bucket owner is the AWS account that created the bucket. Filtering using the element is supported in the latest XML configuration. If you are using an earlier version of the XML configuration, you can filter only on key prefix. In that case, you add the element as a child of the . For more examples of replication configuration, see [Replication Configuration Overview](https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-add-config.html#replication-config-example-configs) in the *Amazon S3 User Guide.* ``` PUT /?replication HTTP/1.1 Host: examplebucket.s3..amazonaws.com Date: Wed, 11 Feb 2015 02:11:21 GMT Content-MD5: q6yJDlIkcBaGGfb3QLY69A== Authorization: authorization string Content-Length: length arn:aws:iam::35667example:role/CrossRegionReplicationRoleForS3 rule1 Enabled 1 Disabled TaxDocs key1 value1 key1 value1 arn:aws:s3:::DOC-EXAMPLE-BUCKET ``` ### Sample Response This example illustrates one usage of PutBucketReplication. ``` HTTP/1.1 200 OK x-amz-id-2: r+qR7+nhXtJDDIJ0JJYcd+1j5nM/rUFiiiZ/fNbDOsd3JUE8NWMLNHXmvPfwMpdc x-amz-request-id: 9E26D08072A8EF9E Date: Wed, 11 Feb 2015 02:11:22 GMT Content-Length: 0 Server: AmazonS3 ``` ### Sample Request: Add a Replication Configuration with Amazon S3 Replication Time Control Enabled You can use S3 Replication Time Control (S3 RTC) to replicate your data in the same AWS Region or across different AWS Regions in a predictable time frame. S3 RTC replicates 99.99 percent of new objects stored in Amazon S3 within 15 minutes. For more information, see [Replicating objects using Replication Time Control](https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-time-control.html). ``` PUT /?replication HTTP/1.1 Host: examplebucket.s3..amazonaws.com Date: Wed, 11 Feb 2015 02:11:21 GMT Content-MD5: q6yJDlIkcBaGGfb3QLY69A== Authorization: authorization string Content-Length: length x-amz-bucket-object-lock-token: Token arn:aws:iam::35667example:role/CrossRegionReplicationRoleForS3 rule1 Enabled 1 TaxDocs key1 value1 key1 value1 arn:aws:s3:::DOC-EXAMPLE-BUCKET Enabled 15 Enabled 15 ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/PutBucketReplication) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/PutBucketReplication) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/PutBucketReplication) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/PutBucketReplication) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/PutBucketReplication) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/PutBucketReplication) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/PutBucketReplication) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/PutBucketReplication) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/PutBucketReplication) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/PutBucketReplication) # PutBucketRequestPayment **Note** This operation is not supported for directory buckets. Sets the request payment configuration for a bucket. By default, the bucket owner pays for downloads from the bucket. This configuration parameter enables the bucket owner (only) to specify that the person requesting the download will be charged for the download. For more information, see [Requester Pays Buckets](https://docs.aws.amazon.com/AmazonS3/latest/dev/RequesterPaysBuckets.html). The following operations are related to `PutBucketRequestPayment`: + [CreateBucket](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html) + [GetBucketRequestPayment](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketRequestPayment.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` PUT /?requestPayment HTTP/1.1 Host: Bucket.s3.amazonaws.com Content-MD5: ContentMD5 x-amz-sdk-checksum-algorithm: ChecksumAlgorithm x-amz-expected-bucket-owner: ExpectedBucketOwner string ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_PutBucketRequestPayment_RequestSyntax) ** The bucket name. Required: Yes ** [Content-MD5](#API_PutBucketRequestPayment_RequestSyntax) ** The Base64 encoded 128-bit `MD5` digest of the data. You must use this header as a message integrity check to verify that the request body was not corrupted in transit. For more information, see [RFC 1864](http://www.ietf.org/rfc/rfc1864.txt). For requests made using the AWS Command Line Interface (CLI) or AWS SDKs, this field is calculated automatically. ** [x-amz-expected-bucket-owner](#API_PutBucketRequestPayment_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ** [x-amz-sdk-checksum-algorithm](#API_PutBucketRequestPayment_RequestSyntax) ** Indicates the algorithm used to create the checksum for the request when you use the SDK. This header will not provide any additional functionality if you don't use the SDK. When you send this header, there must be a corresponding `x-amz-checksum` or `x-amz-trailer` header sent. Otherwise, Amazon S3 fails the request with the HTTP status code `400 Bad Request`. For more information, see [Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) in the *Amazon S3 User Guide*. If you provide an individual checksum, Amazon S3 ignores any provided `ChecksumAlgorithm` parameter. Valid Values: `CRC32 | CRC32C | SHA1 | SHA256 | CRC64NVME` ## Request Body The request accepts the following data in XML format. ** [RequestPaymentConfiguration](#API_PutBucketRequestPayment_RequestSyntax) ** Root level tag for the RequestPaymentConfiguration parameters. Required: Yes ** [Payer](#API_PutBucketRequestPayment_RequestSyntax) ** Specifies who pays for the download and request fees. Type: String Valid Values: `Requester | BucketOwner` Required: Yes ## Response Syntax ``` HTTP/1.1 200 ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body. ## Examples ### Sample Request This request creates a Requester Pays bucket named `colorpictures`. ``` PUT ?requestPayment HTTP/1.1 Host: colorpictures.s3..amazonaws.com Content-Length: 173 Date: Wed, 01 Mar 2006 12:00:00 GMT Authorization: authorization string Requester ``` ### Sample Response Delete the metric configuration with a specified ID, which disables the CloudWatch metrics with the `ExampleMetrics` value for the `FilterId` dimension. ``` HTTP/1.1 200 OK x-amz-id-2: YgIPIfBiKa2bj0KMg95r/0zo3emzU4dzsD4rcKCHQUAdQkf3ShJTOOpXUueF6QKo x-amz-request-id: 236A8905248E5A01 Date: Wed, 01 Mar 2006 12:00:00 GMT Location: /colorpictures Content-Length: 0 Connection: close Server: AmazonS3 ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/PutBucketRequestPayment) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/PutBucketRequestPayment) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/PutBucketRequestPayment) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/PutBucketRequestPayment) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/PutBucketRequestPayment) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/PutBucketRequestPayment) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/PutBucketRequestPayment) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/PutBucketRequestPayment) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/PutBucketRequestPayment) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/PutBucketRequestPayment) # PutBucketTagging **Note** This operation is not supported for directory buckets. Sets the tags for a general purpose bucket if attribute based access control (ABAC) is not enabled for the bucket. When you [enable ABAC for a general purpose bucket](https://docs.aws.amazon.com/AmazonS3/latest/userguide/buckets-tagging-enable-abac.html), you can no longer use this operation for that bucket and must use the [TagResource](https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_TagResource.html) or [UntagResource](https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_UntagResource.html) operations instead. Use tags to organize your AWS bill to reflect your own cost structure. To do this, sign up to get your AWS account bill with tag key values included. Then, to see the cost of combined resources, organize your billing information according to resources with the same tag key values. For example, you can tag several resources with a specific application name, and then organize your billing information to see the total cost of that application across several services. For more information, see [Cost Allocation and Tagging](https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/cost-alloc-tags.html) and [Using Cost Allocation in Amazon S3 Bucket Tags](https://docs.aws.amazon.com/AmazonS3/latest/userguide/CostAllocTagging.html). **Note** When this operation sets the tags for a bucket, it will overwrite any current tags the bucket already has. You cannot use this operation to add tags to an existing list of tags. To use this operation, you must have permissions to perform the `s3:PutBucketTagging` action. The bucket owner has this permission by default and can grant this permission to others. For more information about permissions, see [Permissions Related to Bucket Subresource Operations](https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) and [Managing Access Permissions to Your Amazon S3 Resources](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html). `PutBucketTagging` has the following special errors. For more Amazon S3 errors see, [Error Responses](https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html). + `InvalidTag` - The tag provided was not a valid tag. This error can occur if the tag did not pass input validation. For more information, see [Using Cost Allocation in Amazon S3 Bucket Tags](https://docs.aws.amazon.com/AmazonS3/latest/userguide/CostAllocTagging.html). + `MalformedXML` - The XML provided does not match the schema. + `OperationAborted` - A conflicting conditional action is currently in progress against this resource. Please try again. + `InternalError` - The service was unable to apply the provided tag to the bucket. The following operations are related to `PutBucketTagging`: + [GetBucketTagging](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketTagging.html) + [DeleteBucketTagging](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketTagging.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` PUT /?tagging HTTP/1.1 Host: Bucket.s3.amazonaws.com Content-MD5: ContentMD5 x-amz-sdk-checksum-algorithm: ChecksumAlgorithm x-amz-expected-bucket-owner: ExpectedBucketOwner string string ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_PutBucketTagging_RequestSyntax) ** The bucket name. Required: Yes ** [Content-MD5](#API_PutBucketTagging_RequestSyntax) ** The Base64 encoded 128-bit `MD5` digest of the data. You must use this header as a message integrity check to verify that the request body was not corrupted in transit. For more information, see [RFC 1864](http://www.ietf.org/rfc/rfc1864.txt). For requests made using the AWS Command Line Interface (CLI) or AWS SDKs, this field is calculated automatically. ** [x-amz-expected-bucket-owner](#API_PutBucketTagging_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ** [x-amz-sdk-checksum-algorithm](#API_PutBucketTagging_RequestSyntax) ** Indicates the algorithm used to create the checksum for the request when you use the SDK. This header will not provide any additional functionality if you don't use the SDK. When you send this header, there must be a corresponding `x-amz-checksum` or `x-amz-trailer` header sent. Otherwise, Amazon S3 fails the request with the HTTP status code `400 Bad Request`. For more information, see [Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) in the *Amazon S3 User Guide*. If you provide an individual checksum, Amazon S3 ignores any provided `ChecksumAlgorithm` parameter. Valid Values: `CRC32 | CRC32C | SHA1 | SHA256 | CRC64NVME` ## Request Body The request accepts the following data in XML format. ** [Tagging](#API_PutBucketTagging_RequestSyntax) ** Root level tag for the Tagging parameters. Required: Yes ** [TagSet](#API_PutBucketTagging_RequestSyntax) ** A collection for a set of tags Type: Array of [Tag](API_Tag.md) data types Required: Yes ## Response Syntax ``` HTTP/1.1 200 ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body. ## Examples ### Sample Request: Add tag set to a bucket The following request adds a tag set to the existing `examplebucket` bucket. ``` PUT ?tagging HTTP/1.1 Host: examplebucket.s3..amazonaws.com Content-Length: 1660 x-amz-date: Thu, 12 Apr 2012 20:04:21 GMT Authorization: authorization string Project Project One User jsmith ``` ### Sample Response This example illustrates one usage of PutBucketTagging. ``` HTTP/1.1 204 No Content x-amz-id-2: YgIPIfBiKa2bj0KMgUAdQkf3ShJTOOpXUueF6QKo x-amz-request-id: 236A8905248E5A01 Date: Wed, 01 Oct 2012 12:00:00 GMT ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/PutBucketTagging) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/PutBucketTagging) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/PutBucketTagging) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/PutBucketTagging) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/PutBucketTagging) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/PutBucketTagging) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/PutBucketTagging) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/PutBucketTagging) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/PutBucketTagging) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/PutBucketTagging) # PutBucketVersioning **Note** This operation is not supported for directory buckets. **Note** When you enable versioning on a bucket for the first time, it might take a short amount of time for the change to be fully propagated. While this change is propagating, you might encounter intermittent `HTTP 404 NoSuchKey` errors for requests to objects created or updated after enabling versioning. We recommend that you wait for 15 minutes after enabling versioning before issuing write operations (`PUT` or `DELETE`) on objects in the bucket. Sets the versioning state of an existing bucket. You can set the versioning state with one of the following values: **Enabled**—Enables versioning for the objects in the bucket. All objects added to the bucket receive a unique version ID. **Suspended**—Disables versioning for the objects in the bucket. All objects added to the bucket receive the version ID null. If the versioning state has never been set on a bucket, it has no versioning state; a [GetBucketVersioning](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketVersioning.html) request does not return a versioning state value. In order to enable MFA Delete, you must be the bucket owner. If you are the bucket owner and want to enable MFA Delete in the bucket versioning configuration, you must include the `x-amz-mfa request` header and the `Status` and the `MfaDelete` request elements in a request to set the versioning state of the bucket. **Important** If you have an object expiration lifecycle configuration in your non-versioned bucket and you want to maintain the same permanent delete behavior when you enable versioning, you must add a noncurrent expiration policy. The noncurrent expiration lifecycle configuration will manage the deletes of the noncurrent object versions in the version-enabled bucket. (A version-enabled bucket maintains one current and zero or more noncurrent object versions.) For more information, see [Lifecycle and Versioning](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html#lifecycle-and-other-bucket-config). The following operations are related to `PutBucketVersioning`: + [CreateBucket](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html) + [DeleteBucket](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html) + [GetBucketVersioning](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketVersioning.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` PUT /?versioning HTTP/1.1 Host: Bucket.s3.amazonaws.com Content-MD5: ContentMD5 x-amz-sdk-checksum-algorithm: ChecksumAlgorithm x-amz-mfa: MFA x-amz-expected-bucket-owner: ExpectedBucketOwner string string ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_PutBucketVersioning_RequestSyntax) ** The bucket name. Required: Yes ** [Content-MD5](#API_PutBucketVersioning_RequestSyntax) ** >The Base64 encoded 128-bit `MD5` digest of the data. You must use this header as a message integrity check to verify that the request body was not corrupted in transit. For more information, see [RFC 1864](http://www.ietf.org/rfc/rfc1864.txt). For requests made using the AWS Command Line Interface (CLI) or AWS SDKs, this field is calculated automatically. ** [x-amz-expected-bucket-owner](#API_PutBucketVersioning_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ** [x-amz-mfa](#API_PutBucketVersioning_RequestSyntax) ** The concatenation of the authentication device's serial number, a space, and the value that is displayed on your authentication device. The serial number is the number that uniquely identifies the MFA device. For physical MFA devices, this is the unique serial number that's provided with the device. For virtual MFA devices, the serial number is the device ARN. For more information, see [Enabling versioning on buckets](https://docs.aws.amazon.com/AmazonS3/latest/userguide/manage-versioning-examples.html) and [Configuring MFA delete](https://docs.aws.amazon.com/AmazonS3/latest/userguide/MultiFactorAuthenticationDelete.html) in the *Amazon Simple Storage Service User Guide*. ** [x-amz-sdk-checksum-algorithm](#API_PutBucketVersioning_RequestSyntax) ** Indicates the algorithm used to create the checksum for the request when you use the SDK. This header will not provide any additional functionality if you don't use the SDK. When you send this header, there must be a corresponding `x-amz-checksum` or `x-amz-trailer` header sent. Otherwise, Amazon S3 fails the request with the HTTP status code `400 Bad Request`. For more information, see [Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) in the *Amazon S3 User Guide*. If you provide an individual checksum, Amazon S3 ignores any provided `ChecksumAlgorithm` parameter. Valid Values: `CRC32 | CRC32C | SHA1 | SHA256 | CRC64NVME` ## Request Body The request accepts the following data in XML format. ** [VersioningConfiguration](#API_PutBucketVersioning_RequestSyntax) ** Root level tag for the VersioningConfiguration parameters. Required: Yes ** [MFADelete](#API_PutBucketVersioning_RequestSyntax) ** Specifies whether MFA delete is enabled in the bucket versioning configuration. This element is only returned if the bucket has been configured with MFA delete. If the bucket has never been so configured, this element is not returned. Type: String Valid Values: `Enabled | Disabled` Required: No ** [Status](#API_PutBucketVersioning_RequestSyntax) ** The versioning state of the bucket. Type: String Valid Values: `Enabled | Suspended` Required: No ## Response Syntax ``` HTTP/1.1 200 ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body. ## Examples ### Sample Request The following request enables versioning for the specified bucket. ``` PUT /?versioning HTTP/1.1 Host: bucket.s3..amazonaws.com Date: Wed, 01 Mar 2006 12:00:00 GMT Authorization: authorization string Content-Type: text/plain Content-Length: 124 Enabled ``` ### Sample Response This example illustrates one usage of PutBucketVersioning. ``` HTTP/1.1 200 OK x-amz-id-2: YgIPIfBiKa2bj0KMg95r/0zo3emzU4dzsD4rcKCHQUAdQkf3ShJTOOpXUueF6QKo x-amz-request-id: 236A8905248E5A01 Date: Wed, 01 Mar 2006 12:00:00 GMT3 ``` ### Sample Request The following request suspends versioning for the specified bucket. ``` PUT /?versioning HTTP/1.1 Host: bucket.s3..amazonaws.com Date: Wed, 12 Oct 2009 17:50:00 GMT Authorization: authorization string Content-Type: text/plain Content-Length: 124 Suspended ``` ### Sample Response This example illustrates one usage of PutBucketVersioning. ``` HTTP/1.1 200 OK x-amz-id-2: YgIPIfBiKa2bj0KMg95r/0zo3emzU4dzsD4rcKCHQUAdQkf3ShJTOOpXUueF6QKo x-amz-request-id: 236A8905248E5A01 Date: Wed, 01 Mar 2006 12:00:00 GMT ``` ### Sample Request The following request enables versioning and MFA Delete on a bucket. Note the space between `[SerialNumber]` and `[TokenCode]` and that you must include `Status` whenever you use `MfaDelete`. ``` PUT /?versioning HTTP/1.1 Host: bucket.s3..amazonaws.com Date: Wed, 12 Oct 2009 17:50:00 GMT x-amz-mfa:[SerialNumber] [TokenCode] Authorization: authorization string Content-Type: text/plain Content-Length: 124 Enabled Enabled ``` ### Sample Response This example illustrates one usage of PutBucketVersioning. ``` HTTPS/1.1 200 OK x-amz-id-2: YgIPIfBiKa2bj0KMg95r/0zo3emzU4dzsD4rcKCHQUAdQkf3ShJTOOpXUueF6QKo x-amz-request-id: 236A8905248E5A01 Date: Wed, 01 Mar 2006 12:00:00 GMT Location: /colorpictures Content-Length: 0 Connection: close Server: AmazonS3 ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/PutBucketVersioning) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/PutBucketVersioning) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/PutBucketVersioning) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/PutBucketVersioning) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/PutBucketVersioning) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/PutBucketVersioning) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/PutBucketVersioning) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/PutBucketVersioning) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/PutBucketVersioning) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/PutBucketVersioning) # PutBucketWebsite **Note** This operation is not supported for directory buckets. Sets the configuration of the website that is specified in the `website` subresource. To configure a bucket as a website, you can add this subresource on the bucket with website configuration information such as the file name of the index document and any redirect rules. For more information, see [Hosting Websites on Amazon S3](https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html). This PUT action requires the `S3:PutBucketWebsite` permission. By default, only the bucket owner can configure the website attached to a bucket; however, bucket owners can allow other users to set the website configuration by writing a bucket policy that grants them the `S3:PutBucketWebsite` permission. To redirect all website requests sent to the bucket's website endpoint, you add a website configuration with the following elements. Because all requests are sent to another website, you don't need to provide index document name for the bucket. + `WebsiteConfiguration` + `RedirectAllRequestsTo` + `HostName` + `Protocol` If you want granular control over redirects, you can use the following elements to add routing rules that describe conditions for redirecting requests and information about the redirect destination. In this case, the website configuration must provide an index document for the bucket, because some requests might not be redirected. + `WebsiteConfiguration` + `IndexDocument` + `Suffix` + `ErrorDocument` + `Key` + `RoutingRules` + `RoutingRule` + `Condition` + `HttpErrorCodeReturnedEquals` + `KeyPrefixEquals` + `Redirect` + `Protocol` + `HostName` + `ReplaceKeyPrefixWith` + `ReplaceKeyWith` + `HttpRedirectCode` Amazon S3 has a limitation of 50 routing rules per website configuration. If you require more than 50 routing rules, you can use object redirect. For more information, see [Configuring an Object Redirect](https://docs.aws.amazon.com/AmazonS3/latest/dev/how-to-page-redirect.html) in the *Amazon S3 User Guide*. The maximum request length is limited to 128 KB. **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` PUT /?website HTTP/1.1 Host: Bucket.s3.amazonaws.com Content-MD5: ContentMD5 x-amz-sdk-checksum-algorithm: ChecksumAlgorithm x-amz-expected-bucket-owner: ExpectedBucketOwner string string string string string string string string string string string ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_PutBucketWebsite_RequestSyntax) ** The bucket name. Required: Yes ** [Content-MD5](#API_PutBucketWebsite_RequestSyntax) ** The Base64 encoded 128-bit `MD5` digest of the data. You must use this header as a message integrity check to verify that the request body was not corrupted in transit. For more information, see [RFC 1864](http://www.ietf.org/rfc/rfc1864.txt). For requests made using the AWS Command Line Interface (CLI) or AWS SDKs, this field is calculated automatically. ** [x-amz-expected-bucket-owner](#API_PutBucketWebsite_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ** [x-amz-sdk-checksum-algorithm](#API_PutBucketWebsite_RequestSyntax) ** Indicates the algorithm used to create the checksum for the request when you use the SDK. This header will not provide any additional functionality if you don't use the SDK. When you send this header, there must be a corresponding `x-amz-checksum` or `x-amz-trailer` header sent. Otherwise, Amazon S3 fails the request with the HTTP status code `400 Bad Request`. For more information, see [Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) in the *Amazon S3 User Guide*. If you provide an individual checksum, Amazon S3 ignores any provided `ChecksumAlgorithm` parameter. Valid Values: `CRC32 | CRC32C | SHA1 | SHA256 | CRC64NVME` ## Request Body The request accepts the following data in XML format. ** [WebsiteConfiguration](#API_PutBucketWebsite_RequestSyntax) ** Root level tag for the WebsiteConfiguration parameters. Required: Yes ** [ErrorDocument](#API_PutBucketWebsite_RequestSyntax) ** The name of the error document for the website. Type: [ErrorDocument](API_ErrorDocument.md) data type Required: No ** [IndexDocument](#API_PutBucketWebsite_RequestSyntax) ** The name of the index document for the website. Type: [IndexDocument](API_IndexDocument.md) data type Required: No ** [RedirectAllRequestsTo](#API_PutBucketWebsite_RequestSyntax) ** The redirect behavior for every request to this bucket's website endpoint. If you specify this property, you can't specify any other property. Type: [RedirectAllRequestsTo](API_RedirectAllRequestsTo.md) data type Required: No ** [RoutingRules](#API_PutBucketWebsite_RequestSyntax) ** Rules that define when a redirect is applied and the redirect behavior. Type: Array of [RoutingRule](API_RoutingRule.md) data types Required: No ## Response Syntax ``` HTTP/1.1 200 ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body. ## Examples ### Example 1: Configure bucket as a website (add website configuration) The following request configures a bucket example.com as a website. The configuration in the request specifies index.html as the index document. It also specifies the optional error document, SomeErrorDocument.html. ``` PUT ?website HTTP/1.1 Host: example.com.s3..amazonaws.com Content-Length: 256 Date: Thu, 27 Jan 2011 12:00:00 GMT Authorization: signatureValue index.html SomeErrorDocument.html ``` ### Sample Response This example illustrates one usage of PutBucketWebsite. ``` HTTP/1.1 200 OK x-amz-id-2: YgIPIfBiKa2bj0KMgUAdQkf3ShJTOOpXUueF6QKo x-amz-request-id: 80CD4368BD211111 Date: Thu, 27 Jan 2011 00:00:00 GMT Content-Length: 0 Server: AmazonS3 ``` ### Example 2: Configure bucket as a website but redirect all requests The following request configures a bucket `www.example.com` as a website. However, the configuration specifies that all GET requests for the www.example.com bucket's website endpoint will be redirected to host example.com. This redirect can be useful when you want to serve requests for both `http://www.example.com` and `http://example.com`, but you want to maintain the website content in only one bucket, in this case, `example.com`. ``` PUT ?website HTTP/1.1 Host: www.example.com.s3..amazonaws.com Content-Length: length-value Date: Thu, 27 Jan 2011 12:00:00 GMT Authorization: signatureValue example.com ``` ### Example 3: Configure bucket as a website and specify optional redirection rules Example 1 is the simplest website configuration. It configures a bucket as a website by providing only an index document and an error document. You can further customize the website configuration by adding routing rules that redirect requests for one or more objects. For example, suppose that your bucket contained the following objects: + index.html + docs/article1.html + docs/article2.html If you decided to rename the folder from `docs/` to `documents/`, you would need to redirect requests for prefix `/docs` to `documents/`. For example, a request for docs/article1.html will need to be redirected to documents/article1.html. In this case, you update the website configuration and add a routing rule as shown in the following request. ``` PUT ?website HTTP/1.1 Host: www.example.com.s3..amazonaws.com Content-Length: length-value Date: Thu, 27 Jan 2011 12:00:00 GMT Authorization: signatureValue index.html Error.html docs/ documents/ ``` ### Example 4: Configure a bucket as a website and redirect errors You can use a routing rule to specify a condition that checks for a specific HTTP error code. When a page request results in this error, you can optionally reroute requests. For example, you might route requests to another host and optionally process the error. The routing rule in the following requests redirects requests to an EC2 instance in the event of an HTTP error 404. For illustration, the redirect also inserts an object key prefix `report-404/` in the redirect. For example, if you request a page `ExamplePage.html` and it results in an HTTP 404 error, the request is routed to a page `report-404/testPage.html` on the specified EC2 instance. If there is no routing rule and the HTTP error 404 occurred, then `Error.html` would be returned. ``` PUT ?website HTTP/1.1 Host: www.example.com.s3..amazonaws.com Content-Length: 580 Date: Thu, 27 Jan 2011 12:00:00 GMT Authorization: signatureValue index.html Error.html 404 ec2-11-22-333-44.compute-1.amazonaws.com report-404/ ``` ### Example 5: Configure a bucket as a website and redirect folder requests to a page Suppose you have the following pages in your bucket: + images/photo1.jpg + images/photo2.jpg + images/photo3.jpg Now you want to route requests for all pages with the images/ prefix to go to a single page, errorpage.html. You can add a website configuration to your bucket with the routing rule shown in the following request. ``` PUT ?website HTTP/1.1 Host: www.example.com.s3..amazonaws.com Content-Length: 481 Date: Thu, 27 Jan 2011 12:00:00 GMT Authorization: signatureValue index.html Error.html images/ errorpage.html ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/PutBucketWebsite) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/PutBucketWebsite) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/PutBucketWebsite) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/PutBucketWebsite) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/PutBucketWebsite) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/PutBucketWebsite) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/PutBucketWebsite) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/PutBucketWebsite) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/PutBucketWebsite) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/PutBucketWebsite) # PutObject **Important** End of support notice: As of October 1, 2025, Amazon S3 has discontinued support for Email Grantee Access Control Lists (ACLs). If you attempt to use an Email Grantee ACL in a request after October 1, 2025, the request will receive an `HTTP 405` (Method Not Allowed) error. This change affects the following AWS Regions: US East (N. Virginia), US West (N. California), US West (Oregon), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Europe (Ireland), and South America (São Paulo). Adds an object to a bucket. **Note** Amazon S3 never adds partial objects; if you receive a success response, Amazon S3 added the entire object to the bucket. You cannot use `PutObject` to only update a single piece of metadata for an existing object. You must put the entire object with updated metadata if you want to update some values. If your bucket uses the bucket owner enforced setting for Object Ownership, ACLs are disabled and no longer affect permissions. All objects written to the bucket by any account will be owned by the bucket owner. **Directory buckets** - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format `https://amzn-s3-demo-bucket.s3express-zone-id.region-code.amazonaws.com/key-name `. Path-style requests are not supported. For more information about endpoints in Availability Zones, see [Regional and Zonal endpoints for directory buckets in Availability Zones](https://docs.aws.amazon.com/AmazonS3/latest/userguide/endpoint-directory-buckets-AZ.html) in the *Amazon S3 User Guide*. For more information about endpoints in Local Zones, see [Concepts for directory buckets in Local Zones](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-lzs-for-directory-buckets.html) in the *Amazon S3 User Guide*. Amazon S3 is a distributed system. If it receives multiple write requests for the same object simultaneously, it overwrites all but the last object written. However, Amazon S3 provides features that can modify this behavior: + **S3 Object Lock** - To prevent objects from being deleted or overwritten, you can use [Amazon S3 Object Lock](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock.html) in the *Amazon S3 User Guide*. **Note** This functionality is not supported for directory buckets. + **If-None-Match** - Uploads the object only if the object key name does not already exist in the specified bucket. Otherwise, Amazon S3 returns a `412 Precondition Failed` error. If a conflicting operation occurs during the upload, S3 returns a `409 ConditionalRequestConflict` response. On a 409 failure, retry the upload. Expects the \$1 character (asterisk). For more information, see [Add preconditions to S3 operations with conditional requests](https://docs.aws.amazon.com/AmazonS3/latest/userguide/conditional-requests.html) in the *Amazon S3 User Guide* or [RFC 7232](https://datatracker.ietf.org/doc/rfc7232/). **Note** This functionality is not supported for S3 on Outposts. + **S3 Versioning** - When you enable versioning for a bucket, if Amazon S3 receives multiple write requests for the same object simultaneously, it stores all versions of the objects. For each write request that is made to the same object, Amazon S3 automatically generates a unique version ID of that object being stored in Amazon S3. You can retrieve, replace, or delete any version of the object. For more information about versioning, see [Adding Objects to Versioning-Enabled Buckets](https://docs.aws.amazon.com/AmazonS3/latest/dev/AddingObjectstoVersioningEnabledBuckets.html) in the *Amazon S3 User Guide*. For information about returning the versioning state of a bucket, see [GetBucketVersioning](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketVersioning.html). **Note** This functionality is not supported for directory buckets. Permissions + **General purpose bucket permissions** - The following permissions are required in your policies when your `PutObject` request includes specific headers. + ** `s3:PutObject` ** - To successfully complete the `PutObject` request, you must always have the `s3:PutObject` permission on a bucket to add an object to it. + ** `s3:PutObjectAcl` ** - To successfully change the objects ACL of your `PutObject` request, you must have the `s3:PutObjectAcl`. + ** `s3:PutObjectTagging` ** - To successfully set the tag-set with your `PutObject` request, you must have the `s3:PutObjectTagging`. + **Directory bucket permissions** - To grant access to this API operation on a directory bucket, we recommend that you use the [https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) API operation for session-based authorization. Specifically, you grant the `s3express:CreateSession` permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the `CreateSession` API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another `CreateSession` API call to generate a new session token for use. AWS CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see [https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). If the object is encrypted with SSE-KMS, you must also have the `kms:GenerateDataKey` and `kms:Decrypt` permissions in IAM identity-based policies and AWS KMS key policies for the AWS KMS key. Data integrity with Content-MD5 + **General purpose bucket** - To ensure that data is not corrupted traversing the network, use the `Content-MD5` header. When you use this header, Amazon S3 checks the object against the provided MD5 value and, if they do not match, Amazon S3 returns an error. Alternatively, when the object's ETag is its MD5 digest, you can calculate the MD5 while putting the object to Amazon S3 and compare the returned ETag to the calculated MD5 value. + **Directory bucket** - This functionality is not supported for directory buckets. HTTP Host header syntax **Directory buckets ** - The HTTP Host header syntax is ` Bucket-name.s3express-zone-id.region-code.amazonaws.com`. Errors + You might receive an `InvalidRequest` error for several reasons. Depending on the reason for the error, you might receive one of the following messages: + Cannot specify both a write offset value and user-defined object metadata for existing objects. + Checksum Type mismatch occurred, expected checksum Type: sha1, actual checksum Type: crc32c. + Request body cannot be empty when 'write offset' is specified. For more information about related Amazon S3 APIs, see the following: + [CopyObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html) + [DeleteObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` PUT /Key+ HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-acl: ACL Cache-Control: CacheControl Content-Disposition: ContentDisposition Content-Encoding: ContentEncoding Content-Language: ContentLanguage Content-Length: ContentLength Content-MD5: ContentMD5 Content-Type: ContentType x-amz-sdk-checksum-algorithm: ChecksumAlgorithm x-amz-checksum-crc32: ChecksumCRC32 x-amz-checksum-crc32c: ChecksumCRC32C x-amz-checksum-crc64nvme: ChecksumCRC64NVME x-amz-checksum-sha1: ChecksumSHA1 x-amz-checksum-sha256: ChecksumSHA256 Expires: Expires If-Match: IfMatch If-None-Match: IfNoneMatch x-amz-grant-full-control: GrantFullControl x-amz-grant-read: GrantRead x-amz-grant-read-acp: GrantReadACP x-amz-grant-write-acp: GrantWriteACP x-amz-write-offset-bytes: WriteOffsetBytes x-amz-server-side-encryption: ServerSideEncryption x-amz-storage-class: StorageClass x-amz-website-redirect-location: WebsiteRedirectLocation x-amz-server-side-encryption-customer-algorithm: SSECustomerAlgorithm x-amz-server-side-encryption-customer-key: SSECustomerKey x-amz-server-side-encryption-customer-key-MD5: SSECustomerKeyMD5 x-amz-server-side-encryption-aws-kms-key-id: SSEKMSKeyId x-amz-server-side-encryption-context: SSEKMSEncryptionContext x-amz-server-side-encryption-bucket-key-enabled: BucketKeyEnabled x-amz-request-payer: RequestPayer x-amz-tagging: Tagging x-amz-object-lock-mode: ObjectLockMode x-amz-object-lock-retain-until-date: ObjectLockRetainUntilDate x-amz-object-lock-legal-hold: ObjectLockLegalHoldStatus x-amz-expected-bucket-owner: ExpectedBucketOwner Body ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_PutObject_RequestSyntax) ** The bucket name to which the PUT action was initiated. **Directory buckets** - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format ` Bucket-name.s3express-zone-id.region-code.amazonaws.com`. Path-style requests are not supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must follow the format ` bucket-base-name--zone-id--x-s3` (for example, ` amzn-s3-demo-bucket--usw2-az1--x-s3`). For information about bucket naming restrictions, see [Directory bucket naming rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) in the *Amazon S3 User Guide*. **Access points** - When you use this action with an access point for general purpose buckets, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When you use this action with an access point for directory buckets, you must provide the access point name in place of the bucket name. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com. When using this action with an access point through the AWS SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see [Using access points](https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) in the *Amazon S3 User Guide*. Object Lambda access points are not supported by directory buckets. **S3 on Outposts** - When you use this action with S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form ` AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com`. When you use this action with S3 on Outposts, the destination bucket must be the Outposts access point ARN or the access point alias. For more information about S3 on Outposts, see [What is S3 on Outposts?](https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) in the *Amazon S3 User Guide*. Required: Yes ** [Cache-Control](#API_PutObject_RequestSyntax) ** Can be used to specify caching behavior along the request/reply chain. For more information, see [http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html\$1sec14.9](http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9). ** [Content-Disposition](#API_PutObject_RequestSyntax) ** Specifies presentational information for the object. For more information, see [https://www.rfc-editor.org/rfc/rfc6266\$1section-4](https://www.rfc-editor.org/rfc/rfc6266#section-4). ** [Content-Encoding](#API_PutObject_RequestSyntax) ** Specifies what content encodings have been applied to the object and thus what decoding mechanisms must be applied to obtain the media-type referenced by the Content-Type header field. For more information, see [https://www.rfc-editor.org/rfc/rfc9110.html\$1field.content-encoding](https://www.rfc-editor.org/rfc/rfc9110.html#field.content-encoding). ** [Content-Language](#API_PutObject_RequestSyntax) ** The language the content is in. ** [Content-Length](#API_PutObject_RequestSyntax) ** Size of the body in bytes. This parameter is useful when the size of the body cannot be determined automatically. For more information, see [https://www.rfc-editor.org/rfc/rfc9110.html\$1name-content-length](https://www.rfc-editor.org/rfc/rfc9110.html#name-content-length). ** [Content-MD5](#API_PutObject_RequestSyntax) ** The Base64 encoded 128-bit `MD5` digest of the message (without the headers) according to RFC 1864. This header can be used as a message integrity check to verify that the data is the same data that was originally sent. Although it is optional, we recommend using the Content-MD5 mechanism as an end-to-end integrity check. For more information about REST request authentication, see [REST Authentication](https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html). The `Content-MD5` or `x-amz-sdk-checksum-algorithm` header is required for any request to upload an object with a retention period configured using Amazon S3 Object Lock. For more information, see [Uploading objects to an Object Lock enabled bucket ](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-managing.html#object-lock-put-object) in the *Amazon S3 User Guide*. This functionality is not supported for directory buckets. ** [Content-Type](#API_PutObject_RequestSyntax) ** A standard MIME type describing the format of the contents. For more information, see [https://www.rfc-editor.org/rfc/rfc9110.html\$1name-content-type](https://www.rfc-editor.org/rfc/rfc9110.html#name-content-type). ** [Expires](#API_PutObject_RequestSyntax) ** The date and time at which the object is no longer cacheable. For more information, see [https://www.rfc-editor.org/rfc/rfc7234\$1section-5.3](https://www.rfc-editor.org/rfc/rfc7234#section-5.3). ** [If-Match](#API_PutObject_RequestSyntax) ** Uploads the object only if the ETag (entity tag) value provided during the WRITE operation matches the ETag of the object in S3. If the ETag values do not match, the operation returns a `412 Precondition Failed` error. If a conflicting operation occurs during the upload S3 returns a `409 ConditionalRequestConflict` response. On a 409 failure you should fetch the object's ETag and retry the upload. Expects the ETag value as a string. For more information about conditional requests, see [RFC 7232](https://tools.ietf.org/html/rfc7232), or [Conditional requests](https://docs.aws.amazon.com/AmazonS3/latest/userguide/conditional-requests.html) in the *Amazon S3 User Guide*. ** [If-None-Match](#API_PutObject_RequestSyntax) ** Uploads the object only if the object key name does not already exist in the bucket specified. Otherwise, Amazon S3 returns a `412 Precondition Failed` error. If a conflicting operation occurs during the upload S3 returns a `409 ConditionalRequestConflict` response. On a 409 failure you should retry the upload. Expects the '\$1' (asterisk) character. For more information about conditional requests, see [RFC 7232](https://tools.ietf.org/html/rfc7232), or [Conditional requests](https://docs.aws.amazon.com/AmazonS3/latest/userguide/conditional-requests.html) in the *Amazon S3 User Guide*. ** [Key](#API_PutObject_RequestSyntax) ** Object key for which the PUT action was initiated. Length Constraints: Minimum length of 1. Required: Yes ** [x-amz-acl](#API_PutObject_RequestSyntax) ** The canned ACL to apply to the object. For more information, see [Canned ACL](https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL) in the *Amazon S3 User Guide*. When adding a new object, you can use headers to grant ACL-based permissions to individual AWS accounts or to predefined groups defined by Amazon S3. These permissions are then added to the ACL on the object. By default, all objects are private. Only the owner has full access control. For more information, see [Access Control List (ACL) Overview](https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html) and [Managing ACLs Using the REST API](https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-using-rest-api.html) in the *Amazon S3 User Guide*. If the bucket that you're uploading objects to uses the bucket owner enforced setting for S3 Object Ownership, ACLs are disabled and no longer affect permissions. Buckets that use this setting only accept PUT requests that don't specify an ACL or PUT requests that specify bucket owner full control ACLs, such as the `bucket-owner-full-control` canned ACL or an equivalent form of this ACL expressed in the XML format. PUT requests that contain other ACLs (for example, custom grants to certain AWS accounts) fail and return a `400` error with the error code `AccessControlListNotSupported`. For more information, see [ Controlling ownership of objects and disabling ACLs](https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html) in the *Amazon S3 User Guide*. + This functionality is not supported for directory buckets. + This functionality is not supported for Amazon S3 on Outposts. Valid Values: `private | public-read | public-read-write | authenticated-read | aws-exec-read | bucket-owner-read | bucket-owner-full-control` ** [x-amz-checksum-crc32](#API_PutObject_RequestSyntax) ** This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This header specifies the Base64 encoded, 32-bit `CRC32` checksum of the object. For more information, see [Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) in the *Amazon S3 User Guide*. ** [x-amz-checksum-crc32c](#API_PutObject_RequestSyntax) ** This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This header specifies the Base64 encoded, 32-bit `CRC32C` checksum of the object. For more information, see [Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) in the *Amazon S3 User Guide*. ** [x-amz-checksum-crc64nvme](#API_PutObject_RequestSyntax) ** This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This header specifies the Base64 encoded, 64-bit `CRC64NVME` checksum of the object. The `CRC64NVME` checksum is always a full object checksum. For more information, see [Checking object integrity in the Amazon S3 User Guide](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html). ** [x-amz-checksum-sha1](#API_PutObject_RequestSyntax) ** This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This header specifies the Base64 encoded, 160-bit `SHA1` digest of the object. For more information, see [Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) in the *Amazon S3 User Guide*. ** [x-amz-checksum-sha256](#API_PutObject_RequestSyntax) ** This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This header specifies the Base64 encoded, 256-bit `SHA256` digest of the object. For more information, see [Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) in the *Amazon S3 User Guide*. ** [x-amz-expected-bucket-owner](#API_PutObject_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ** [x-amz-grant-full-control](#API_PutObject_RequestSyntax) ** Gives the grantee READ, READ\$1ACP, and WRITE\$1ACP permissions on the object. + This functionality is not supported for directory buckets. + This functionality is not supported for Amazon S3 on Outposts. ** [x-amz-grant-read](#API_PutObject_RequestSyntax) ** Allows grantee to read the object data and its metadata. + This functionality is not supported for directory buckets. + This functionality is not supported for Amazon S3 on Outposts. ** [x-amz-grant-read-acp](#API_PutObject_RequestSyntax) ** Allows grantee to read the object ACL. + This functionality is not supported for directory buckets. + This functionality is not supported for Amazon S3 on Outposts. ** [x-amz-grant-write-acp](#API_PutObject_RequestSyntax) ** Allows grantee to write the ACL for the applicable object. + This functionality is not supported for directory buckets. + This functionality is not supported for Amazon S3 on Outposts. ** [x-amz-object-lock-legal-hold](#API_PutObject_RequestSyntax) ** Specifies whether a legal hold will be applied to this object. For more information about S3 Object Lock, see [Object Lock](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html) in the *Amazon S3 User Guide*. This functionality is not supported for directory buckets. Valid Values: `ON | OFF` ** [x-amz-object-lock-mode](#API_PutObject_RequestSyntax) ** The Object Lock mode that you want to apply to this object. This functionality is not supported for directory buckets. Valid Values: `GOVERNANCE | COMPLIANCE` ** [x-amz-object-lock-retain-until-date](#API_PutObject_RequestSyntax) ** The date and time when you want this object's Object Lock to expire. Must be formatted as a timestamp parameter. This functionality is not supported for directory buckets. ** [x-amz-request-payer](#API_PutObject_RequestSyntax) ** Confirms that the requester knows that they will be charged for the request. Bucket owners need not specify this parameter in their requests. If either the source or destination S3 bucket has Requester Pays enabled, the requester will pay for the corresponding charges. For information about downloading objects from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets](https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) in the *Amazon S3 User Guide*. This functionality is not supported for directory buckets. Valid Values: `requester` ** [x-amz-sdk-checksum-algorithm](#API_PutObject_RequestSyntax) ** Indicates the algorithm used to create the checksum for the object when you use the SDK. This header will not provide any additional functionality if you don't use the SDK. When you send this header, there must be a corresponding `x-amz-checksum-algorithm ` or `x-amz-trailer` header sent. Otherwise, Amazon S3 fails the request with the HTTP status code `400 Bad Request`. For the `x-amz-checksum-algorithm ` header, replace ` algorithm ` with the supported algorithm from the following list: + `CRC32` + `CRC32C` + `CRC64NVME` + `SHA1` + `SHA256` For more information, see [Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) in the *Amazon S3 User Guide*. If the individual checksum value you provide through `x-amz-checksum-algorithm ` doesn't match the checksum algorithm you set through `x-amz-sdk-checksum-algorithm`, Amazon S3 fails the request with a `BadDigest` error. The `Content-MD5` or `x-amz-sdk-checksum-algorithm` header is required for any request to upload an object with a retention period configured using Amazon S3 Object Lock. For more information, see [Uploading objects to an Object Lock enabled bucket ](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-managing.html#object-lock-put-object) in the *Amazon S3 User Guide*. For directory buckets, when you use AWS SDKs, `CRC32` is the default checksum algorithm that's used for performance. Valid Values: `CRC32 | CRC32C | SHA1 | SHA256 | CRC64NVME` ** [x-amz-server-side-encryption](#API_PutObject_RequestSyntax) ** The server-side encryption algorithm that was used when you store this object in Amazon S3 or Amazon FSx. + **General purpose buckets ** - You have four mutually exclusive options to protect data using server-side encryption in Amazon S3, depending on how you choose to manage the encryption keys. Specifically, the encryption key options are Amazon S3 managed keys (SSE-S3), AWS KMS keys (SSE-KMS or DSSE-KMS), and customer-provided keys (SSE-C). Amazon S3 encrypts data with server-side encryption by using Amazon S3 managed keys (SSE-S3) by default. You can optionally tell Amazon S3 to encrypt data at rest by using server-side encryption with other key options. For more information, see [Using Server-Side Encryption](https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html) in the *Amazon S3 User Guide*. + **Directory buckets ** - For directory buckets, there are only two supported options for server-side encryption: server-side encryption with Amazon S3 managed keys (SSE-S3) (`AES256`) and server-side encryption with AWS KMS keys (SSE-KMS) (`aws:kms`). We recommend that the bucket's default encryption uses the desired encryption configuration and you don't override the bucket default encryption in your `CreateSession` requests or `PUT` object requests. Then, new objects are automatically encrypted with the desired encryption settings. For more information, see [Protecting data with server-side encryption](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-serv-side-encryption.html) in the *Amazon S3 User Guide*. For more information about the encryption overriding behaviors in directory buckets, see [Specifying server-side encryption with AWS KMS for new object uploads](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-specifying-kms-encryption.html). In the Zonal endpoint API calls (except [CopyObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html) and [UploadPartCopy](https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html)) using the REST API, the encryption request headers must match the encryption settings that are specified in the `CreateSession` request. You can't override the values of the encryption settings (`x-amz-server-side-encryption`, `x-amz-server-side-encryption-aws-kms-key-id`, `x-amz-server-side-encryption-context`, and `x-amz-server-side-encryption-bucket-key-enabled`) that are specified in the `CreateSession` request. You don't need to explicitly specify these encryption settings values in Zonal endpoint API calls, and Amazon S3 will use the encryption settings values from the `CreateSession` request to protect new objects in the directory bucket. **Note** When you use the CLI or the AWS SDKs, for `CreateSession`, the session token refreshes automatically to avoid service interruptions when a session expires. The CLI or the AWS SDKs use the bucket's default encryption configuration for the `CreateSession` request. It's not supported to override the encryption settings values in the `CreateSession` request. So in the Zonal endpoint API calls (except [CopyObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html) and [UploadPartCopy](https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html)), the encryption request headers must match the default encryption configuration of the directory bucket. + **S3 access points for Amazon FSx ** - When accessing data stored in Amazon FSx file systems using S3 access points, the only valid server side encryption option is `aws:fsx`. All Amazon FSx file systems have encryption configured by default and are encrypted at rest. Data is automatically encrypted before being written to the file system, and automatically decrypted as it is read. These processes are handled transparently by Amazon FSx. Valid Values: `AES256 | aws:fsx | aws:kms | aws:kms:dsse` ** [x-amz-server-side-encryption-aws-kms-key-id](#API_PutObject_RequestSyntax) ** Specifies the AWS KMS key ID (Key ID, Key ARN, or Key Alias) to use for object encryption. If the KMS key doesn't exist in the same account that's issuing the command, you must use the full Key ARN not the Key ID. **General purpose buckets** - If you specify `x-amz-server-side-encryption` with `aws:kms` or `aws:kms:dsse`, this header specifies the ID (Key ID, Key ARN, or Key Alias) of the AWS KMS key to use. If you specify `x-amz-server-side-encryption:aws:kms` or `x-amz-server-side-encryption:aws:kms:dsse`, but do not provide `x-amz-server-side-encryption-aws-kms-key-id`, Amazon S3 uses the AWS managed key (`aws/s3`) to protect the data. **Directory buckets** - To encrypt data using SSE-KMS, it's recommended to specify the `x-amz-server-side-encryption` header to `aws:kms`. Then, the `x-amz-server-side-encryption-aws-kms-key-id` header implicitly uses the bucket's default KMS customer managed key ID. If you want to explicitly set the ` x-amz-server-side-encryption-aws-kms-key-id` header, it must match the bucket's default customer managed key (using key ID or ARN, not alias). Your SSE-KMS configuration can only support 1 [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) per directory bucket's lifetime. The [AWS managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk) (`aws/s3`) isn't supported. Incorrect key specification results in an HTTP `400 Bad Request` error. ** [x-amz-server-side-encryption-bucket-key-enabled](#API_PutObject_RequestSyntax) ** Specifies whether Amazon S3 should use an S3 Bucket Key for object encryption with server-side encryption using AWS Key Management Service (AWS KMS) keys (SSE-KMS). **General purpose buckets** - Setting this header to `true` causes Amazon S3 to use an S3 Bucket Key for object encryption with SSE-KMS. Also, specifying this header with a PUT action doesn't affect bucket-level settings for S3 Bucket Key. **Directory buckets** - S3 Bucket Keys are always enabled for `GET` and `PUT` operations in a directory bucket and can’t be disabled. S3 Bucket Keys aren't supported, when you copy SSE-KMS encrypted objects from general purpose buckets to directory buckets, from directory buckets to general purpose buckets, or between directory buckets, through [CopyObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html), [UploadPartCopy](https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html), [the Copy operation in Batch Operations](https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-objects-Batch-Ops), or [the import jobs](https://docs.aws.amazon.com/AmazonS3/latest/userguide/create-import-job). In this case, Amazon S3 makes a call to AWS KMS every time a copy request is made for a KMS-encrypted object. ** [x-amz-server-side-encryption-context](#API_PutObject_RequestSyntax) ** Specifies the AWS KMS Encryption Context as an additional encryption context to use for object encryption. The value of this header is a Base64 encoded string of a UTF-8 encoded JSON, which contains the encryption context as key-value pairs. This value is stored as object metadata and automatically gets passed on to AWS KMS for future `GetObject` operations on this object. **General purpose buckets** - This value must be explicitly added during `CopyObject` operations if you want an additional encryption context for your object. For more information, see [Encryption context](https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html#encryption-context) in the *Amazon S3 User Guide*. **Directory buckets** - You can optionally provide an explicit encryption context value. The value must match the default encryption context - the bucket Amazon Resource Name (ARN). An additional encryption context value is not supported. ** [x-amz-server-side-encryption-customer-algorithm](#API_PutObject_RequestSyntax) ** Specifies the algorithm to use when encrypting the object (for example, `AES256`). This functionality is not supported for directory buckets. ** [x-amz-server-side-encryption-customer-key](#API_PutObject_RequestSyntax) ** Specifies the customer-provided encryption key for Amazon S3 to use in encrypting data. This value is used to store the object and then it is discarded; Amazon S3 does not store the encryption key. The key must be appropriate for use with the algorithm specified in the `x-amz-server-side-encryption-customer-algorithm` header. This functionality is not supported for directory buckets. ** [x-amz-server-side-encryption-customer-key-MD5](#API_PutObject_RequestSyntax) ** Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. Amazon S3 uses this header for a message integrity check to ensure that the encryption key was transmitted without error. This functionality is not supported for directory buckets. ** [x-amz-storage-class](#API_PutObject_RequestSyntax) ** By default, Amazon S3 uses the STANDARD Storage Class to store newly created objects. The STANDARD storage class provides high durability and high availability. Depending on performance needs, you can specify a different Storage Class. For more information, see [Storage Classes](https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html) in the *Amazon S3 User Guide*. + Directory buckets only support `EXPRESS_ONEZONE` (the S3 Express One Zone storage class) in Availability Zones and `ONEZONE_IA` (the S3 One Zone-Infrequent Access storage class) in Dedicated Local Zones. + Amazon S3 on Outposts only uses the OUTPOSTS Storage Class. Valid Values: `STANDARD | REDUCED_REDUNDANCY | STANDARD_IA | ONEZONE_IA | INTELLIGENT_TIERING | GLACIER | DEEP_ARCHIVE | OUTPOSTS | GLACIER_IR | SNOW | EXPRESS_ONEZONE | FSX_OPENZFS | FSX_ONTAP` ** [x-amz-tagging](#API_PutObject_RequestSyntax) ** The tag-set for the object. The tag-set must be encoded as URL Query parameters. (For example, "Key1=Value1") This functionality is not supported for directory buckets. ** [x-amz-website-redirect-location](#API_PutObject_RequestSyntax) ** If the bucket is configured as a website, redirects requests for this object to another object in the same bucket or to an external URL. Amazon S3 stores the value of this header in the object metadata. For information about object metadata, see [Object Key and Metadata](https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html) in the *Amazon S3 User Guide*. In the following example, the request header sets the redirect to an object (anotherPage.html) in the same bucket: `x-amz-website-redirect-location: /anotherPage.html` In the following example, the request header sets the object redirect to another website: `x-amz-website-redirect-location: http://www.example.com/` For more information about website hosting in Amazon S3, see [Hosting Websites on Amazon S3](https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html) and [How to Configure Website Page Redirects](https://docs.aws.amazon.com/AmazonS3/latest/dev/how-to-page-redirect.html) in the *Amazon S3 User Guide*. This functionality is not supported for directory buckets. ** [x-amz-write-offset-bytes](#API_PutObject_RequestSyntax) ** Specifies the offset for appending data to existing objects in bytes. The offset must be equal to the size of the existing object being appended to. If no object exists, setting this header to 0 will create a new object. This functionality is only supported for objects in the Amazon S3 Express One Zone storage class in directory buckets. ## Request Body The request accepts the following binary data. ** [Body](#API_PutObject_RequestSyntax) ** ## Response Syntax ``` HTTP/1.1 200 x-amz-expiration: Expiration ETag: ETag x-amz-checksum-crc32: ChecksumCRC32 x-amz-checksum-crc32c: ChecksumCRC32C x-amz-checksum-crc64nvme: ChecksumCRC64NVME x-amz-checksum-sha1: ChecksumSHA1 x-amz-checksum-sha256: ChecksumSHA256 x-amz-checksum-type: ChecksumType x-amz-server-side-encryption: ServerSideEncryption x-amz-version-id: VersionId x-amz-server-side-encryption-customer-algorithm: SSECustomerAlgorithm x-amz-server-side-encryption-customer-key-MD5: SSECustomerKeyMD5 x-amz-server-side-encryption-aws-kms-key-id: SSEKMSKeyId x-amz-server-side-encryption-context: SSEKMSEncryptionContext x-amz-server-side-encryption-bucket-key-enabled: BucketKeyEnabled x-amz-object-size: Size x-amz-request-charged: RequestCharged ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response. The response returns the following HTTP headers. ** [ETag](#API_PutObject_ResponseSyntax) ** Entity tag for the uploaded object. **General purpose buckets ** - To ensure that data is not corrupted traversing the network, for objects where the ETag is the MD5 digest of the object, you can calculate the MD5 while putting an object to Amazon S3 and compare the returned ETag to the calculated MD5 value. **Directory buckets ** - The ETag for the object in a directory bucket isn't the MD5 digest of the object. ** [x-amz-checksum-crc32](#API_PutObject_ResponseSyntax) ** The Base64 encoded, 32-bit `CRC32 checksum` of the object. This checksum is only present if the checksum was uploaded with the object. When you use an API operation on an object that was uploaded using multipart uploads, this value may not be a direct checksum value of the full object. Instead, it's a calculation based on the checksum values of each individual part. For more information about how checksums are calculated with multipart uploads, see [ Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) in the *Amazon S3 User Guide*. ** [x-amz-checksum-crc32c](#API_PutObject_ResponseSyntax) ** The Base64 encoded, 32-bit `CRC32C` checksum of the object. This checksum is only present if the checksum was uploaded with the object. When you use an API operation on an object that was uploaded using multipart uploads, this value may not be a direct checksum value of the full object. Instead, it's a calculation based on the checksum values of each individual part. For more information about how checksums are calculated with multipart uploads, see [ Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) in the *Amazon S3 User Guide*. ** [x-amz-checksum-crc64nvme](#API_PutObject_ResponseSyntax) ** The Base64 encoded, 64-bit `CRC64NVME` checksum of the object. This header is present if the object was uploaded with the `CRC64NVME` checksum algorithm, or if it was uploaded without a checksum (and Amazon S3 added the default checksum, `CRC64NVME`, to the uploaded object). For more information about how checksums are calculated with multipart uploads, see [Checking object integrity in the Amazon S3 User Guide](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html). ** [x-amz-checksum-sha1](#API_PutObject_ResponseSyntax) ** The Base64 encoded, 160-bit `SHA1` digest of the object. This checksum is only present if the checksum was uploaded with the object. When you use the API operation on an object that was uploaded using multipart uploads, this value may not be a direct checksum value of the full object. Instead, it's a calculation based on the checksum values of each individual part. For more information about how checksums are calculated with multipart uploads, see [ Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) in the *Amazon S3 User Guide*. ** [x-amz-checksum-sha256](#API_PutObject_ResponseSyntax) ** The Base64 encoded, 256-bit `SHA256` digest of the object. This checksum is only present if the checksum was uploaded with the object. When you use an API operation on an object that was uploaded using multipart uploads, this value may not be a direct checksum value of the full object. Instead, it's a calculation based on the checksum values of each individual part. For more information about how checksums are calculated with multipart uploads, see [ Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) in the *Amazon S3 User Guide*. ** [x-amz-checksum-type](#API_PutObject_ResponseSyntax) ** This header specifies the checksum type of the object, which determines how part-level checksums are combined to create an object-level checksum for multipart objects. For `PutObject` uploads, the checksum type is always `FULL_OBJECT`. You can use this header as a data integrity check to verify that the checksum type that is received is the same checksum that was specified. For more information, see [Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) in the *Amazon S3 User Guide*. Valid Values: `COMPOSITE | FULL_OBJECT` ** [x-amz-expiration](#API_PutObject_ResponseSyntax) ** If the expiration is configured for the object (see [PutBucketLifecycleConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html)) in the *Amazon S3 User Guide*, the response includes this header. It includes the `expiry-date` and `rule-id` key-value pairs that provide information about object expiration. The value of the `rule-id` is URL-encoded. Object expiration information is not returned in directory buckets and this header returns the value "`NotImplemented`" in all responses for directory buckets. ** [x-amz-object-size](#API_PutObject_ResponseSyntax) ** The size of the object in bytes. This value is only be present if you append to an object. This functionality is only supported for objects in the Amazon S3 Express One Zone storage class in directory buckets. ** [x-amz-request-charged](#API_PutObject_ResponseSyntax) ** If present, indicates that the requester was successfully charged for the request. For more information, see [Using Requester Pays buckets for storage transfers and usage](https://docs.aws.amazon.com/AmazonS3/latest/userguide/RequesterPaysBuckets.html) in the *Amazon Simple Storage Service user guide*. This functionality is not supported for directory buckets. Valid Values: `requester` ** [x-amz-server-side-encryption](#API_PutObject_ResponseSyntax) ** The server-side encryption algorithm used when you store this object in Amazon S3 or Amazon FSx. When accessing data stored in Amazon FSx file systems using S3 access points, the only valid server side encryption option is `aws:fsx`. Valid Values: `AES256 | aws:fsx | aws:kms | aws:kms:dsse` ** [x-amz-server-side-encryption-aws-kms-key-id](#API_PutObject_ResponseSyntax) ** If present, indicates the ID of the KMS key that was used for object encryption. ** [x-amz-server-side-encryption-bucket-key-enabled](#API_PutObject_ResponseSyntax) ** Indicates whether the uploaded object uses an S3 Bucket Key for server-side encryption with AWS Key Management Service (AWS KMS) keys (SSE-KMS). ** [x-amz-server-side-encryption-context](#API_PutObject_ResponseSyntax) ** If present, indicates the AWS KMS Encryption Context to use for object encryption. The value of this header is a Base64 encoded string of a UTF-8 encoded JSON, which contains the encryption context as key-value pairs. This value is stored as object metadata and automatically gets passed on to AWS KMS for future `GetObject` operations on this object. ** [x-amz-server-side-encryption-customer-algorithm](#API_PutObject_ResponseSyntax) ** If server-side encryption with a customer-provided encryption key was requested, the response will include this header to confirm the encryption algorithm that's used. This functionality is not supported for directory buckets. ** [x-amz-server-side-encryption-customer-key-MD5](#API_PutObject_ResponseSyntax) ** If server-side encryption with a customer-provided encryption key was requested, the response will include this header to provide the round-trip message integrity verification of the customer-provided encryption key. This functionality is not supported for directory buckets. ** [x-amz-version-id](#API_PutObject_ResponseSyntax) ** Version ID of the object. If you enable versioning for a bucket, Amazon S3 automatically generates a unique version ID for the object being stored. Amazon S3 returns this ID in the response. When you enable versioning for a bucket, if Amazon S3 receives multiple write requests for the same object simultaneously, it stores all of the objects. For more information about versioning, see [Adding Objects to Versioning-Enabled Buckets](https://docs.aws.amazon.com/AmazonS3/latest/dev/AddingObjectstoVersioningEnabledBuckets.html) in the *Amazon S3 User Guide*. For information about returning the versioning state of a bucket, see [GetBucketVersioning](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketVersioning.html). This functionality is not supported for directory buckets. ## Errors ** EncryptionTypeMismatch ** The existing object was created with a different encryption type. Subsequent write requests must include the appropriate encryption parameters in the request or while creating the session. HTTP Status Code: 400 ** InvalidRequest ** A parameter or header in your request isn't valid. For details, see the description of this API operation. HTTP Status Code: 400 ** InvalidWriteOffset ** The write offset value that you specified does not match the current object size. HTTP Status Code: 400 ** TooManyParts ** You have attempted to add more parts than the maximum of 10000 that are allowed for this object. You can use the CopyObject operation to copy this object to another and then add more data to the newly copied object. HTTP Status Code: 400 ## Examples ### Example 1 for general purpose buckets: Upload an object The following request stores the `my-image.jpg` file in the `myBucket` bucket. ``` PUT /my-image.jpg HTTP/1.1 Host: myBucket.s3..amazonaws.com Date: Wed, 12 Oct 2009 17:50:00 GMT Authorization: authorization string Content-Type: text/plain Content-Length: 11434 x-amz-meta-author: Janet Expect: 100-continue [11434 bytes of object data] ``` ### Sample Response for general purpose buckets: Versioning suspended This example illustrates one usage of PutObject. ``` HTTP/1.1 100 Continue HTTP/1.1 200 OK x-amz-id-2: LriYPLdmOdAiIfgSm/F1YsViT1LW94/xUQxMsF7xiEb1a0wiIOIxl+zbwZ163pt7 x-amz-request-id: 0A49CE4060975EAC Date: Wed, 12 Oct 2009 17:50:00 GMT ETag: "1b2cf535f27731c974343645a3985328" Content-Length: 0 Connection: close Server: AmazonS3 ``` ### Sample Response for general purpose buckets: Expiration rule created using lifecycle configuration If an expiration rule that was created on the bucket using lifecycle configuration applies to the object, you get a response with an `x-amz-expiration` header, as shown in the following response. For more information, see [Transitioning Objects: General Considerations](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html#lifecycle-transition-general-considerations). ``` HTTP/1.1 100 Continue HTTP/1.1 200 OK x-amz-id-2: LriYPLdmOdAiIfgSm/F1YsViT1LW94/xUQxMsF7xiEb1a0wiIOIxl+zbwZ163pt7 x-amz-request-id: 0A49CE4060975EAC Date: Wed, 12 Oct 2009 17:50:00 GMT x-amz-expiration: expiry-date="Fri, 23 Dec 2012 00:00:00 GMT", rule-id="1" ETag: "1b2cf535f27731c974343645a3985328" Content-Length: 0 Connection: close Server: AmazonS3 ``` ### Sample Response for general purpose buckets: Versioning enabled If the bucket has versioning enabled, the response includes the `x-amz-version-id` header. ``` HTTP/1.1 100 Continue HTTP/1.1 200 OK x-amz-id-2: LriYPLdmOdAiIfgSm/F1YsViT1LW94/xUQxMsF7xiEb1a0wiIOIxl+zbwZ163pt7 x-amz-request-id: 0A49CE4060975EAC x-amz-version-id: 43jfkodU8493jnFJD9fjj3HHNVfdsQUIFDNsidf038jfdsjGFDSIRp Date: Wed, 12 Oct 2009 17:50:00 GMT ETag: "fbacf535f27731c9771645a39863328" Content-Length: 0 Connection: close Server: AmazonS3 ``` ### Example 2 for general purpose buckets: Specifying the Reduced Redundancy Storage Class The following request stores the image, `my-image.jpg`, in the `myBucket` bucket. The request specifies the `x-amz-storage-class` header to request that the object is stored using the REDUCED\$1REDUNDANCY storage class. ``` PUT /my-image.jpg HTTP/1.1 Host: myBucket.s3..amazonaws.com Date: Wed, 12 Oct 2009 17:50:00 GMT Authorization: authorization string Content-Type: image/jpeg Content-Length: 11434 Expect: 100-continue x-amz-storage-class: REDUCED_REDUNDANCY ``` ### Sample Response for general purpose buckets This example illustrates one usage of PutObject. ``` HTTP/1.1 100 Continue HTTP/1.1 200 OK x-amz-id-2: LriYPLdmOdAiIfgSm/F1YsViT1LW94/xUQxMsF7xiEb1a0wiIOIxl+zbwZ163pt7 x-amz-request-id: 0A49CE4060975EAC Date: Wed, 12 Oct 2009 17:50:00 GMT ETag: "1b2cf535f27731c974343645a3985328" Content-Length: 0 Connection: close Server: AmazonS3 ``` ### Example 3 for general purpose buckets: Uploading an object and specifying access permissions explicitly The following request stores the `TestObject.txt` file in the `myBucket` bucket. The request specifies various ACL headers to grant permission to AWS accounts that are specified with a canonical user ID and an email address. ``` PUT TestObject.txt HTTP/1.1 Host: myBucket.s3..amazonaws.com x-amz-date: Fri, 13 Apr 2012 05:40:14 GMT Authorization: authorization string x-amz-grant-write-acp: id=8a6925ce4adf588a4532142d3f74dd8c71fa124ExampleCanonicalUserID x-amz-grant-full-control: emailAddress="ExampleUser@amazon.com" x-amz-grant-write: emailAddress="ExampleUser1@amazon.com", emailAddress="ExampleUser2@amazon.com" Content-Length: 300 Expect: 100-continue Connection: Keep-Alive ...Object data in the body... ``` ### Sample Response for general purpose buckets This example illustrates one usage of PutObject. ``` HTTP/1.1 200 OK x-amz-id-2: RUxG2sZJUfS+ezeAS2i0Xj6w/ST6xqF/8pFNHjTjTrECW56SCAUWGg+7QLVoj1GH x-amz-request-id: 8D017A90827290BA Date: Fri, 13 Apr 2012 05:40:25 GMT ETag: "dd038b344cf9553547f8b395a814b274" Content-Length: 0 Server: AmazonS3 ``` ### Example 4 for general purpose buckets: Using a canned ACL to set access permissions The following request stores the `TestObject.txt` file in the myBucket bucket. The request uses an `x-amz-acl` header to specify a canned ACL that grants READ permission to the public. ``` PUT TestObject.txt HTTP/1.1 Host: myBucket.s3..amazonaws.com x-amz-date: Fri, 13 Apr 2012 05:54:57 GMT x-amz-acl: public-read Authorization: authorization string Content-Length: 300 Expect: 100-continue Connection: Keep-Alive ...Object data in the body... ``` ### Sample Response for general purpose buckets This example illustrates one usage of PutObject. ``` HTTP/1.1 200 OK x-amz-id-2: Yd6PSJxJFQeTYJ/3dDO7miqJfVMXXW0S2Hijo3WFs4bz6oe2QCVXasxXLZdMfASd x-amz-request-id: 80DF413BB3D28A25 Date: Fri, 13 Apr 2012 05:54:59 GMT ETag: "dd038b344cf9553547f8b395a814b274" Content-Length: 0 Server: AmazonS3 ``` ### Example 5 for general purpose buckets: Upload an object (Request server-side encryption using a customer-provided encryption key) This example of an upload object requests server-side encryption and provides an encryption key. **Note** If you have server-side encryption with customer-provided keys (SSE-C) blocked for your general purpose bucket, you will get an HTTP 403 Access Denied error when you specify the SSE-C request headers while writing new data to your bucket. For more information, see [Blocking or unblocking SSE-C for a general purpose bucket](https://docs.aws.amazon.com/AmazonS3/latest/userguide/blocking-unblocking-s3-c-encryption-gpb.html). ``` PUT /example-object HTTP/1.1 Host: example-bucket.s3..amazonaws.com Accept: */* Authorization:authorization string Date: Wed, 28 May 2014 19:31:11 +0000 x-amz-server-side-encryption-customer-key:g0lCfA3Dv40jZz5SQJ1ZukLRFqtI5WorC/8SEEXAMPLE x-amz-server-side-encryption-customer-key-MD5:ZjQrne1X/iTcskbY2example x-amz-server-side-encryption-customer-algorithm:AES256 ``` ### Sample Response for general purpose buckets In the response, Amazon S3 returns the encryption algorithm and MD5 of the encryption key that you specified when uploading the object. The ETag that is returned is not the MD5 of the object. ``` HTTP/1.1 200 OK x-amz-id-2: 7qoYGN7uMuFuYS6m7a4lszH6in+hccE+4DXPmDZ7C9KqucjnZC1gI5mshai6fbMG x-amz-request-id: 06437EDD40C407C7 Date: Wed, 28 May 2014 19:31:12 GMT x-amz-server-side-encryption-customer-algorithm: AES256 x-amz-server-side-encryption-customer-key-MD5: ZjQrne1X/iTcskbY2example ETag: "ae89237c20e759c5f479ece02c642f59" ``` ### Example 6 for general purpose buckets: Upload an object and specify tags This example of an upload object request specifies the optional `x-amz-tagging` header to add tags to the object. After the object is created, Amazon S3 stores the specified object tags in the tagging subresource that is associated with the object. For more information about tagging, see [Object Tagging and Access Control Policies](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-tagging.html#tagging-and-policies) in the *Amazon S3 User Guide*. ``` PUT /example-object HTTP/1.1 Host: example-bucket.s3..amazonaws.com Accept: */* Authorization:authorization string Date: Thu, 22 Sep 2016 21:58:13 GMT x-amz-tagging: tag1=value1&tag2=value2 [... bytes of object data] ``` ### Sample Response for general purpose buckets This example illustrates one usage of PutObject. ``` HTTP/1.1 200 OK x-amz-id-2: 7qoYGN7uMuFuYS6m7a4lszH6in+hccE+4DXPmDZ7C9KqucjnZC1gI5mshai6fbMG x-amz-request-id: 06437EDD40C407C7 Date: Thu, 22 Sep 2016 21:58:17 GMT ``` ### Example 7 for general purpose buckets: Upload an object and specify the checksum algorithm This example of an upload object request specifies the additional checksum algorithm to use to verify the content of the object. For more information about using additional checksums, see [ Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) in the *Amazon S3 User Guide*. ``` PUT /example-object HTTP/1.1 Host: example-bucket.s3..amazonaws.com x-amz-date: Mon, 22 Mar 2021 23:00:00 GMT Authorization: authorization string Content-Length: 268435456 x-amz-checksum-sha256: 0ea4be78f6c3948588172edc6d8789ffe3cec461f385e0ac447e581731c429b5 [268435456 bytes of object data in the body] ``` ### Sample Response for general purpose buckets This example illustrates one usage of PutObject. ``` HTTP/1.1 200 OK x-amz-id-2: 7qoYGN7uMuFuYS6m7a4lszH6in+hccE+4DXPmDZ7C9KqucjnZC1gI5mshai6fbMG x-amz-request-id: 49CFA2051300FBE9 Date: Mon, 22 Mar 2021 23:00:12 GMT ``` ### Example 8 for directory buckets: Upload an object and append to it The following request creates the `my-application.log` file in the `mybucket` bucket, and appends to it afterwards. ``` PUT /my-application.log HTTP/1.1 Host: mybucket--usw2-az1--x-s3 Date: Fri, 22 Nov 2024 17:50:00 GMT Authorization: authorization string Content-Type: text/plain Content-Length: 1048576 [1048576 bytes of object data] PUT /my-application.log HTTP/1.1 Host: mybucket--usw2-az1--x-s3 Date: Fri, 22 Nov 2024 17:50:00 GMT Authorization: authorization string Content-Type: text/plain Content-Length: 524288 x-amz-write-offset-bytes: 1048576 [524288 bytes of object data] ``` ### Sample Response for directory buckets This example illustrates one usage of PutObject. ``` HTTP/1.1 200 OK x-amz-request-id: 06437EDD40C407C7 x-amz-id-2: 7qoYGN7uMuFuYS6m7a4lszH6in+hccE+4DXPmDZ7C9KqucjnZC1gI5mshai6fbMG etag: "ae89237c20e759c5f479ece02c642f59" x-amz-object-size: 1572864 ``` ## Constraints (AI generated) This content was generated using AI technology that has in-depth knowledge of AWS API operations. [Provide feedback on this content.](https://docs-feedback.aws.amazon.com/feedback.jsp?hidden_service_name=S3&topic_url=https://[…]mazon.com/en_us/AmazonS3/latest/API/API_PutObject.html) For Encryption parameters: + You must not pass parameters that don't apply to the type of encryption that you're setting. For example, you cannot pass both `SSECustomerKey`, which is used for server-side encryption with customer-provided keys (SSE-C), and `SSEKMSKeyId`, which is used for server-side encryption with AWS Key Management Service (AWS KMS) keys (SSE-KMS), in the same request. + When using server-side encryption with customer-provided keys (SSE-C), you must pass all three parameters: `SSECustomerAlgorithm`, `SSECustomerKey`, and `SSECustomerKeyMD5`. In addition, the value of `SSECustomerAlgorithm` must be `AES256`. + When using server-side encryption with AWS Key Management Service (AWS KMS) keys (SSE-KMS), you must set the value of `ServerSideEncryption` to `aws:kms`. You can also use `SSEKMSKeyId` to specify the ARN for a specific customer managed KMS encryption key. Additionally, you cannot pass `SSECustomerAlgorithm` when using SSE-KMS. For Object Lock parameters: + Object Lock parameters must be paired. If you specify `ObjectLockMode`, you must also specify `ObjectLockRetainUntilDate`, and vice versa. Either specify both parameters or neither one. For Checksum parameters: + When you specify a particular `ChecksumAlgorithm` value, you can only pass the checksum parameter that corresponds to that algorithm. For example, if you specify the value `CRC32` for `ChecksumAlgorithm`, you must only pass `ChecksumCRC32` for the CRC-32 algorithm. In this case, you cannot pass any of the following parameters, which are specific to the CRC-32C `(CRC32C)`, SHA-1 `(SHA1)`, and SHA-256 `(SHA256)` checksum algorithms respectively: `ChecksumCRC32C`, `ChecksumSHA1`, or `ChecksumSHA256`. ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/PutObject) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/PutObject) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/PutObject) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/PutObject) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/PutObject) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/PutObject) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/PutObject) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/PutObject) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/PutObject) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/PutObject) # PutObjectAcl **Important** End of support notice: As of October 1, 2025, Amazon S3 has discontinued support for Email Grantee Access Control Lists (ACLs). If you attempt to use an Email Grantee ACL in a request after October 1, 2025, the request will receive an `HTTP 405` (Method Not Allowed) error. This change affects the following AWS Regions: US East (N. Virginia), US West (N. California), US West (Oregon), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Europe (Ireland), and South America (São Paulo). **Note** This operation is not supported for directory buckets. Uses the `acl` subresource to set the access control list (ACL) permissions for a new or existing object in an S3 bucket. You must have the `WRITE_ACP` permission to set the ACL of an object. For more information, see [What permissions can I grant?](https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#permissions) in the *Amazon S3 User Guide*. This functionality is not supported for Amazon S3 on Outposts. Depending on your application needs, you can choose to set the ACL on an object using either the request body or the headers. For example, if you have an existing application that updates a bucket ACL using the request body, you can continue to use that approach. For more information, see [Access Control List (ACL) Overview](https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html) in the *Amazon S3 User Guide*. **Important** If your bucket uses the bucket owner enforced setting for S3 Object Ownership, ACLs are disabled and no longer affect permissions. You must use policies to grant access to your bucket and the objects in it. Requests to set ACLs or update ACLs fail and return the `AccessControlListNotSupported` error code. Requests to read ACLs are still supported. For more information, see [Controlling object ownership](https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html) in the *Amazon S3 User Guide*. Permissions You can set access permissions using one of the following methods: + Specify a canned ACL with the `x-amz-acl` request header. Amazon S3 supports a set of predefined ACLs, known as canned ACLs. Each canned ACL has a predefined set of grantees and permissions. Specify the canned ACL name as the value of `x-amz-ac`l. If you use this header, you cannot use other access control-specific headers in your request. For more information, see [Canned ACL](https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL). + Specify access permissions explicitly with the `x-amz-grant-read`, `x-amz-grant-read-acp`, `x-amz-grant-write-acp`, and `x-amz-grant-full-control` headers. When using these headers, you specify explicit access permissions and grantees (AWS accounts or Amazon S3 groups) who will receive the permission. If you use these ACL-specific headers, you cannot use `x-amz-acl` header to set a canned ACL. These parameters map to the set of permissions that Amazon S3 supports in an ACL. For more information, see [Access Control List (ACL) Overview](https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html). You specify each grantee as a type=value pair, where the type is one of the following: + `id` – if the value specified is the canonical user ID of an AWS account + `uri` – if you are granting permissions to a predefined group + `emailAddress` – if the value specified is the email address of an AWS account **Note** Using email addresses to specify a grantee is only supported in the following AWS Regions: US East (N. Virginia) US West (N. California) US West (Oregon) Asia Pacific (Singapore) Asia Pacific (Sydney) Asia Pacific (Tokyo) Europe (Ireland) South America (São Paulo) For a list of all the Amazon S3 supported Regions and endpoints, see [Regions and Endpoints](https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) in the AWS General Reference. For example, the following `x-amz-grant-read` header grants list objects permission to the two AWS accounts identified by their email addresses. `x-amz-grant-read: emailAddress="xyz@amazon.com", emailAddress="abc@amazon.com" ` You can use either a canned ACL or specify access permissions explicitly. You cannot do both. Grantee Values You can specify the person (grantee) to whom you're assigning access rights (using request elements) in the following ways. For examples of how to specify these grantee values in JSON format, see the AWS CLI example in [ Enabling Amazon S3 server access logging](https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-server-access-logging.html) in the *Amazon S3 User Guide*. + By the person's ID: `<>ID<><>GranteesEmail<> ` DisplayName is optional and ignored in the request. + By URI: `<>http://acs.amazonaws.com/groups/global/AuthenticatedUsers<>` + By Email address: `<>Grantees@email.com<>lt;/Grantee>` The grantee is resolved to the CanonicalUser and, in a response to a GET Object acl request, appears as the CanonicalUser. **Note** Using email addresses to specify a grantee is only supported in the following AWS Regions: US East (N. Virginia) US West (N. California) US West (Oregon) Asia Pacific (Singapore) Asia Pacific (Sydney) Asia Pacific (Tokyo) Europe (Ireland) South America (São Paulo) For a list of all the Amazon S3 supported Regions and endpoints, see [Regions and Endpoints](https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) in the AWS General Reference. Versioning The ACL of an object is set at the object version level. By default, PUT sets the ACL of the current version of an object. To set the ACL of a different version, use the `versionId` subresource. The following operations are related to `PutObjectAcl`: + [CopyObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html) + [GetObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` PUT /{Key+}?acl&versionId=VersionId HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-acl: ACL Content-MD5: ContentMD5 x-amz-sdk-checksum-algorithm: ChecksumAlgorithm x-amz-grant-full-control: GrantFullControl x-amz-grant-read: GrantRead x-amz-grant-read-acp: GrantReadACP x-amz-grant-write: GrantWrite x-amz-grant-write-acp: GrantWriteACP x-amz-request-payer: RequestPayer x-amz-expected-bucket-owner: ExpectedBucketOwner string string string string string string string string ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_PutObjectAcl_RequestSyntax) ** The bucket name that contains the object to which you want to attach the ACL. **Access points** - When you use this action with an access point for general purpose buckets, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When you use this action with an access point for directory buckets, you must provide the access point name in place of the bucket name. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com. When using this action with an access point through the AWS SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see [Using access points](https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) in the *Amazon S3 User Guide*. **S3 on Outposts** - When you use this action with S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form ` AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com`. When you use this action with S3 on Outposts, the destination bucket must be the Outposts access point ARN or the access point alias. For more information about S3 on Outposts, see [What is S3 on Outposts?](https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) in the *Amazon S3 User Guide*. Required: Yes ** [Content-MD5](#API_PutObjectAcl_RequestSyntax) ** The Base64 encoded 128-bit `MD5` digest of the data. This header must be used as a message integrity check to verify that the request body was not corrupted in transit. For more information, go to [RFC 1864.>](http://www.ietf.org/rfc/rfc1864.txt) For requests made using the AWS Command Line Interface (CLI) or AWS SDKs, this field is calculated automatically. ** [Key](#API_PutObjectAcl_RequestSyntax) ** Key for which the PUT action was initiated. Length Constraints: Minimum length of 1. Required: Yes ** [versionId](#API_PutObjectAcl_RequestSyntax) ** Version ID used to reference a specific version of the object. This functionality is not supported for directory buckets. ** [x-amz-acl](#API_PutObjectAcl_RequestSyntax) ** The canned ACL to apply to the object. For more information, see [Canned ACL](https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL). Valid Values: `private | public-read | public-read-write | authenticated-read | aws-exec-read | bucket-owner-read | bucket-owner-full-control` ** [x-amz-expected-bucket-owner](#API_PutObjectAcl_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ** [x-amz-grant-full-control](#API_PutObjectAcl_RequestSyntax) ** Allows grantee the read, write, read ACP, and write ACP permissions on the bucket. This functionality is not supported for Amazon S3 on Outposts. ** [x-amz-grant-read](#API_PutObjectAcl_RequestSyntax) ** Allows grantee to list the objects in the bucket. This functionality is not supported for Amazon S3 on Outposts. ** [x-amz-grant-read-acp](#API_PutObjectAcl_RequestSyntax) ** Allows grantee to read the bucket ACL. This functionality is not supported for Amazon S3 on Outposts. ** [x-amz-grant-write](#API_PutObjectAcl_RequestSyntax) ** Allows grantee to create new objects in the bucket. For the bucket and object owners of existing objects, also allows deletions and overwrites of those objects. ** [x-amz-grant-write-acp](#API_PutObjectAcl_RequestSyntax) ** Allows grantee to write the ACL for the applicable bucket. This functionality is not supported for Amazon S3 on Outposts. ** [x-amz-request-payer](#API_PutObjectAcl_RequestSyntax) ** Confirms that the requester knows that they will be charged for the request. Bucket owners need not specify this parameter in their requests. If either the source or destination S3 bucket has Requester Pays enabled, the requester will pay for the corresponding charges. For information about downloading objects from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets](https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) in the *Amazon S3 User Guide*. This functionality is not supported for directory buckets. Valid Values: `requester` ** [x-amz-sdk-checksum-algorithm](#API_PutObjectAcl_RequestSyntax) ** Indicates the algorithm used to create the checksum for the object when you use the SDK. This header will not provide any additional functionality if you don't use the SDK. When you send this header, there must be a corresponding `x-amz-checksum` or `x-amz-trailer` header sent. Otherwise, Amazon S3 fails the request with the HTTP status code `400 Bad Request`. For more information, see [Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) in the *Amazon S3 User Guide*. If you provide an individual checksum, Amazon S3 ignores any provided `ChecksumAlgorithm` parameter. Valid Values: `CRC32 | CRC32C | SHA1 | SHA256 | CRC64NVME` ## Request Body The request accepts the following data in XML format. ** [AccessControlPolicy](#API_PutObjectAcl_RequestSyntax) ** Root level tag for the AccessControlPolicy parameters. Required: Yes ** [Grants](#API_PutObjectAcl_RequestSyntax) ** A list of grants. Type: Array of [Grant](API_Grant.md) data types Required: No ** [Owner](#API_PutObjectAcl_RequestSyntax) ** Container for the bucket owner's display name and ID. Type: [Owner](API_Owner.md) data type Required: No ## Response Syntax ``` HTTP/1.1 200 x-amz-request-charged: RequestCharged ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response. The response returns the following HTTP headers. ** [x-amz-request-charged](#API_PutObjectAcl_ResponseSyntax) ** If present, indicates that the requester was successfully charged for the request. For more information, see [Using Requester Pays buckets for storage transfers and usage](https://docs.aws.amazon.com/AmazonS3/latest/userguide/RequesterPaysBuckets.html) in the *Amazon Simple Storage Service user guide*. This functionality is not supported for directory buckets. Valid Values: `requester` ## Errors ** NoSuchKey ** The specified key does not exist. HTTP Status Code: 404 ## Examples ### Sample Request The following request grants access permission to an existing object. The request specifies the ACL in the body. In addition to granting full control to the object owner, the XML specifies full control to an AWS account identified by its canonical user ID. ``` PUT /my-image.jpg?acl HTTP/1.1 Host: bucket.s3..amazonaws.com Date: Wed, 28 Oct 2009 22:32:00 GMT Authorization: authorization string Content-Length: 124 75aa57f09aa0c8caeab4f8c24e99d10f8e7faeebf76c078efc7c6caea54ba06a CustomersName@amazon.com 75aa57f09aa0c8caeab4f8c24e99d10f8e7faeeExampleCanonicalUserID CustomerName@amazon.com FULL_CONTROL ``` ### Sample Response The following shows a sample response when versioning on the bucket is enabled. ``` HTTP/1.1 200 OK x-amz-id-2: eftixk72aD6Ap51T9AS1ed4OpIszj7UDNEHGran x-amz-request-id: 318BC8BC148832E5 x-amz-version-id: 3/L4kqtJlcpXrof3vjVBH40Nr8X8gdRQBpUMLUo Date: Wed, 28 Oct 2009 22:32:00 GMT Last-Modified: Sun, 1 Jan 2006 12:00:00 GMT Content-Length: 0 Connection: close Server: AmazonS3 ``` ### Sample Request: Setting the ACL of a specified object version The following request sets the ACL on the specified version of the object. ``` PUT /my-image.jpg?acl&versionId=3HL4kqtJlcpXroDTDmJ+rmSpXd3dIbrHY+MTRCxf3vjVBH40Nrjfkd HTTP/1.1 Host: bucket.s3..amazonaws.com Date: Wed, 28 Oct 2009 22:32:00 GMT Authorization: authorization string Content-Length: 124 75aa57f09aa0c8caeab4f8c24e99d10f8e7faeebf76c078efc7c6caea54ba06a mtd@amazon.com 75aa57f09aa0c8caeab4f8c24e99d10f8e7faeebf76c078efc7c6caea54ba06a mtd@amazon.com FULL_CONTROL ``` ### Sample Response This example illustrates one usage of PutObjectAcl. ``` HTTP/1.1 200 OK x-amz-id-2: eftixk72aD6Ap51u8yU9AS1ed4OpIszj7UDNEHGran x-amz-request-id: 318BC8BC148832E5 x-amz-version-id: 3/L4kqtJlcpXro3vjVBH40Nr8X8gdRQBpUMLUo Date: Wed, 28 Oct 2009 22:32:00 GMT Last-Modified: Sun, 1 Jan 2006 12:00:00 GMT Content-Length: 0 Connection: close Server: AmazonS3 ``` ### Sample Request: Access permissions specified using headers The following request sets the ACL on the specified version of the object. ``` PUT ExampleObject.txt?acl HTTP/1.1 Host: examplebucket.s3..amazonaws.com x-amz-acl: public-read Accept: */* Authorization: authorization string Host: s3.amazonaws.com Connection: Keep-Alive ``` ### Sample Response This example illustrates one usage of PutObjectAcl. ``` HTTP/1.1 200 OK x-amz-id-2: w5YegkbG6ZDsje4WK56RWPxNQHIQ0CjrjyRVFZhEJI9E3kbabXnBO9w5G7Dmxsgk x-amz-request-id: C13B2827BD8455B1 Date: Sun, 29 Apr 2012 23:24:12 GMT Content-Length: 0 Server: AmazonS3 ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/PutObjectAcl) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/PutObjectAcl) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/PutObjectAcl) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/PutObjectAcl) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/PutObjectAcl) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/PutObjectAcl) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/PutObjectAcl) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/PutObjectAcl) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/PutObjectAcl) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/PutObjectAcl) # PutObjectLegalHold **Note** This operation is not supported for directory buckets. Applies a legal hold configuration to the specified object. For more information, see [Locking Objects](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html). This functionality is not supported for Amazon S3 on Outposts. **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` PUT /{Key+}?legal-hold&versionId=VersionId HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-request-payer: RequestPayer Content-MD5: ContentMD5 x-amz-sdk-checksum-algorithm: ChecksumAlgorithm x-amz-expected-bucket-owner: ExpectedBucketOwner string ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_PutObjectLegalHold_RequestSyntax) ** The bucket name containing the object that you want to place a legal hold on. **Access points** - When you use this action with an access point for general purpose buckets, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When you use this action with an access point for directory buckets, you must provide the access point name in place of the bucket name. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com. When using this action with an access point through the AWS SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see [Using access points](https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) in the *Amazon S3 User Guide*. Required: Yes ** [Content-MD5](#API_PutObjectLegalHold_RequestSyntax) ** The MD5 hash for the request body. For requests made using the AWS Command Line Interface (CLI) or AWS SDKs, this field is calculated automatically. ** [Key](#API_PutObjectLegalHold_RequestSyntax) ** The key name for the object that you want to place a legal hold on. Length Constraints: Minimum length of 1. Required: Yes ** [versionId](#API_PutObjectLegalHold_RequestSyntax) ** The version ID of the object that you want to place a legal hold on. ** [x-amz-expected-bucket-owner](#API_PutObjectLegalHold_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ** [x-amz-request-payer](#API_PutObjectLegalHold_RequestSyntax) ** Confirms that the requester knows that they will be charged for the request. Bucket owners need not specify this parameter in their requests. If either the source or destination S3 bucket has Requester Pays enabled, the requester will pay for the corresponding charges. For information about downloading objects from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets](https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) in the *Amazon S3 User Guide*. This functionality is not supported for directory buckets. Valid Values: `requester` ** [x-amz-sdk-checksum-algorithm](#API_PutObjectLegalHold_RequestSyntax) ** Indicates the algorithm used to create the checksum for the object when you use the SDK. This header will not provide any additional functionality if you don't use the SDK. When you send this header, there must be a corresponding `x-amz-checksum` or `x-amz-trailer` header sent. Otherwise, Amazon S3 fails the request with the HTTP status code `400 Bad Request`. For more information, see [Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) in the *Amazon S3 User Guide*. If you provide an individual checksum, Amazon S3 ignores any provided `ChecksumAlgorithm` parameter. Valid Values: `CRC32 | CRC32C | SHA1 | SHA256 | CRC64NVME` ## Request Body The request accepts the following data in XML format. ** [LegalHold](#API_PutObjectLegalHold_RequestSyntax) ** Root level tag for the LegalHold parameters. Required: Yes ** [Status](#API_PutObjectLegalHold_RequestSyntax) ** Indicates whether the specified object has a legal hold in place. Type: String Valid Values: `ON | OFF` Required: No ## Response Syntax ``` HTTP/1.1 200 x-amz-request-charged: RequestCharged ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response. The response returns the following HTTP headers. ** [x-amz-request-charged](#API_PutObjectLegalHold_ResponseSyntax) ** If present, indicates that the requester was successfully charged for the request. For more information, see [Using Requester Pays buckets for storage transfers and usage](https://docs.aws.amazon.com/AmazonS3/latest/userguide/RequesterPaysBuckets.html) in the *Amazon Simple Storage Service user guide*. This functionality is not supported for directory buckets. Valid Values: `requester` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/PutObjectLegalHold) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/PutObjectLegalHold) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/PutObjectLegalHold) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/PutObjectLegalHold) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/PutObjectLegalHold) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/PutObjectLegalHold) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/PutObjectLegalHold) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/PutObjectLegalHold) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/PutObjectLegalHold) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/PutObjectLegalHold) # PutObjectLockConfiguration **Note** This operation is not supported for directory buckets. Places an Object Lock configuration on the specified bucket. The rule specified in the Object Lock configuration will be applied by default to every new object placed in the specified bucket. For more information, see [Locking Objects](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html). **Note** The `DefaultRetention` settings require both a mode and a period. The `DefaultRetention` period can be either `Days` or `Years` but you must select one. You cannot specify `Days` and `Years` at the same time. You can enable Object Lock for new or existing buckets. For more information, see [Configuring Object Lock](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-configure.html). **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` PUT /?object-lock HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-request-payer: RequestPayer x-amz-bucket-object-lock-token: Token Content-MD5: ContentMD5 x-amz-sdk-checksum-algorithm: ChecksumAlgorithm x-amz-expected-bucket-owner: ExpectedBucketOwner string integer string integer ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_PutObjectLockConfiguration_RequestSyntax) ** The bucket whose Object Lock configuration you want to create or replace. Required: Yes ** [Content-MD5](#API_PutObjectLockConfiguration_RequestSyntax) ** The MD5 hash for the request body. For requests made using the AWS Command Line Interface (CLI) or AWS SDKs, this field is calculated automatically. ** [x-amz-bucket-object-lock-token](#API_PutObjectLockConfiguration_RequestSyntax) ** A token to allow Object Lock to be enabled for an existing bucket. ** [x-amz-expected-bucket-owner](#API_PutObjectLockConfiguration_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ** [x-amz-request-payer](#API_PutObjectLockConfiguration_RequestSyntax) ** Confirms that the requester knows that they will be charged for the request. Bucket owners need not specify this parameter in their requests. If either the source or destination S3 bucket has Requester Pays enabled, the requester will pay for the corresponding charges. For information about downloading objects from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets](https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) in the *Amazon S3 User Guide*. This functionality is not supported for directory buckets. Valid Values: `requester` ** [x-amz-sdk-checksum-algorithm](#API_PutObjectLockConfiguration_RequestSyntax) ** Indicates the algorithm used to create the checksum for the object when you use the SDK. This header will not provide any additional functionality if you don't use the SDK. When you send this header, there must be a corresponding `x-amz-checksum` or `x-amz-trailer` header sent. Otherwise, Amazon S3 fails the request with the HTTP status code `400 Bad Request`. For more information, see [Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) in the *Amazon S3 User Guide*. If you provide an individual checksum, Amazon S3 ignores any provided `ChecksumAlgorithm` parameter. Valid Values: `CRC32 | CRC32C | SHA1 | SHA256 | CRC64NVME` ## Request Body The request accepts the following data in XML format. ** [ObjectLockConfiguration](#API_PutObjectLockConfiguration_RequestSyntax) ** Root level tag for the ObjectLockConfiguration parameters. Required: Yes ** [ObjectLockEnabled](#API_PutObjectLockConfiguration_RequestSyntax) ** Indicates whether this bucket has an Object Lock configuration enabled. Enable `ObjectLockEnabled` when you apply `ObjectLockConfiguration` to a bucket. Type: String Valid Values: `Enabled` Required: No ** [Rule](#API_PutObjectLockConfiguration_RequestSyntax) ** Specifies the Object Lock rule for the specified object. Enable the this rule when you apply `ObjectLockConfiguration` to a bucket. Bucket settings require both a mode and a period. The period can be either `Days` or `Years` but you must select one. You cannot specify `Days` and `Years` at the same time. Type: [ObjectLockRule](API_ObjectLockRule.md) data type Required: No ## Response Syntax ``` HTTP/1.1 200 x-amz-request-charged: RequestCharged ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response. The response returns the following HTTP headers. ** [x-amz-request-charged](#API_PutObjectLockConfiguration_ResponseSyntax) ** If present, indicates that the requester was successfully charged for the request. For more information, see [Using Requester Pays buckets for storage transfers and usage](https://docs.aws.amazon.com/AmazonS3/latest/userguide/RequesterPaysBuckets.html) in the *Amazon Simple Storage Service user guide*. This functionality is not supported for directory buckets. Valid Values: `requester` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/PutObjectLockConfiguration) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/PutObjectLockConfiguration) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/PutObjectLockConfiguration) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/PutObjectLockConfiguration) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/PutObjectLockConfiguration) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/PutObjectLockConfiguration) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/PutObjectLockConfiguration) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/PutObjectLockConfiguration) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/PutObjectLockConfiguration) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/PutObjectLockConfiguration) # PutObjectRetention **Note** This operation is not supported for directory buckets. Places an Object Retention configuration on an object. For more information, see [Locking Objects](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html). Users or accounts require the `s3:PutObjectRetention` permission in order to place an Object Retention configuration on objects. Bypassing a Governance Retention configuration requires the `s3:BypassGovernanceRetention` permission. This functionality is not supported for Amazon S3 on Outposts. **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` PUT /{Key+}?retention&versionId=VersionId HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-request-payer: RequestPayer x-amz-bypass-governance-retention: BypassGovernanceRetention Content-MD5: ContentMD5 x-amz-sdk-checksum-algorithm: ChecksumAlgorithm x-amz-expected-bucket-owner: ExpectedBucketOwner string timestamp ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_PutObjectRetention_RequestSyntax) ** The bucket name that contains the object you want to apply this Object Retention configuration to. **Access points** - When you use this action with an access point for general purpose buckets, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When you use this action with an access point for directory buckets, you must provide the access point name in place of the bucket name. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com. When using this action with an access point through the AWS SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see [Using access points](https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) in the *Amazon S3 User Guide*. Required: Yes ** [Content-MD5](#API_PutObjectRetention_RequestSyntax) ** The MD5 hash for the request body. For requests made using the AWS Command Line Interface (CLI) or AWS SDKs, this field is calculated automatically. ** [Key](#API_PutObjectRetention_RequestSyntax) ** The key name for the object that you want to apply this Object Retention configuration to. Length Constraints: Minimum length of 1. Required: Yes ** [versionId](#API_PutObjectRetention_RequestSyntax) ** The version ID for the object that you want to apply this Object Retention configuration to. ** [x-amz-bypass-governance-retention](#API_PutObjectRetention_RequestSyntax) ** Indicates whether this action should bypass Governance-mode restrictions. ** [x-amz-expected-bucket-owner](#API_PutObjectRetention_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ** [x-amz-request-payer](#API_PutObjectRetention_RequestSyntax) ** Confirms that the requester knows that they will be charged for the request. Bucket owners need not specify this parameter in their requests. If either the source or destination S3 bucket has Requester Pays enabled, the requester will pay for the corresponding charges. For information about downloading objects from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets](https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) in the *Amazon S3 User Guide*. This functionality is not supported for directory buckets. Valid Values: `requester` ** [x-amz-sdk-checksum-algorithm](#API_PutObjectRetention_RequestSyntax) ** Indicates the algorithm used to create the checksum for the object when you use the SDK. This header will not provide any additional functionality if you don't use the SDK. When you send this header, there must be a corresponding `x-amz-checksum` or `x-amz-trailer` header sent. Otherwise, Amazon S3 fails the request with the HTTP status code `400 Bad Request`. For more information, see [Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) in the *Amazon S3 User Guide*. If you provide an individual checksum, Amazon S3 ignores any provided `ChecksumAlgorithm` parameter. Valid Values: `CRC32 | CRC32C | SHA1 | SHA256 | CRC64NVME` ## Request Body The request accepts the following data in XML format. ** [Retention](#API_PutObjectRetention_RequestSyntax) ** Root level tag for the Retention parameters. Required: Yes ** [Mode](#API_PutObjectRetention_RequestSyntax) ** Indicates the Retention mode for the specified object. Type: String Valid Values: `GOVERNANCE | COMPLIANCE` Required: No ** [RetainUntilDate](#API_PutObjectRetention_RequestSyntax) ** The date on which this Object Lock Retention will expire. Type: Timestamp Required: No ## Response Syntax ``` HTTP/1.1 200 x-amz-request-charged: RequestCharged ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response. The response returns the following HTTP headers. ** [x-amz-request-charged](#API_PutObjectRetention_ResponseSyntax) ** If present, indicates that the requester was successfully charged for the request. For more information, see [Using Requester Pays buckets for storage transfers and usage](https://docs.aws.amazon.com/AmazonS3/latest/userguide/RequesterPaysBuckets.html) in the *Amazon Simple Storage Service user guide*. This functionality is not supported for directory buckets. Valid Values: `requester` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/PutObjectRetention) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/PutObjectRetention) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/PutObjectRetention) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/PutObjectRetention) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/PutObjectRetention) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/PutObjectRetention) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/PutObjectRetention) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/PutObjectRetention) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/PutObjectRetention) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/PutObjectRetention) # PutObjectTagging **Note** This operation is not supported for directory buckets. Sets the supplied tag-set to an object that already exists in a bucket. A tag is a key-value pair. For more information, see [Object Tagging](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-tagging.html). You can associate tags with an object by sending a PUT request against the tagging subresource that is associated with the object. You can retrieve tags by sending a GET request. For more information, see [GetObjectTagging](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectTagging.html). For tagging-related restrictions related to characters and encodings, see [Tag Restrictions](https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/allocation-tag-restrictions.html). Note that Amazon S3 limits the maximum number of tags to 10 tags per object. To use this operation, you must have permission to perform the `s3:PutObjectTagging` action. By default, the bucket owner has this permission and can grant this permission to others. To put tags of any other version, use the `versionId` query parameter. You also need permission for the `s3:PutObjectVersionTagging` action. `PutObjectTagging` has the following special errors. For more Amazon S3 errors see, [Error Responses](https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html). + `InvalidTag` - The tag provided was not a valid tag. This error can occur if the tag did not pass input validation. For more information, see [Object Tagging](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-tagging.html). + `MalformedXML` - The XML provided does not match the schema. + `OperationAborted` - A conflicting conditional action is currently in progress against this resource. Please try again. + `InternalError` - The service was unable to apply the provided tag to the object. The following operations are related to `PutObjectTagging`: + [GetObjectTagging](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectTagging.html) + [DeleteObjectTagging](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObjectTagging.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` PUT /{Key+}?tagging&versionId=VersionId HTTP/1.1 Host: Bucket.s3.amazonaws.com Content-MD5: ContentMD5 x-amz-sdk-checksum-algorithm: ChecksumAlgorithm x-amz-expected-bucket-owner: ExpectedBucketOwner x-amz-request-payer: RequestPayer string string ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_PutObjectTagging_RequestSyntax) ** The bucket name containing the object. **Access points** - When you use this action with an access point for general purpose buckets, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When you use this action with an access point for directory buckets, you must provide the access point name in place of the bucket name. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com. When using this action with an access point through the AWS SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see [Using access points](https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) in the *Amazon S3 User Guide*. **S3 on Outposts** - When you use this action with S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form ` AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com`. When you use this action with S3 on Outposts, the destination bucket must be the Outposts access point ARN or the access point alias. For more information about S3 on Outposts, see [What is S3 on Outposts?](https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) in the *Amazon S3 User Guide*. Required: Yes ** [Content-MD5](#API_PutObjectTagging_RequestSyntax) ** The MD5 hash for the request body. For requests made using the AWS Command Line Interface (CLI) or AWS SDKs, this field is calculated automatically. ** [Key](#API_PutObjectTagging_RequestSyntax) ** Name of the object key. Length Constraints: Minimum length of 1. Required: Yes ** [versionId](#API_PutObjectTagging_RequestSyntax) ** The versionId of the object that the tag-set will be added to. ** [x-amz-expected-bucket-owner](#API_PutObjectTagging_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ** [x-amz-request-payer](#API_PutObjectTagging_RequestSyntax) ** Confirms that the requester knows that she or he will be charged for the tagging object request. Bucket owners need not specify this parameter in their requests. Valid Values: `requester` ** [x-amz-sdk-checksum-algorithm](#API_PutObjectTagging_RequestSyntax) ** Indicates the algorithm used to create the checksum for the object when you use the SDK. This header will not provide any additional functionality if you don't use the SDK. When you send this header, there must be a corresponding `x-amz-checksum` or `x-amz-trailer` header sent. Otherwise, Amazon S3 fails the request with the HTTP status code `400 Bad Request`. For more information, see [Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) in the *Amazon S3 User Guide*. If you provide an individual checksum, Amazon S3 ignores any provided `ChecksumAlgorithm` parameter. Valid Values: `CRC32 | CRC32C | SHA1 | SHA256 | CRC64NVME` ## Request Body The request accepts the following data in XML format. ** [Tagging](#API_PutObjectTagging_RequestSyntax) ** Root level tag for the Tagging parameters. Required: Yes ** [TagSet](#API_PutObjectTagging_RequestSyntax) ** A collection for a set of tags Type: Array of [Tag](API_Tag.md) data types Required: Yes ## Response Syntax ``` HTTP/1.1 200 x-amz-version-id: VersionId ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response. The response returns the following HTTP headers. ** [x-amz-version-id](#API_PutObjectTagging_ResponseSyntax) ** The versionId of the object the tag-set was added to. ## Examples ### Sample Request: Add tag set to an object The following request adds a tag set to the existing object object-key in the `examplebucket` bucket. ``` PUT object-key?tagging HTTP/1.1 Host: examplebucket.s3..amazonaws.com Content-Length: length Content-MD5: pUNXr/BjKK5G2UKExample== x-amz-date: 20160923T001956Z Authorization: authorization string tag1 val1 tag2 val2 ``` ### Sample Response This example illustrates one usage of PutObjectTagging. ``` HTTP/1.1 200 OK x-amz-id-2: YgIPIfBiKa2bj0KMgUAdQkf3ShJTOOpXUueF6QKo x-amz-request-id: 236A8905248E5A01 Date: Fri, 23 Sep 2016 00:20:19 GMT ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/PutObjectTagging) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/PutObjectTagging) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/PutObjectTagging) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/PutObjectTagging) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/PutObjectTagging) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/PutObjectTagging) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/PutObjectTagging) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/PutObjectTagging) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/PutObjectTagging) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/PutObjectTagging) # PutPublicAccessBlock **Note** This operation is not supported for directory buckets. Creates or modifies the `PublicAccessBlock` configuration for an Amazon S3 bucket. To use this operation, you must have the `s3:PutBucketPublicAccessBlock` permission. For more information about Amazon S3 permissions, see [Specifying Permissions in a Policy](https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html). **Important** When Amazon S3 evaluates the `PublicAccessBlock` configuration for a bucket or an object, it checks the `PublicAccessBlock` configuration for both the bucket (or the bucket that contains the object) and the bucket owner's account. Account-level settings automatically inherit from organization-level policies when present. If the `PublicAccessBlock` configurations are different between the bucket and the account, Amazon S3 uses the most restrictive combination of the bucket-level and account-level settings. For more information about when Amazon S3 considers a bucket or an object public, see [The Meaning of "Public"](https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status). The following operations are related to `PutPublicAccessBlock`: + [GetPublicAccessBlock](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetPublicAccessBlock.html) + [DeletePublicAccessBlock](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeletePublicAccessBlock.html) + [GetBucketPolicyStatus](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketPolicyStatus.html) + [Using Amazon S3 Block Public Access](https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` PUT /?publicAccessBlock HTTP/1.1 Host: Bucket.s3.amazonaws.com Content-MD5: ContentMD5 x-amz-sdk-checksum-algorithm: ChecksumAlgorithm x-amz-expected-bucket-owner: ExpectedBucketOwner boolean boolean boolean boolean ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_PutPublicAccessBlock_RequestSyntax) ** The name of the Amazon S3 bucket whose `PublicAccessBlock` configuration you want to set. Required: Yes ** [Content-MD5](#API_PutPublicAccessBlock_RequestSyntax) ** The MD5 hash of the `PutPublicAccessBlock` request body. For requests made using the AWS Command Line Interface (CLI) or AWS SDKs, this field is calculated automatically. ** [x-amz-expected-bucket-owner](#API_PutPublicAccessBlock_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ** [x-amz-sdk-checksum-algorithm](#API_PutPublicAccessBlock_RequestSyntax) ** Indicates the algorithm used to create the checksum for the object when you use the SDK. This header will not provide any additional functionality if you don't use the SDK. When you send this header, there must be a corresponding `x-amz-checksum` or `x-amz-trailer` header sent. Otherwise, Amazon S3 fails the request with the HTTP status code `400 Bad Request`. For more information, see [Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) in the *Amazon S3 User Guide*. If you provide an individual checksum, Amazon S3 ignores any provided `ChecksumAlgorithm` parameter. Valid Values: `CRC32 | CRC32C | SHA1 | SHA256 | CRC64NVME` ## Request Body The request accepts the following data in XML format. ** [PublicAccessBlockConfiguration](#API_PutPublicAccessBlock_RequestSyntax) ** Root level tag for the PublicAccessBlockConfiguration parameters. Required: Yes ** [BlockPublicAcls](#API_PutPublicAccessBlock_RequestSyntax) ** Specifies whether Amazon S3 should block public access control lists (ACLs) for this bucket and objects in this bucket. Setting this element to `TRUE` causes the following behavior: + PUT Bucket ACL and PUT Object ACL calls fail if the specified ACL is public. + PUT Object calls fail if the request includes a public ACL. + PUT Bucket calls fail if the request includes a public ACL. Enabling this setting doesn't affect existing policies or ACLs. Type: Boolean Required: No ** [BlockPublicPolicy](#API_PutPublicAccessBlock_RequestSyntax) ** Specifies whether Amazon S3 should block public bucket policies for this bucket. Setting this element to `TRUE` causes Amazon S3 to reject calls to PUT Bucket policy if the specified bucket policy allows public access. Enabling this setting doesn't affect existing bucket policies. Type: Boolean Required: No ** [IgnorePublicAcls](#API_PutPublicAccessBlock_RequestSyntax) ** Specifies whether Amazon S3 should ignore public ACLs for this bucket and objects in this bucket. Setting this element to `TRUE` causes Amazon S3 to ignore all public ACLs on this bucket and objects in this bucket. Enabling this setting doesn't affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set. Type: Boolean Required: No ** [RestrictPublicBuckets](#API_PutPublicAccessBlock_RequestSyntax) ** Specifies whether Amazon S3 should restrict public bucket policies for this bucket. Setting this element to `TRUE` restricts access to this bucket to only AWS service principals and authorized users within this account if the bucket has a public policy. Enabling this setting doesn't affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked. Type: Boolean Required: No ## Response Syntax ``` HTTP/1.1 200 ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body. ## Examples ### First Sample Request The following request puts a bucket `PublicAccessBlock` configuration that rejects public ACLs. ``` PUT /?publicAccessBlock HTTP/1.1 Host: .s3..amazonaws.com x-amz-date: Authorization: TRUE FALSE FALSE FALSE ``` ### First Sample Response This example illustrates one usage of PutPublicAccessBlock. ``` HTTP/1.1 200 OK x-amz-id-2: ITnGT1y4REXAMPLEPi4hklTXouTf0hccUjo0iCPEXAMPLEutBj3M7fPGlWO2SEWp x-amz-request-id: 51991EXAMPLE5321 Date: Thu, 15 Nov 2016 00:17:22 GMT Server: AmazonS3 Content-Length: 0 ``` ### Second Sample Request The following request puts a bucket PublicAccessBlock configuration that ignores public ACLs and restricts access to public buckets. ``` PUT /?publicAccessBlock HTTP/1.1 Host: .s3..amazonaws.com x-amz-date: Authorization: FALSE TRUE FALSE TRUE ``` ### Second Sample Response This example illustrates one usage of PutPublicAccessBlock. ``` HTTP/1.1 200 OK x-amz-id-2: ITnGT1y4REXAMPLEPi4hklTXouTf0hccUjo0iCPEXAMPLEutBj3M7fPGlWO2SEWp x-amz-request-id: 51991EXAMPLE5321 Date: Thu, 15 Nov 2016 00:17:22 GMT Server: AmazonS3 Content-Length: 0 ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/PutPublicAccessBlock) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/PutPublicAccessBlock) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/PutPublicAccessBlock) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/PutPublicAccessBlock) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/PutPublicAccessBlock) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/PutPublicAccessBlock) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/PutPublicAccessBlock) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/PutPublicAccessBlock) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/PutPublicAccessBlock) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/PutPublicAccessBlock) # RenameObject Renames an existing object in a directory bucket that uses the S3 Express One Zone storage class. You can use `RenameObject` by specifying an existing object’s name as the source and the new name of the object as the destination within the same directory bucket. **Note** `RenameObject` is only supported for objects stored in the S3 Express One Zone storage class. To prevent overwriting an object, you can use the `If-None-Match` conditional header. + **If-None-Match** - Renames the object only if an object with the specified name does not already exist in the directory bucket. If you don't want to overwrite an existing object, you can add the `If-None-Match` conditional header with the value `‘*’` in the `RenameObject` request. Amazon S3 then returns a `412 Precondition Failed` error if the object with the specified name already exists. For more information, see [RFC 7232](https://datatracker.ietf.org/doc/rfc7232/). Permissions To grant access to the `RenameObject` operation on a directory bucket, we recommend that you use the `CreateSession` operation for session-based authorization. Specifically, you grant the `s3express:CreateSession` permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the `CreateSession` API call on the directory bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another `CreateSession` API call to generate a new session token for use. The AWS CLI and SDKs will create and manage your session including refreshing the session token automatically to avoid service interruptions when a session expires. In your bucket policy, you can specify the `s3express:SessionMode` condition key to control who can create a `ReadWrite` or `ReadOnly` session. A `ReadWrite` session is required for executing all the Zonal endpoint API operations, including `RenameObject`. For more information about authorization, see [https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). To learn more about Zonal endpoint API operations, see [Authorizing Zonal endpoint API operations with CreateSession](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-create-session.html) in the *Amazon S3 User Guide*. HTTP Host header syntax **Directory buckets ** - The HTTP Host header syntax is ` Bucket-name.s3express-zone-id.region-code.amazonaws.com`. **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` PUT /{Key+}?renameObject HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-rename-source: RenameSource If-Match: DestinationIfMatch If-None-Match: DestinationIfNoneMatch If-Modified-Since: DestinationIfModifiedSince If-Unmodified-Since: DestinationIfUnmodifiedSince x-amz-rename-source-if-match: SourceIfMatch x-amz-rename-source-if-none-match: SourceIfNoneMatch x-amz-rename-source-if-modified-since: SourceIfModifiedSince x-amz-rename-source-if-unmodified-since: SourceIfUnmodifiedSince x-amz-client-token: ClientToken ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_RenameObject_RequestSyntax) ** The bucket name of the directory bucket containing the object. You must use virtual-hosted-style requests in the format `Bucket-name.s3express-zone-id.region-code.amazonaws.com`. Path-style requests are not supported. Directory bucket names must be unique in the chosen Availability Zone. Bucket names must follow the format `bucket-base-name--zone-id--x-s3 ` (for example, `amzn-s3-demo-bucket--usw2-az1--x-s3`). For information about bucket naming restrictions, see [Directory bucket naming rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) in the *Amazon S3 User Guide*. Required: Yes ** [If-Match](#API_RenameObject_RequestSyntax) ** Renames the object only if the ETag (entity tag) value provided during the operation matches the ETag of the object in S3. The `If-Match` header field makes the request method conditional on ETags. If the ETag values do not match, the operation returns a `412 Precondition Failed` error. Expects the ETag value as a string. ** [If-Modified-Since](#API_RenameObject_RequestSyntax) ** Renames the object if the destination exists and if it has been modified since the specified time. ** [If-None-Match](#API_RenameObject_RequestSyntax) ** Renames the object only if the destination does not already exist in the specified directory bucket. If the object does exist when you send a request with `If-None-Match:*`, the S3 API will return a `412 Precondition Failed` error, preventing an overwrite. The `If-None-Match` header prevents overwrites of existing data by validating that there's not an object with the same key name already in your directory bucket. Expects the `*` character (asterisk). ** [If-Unmodified-Since](#API_RenameObject_RequestSyntax) ** Renames the object if it hasn't been modified since the specified time. ** [Key](#API_RenameObject_RequestSyntax) ** Key name of the object to rename. Length Constraints: Minimum length of 1. Required: Yes ** [x-amz-client-token](#API_RenameObject_RequestSyntax) ** A unique string with a max of 64 ASCII characters in the ASCII range of 33 - 126. `RenameObject` supports idempotency using a client token. To make an idempotent API request using `RenameObject`, specify a client token in the request. You should not reuse the same client token for other API requests. If you retry a request that completed successfully using the same client token and the same parameters, the retry succeeds without performing any further actions. If you retry a successful request using the same client token, but one or more of the parameters are different, the retry fails and an `IdempotentParameterMismatch` error is returned. ** [x-amz-rename-source](#API_RenameObject_RequestSyntax) ** Specifies the source for the rename operation. The value must be URL encoded. Pattern: `\/?.+\/.+` Required: Yes ** [x-amz-rename-source-if-match](#API_RenameObject_RequestSyntax) ** Renames the object if the source exists and if its entity tag (ETag) matches the specified ETag. ** [x-amz-rename-source-if-modified-since](#API_RenameObject_RequestSyntax) ** Renames the object if the source exists and if it has been modified since the specified time. ** [x-amz-rename-source-if-none-match](#API_RenameObject_RequestSyntax) ** Renames the object if the source exists and if its entity tag (ETag) is different than the specified ETag. If an asterisk (`*`) character is provided, the operation will fail and return a `412 Precondition Failed` error. ** [x-amz-rename-source-if-unmodified-since](#API_RenameObject_RequestSyntax) ** Renames the object if the source exists and hasn't been modified since the specified time. ## Request Body The request does not have a request body. ## Response Syntax ``` HTTP/1.1 200 ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body. ## Errors ** IdempotencyParameterMismatch ** Parameters on this idempotent request are inconsistent with parameters used in previous request(s). For a list of error codes and more information on Amazon S3 errors, see [Error codes](https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList). Idempotency ensures that an API request completes no more than one time. With an idempotent request, if the original request completes successfully, any subsequent retries complete successfully without performing any further actions. HTTP Status Code: 400 ## Examples ### Sample request: Renaming an object in a directory bucket The following example request illustrates renaming the *srcfilename.txt* object in a directory bucket. ``` PUT /dstfilename.txt HTTP/1.1 Host: amzn-s3-demo-bucket--zone-id--x-s3.s3express.amazonaws.com If-Match: 9b2cf535f27731c974343645a3985328 x-amz-rename-source: /srcfilename.txt ``` ### Sample request: Renaming an object in a directory bucket if the destination doesn't exist The following example request illustrates renaming the *srcfilename.txt* object to *dstfilename.txt* if an object named *dstfilename.txt* doesn't already exist in the directory bucket. ``` PUT /dstfilename.txt HTTP/1.1 Host: amzn-s3-demo-bucket--zone-id--x-s3.s3express.amazonaws.com If-None-Match: * x-amz-rename-source: /srcfilename.txt ``` ### Sample request: Renaming an object in a directory bucket if the destination exists with a specific ETag The following example request illustrates renaming the *srcfilename.txt* object only if the destination exists and has the ETag: *9b2cf535f27731c974343645a3985328*. ``` PUT /dstfilename.txt HTTP/1.1 Host: amzn-s3-demo-bucket--zone-id--x-s3.s3express.amazonaws.com If-Match: 9b2cf535f27731c974343645a3985328 x-amz-rename-source: /srcfilename.txt ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/RenameObject) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/RenameObject) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/RenameObject) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/RenameObject) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/RenameObject) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/RenameObject) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/RenameObject) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/RenameObject) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/RenameObject) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/RenameObject) # RestoreObject **Note** This operation is not supported for directory buckets. Restores an archived copy of an object back into Amazon S3 This functionality is not supported for Amazon S3 on Outposts. This action performs the following types of requests: + `restore an archive` - Restore an archived object For more information about the `S3` structure in the request body, see the following: + [PutObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html) + [Managing Access with ACLs](https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html) in the *Amazon S3 User Guide* + [Protecting Data Using Server-Side Encryption](https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html) in the *Amazon S3 User Guide* Permissions To use this operation, you must have permissions to perform the `s3:RestoreObject` action. The bucket owner has this permission by default and can grant this permission to others. For more information about permissions, see [Permissions Related to Bucket Subresource Operations](https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) and [Managing Access Permissions to Your Amazon S3 Resources](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html) in the *Amazon S3 User Guide*. Restoring objects Objects that you archive to the S3 Glacier Flexible Retrieval or S3 Glacier Deep Archive storage class, and S3 Intelligent-Tiering Archive or S3 Intelligent-Tiering Deep Archive tiers, are not accessible in real time. For objects in the S3 Glacier Flexible Retrieval or S3 Glacier Deep Archive storage classes, you must first initiate a restore request, and then wait until a temporary copy of the object is available. If you want a permanent copy of the object, create a copy of it in the Amazon S3 Standard storage class in your S3 bucket. To access an archived object, you must restore the object for the duration (number of days) that you specify. For objects in the Archive Access or Deep Archive Access tiers of S3 Intelligent-Tiering, you must first initiate a restore request, and then wait until the object is moved into the Frequent Access tier. To restore a specific object version, you can provide a version ID. If you don't provide a version ID, Amazon S3 restores the current version. When restoring an archived object, you can specify one of the following data access tier options in the `Tier` element of the request body: + `Expedited` - Expedited retrievals allow you to quickly access your data stored in the S3 Glacier Flexible Retrieval storage class or S3 Intelligent-Tiering Archive tier when occasional urgent requests for restoring archives are required. For all but the largest archived objects (250 MB\$1), data accessed using Expedited retrievals is typically made available within 1–5 minutes. Provisioned capacity ensures that retrieval capacity for Expedited retrievals is available when you need it. Expedited retrievals and provisioned capacity are not available for objects stored in the S3 Glacier Deep Archive storage class or S3 Intelligent-Tiering Deep Archive tier. + `Standard` - Standard retrievals allow you to access any of your archived objects within several hours. This is the default option for retrieval requests that do not specify the retrieval option. Standard retrievals typically finish within 3–5 hours for objects stored in the S3 Glacier Flexible Retrieval storage class or S3 Intelligent-Tiering Archive tier. They typically finish within 12 hours for objects stored in the S3 Glacier Deep Archive storage class or S3 Intelligent-Tiering Deep Archive tier. Standard retrievals are free for objects stored in S3 Intelligent-Tiering. + `Bulk` - Bulk retrievals free for objects stored in the S3 Glacier Flexible Retrieval and S3 Intelligent-Tiering storage classes, enabling you to retrieve large amounts, even petabytes, of data at no cost. Bulk retrievals typically finish within 5–12 hours for objects stored in the S3 Glacier Flexible Retrieval storage class or S3 Intelligent-Tiering Archive tier. Bulk retrievals are also the lowest-cost retrieval option when restoring objects from S3 Glacier Deep Archive. They typically finish within 48 hours for objects stored in the S3 Glacier Deep Archive storage class or S3 Intelligent-Tiering Deep Archive tier. For more information about archive retrieval options and provisioned capacity for `Expedited` data access, see [Restoring Archived Objects](https://docs.aws.amazon.com/AmazonS3/latest/dev/restoring-objects.html) in the *Amazon S3 User Guide*. You can use Amazon S3 restore speed upgrade to change the restore speed to a faster speed while it is in progress. For more information, see [ Upgrading the speed of an in-progress restore](https://docs.aws.amazon.com/AmazonS3/latest/dev/restoring-objects.html#restoring-objects-upgrade-tier.title.html) in the *Amazon S3 User Guide*. To get the status of object restoration, you can send a `HEAD` request. Operations return the `x-amz-restore` header, which provides information about the restoration status, in the response. You can use Amazon S3 event notifications to notify you when a restore is initiated or completed. For more information, see [Configuring Amazon S3 Event Notifications](https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) in the *Amazon S3 User Guide*. After restoring an archived object, you can update the restoration period by reissuing the request with a new period. Amazon S3 updates the restoration period relative to the current time and charges only for the request-there are no data transfer charges. You cannot update the restoration period when Amazon S3 is actively processing your current restore request for the object. If your bucket has a lifecycle configuration with a rule that includes an expiration action, the object expiration overrides the life span that you specify in a restore request. For example, if you restore an object copy for 10 days, but the object is scheduled to expire in 3 days, Amazon S3 deletes the object in 3 days. For more information about lifecycle configuration, see [PutBucketLifecycleConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html) and [Object Lifecycle Management](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html) in *Amazon S3 User Guide*. Responses A successful action returns either the `200 OK` or `202 Accepted` status code. + If the object is not previously restored, then Amazon S3 returns `202 Accepted` in the response. + If the object is previously restored, Amazon S3 returns `200 OK` in the response. + Special errors: + *Code: RestoreAlreadyInProgress* + *Cause: Object restore is already in progress.* + *HTTP Status Code: 409 Conflict* + *SOAP Fault Code Prefix: Client* + + *Code: GlacierExpeditedRetrievalNotAvailable* + *Cause: expedited retrievals are currently not available. Try again later. (Returned if there is insufficient capacity to process the Expedited request. This error applies only to Expedited retrievals and not to S3 Standard or Bulk retrievals.)* + *HTTP Status Code: 503* + *SOAP Fault Code Prefix: N/A* The following operations are related to `RestoreObject`: + [PutBucketLifecycleConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html) + [GetBucketNotificationConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketNotificationConfiguration.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` POST /{Key+}?restore&versionId=VersionId HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-request-payer: RequestPayer x-amz-sdk-checksum-algorithm: ChecksumAlgorithm x-amz-expected-bucket-owner: ExpectedBucketOwner integer string string string string string string string boolean string string string string string string string string string string string string string string string string string string string string string string string string string string string string string string ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_RestoreObject_RequestSyntax) ** The bucket name containing the object to restore. **Access points** - When you use this action with an access point for general purpose buckets, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When you use this action with an access point for directory buckets, you must provide the access point name in place of the bucket name. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com. When using this action with an access point through the AWS SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see [Using access points](https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) in the *Amazon S3 User Guide*. **S3 on Outposts** - When you use this action with S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form ` AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com`. When you use this action with S3 on Outposts, the destination bucket must be the Outposts access point ARN or the access point alias. For more information about S3 on Outposts, see [What is S3 on Outposts?](https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) in the *Amazon S3 User Guide*. Required: Yes ** [Key](#API_RestoreObject_RequestSyntax) ** Object key for which the action was initiated. Length Constraints: Minimum length of 1. Required: Yes ** [versionId](#API_RestoreObject_RequestSyntax) ** VersionId used to reference a specific version of the object. ** [x-amz-expected-bucket-owner](#API_RestoreObject_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ** [x-amz-request-payer](#API_RestoreObject_RequestSyntax) ** Confirms that the requester knows that they will be charged for the request. Bucket owners need not specify this parameter in their requests. If either the source or destination S3 bucket has Requester Pays enabled, the requester will pay for the corresponding charges. For information about downloading objects from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets](https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) in the *Amazon S3 User Guide*. This functionality is not supported for directory buckets. Valid Values: `requester` ** [x-amz-sdk-checksum-algorithm](#API_RestoreObject_RequestSyntax) ** Indicates the algorithm used to create the checksum for the object when you use the SDK. This header will not provide any additional functionality if you don't use the SDK. When you send this header, there must be a corresponding `x-amz-checksum` or `x-amz-trailer` header sent. Otherwise, Amazon S3 fails the request with the HTTP status code `400 Bad Request`. For more information, see [Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) in the *Amazon S3 User Guide*. If you provide an individual checksum, Amazon S3 ignores any provided `ChecksumAlgorithm` parameter. Valid Values: `CRC32 | CRC32C | SHA1 | SHA256 | CRC64NVME` ## Request Body The request accepts the following data in XML format. ** [RestoreRequest](#API_RestoreObject_RequestSyntax) ** Root level tag for the RestoreRequest parameters. Required: Yes ** [Days](#API_RestoreObject_RequestSyntax) ** Lifetime of the active copy in days. Do not use with restores that specify `OutputLocation`. The Days element is required for regular restores, and must not be provided for select requests. Type: Integer Required: No ** [Description](#API_RestoreObject_RequestSyntax) ** The optional description for the job. Type: String Required: No ** [GlacierJobParameters](#API_RestoreObject_RequestSyntax) ** S3 Glacier related parameters pertaining to this job. Do not use with restores that specify `OutputLocation`. Type: [GlacierJobParameters](API_GlacierJobParameters.md) data type Required: No ** [OutputLocation](#API_RestoreObject_RequestSyntax) ** Describes the location where the restore job's output is stored. Type: [OutputLocation](API_OutputLocation.md) data type Required: No ** [SelectParameters](#API_RestoreObject_RequestSyntax) ** Amazon S3 Select is no longer available to new customers. Existing customers of Amazon S3 Select can continue to use the feature as usual. [Learn more](http://aws.amazon.com/blogs/storage/how-to-optimize-querying-your-data-in-amazon-s3/) Describes the parameters for Select job types. Type: [SelectParameters](API_SelectParameters.md) data type Required: No ** [Tier](#API_RestoreObject_RequestSyntax) ** Retrieval tier at which the restore will be processed. Type: String Valid Values: `Standard | Bulk | Expedited` Required: No ** [Type](#API_RestoreObject_RequestSyntax) ** Amazon S3 Select is no longer available to new customers. Existing customers of Amazon S3 Select can continue to use the feature as usual. [Learn more](http://aws.amazon.com/blogs/storage/how-to-optimize-querying-your-data-in-amazon-s3/) Type of restore request. Type: String Valid Values: `SELECT` Required: No ## Response Syntax ``` HTTP/1.1 200 x-amz-request-charged: RequestCharged x-amz-restore-output-path: RestoreOutputPath ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response. The response returns the following HTTP headers. ** [x-amz-request-charged](#API_RestoreObject_ResponseSyntax) ** If present, indicates that the requester was successfully charged for the request. For more information, see [Using Requester Pays buckets for storage transfers and usage](https://docs.aws.amazon.com/AmazonS3/latest/userguide/RequesterPaysBuckets.html) in the *Amazon Simple Storage Service user guide*. This functionality is not supported for directory buckets. Valid Values: `requester` ** [x-amz-restore-output-path](#API_RestoreObject_ResponseSyntax) ** Indicates the path in the provided S3 output location where Select results will be restored to. ## Errors ** ObjectAlreadyInActiveTierError ** This action is not allowed against this storage tier. HTTP Status Code: 403 ## Examples ### Example: Restore an object for 2 days using the expedited retrieval option The following restore request restores a copy of the `photo1.jpg` object from S3 Glacier for a period of two days using the expedited retrieval option. ``` POST /photo1.jpg?restore HTTP/1.1 Host: examplebucket.dummy value Date: Mon, 22 Oct 2012 01:49:52 GMT Authorization: authorization string Content-Length: content length 2 Standard ``` ### Sample response If the `examplebucket` does not have a restored copy of the object, Amazon S3 returns the following `202 Accepted` response. **Note** If a copy of the object is already restored, Amazon S3 returns a `200 OK` response, and updates only the restored copy's expiry time. ``` HTTP/1.1 202 Accepted x-amz-id-2: GFihv3y6+kE7KG11GEkQhU7/2/cHR3Yb2fCb2S04nxI423Dqwg2XiQ0B/UZlzYQvPiBlZNRcovw= x-amz-request-id: 9F341CD3C4BA79E0 Date: Sat, 20 Oct 2012 23:54:05 GMT Content-Length: 0 Server: AmazonS3 ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/RestoreObject) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/RestoreObject) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/RestoreObject) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/RestoreObject) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/RestoreObject) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/RestoreObject) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/RestoreObject) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/RestoreObject) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/RestoreObject) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/RestoreObject) # SelectObjectContent **Note** This operation is not supported for directory buckets. This action filters the contents of an Amazon S3 object based on a simple structured query language (SQL) statement. In the request, along with the SQL expression, you must also specify a data serialization format (JSON, CSV, or Apache Parquet) of the object. Amazon S3 uses this format to parse object data into records, and returns only records that match the specified SQL expression. You must also specify the data serialization format for the response. This functionality is not supported for Amazon S3 on Outposts. For more information about Amazon S3 Select, see [Selecting Content from Objects](https://docs.aws.amazon.com/AmazonS3/latest/dev/selecting-content-from-objects.html) and [SELECT Command](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-glacier-select-sql-reference-select.html) in the *Amazon S3 User Guide*. Permissions You must have the `s3:GetObject` permission for this operation. Amazon S3 Select does not support anonymous access. For more information about permissions, see [Specifying Permissions in a Policy](https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html) in the *Amazon S3 User Guide*. Object Data Formats You can use Amazon S3 Select to query objects that have the following format properties: + *CSV, JSON, and Parquet* - Objects must be in CSV, JSON, or Parquet format. + *UTF-8* - UTF-8 is the only encoding type Amazon S3 Select supports. + *GZIP or BZIP2* - CSV and JSON files can be compressed using GZIP or BZIP2. GZIP and BZIP2 are the only compression formats that Amazon S3 Select supports for CSV and JSON files. Amazon S3 Select supports columnar compression for Parquet using GZIP or Snappy. Amazon S3 Select does not support whole-object compression for Parquet objects. + *Server-side encryption* - Amazon S3 Select supports querying objects that are protected with server-side encryption. For objects that are encrypted with customer-provided encryption keys (SSE-C), you must use HTTPS, and you must use the headers that are documented in the [GetObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html). For more information about SSE-C, see [Server-Side Encryption (Using Customer-Provided Encryption Keys)](https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html) in the *Amazon S3 User Guide*. For objects that are encrypted with Amazon S3 managed keys (SSE-S3) and AWS KMS keys (SSE-KMS), server-side encryption is handled transparently, so you don't need to specify anything. For more information about server-side encryption, including SSE-S3 and SSE-KMS, see [Protecting Data Using Server-Side Encryption](https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html) in the *Amazon S3 User Guide*. Working with the Response Body Given the response size is unknown, Amazon S3 Select streams the response as a series of messages and includes a `Transfer-Encoding` header with `chunked` as its value in the response. For more information, see [Appendix: SelectObjectContent Response](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTSelectObjectAppendix.html). GetObject Support The `SelectObjectContent` action does not support the following `GetObject` functionality. For more information, see [GetObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html). + `Range`: Although you can specify a scan range for an Amazon S3 Select request (see [SelectObjectContentRequest - ScanRange](https://docs.aws.amazon.com/AmazonS3/latest/API/API_SelectObjectContent.html#AmazonS3-SelectObjectContent-request-ScanRange) in the request parameters), you cannot specify the range of bytes of an object to return. + The `GLACIER`, `DEEP_ARCHIVE`, and `REDUCED_REDUNDANCY` storage classes, or the `ARCHIVE_ACCESS` and `DEEP_ARCHIVE_ACCESS` access tiers of the `INTELLIGENT_TIERING` storage class: You cannot query objects in the `GLACIER`, `DEEP_ARCHIVE`, or `REDUCED_REDUNDANCY` storage classes, nor objects in the `ARCHIVE_ACCESS` or `DEEP_ARCHIVE_ACCESS` access tiers of the `INTELLIGENT_TIERING` storage class. For more information about storage classes, see [Using Amazon S3 storage classes](https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage-class-intro.html) in the *Amazon S3 User Guide*. Special Errors For a list of special errors for this operation, see [List of SELECT Object Content Error Codes](https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#SelectObjectContentErrorCodeList) The following operations are related to `SelectObjectContent`: + [GetObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html) + [GetBucketLifecycleConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycleConfiguration.html) + [PutBucketLifecycleConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` POST /{Key+}?select&select-type=2 HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-server-side-encryption-customer-algorithm: SSECustomerAlgorithm x-amz-server-side-encryption-customer-key: SSECustomerKey x-amz-server-side-encryption-customer-key-MD5: SSECustomerKeyMD5 x-amz-expected-bucket-owner: ExpectedBucketOwner string string boolean string boolean string string string string string string string string string string string string string long long ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_SelectObjectContent_RequestSyntax) ** The S3 bucket. Required: Yes ** [Key](#API_SelectObjectContent_RequestSyntax) ** The object key. Length Constraints: Minimum length of 1. Required: Yes ** [x-amz-expected-bucket-owner](#API_SelectObjectContent_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ** [x-amz-server-side-encryption-customer-algorithm](#API_SelectObjectContent_RequestSyntax) ** The server-side encryption (SSE) algorithm used to encrypt the object. This parameter is needed only when the object was created using a checksum algorithm. For more information, see [Protecting data using SSE-C keys](https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html) in the *Amazon S3 User Guide*. ** [x-amz-server-side-encryption-customer-key](#API_SelectObjectContent_RequestSyntax) ** The server-side encryption (SSE) customer managed key. This parameter is needed only when the object was created using a checksum algorithm. For more information, see [Protecting data using SSE-C keys](https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html) in the *Amazon S3 User Guide*. ** [x-amz-server-side-encryption-customer-key-MD5](#API_SelectObjectContent_RequestSyntax) ** The MD5 server-side encryption (SSE) customer managed key. This parameter is needed only when the object was created using a checksum algorithm. For more information, see [Protecting data using SSE-C keys](https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html) in the *Amazon S3 User Guide*. ## Request Body The request accepts the following data in XML format. ** [SelectObjectContentRequest](#API_SelectObjectContent_RequestSyntax) ** Root level tag for the SelectObjectContentRequest parameters. Required: Yes ** [Expression](#API_SelectObjectContent_RequestSyntax) ** The expression that is used to query the object. Type: String Required: Yes ** [ExpressionType](#API_SelectObjectContent_RequestSyntax) ** The type of the provided expression (for example, SQL). Type: String Valid Values: `SQL` Required: Yes ** [InputSerialization](#API_SelectObjectContent_RequestSyntax) ** Describes the format of the data in the object that is being queried. Type: [InputSerialization](API_InputSerialization.md) data type Required: Yes ** [OutputSerialization](#API_SelectObjectContent_RequestSyntax) ** Describes the format of the data that you want Amazon S3 to return in response. Type: [OutputSerialization](API_OutputSerialization.md) data type Required: Yes ** [RequestProgress](#API_SelectObjectContent_RequestSyntax) ** Specifies if periodic request progress information should be enabled. Type: [RequestProgress](API_RequestProgress.md) data type Required: No ** [ScanRange](#API_SelectObjectContent_RequestSyntax) ** Specifies the byte range of the object to get the records from. A record is processed when its first byte is contained by the range. This parameter is optional, but when specified, it must not be empty. See RFC 2616, Section 14.35.1 about how to specify the start and end of the range. `ScanRange`may be used in the following ways: + `50100` - process only the records starting between the bytes 50 and 100 (inclusive, counting from zero) + `50` - process only the records starting after the byte 50 + `50` - process only the records within the last 50 bytes of the file. Type: [ScanRange](API_ScanRange.md) data type Required: No ## Response Syntax ``` HTTP/1.1 200 blob

long long long

``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response. The following data is returned in XML format by the service. ** [Payload](#API_SelectObjectContent_ResponseSyntax) ** Root level tag for the Payload parameters. Required: Yes ** [Cont](#API_SelectObjectContent_ResponseSyntax) ** The Continuation Event. Type: [ContinuationEvent](API_ContinuationEvent.md) data type ** [End](#API_SelectObjectContent_ResponseSyntax) ** The End Event. Type: [EndEvent](API_EndEvent.md) data type ** [Progress](#API_SelectObjectContent_ResponseSyntax) ** The Progress Event. Type: [ProgressEvent](API_ProgressEvent.md) data type ** [Records](#API_SelectObjectContent_ResponseSyntax) ** The Records Event. Type: [RecordsEvent](API_RecordsEvent.md) data type ** [Stats](#API_SelectObjectContent_ResponseSyntax) ** The Stats Event. Type: [StatsEvent](API_StatsEvent.md) data type ## Examples ### Example 1: CSV object The following select request retrieves all records from an object with data stored in CSV format. The OutputSerialization element directs Amazon S3 to return results in CSV. You can try different queries in the `Expression` element: + Assuming that you are not using column headers, you can identify columns using positional headers: `SELECT s._1, s._2 FROM S3Object s WHERE s._3 > 100` + If you have column headers and you set the `FileHeaderInfo` to `Use`, you can identify columns by name in the expression: `SELECT s.Id, s.FirstName, s.SSN FROM S3Object s` + You can specify functions in the SQL expression: `SELECT count(*) FROM S3Object s WHERE s._1 < 1` ``` POST /exampleobject.csv?select&select-type=2 HTTP/1.1 Host: examplebucket.s3..amazonaws.com Date: Tue, 17 Oct 2017 01:49:52 GMT Authorization: authorization string Content-Length: content length Select * from S3Object SQL GZIP IGNORE \n , " " # ASNEEDED \n , " " ``` ### Example The following is a sample response. ``` HTTP/1.1 200 OK x-amz-id-2: GFihv3y6+kE7KG11GEkQhU7/2/cHR3Yb2fCb2S04nxI423Dqwg2XiQ0B/UZlzYQvPiBlZNRcovw= x-amz-request-id: 9F341CD3C4BA79E0 Date: Tue, 17 Oct 2017 23:54:05 GMT A series of messages ``` ### Example 2: JSON object The following select request retrieves all records from an object with data stored in JSON format. The OutputSerialization directs Amazon S3 to return results in CSV. You can try different queries in the `Expression` element: + You can filter by string comparison using record keys: `SELECT s.country, s.city from S3Object s where s.city = 'Seattle'` + You can specify functions in the SQL expression: `SELECT count(*) FROM S3Object s` ``` POST /exampleobject.json?select&select-type=2 HTTP/1.1 Host: examplebucket.s3..amazonaws.com Date: Tue, 17 Oct 2017 01:49:52 GMT Authorization: authorization string Content-Length: content length Select * from S3Object SQL GZIP DOCUMENT ASNEEDED \n , " " ``` ### Example The following is a sample response. ``` HTTP/1.1 200 OK x-amz-id-2: GFihv3y6+kE7KG11GEkQhU7/2/cHR3Yb2fCb2S04nxI423Dqwg2XiQ0B/UZlzYQvPiBlZNRcovw= x-amz-request-id: 9F341CD3C4BA79E0 Date: Tue, 17 Oct 2017 23:54:05 GMT A series of messages ``` ### Example 3: Parquet object + The `InputSerialization` element describes the format of the data in the object that is being queried. It must specify `CSV`, `JSON`, or `Parquet`. + The `OutputSerialization ` element describes the format of the data that you want Amazon S3 to return in response to the query. It must specify `CSV`, `JSON`. Amazon S3 doesn't support outputting data in the `Parquet` format. + The format of the `InputSerialization` doesn't need to match the format of the `OutputSerialization`. So, for example, you can specify `JSON` in the `InputSerialization` and `CSV` in the `OutputSerialization`. ``` POST /exampleobject.parquet?select&select-type=2 HTTP/1.1 Host: examplebucket.s3..amazonaws.com Date: Tue, 17 Oct 2017 01:49:52 GMT Authorization: authorization string Content-Length: content length Select * from S3Object SQL NONE ASNEEDED \n , " " ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/SelectObjectContent) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/SelectObjectContent) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/SelectObjectContent) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/SelectObjectContent) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/SelectObjectContent) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/SelectObjectContent) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/SelectObjectContent) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/SelectObjectContent) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/SelectObjectContent) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/SelectObjectContent) # UpdateBucketMetadataInventoryTableConfiguration Enables or disables a live inventory table for an S3 Metadata configuration on a general purpose bucket. For more information, see [Accelerating data discovery with S3 Metadata](https://docs.aws.amazon.com/AmazonS3/latest/userguide/metadata-tables-overview.html) in the *Amazon S3 User Guide*. Permissions To use this operation, you must have the following permissions. For more information, see [Setting up permissions for configuring metadata tables](https://docs.aws.amazon.com/AmazonS3/latest/userguide/metadata-tables-permissions.html) in the *Amazon S3 User Guide*. If you want to encrypt your inventory table with server-side encryption with AWS Key Management Service (AWS KMS) keys (SSE-KMS), you need additional permissions in your KMS key policy. For more information, see [ Setting up permissions for configuring metadata tables](https://docs.aws.amazon.com/AmazonS3/latest/userguide/metadata-tables-permissions.html) in the *Amazon S3 User Guide*. + `s3:UpdateBucketMetadataInventoryTableConfiguration` + `s3tables:CreateTableBucket` + `s3tables:CreateNamespace` + `s3tables:GetTable` + `s3tables:CreateTable` + `s3tables:PutTablePolicy` + `s3tables:PutTableEncryption` + `kms:DescribeKey` The following operations are related to `UpdateBucketMetadataInventoryTableConfiguration`: + [CreateBucketMetadataConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucketMetadataConfiguration.html) + [DeleteBucketMetadataConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketMetadataConfiguration.html) + [GetBucketMetadataConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketMetadataConfiguration.html) + [UpdateBucketMetadataJournalTableConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_UpdateBucketMetadataJournalTableConfiguration.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` PUT /?metadataInventoryTable HTTP/1.1 Host: Bucket.s3.amazonaws.com Content-MD5: ContentMD5 x-amz-sdk-checksum-algorithm: ChecksumAlgorithm x-amz-expected-bucket-owner: ExpectedBucketOwner string string string ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_UpdateBucketMetadataInventoryTableConfiguration_RequestSyntax) ** The general purpose bucket that corresponds to the metadata configuration that you want to enable or disable an inventory table for. Required: Yes ** [Content-MD5](#API_UpdateBucketMetadataInventoryTableConfiguration_RequestSyntax) ** The `Content-MD5` header for the inventory table configuration. ** [x-amz-expected-bucket-owner](#API_UpdateBucketMetadataInventoryTableConfiguration_RequestSyntax) ** The expected owner of the general purpose bucket that corresponds to the metadata table configuration that you want to enable or disable an inventory table for. ** [x-amz-sdk-checksum-algorithm](#API_UpdateBucketMetadataInventoryTableConfiguration_RequestSyntax) ** The checksum algorithm to use with your inventory table configuration. Valid Values: `CRC32 | CRC32C | SHA1 | SHA256 | CRC64NVME` ## Request Body The request accepts the following data in XML format. ** [InventoryTableConfiguration](#API_UpdateBucketMetadataInventoryTableConfiguration_RequestSyntax) ** Root level tag for the InventoryTableConfiguration parameters. Required: Yes ** [ConfigurationState](#API_UpdateBucketMetadataInventoryTableConfiguration_RequestSyntax) ** The configuration state of the inventory table, indicating whether the inventory table is enabled or disabled. Type: String Valid Values: `ENABLED | DISABLED` Required: Yes ** [EncryptionConfiguration](#API_UpdateBucketMetadataInventoryTableConfiguration_RequestSyntax) ** The encryption configuration for the inventory table. Type: [MetadataTableEncryptionConfiguration](API_MetadataTableEncryptionConfiguration.md) data type Required: No ## Response Syntax ``` HTTP/1.1 200 ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body. ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/UpdateBucketMetadataInventoryTableConfiguration) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/UpdateBucketMetadataInventoryTableConfiguration) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/UpdateBucketMetadataInventoryTableConfiguration) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/UpdateBucketMetadataInventoryTableConfiguration) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/UpdateBucketMetadataInventoryTableConfiguration) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/UpdateBucketMetadataInventoryTableConfiguration) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/UpdateBucketMetadataInventoryTableConfiguration) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/UpdateBucketMetadataInventoryTableConfiguration) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/UpdateBucketMetadataInventoryTableConfiguration) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/UpdateBucketMetadataInventoryTableConfiguration) # UpdateBucketMetadataJournalTableConfiguration Enables or disables journal table record expiration for an S3 Metadata configuration on a general purpose bucket. For more information, see [Accelerating data discovery with S3 Metadata](https://docs.aws.amazon.com/AmazonS3/latest/userguide/metadata-tables-overview.html) in the *Amazon S3 User Guide*. Permissions To use this operation, you must have the `s3:UpdateBucketMetadataJournalTableConfiguration` permission. For more information, see [Setting up permissions for configuring metadata tables](https://docs.aws.amazon.com/AmazonS3/latest/userguide/metadata-tables-permissions.html) in the *Amazon S3 User Guide*. The following operations are related to `UpdateBucketMetadataJournalTableConfiguration`: + [CreateBucketMetadataConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucketMetadataConfiguration.html) + [DeleteBucketMetadataConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketMetadataConfiguration.html) + [GetBucketMetadataConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketMetadataConfiguration.html) + [UpdateBucketMetadataInventoryTableConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_UpdateBucketMetadataInventoryTableConfiguration.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` PUT /?metadataJournalTable HTTP/1.1 Host: Bucket.s3.amazonaws.com Content-MD5: ContentMD5 x-amz-sdk-checksum-algorithm: ChecksumAlgorithm x-amz-expected-bucket-owner: ExpectedBucketOwner integer string ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_UpdateBucketMetadataJournalTableConfiguration_RequestSyntax) ** The general purpose bucket that corresponds to the metadata configuration that you want to enable or disable journal table record expiration for. Required: Yes ** [Content-MD5](#API_UpdateBucketMetadataJournalTableConfiguration_RequestSyntax) ** The `Content-MD5` header for the journal table configuration. ** [x-amz-expected-bucket-owner](#API_UpdateBucketMetadataJournalTableConfiguration_RequestSyntax) ** The expected owner of the general purpose bucket that corresponds to the metadata table configuration that you want to enable or disable journal table record expiration for. ** [x-amz-sdk-checksum-algorithm](#API_UpdateBucketMetadataJournalTableConfiguration_RequestSyntax) ** The checksum algorithm to use with your journal table configuration. Valid Values: `CRC32 | CRC32C | SHA1 | SHA256 | CRC64NVME` ## Request Body The request accepts the following data in XML format. ** [JournalTableConfiguration](#API_UpdateBucketMetadataJournalTableConfiguration_RequestSyntax) ** Root level tag for the JournalTableConfiguration parameters. Required: Yes ** [RecordExpiration](#API_UpdateBucketMetadataJournalTableConfiguration_RequestSyntax) ** The journal table record expiration settings for the journal table. Type: [RecordExpiration](API_RecordExpiration.md) data type Required: Yes ## Response Syntax ``` HTTP/1.1 200 ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body. ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/UpdateBucketMetadataJournalTableConfiguration) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/UpdateBucketMetadataJournalTableConfiguration) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/UpdateBucketMetadataJournalTableConfiguration) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/UpdateBucketMetadataJournalTableConfiguration) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/UpdateBucketMetadataJournalTableConfiguration) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/UpdateBucketMetadataJournalTableConfiguration) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/UpdateBucketMetadataJournalTableConfiguration) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/UpdateBucketMetadataJournalTableConfiguration) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/UpdateBucketMetadataJournalTableConfiguration) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/UpdateBucketMetadataJournalTableConfiguration) # UpdateObjectEncryption **Note** This operation is not supported for directory buckets or Amazon S3 on Outposts buckets. Updates the server-side encryption type of an existing encrypted object in a general purpose bucket. You can use the `UpdateObjectEncryption` operation to change encrypted objects from server-side encryption with Amazon S3 managed keys (SSE-S3) to server-side encryption with AWS Key Management Service (AWS KMS) keys (SSE-KMS), or to apply S3 Bucket Keys. You can also use the `UpdateObjectEncryption` operation to change the customer-managed KMS key used to encrypt your data so that you can comply with custom key-rotation standards. Using the `UpdateObjectEncryption` operation, you can atomically update the server-side encryption type of an existing object in a general purpose bucket without any data movement. The `UpdateObjectEncryption` operation uses envelope encryption to re-encrypt the data key used to encrypt and decrypt your object with your newly specified server-side encryption type. In other words, when you use the `UpdateObjectEncryption` operation, your data isn't copied, archived objects in the S3 Glacier Flexible Retrieval and S3 Glacier Deep Archive storage classes aren't restored, and objects in the S3 Intelligent-Tiering storage class aren't moved between tiers. Additionally, the `UpdateObjectEncryption` operation preserves all object metadata properties, including the storage class, creation date, last modified date, ETag, and checksum properties. For more information, see [ Updating server-side encryption for existing objects](https://docs.aws.amazon.com/AmazonS3/latest/userguide/update-sse-encryption.html) in the *Amazon S3 User Guide*. By default, all `UpdateObjectEncryption` requests that specify a customer-managed KMS key are restricted to KMS keys that are owned by the bucket owner's AWS account. If you're using AWS Organizations, you can request the ability to use KMS keys owned by other member accounts within your organization by contacting AWS Support. **Note** Source objects that are unencrypted, or encrypted with either dual-layer server-side encryption with AWS KMS keys (DSSE-KMS) or server-side encryption with customer-provided keys (SSE-C) aren't supported by this operation. Additionally, you cannot specify SSE-S3 encryption as the requested new encryption type `UpdateObjectEncryption` request. Permissions + To use the `UpdateObjectEncryption` operation, you must have the following permissions: + `s3:PutObject` + `s3:UpdateObjectEncryption` + `kms:Encrypt` + `kms:Decrypt` + `kms:GenerateDataKey` + `kms:ReEncrypt*` + If you're using AWS Organizations, to use this operation with customer-managed KMS keys from other AWS accounts within your organization, you must have the `organizations:DescribeAccount` permission. Errors + You might receive an `InvalidRequest` error for several reasons. Depending on the reason for the error, you might receive one of the following messages: + The `UpdateObjectEncryption` operation doesn't supported unencrypted source objects. Only source objects encrypted with SSE-S3 or SSE-KMS are supported. + The `UpdateObjectEncryption` operation doesn't support source objects with the encryption type DSSE-KMS or SSE-C. Only source objects encrypted with SSE-S3 or SSE-KMS are supported. + The `UpdateObjectEncryption` operation doesn't support updating the encryption type to DSSE-KMS or SSE-C. Modify the request to specify SSE-KMS for the updated encryption type, and then try again. + Requests that modify an object encryption configuration require AWS Signature Version 4. Modify the request to use AWS Signature Version 4, and then try again. + Requests that modify an object encryption configuration require a valid new encryption type. Valid values are `SSEKMS`. Modify the request to specify SSE-KMS for the updated encryption type, and then try again. + Requests that modify an object's encryption type to SSE-KMS require an AWS KMS key Amazon Resource Name (ARN). Modify the request to specify a KMS key ARN, and then try again. + Requests that modify an object's encryption type to SSE-KMS require a valid AWS KMS key Amazon Resource Name (ARN). Confirm that you have a correctly formatted KMS key ARN in your request, and then try again. + The `BucketKeyEnabled` value isn't valid. Valid values are `true` or `false`. Modify the request to specify a valid value, and then try again. + You might receive an `AccessDenied` error for several reasons. Depending on the reason for the error, you might receive one of the following messages: + The AWS KMS key in the request must be owned by the same account as the bucket. Modify the request to specify a KMS key from the same account, and then try again. + The bucket owner's account was approved to make `UpdateObjectEncryption` requests that use any AWS KMS key in their organization, but the bucket owner's account isn't part of an organization in AWS Organizations. Make sure that the bucket owner's account and the specified KMS key belong to the same organization, and then try again. + The specified AWS KMS key must be from the same organization in AWS Organizations as the bucket. Specify a KMS key that belongs to the same organization as the bucket, and then try again. + The encryption type for the specified object can’t be updated because that object is protected by S3 Object Lock. If the object has a governance-mode retention period or a legal hold, you must first remove the Object Lock status on the object before you issue your `UpdateObjectEncryption` request. You can't use the `UpdateObjectEncryption` operation with objects that have an Object Lock compliance mode retention period applied to them. ## Request Syntax ``` PUT /{Key+}?encryption&versionId=VersionId HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-request-payer: RequestPayer x-amz-expected-bucket-owner: ExpectedBucketOwner Content-MD5: ContentMD5 x-amz-sdk-checksum-algorithm: ChecksumAlgorithm

boolean string

``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_UpdateObjectEncryption_RequestSyntax) ** The name of the general purpose bucket that contains the specified object key name. When you use this operation with an access point attached to a general purpose bucket, you must either provide the alias of the access point in place of the bucket name or you must specify the access point Amazon Resource Name (ARN). When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form ` AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com`. When using this operation with an access point through the AWS SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see [ Referencing access points](https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-points-naming.html) in the *Amazon S3 User Guide*. Required: Yes ** [Content-MD5](#API_UpdateObjectEncryption_RequestSyntax) ** The MD5 hash for the request body. For requests made using the AWS Command Line Interface (CLI) or AWS SDKs, this field is calculated automatically. ** [Key](#API_UpdateObjectEncryption_RequestSyntax) ** The key name of the object that you want to update the server-side encryption type for. Length Constraints: Minimum length of 1. Required: Yes ** [versionId](#API_UpdateObjectEncryption_RequestSyntax) ** The version ID of the object that you want to update the server-side encryption type for. ** [x-amz-expected-bucket-owner](#API_UpdateObjectEncryption_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide doesn't match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ** [x-amz-request-payer](#API_UpdateObjectEncryption_RequestSyntax) ** Confirms that the requester knows that they will be charged for the request. Bucket owners need not specify this parameter in their requests. If either the source or destination S3 bucket has Requester Pays enabled, the requester will pay for the corresponding charges. For information about downloading objects from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets](https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) in the *Amazon S3 User Guide*. This functionality is not supported for directory buckets. Valid Values: `requester` ** [x-amz-sdk-checksum-algorithm](#API_UpdateObjectEncryption_RequestSyntax) ** Indicates the algorithm used to create the checksum for the object when you use an AWS SDK. This header doesn't provide any additional functionality if you don't use the SDK. When you send this header, there must be a corresponding `x-amz-checksum` or `x-amz-trailer` header sent. Otherwise, Amazon S3 fails the request with the HTTP status code `400 Bad Request`. For more information, see [ Checking object integrity ](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) in the *Amazon S3 User Guide*. If you provide an individual checksum, Amazon S3 ignores any provided `ChecksumAlgorithm` parameter. Valid Values: `CRC32 | CRC32C | SHA1 | SHA256 | CRC64NVME` ## Request Body The request accepts the following data in XML format. ** [ObjectEncryption](#API_UpdateObjectEncryption_RequestSyntax) ** Root level tag for the ObjectEncryption parameters. Required: Yes ** [SSEKMS](#API_UpdateObjectEncryption_RequestSyntax) ** Specifies to update the object encryption type to server-side encryption with AWS Key Management Service (AWS KMS) keys (SSE-KMS). Type: [SSEKMSEncryption](API_SSEKMSEncryption.md) data type Required: No ## Response Syntax ``` HTTP/1.1 200 x-amz-request-charged: RequestCharged ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response. The response returns the following HTTP headers. ** [x-amz-request-charged](#API_UpdateObjectEncryption_ResponseSyntax) ** If present, indicates that the requester was successfully charged for the request. For more information, see [Using Requester Pays buckets for storage transfers and usage](https://docs.aws.amazon.com/AmazonS3/latest/userguide/RequesterPaysBuckets.html) in the *Amazon Simple Storage Service user guide*. This functionality is not supported for directory buckets. Valid Values: `requester` ## Errors ** AccessDenied ** You might receive this error for several reasons. For details, see the description of this API operation. HTTP Status Code: 403 ** InvalidRequest ** A parameter or header in your request isn't valid. For details, see the description of this API operation. HTTP Status Code: 400 ** NoSuchKey ** The specified key does not exist. HTTP Status Code: 404 ## Examples ### Sample Request: Updating encryption type to SSE-KMS with S3 Bucket Keys enabled The following example request illustrates updating the server-side encryption type of the `example.txt` object in the `amzn-s3-demo-bucket` bucket to SSE-KMS with S3 Bucket Keys enabled. ``` PUT /example.txt?encryption&versionId=VersionId HTTP/1.1 Host: amzn-s3-demo-bucket.s3..amazonaws.com x-amz-request-payer: x-amz-expected-bucket-owner: Content-MD5: x-amz-sdk-checksum-algorithm:

true arn:aws:kms:::key/

``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/UpdateObjectEncryption) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/UpdateObjectEncryption) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/UpdateObjectEncryption) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/UpdateObjectEncryption) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/UpdateObjectEncryption) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/UpdateObjectEncryption) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/UpdateObjectEncryption) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/UpdateObjectEncryption) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/UpdateObjectEncryption) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/UpdateObjectEncryption) # UploadPart Uploads a part in a multipart upload. **Note** In this operation, you provide new data as a part of an object in your request. However, you have an option to specify your existing Amazon S3 object as a data source for the part you are uploading. To upload a part from an existing object, you use the [UploadPartCopy](https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html) operation. You must initiate a multipart upload (see [CreateMultipartUpload](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html)) before you can upload any part. In response to your initiate request, Amazon S3 returns an upload ID, a unique identifier that you must include in your upload part request. Part numbers can be any number from 1 to 10,000, inclusive. A part number uniquely identifies a part and also defines its position within the object being created. If you upload a new part using the same part number that was used with a previous part, the previously uploaded part is overwritten. For information about maximum and minimum part sizes and other multipart upload specifications, see [Multipart upload limits](https://docs.aws.amazon.com/AmazonS3/latest/userguide/qfacts.html) in the *Amazon S3 User Guide*. **Note** After you initiate multipart upload and upload one or more parts, you must either complete or abort multipart upload in order to stop getting charged for storage of the uploaded parts. Only after you either complete or abort multipart upload, Amazon S3 frees up the parts storage and stops charging you for the parts storage. For more information on multipart uploads, go to [Multipart Upload Overview](https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html) in the *Amazon S3 User Guide *. **Note** **Directory buckets** - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format `https://amzn-s3-demo-bucket.s3express-zone-id.region-code.amazonaws.com/key-name `. Path-style requests are not supported. For more information about endpoints in Availability Zones, see [Regional and Zonal endpoints for directory buckets in Availability Zones](https://docs.aws.amazon.com/AmazonS3/latest/userguide/endpoint-directory-buckets-AZ.html) in the *Amazon S3 User Guide*. For more information about endpoints in Local Zones, see [Concepts for directory buckets in Local Zones](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-lzs-for-directory-buckets.html) in the *Amazon S3 User Guide*. Permissions + **General purpose bucket permissions** - To perform a multipart upload with encryption using an AWS Key Management Service key, the requester must have permission to the `kms:Decrypt` and `kms:GenerateDataKey` actions on the key. The requester must also have permissions for the `kms:GenerateDataKey` action for the `CreateMultipartUpload` API. Then, the requester needs permissions for the `kms:Decrypt` action on the `UploadPart` and `UploadPartCopy` APIs. These permissions are required because Amazon S3 must decrypt and read data from the encrypted file parts before it completes the multipart upload. For more information about KMS permissions, see [Protecting data using server-side encryption with AWS KMS](https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html) in the *Amazon S3 User Guide*. For information about the permissions required to use the multipart upload API, see [Multipart upload and permissions](https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html) and [Multipart upload API and permissions](https://docs.aws.amazon.com/AmazonS3/latest/userguide/mpuoverview.html#mpuAndPermissions) in the *Amazon S3 User Guide*. + **Directory bucket permissions** - To grant access to this API operation on a directory bucket, we recommend that you use the [https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) API operation for session-based authorization. Specifically, you grant the `s3express:CreateSession` permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the `CreateSession` API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another `CreateSession` API call to generate a new session token for use. AWS CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see [https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). If the object is encrypted with SSE-KMS, you must also have the `kms:GenerateDataKey` and `kms:Decrypt` permissions in IAM identity-based policies and AWS KMS key policies for the AWS KMS key. Data integrity **General purpose bucket** - To ensure that data is not corrupted traversing the network, specify the `Content-MD5` header in the upload part request. Amazon S3 checks the part data against the provided MD5 value. If they do not match, Amazon S3 returns an error. If the upload request is signed with Signature Version 4, then AWS S3 uses the `x-amz-content-sha256` header as a checksum instead of `Content-MD5`. For more information see [Authenticating Requests: Using the Authorization Header (AWS Signature Version 4)](https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-auth-using-authorization-header.html). **Directory buckets** - MD5 is not supported by directory buckets. You can use checksum algorithms to check object integrity. Encryption + **General purpose bucket** - Server-side encryption is for data encryption at rest. Amazon S3 encrypts your data as it writes it to disks in its data centers and decrypts it when you access it. You have mutually exclusive options to protect data using server-side encryption in Amazon S3, depending on how you choose to manage the encryption keys. Specifically, the encryption key options are Amazon S3 managed keys (SSE-S3), AWS KMS keys (SSE-KMS), and Customer-Provided Keys (SSE-C). Amazon S3 encrypts data with server-side encryption using Amazon S3 managed keys (SSE-S3) by default. You can optionally tell Amazon S3 to encrypt data at rest using server-side encryption with other key options. The option you use depends on whether you want to use KMS keys (SSE-KMS) or provide your own encryption key (SSE-C). Server-side encryption is supported by the S3 Multipart Upload operations. Unless you are using a customer-provided encryption key (SSE-C), you don't need to specify the encryption parameters in each UploadPart request. Instead, you only need to specify the server-side encryption parameters in the initial Initiate Multipart request. For more information, see [CreateMultipartUpload](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html). **Note** If you have server-side encryption with customer-provided keys (SSE-C) blocked for your general purpose bucket, you will get an HTTP 403 Access Denied error when you specify the SSE-C request headers while writing new data to your bucket. For more information, see [Blocking or unblocking SSE-C for a general purpose bucket](https://docs.aws.amazon.com/AmazonS3/latest/userguide/blocking-unblocking-s3-c-encryption-gpb.html). If you request server-side encryption using a customer-provided encryption key (SSE-C) in your initiate multipart upload request, you must provide identical encryption information in each part upload using the following request headers. + x-amz-server-side-encryption-customer-algorithm + x-amz-server-side-encryption-customer-key + x-amz-server-side-encryption-customer-key-MD5 For more information, see [Using Server-Side Encryption](https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html) in the *Amazon S3 User Guide*. + **Directory buckets ** - For directory buckets, there are only two supported options for server-side encryption: server-side encryption with Amazon S3 managed keys (SSE-S3) (`AES256`) and server-side encryption with AWS KMS keys (SSE-KMS) (`aws:kms`). Special errors + Error Code: `NoSuchUpload` + Description: The specified multipart upload does not exist. The upload ID might be invalid, or the multipart upload might have been aborted or completed. + HTTP Status Code: 404 Not Found + SOAP Fault Code Prefix: Client HTTP Host header syntax **Directory buckets ** - The HTTP Host header syntax is ` Bucket-name.s3express-zone-id.region-code.amazonaws.com`. The following operations are related to `UploadPart`: + [CreateMultipartUpload](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html) + [CompleteMultipartUpload](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html) + [AbortMultipartUpload](https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html) + [ListParts](https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html) + [ListMultipartUploads](https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListMultipartUploads.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` PUT /Key+?partNumber=PartNumber&uploadId=UploadId HTTP/1.1 Host: Bucket.s3.amazonaws.com Content-Length: ContentLength Content-MD5: ContentMD5 x-amz-sdk-checksum-algorithm: ChecksumAlgorithm x-amz-checksum-crc32: ChecksumCRC32 x-amz-checksum-crc32c: ChecksumCRC32C x-amz-checksum-crc64nvme: ChecksumCRC64NVME x-amz-checksum-sha1: ChecksumSHA1 x-amz-checksum-sha256: ChecksumSHA256 x-amz-server-side-encryption-customer-algorithm: SSECustomerAlgorithm x-amz-server-side-encryption-customer-key: SSECustomerKey x-amz-server-side-encryption-customer-key-MD5: SSECustomerKeyMD5 x-amz-request-payer: RequestPayer x-amz-expected-bucket-owner: ExpectedBucketOwner Body ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_UploadPart_RequestSyntax) ** The name of the bucket to which the multipart upload was initiated. **Directory buckets** - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format ` Bucket-name.s3express-zone-id.region-code.amazonaws.com`. Path-style requests are not supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must follow the format ` bucket-base-name--zone-id--x-s3` (for example, ` amzn-s3-demo-bucket--usw2-az1--x-s3`). For information about bucket naming restrictions, see [Directory bucket naming rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) in the *Amazon S3 User Guide*. **Access points** - When you use this action with an access point for general purpose buckets, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When you use this action with an access point for directory buckets, you must provide the access point name in place of the bucket name. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com. When using this action with an access point through the AWS SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see [Using access points](https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) in the *Amazon S3 User Guide*. Object Lambda access points are not supported by directory buckets. **S3 on Outposts** - When you use this action with S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form ` AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com`. When you use this action with S3 on Outposts, the destination bucket must be the Outposts access point ARN or the access point alias. For more information about S3 on Outposts, see [What is S3 on Outposts?](https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) in the *Amazon S3 User Guide*. Required: Yes ** [Content-Length](#API_UploadPart_RequestSyntax) ** Size of the body in bytes. This parameter is useful when the size of the body cannot be determined automatically. ** [Content-MD5](#API_UploadPart_RequestSyntax) ** The Base64 encoded 128-bit MD5 digest of the part data. This parameter is auto-populated when using the command from the CLI. This parameter is required if object lock parameters are specified. This functionality is not supported for directory buckets. ** [Key](#API_UploadPart_RequestSyntax) ** Object key for which the multipart upload was initiated. Length Constraints: Minimum length of 1. Required: Yes ** [partNumber](#API_UploadPart_RequestSyntax) ** Part number of part being uploaded. This is a positive integer between 1 and 10,000. Required: Yes ** [uploadId](#API_UploadPart_RequestSyntax) ** Upload ID identifying the multipart upload whose part is being uploaded. Required: Yes ** [x-amz-checksum-crc32](#API_UploadPart_RequestSyntax) ** This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This header specifies the Base64 encoded, 32-bit `CRC32` checksum of the object. For more information, see [Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) in the *Amazon S3 User Guide*. ** [x-amz-checksum-crc32c](#API_UploadPart_RequestSyntax) ** This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This header specifies the Base64 encoded, 32-bit `CRC32C` checksum of the object. For more information, see [Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) in the *Amazon S3 User Guide*. ** [x-amz-checksum-crc64nvme](#API_UploadPart_RequestSyntax) ** This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This header specifies the Base64 encoded, 64-bit `CRC64NVME` checksum of the part. For more information, see [Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) in the *Amazon S3 User Guide*. ** [x-amz-checksum-sha1](#API_UploadPart_RequestSyntax) ** This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This header specifies the Base64 encoded, 160-bit `SHA1` digest of the object. For more information, see [Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) in the *Amazon S3 User Guide*. ** [x-amz-checksum-sha256](#API_UploadPart_RequestSyntax) ** This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This header specifies the Base64 encoded, 256-bit `SHA256` digest of the object. For more information, see [Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) in the *Amazon S3 User Guide*. ** [x-amz-expected-bucket-owner](#API_UploadPart_RequestSyntax) ** The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ** [x-amz-request-payer](#API_UploadPart_RequestSyntax) ** Confirms that the requester knows that they will be charged for the request. Bucket owners need not specify this parameter in their requests. If either the source or destination S3 bucket has Requester Pays enabled, the requester will pay for the corresponding charges. For information about downloading objects from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets](https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) in the *Amazon S3 User Guide*. This functionality is not supported for directory buckets. Valid Values: `requester` ** [x-amz-sdk-checksum-algorithm](#API_UploadPart_RequestSyntax) ** Indicates the algorithm used to create the checksum for the object when you use the SDK. This header will not provide any additional functionality if you don't use the SDK. When you send this header, there must be a corresponding `x-amz-checksum` or `x-amz-trailer` header sent. Otherwise, Amazon S3 fails the request with the HTTP status code `400 Bad Request`. For more information, see [Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) in the *Amazon S3 User Guide*. If you provide an individual checksum, Amazon S3 ignores any provided `ChecksumAlgorithm` parameter. This checksum algorithm must be the same for all parts and it match the checksum value supplied in the `CreateMultipartUpload` request. Valid Values: `CRC32 | CRC32C | SHA1 | SHA256 | CRC64NVME` ** [x-amz-server-side-encryption-customer-algorithm](#API_UploadPart_RequestSyntax) ** Specifies the algorithm to use when encrypting the object (for example, AES256). This functionality is not supported for directory buckets. ** [x-amz-server-side-encryption-customer-key](#API_UploadPart_RequestSyntax) ** Specifies the customer-provided encryption key for Amazon S3 to use in encrypting data. This value is used to store the object and then it is discarded; Amazon S3 does not store the encryption key. The key must be appropriate for use with the algorithm specified in the `x-amz-server-side-encryption-customer-algorithm header`. This must be the same encryption key specified in the initiate multipart upload request. This functionality is not supported for directory buckets. ** [x-amz-server-side-encryption-customer-key-MD5](#API_UploadPart_RequestSyntax) ** Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. Amazon S3 uses this header for a message integrity check to ensure that the encryption key was transmitted without error. This functionality is not supported for directory buckets. ## Request Body The request accepts the following binary data. ** [Body](#API_UploadPart_RequestSyntax) ** ## Response Syntax ``` HTTP/1.1 200 x-amz-server-side-encryption: ServerSideEncryption ETag: ETag x-amz-checksum-crc32: ChecksumCRC32 x-amz-checksum-crc32c: ChecksumCRC32C x-amz-checksum-crc64nvme: ChecksumCRC64NVME x-amz-checksum-sha1: ChecksumSHA1 x-amz-checksum-sha256: ChecksumSHA256 x-amz-server-side-encryption-customer-algorithm: SSECustomerAlgorithm x-amz-server-side-encryption-customer-key-MD5: SSECustomerKeyMD5 x-amz-server-side-encryption-aws-kms-key-id: SSEKMSKeyId x-amz-server-side-encryption-bucket-key-enabled: BucketKeyEnabled x-amz-request-charged: RequestCharged ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response. The response returns the following HTTP headers. ** [ETag](#API_UploadPart_ResponseSyntax) ** Entity tag for the uploaded object. ** [x-amz-checksum-crc32](#API_UploadPart_ResponseSyntax) ** The Base64 encoded, 32-bit `CRC32 checksum` of the object. This checksum is only present if the checksum was uploaded with the object. When you use an API operation on an object that was uploaded using multipart uploads, this value may not be a direct checksum value of the full object. Instead, it's a calculation based on the checksum values of each individual part. For more information about how checksums are calculated with multipart uploads, see [ Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) in the *Amazon S3 User Guide*. ** [x-amz-checksum-crc32c](#API_UploadPart_ResponseSyntax) ** The Base64 encoded, 32-bit `CRC32C` checksum of the object. This checksum is only present if the checksum was uploaded with the object. When you use an API operation on an object that was uploaded using multipart uploads, this value may not be a direct checksum value of the full object. Instead, it's a calculation based on the checksum values of each individual part. For more information about how checksums are calculated with multipart uploads, see [ Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) in the *Amazon S3 User Guide*. ** [x-amz-checksum-crc64nvme](#API_UploadPart_ResponseSyntax) ** This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This header specifies the Base64 encoded, 64-bit `CRC64NVME` checksum of the part. For more information, see [Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) in the *Amazon S3 User Guide*. ** [x-amz-checksum-sha1](#API_UploadPart_ResponseSyntax) ** The Base64 encoded, 160-bit `SHA1` digest of the object. This checksum is only present if the checksum was uploaded with the object. When you use the API operation on an object that was uploaded using multipart uploads, this value may not be a direct checksum value of the full object. Instead, it's a calculation based on the checksum values of each individual part. For more information about how checksums are calculated with multipart uploads, see [ Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) in the *Amazon S3 User Guide*. ** [x-amz-checksum-sha256](#API_UploadPart_ResponseSyntax) ** The Base64 encoded, 256-bit `SHA256` digest of the object. This checksum is only present if the checksum was uploaded with the object. When you use an API operation on an object that was uploaded using multipart uploads, this value may not be a direct checksum value of the full object. Instead, it's a calculation based on the checksum values of each individual part. For more information about how checksums are calculated with multipart uploads, see [ Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) in the *Amazon S3 User Guide*. ** [x-amz-request-charged](#API_UploadPart_ResponseSyntax) ** If present, indicates that the requester was successfully charged for the request. For more information, see [Using Requester Pays buckets for storage transfers and usage](https://docs.aws.amazon.com/AmazonS3/latest/userguide/RequesterPaysBuckets.html) in the *Amazon Simple Storage Service user guide*. This functionality is not supported for directory buckets. Valid Values: `requester` ** [x-amz-server-side-encryption](#API_UploadPart_ResponseSyntax) ** The server-side encryption algorithm used when you store this object in Amazon S3 or Amazon FSx. When accessing data stored in Amazon FSx file systems using S3 access points, the only valid server side encryption option is `aws:fsx`. Valid Values: `AES256 | aws:fsx | aws:kms | aws:kms:dsse` ** [x-amz-server-side-encryption-aws-kms-key-id](#API_UploadPart_ResponseSyntax) ** If present, indicates the ID of the KMS key that was used for object encryption. ** [x-amz-server-side-encryption-bucket-key-enabled](#API_UploadPart_ResponseSyntax) ** Indicates whether the multipart upload uses an S3 Bucket Key for server-side encryption with AWS Key Management Service (AWS KMS) keys (SSE-KMS). ** [x-amz-server-side-encryption-customer-algorithm](#API_UploadPart_ResponseSyntax) ** If server-side encryption with a customer-provided encryption key was requested, the response will include this header to confirm the encryption algorithm that's used. This functionality is not supported for directory buckets. ** [x-amz-server-side-encryption-customer-key-MD5](#API_UploadPart_ResponseSyntax) ** If server-side encryption with a customer-provided encryption key was requested, the response will include this header to provide the round-trip message integrity verification of the customer-provided encryption key. This functionality is not supported for directory buckets. ## Examples ### Sample Request for general purpose buckets The following PUT request uploads a part (part number 1) in a multipart upload. The request includes the upload ID that you get in response to your Initiate Multipart Upload request. ``` PUT /my-movie.m2ts?partNumber=1&uploadId=VCVsb2FkIElEIGZvciBlbZZpbmcncyBteS1tb3ZpZS5tMnRzIHVwbG9hZR HTTP/1.1 Host: example-bucket.s3..amazonaws.com Date: Mon, 1 Nov 2010 20:34:56 GMT Content-Length: 10485760 Content-MD5: pUNXr/BjKK5G2UKvaRRrOA== Authorization: authorization string ***part data omitted*** ``` ### Sample Response for general purpose buckets The response includes the ETag header. You need to retain this value for use when you send the Complete Multipart Upload request. ``` HTTP/1.1 200 OK x-amz-id-2: Vvag1LuByRx9e6j5Onimru9pO4ZVKnJ2Qz7/C1NPcfTWAtRPfTaOFg== x-amz-request-id: 656c76696e6727732072657175657374 Date: Mon, 1 Nov 2010 20:34:56 GMT ETag: "b54357faf0632cce46e942fa68356b38" Content-Length: 0 Connection: keep-alive Server: AmazonS3 ``` ### Example for general purpose buckets: Upload a part with an encryption key in the request for server-side encryption If you initiated a multipart upload with a request to save an object using server-side encryption with a customer-provided encryption key, each part upload must also include the same set of encryption-specific headers as shown in the following example request. ``` PUT /example-object?partNumber=1&uploadId=EXAMPLEJZ6e0YupT2h66iePQCc9IEbYbDUy4RTpMeoSMLPRp8Z5o1u8feSRonpvnWsKKG35tI2LB9VDPiCgTy.Gq2VxQLYjrue4Nq.NBdqI- HTTP/1.1 Host: example-bucket.s3..amazonaws.com Authorization: authorization string Date: Wed, 28 May 2014 19:40:11 +0000 x-amz-server-side-encryption-customer-key: g0lCfA3Dv40jZz5SQJ1ZukLRFqtI5WorC/8SEEXAMPLE x-amz-server-side-encryption-customer-key-MD5: ZjQrne1X/iTcskbY2example x-amz-server-side-encryption-customer-algorithm: AES256 ``` ### Example for general purpose buckets In the response, Amazon S3 returns encryption-specific headers providing the encryption algorithm used and MD5 digest of the encryption key you provided in the request. ``` HTTP/1.1 100 Continue HTTP/1.1 200 OK x-amz-id-2: Zn8bf8aEFQ+kBnGPBc/JaAf9SoWM68QDPS9+SyFwkIZOHUG2BiRLZi5oXw4cOCEt x-amz-request-id: 5A37448A37622243 Date: Wed, 28 May 2014 19:40:12 GMT ETag: "7e10e7d25dc4581d89b9285be5f384fd" x-amz-server-side-encryption-customer-algorithm: AES256 x-amz-server-side-encryption-customer-key-MD5: ZjQrne1X/iTcskbY2example ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/UploadPart) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/UploadPart) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/UploadPart) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/UploadPart) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/UploadPart) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/UploadPart) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/UploadPart) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/UploadPart) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/UploadPart) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/UploadPart) # UploadPartCopy Uploads a part by copying data from an existing object as data source. To specify the data source, you add the request header `x-amz-copy-source` in your request. To specify a byte range, you add the request header `x-amz-copy-source-range` in your request. For information about maximum and minimum part sizes and other multipart upload specifications, see [Multipart upload limits](https://docs.aws.amazon.com/AmazonS3/latest/userguide/qfacts.html) in the *Amazon S3 User Guide*. **Note** Instead of copying data from an existing object as part data, you might use the [UploadPart](https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html) action to upload new data as a part of an object in your request. You must initiate a multipart upload before you can upload any part. In response to your initiate request, Amazon S3 returns the upload ID, a unique identifier that you must include in your upload part request. For conceptual information about multipart uploads, see [Uploading Objects Using Multipart Upload](https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html) in the *Amazon S3 User Guide*. For information about copying objects using a single atomic action vs. a multipart upload, see [Operations on Objects](https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectOperations.html) in the *Amazon S3 User Guide*. **Note** **Directory buckets** - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format `https://amzn-s3-demo-bucket.s3express-zone-id.region-code.amazonaws.com/key-name `. Path-style requests are not supported. For more information about endpoints in Availability Zones, see [Regional and Zonal endpoints for directory buckets in Availability Zones](https://docs.aws.amazon.com/AmazonS3/latest/userguide/endpoint-directory-buckets-AZ.html) in the *Amazon S3 User Guide*. For more information about endpoints in Local Zones, see [Concepts for directory buckets in Local Zones](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-lzs-for-directory-buckets.html) in the *Amazon S3 User Guide*. Authentication and authorization All `UploadPartCopy` requests must be authenticated and signed by using IAM credentials (access key ID and secret access key for the IAM identities). All headers with the `x-amz-` prefix, including `x-amz-copy-source`, must be signed. For more information, see [REST Authentication](https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html). **Directory buckets** - You must use IAM credentials to authenticate and authorize your access to the `UploadPartCopy` API operation, instead of using the temporary security credentials through the `CreateSession` API operation. AWS CLI or SDKs handles authentication and authorization on your behalf. Permissions You must have `READ` access to the source object and `WRITE` access to the destination bucket. + **General purpose bucket permissions** - You must have the permissions in a policy based on the bucket types of your source bucket and destination bucket in an `UploadPartCopy` operation. + If the source object is in a general purpose bucket, you must have the ** `s3:GetObject` ** permission to read the source object that is being copied. + If the destination bucket is a general purpose bucket, you must have the ** `s3:PutObject` ** permission to write the object copy to the destination bucket. + To perform a multipart upload with encryption using an AWS Key Management Service key, the requester must have permission to the `kms:Decrypt` and `kms:GenerateDataKey` actions on the key. The requester must also have permissions for the `kms:GenerateDataKey` action for the `CreateMultipartUpload` API. Then, the requester needs permissions for the `kms:Decrypt` action on the `UploadPart` and `UploadPartCopy` APIs. These permissions are required because Amazon S3 must decrypt and read data from the encrypted file parts before it completes the multipart upload. For more information about KMS permissions, see [Protecting data using server-side encryption with AWS KMS](https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html) in the *Amazon S3 User Guide*. For information about the permissions required to use the multipart upload API, see [Multipart upload and permissions](https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html) and [Multipart upload API and permissions](https://docs.aws.amazon.com/AmazonS3/latest/userguide/mpuoverview.html#mpuAndPermissions) in the *Amazon S3 User Guide*. + **Directory bucket permissions** - You must have permissions in a bucket policy or an IAM identity-based policy based on the source and destination bucket types in an `UploadPartCopy` operation. + If the source object that you want to copy is in a directory bucket, you must have the ** `s3express:CreateSession` ** permission in the `Action` element of a policy to read the object. If no session mode is specified, the session will be created with the maximum allowable privilege, attempting `ReadWrite` first, then `ReadOnly` if `ReadWrite` is not permitted. If you want to explicitly restrict the access to be read-only, you can set the `s3express:SessionMode` condition key to `ReadOnly` on the copy source bucket. + If the copy destination is a directory bucket, you must have the ** `s3express:CreateSession` ** permission in the `Action` element of a policy to write the object to the destination. The `s3express:SessionMode` condition key cannot be set to `ReadOnly` on the copy destination. If the object is encrypted with SSE-KMS, you must also have the `kms:GenerateDataKey` and `kms:Decrypt` permissions in IAM identity-based policies and AWS KMS key policies for the AWS KMS key. For example policies, see [Example bucket policies for S3 Express One Zone](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-example-bucket-policies.html) and [AWS Identity and Access Management (IAM) identity-based policies for S3 Express One Zone](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-identity-policies.html) in the *Amazon S3 User Guide*. Encryption + **General purpose buckets ** - For information about using server-side encryption with customer-provided encryption keys with the `UploadPartCopy` operation, see [CopyObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html) and [UploadPart](https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html). **Note** If you have server-side encryption with customer-provided keys (SSE-C) blocked for your general purpose bucket, you will get an HTTP 403 Access Denied error when you specify the SSE-C request headers while writing new data to your bucket. For more information, see [Blocking or unblocking SSE-C for a general purpose bucket](https://docs.aws.amazon.com/AmazonS3/latest/userguide/blocking-unblocking-s3-c-encryption-gpb.html). + **Directory buckets ** - For directory buckets, there are only two supported options for server-side encryption: server-side encryption with Amazon S3 managed keys (SSE-S3) (`AES256`) and server-side encryption with AWS KMS keys (SSE-KMS) (`aws:kms`). For more information, see [Protecting data with server-side encryption](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-serv-side-encryption.html) in the *Amazon S3 User Guide*. **Note** For directory buckets, when you perform a `CreateMultipartUpload` operation and an `UploadPartCopy` operation, the request headers you provide in the `CreateMultipartUpload` request must match the default encryption configuration of the destination bucket. S3 Bucket Keys aren't supported, when you copy SSE-KMS encrypted objects from general purpose buckets to directory buckets, from directory buckets to general purpose buckets, or between directory buckets, through [UploadPartCopy](https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html). In this case, Amazon S3 makes a call to AWS KMS every time a copy request is made for a KMS-encrypted object. Special errors + Error Code: `NoSuchUpload` + Description: The specified multipart upload does not exist. The upload ID might be invalid, or the multipart upload might have been aborted or completed. + HTTP Status Code: 404 Not Found + Error Code: `InvalidRequest` + Description: The specified copy source is not supported as a byte-range copy source. + HTTP Status Code: 400 Bad Request HTTP Host header syntax **Directory buckets ** - The HTTP Host header syntax is ` Bucket-name.s3express-zone-id.region-code.amazonaws.com`. The following operations are related to `UploadPartCopy`: + [CreateMultipartUpload](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html) + [UploadPart](https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html) + [CompleteMultipartUpload](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html) + [AbortMultipartUpload](https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html) + [ListParts](https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html) + [ListMultipartUploads](https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListMultipartUploads.html) **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` PUT /Key+?partNumber=PartNumber&uploadId=UploadId HTTP/1.1 Host: Bucket.s3.amazonaws.com x-amz-copy-source: CopySource x-amz-copy-source-if-match: CopySourceIfMatch x-amz-copy-source-if-modified-since: CopySourceIfModifiedSince x-amz-copy-source-if-none-match: CopySourceIfNoneMatch x-amz-copy-source-if-unmodified-since: CopySourceIfUnmodifiedSince x-amz-copy-source-range: CopySourceRange x-amz-server-side-encryption-customer-algorithm: SSECustomerAlgorithm x-amz-server-side-encryption-customer-key: SSECustomerKey x-amz-server-side-encryption-customer-key-MD5: SSECustomerKeyMD5 x-amz-copy-source-server-side-encryption-customer-algorithm: CopySourceSSECustomerAlgorithm x-amz-copy-source-server-side-encryption-customer-key: CopySourceSSECustomerKey x-amz-copy-source-server-side-encryption-customer-key-MD5: CopySourceSSECustomerKeyMD5 x-amz-request-payer: RequestPayer x-amz-expected-bucket-owner: ExpectedBucketOwner x-amz-source-expected-bucket-owner: ExpectedSourceBucketOwner ``` ## URI Request Parameters The request uses the following URI parameters. ** [Bucket](#API_UploadPartCopy_RequestSyntax) ** The bucket name. **Directory buckets** - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format ` Bucket-name.s3express-zone-id.region-code.amazonaws.com`. Path-style requests are not supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must follow the format ` bucket-base-name--zone-id--x-s3` (for example, ` amzn-s3-demo-bucket--usw2-az1--x-s3`). For information about bucket naming restrictions, see [Directory bucket naming rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) in the *Amazon S3 User Guide*. Copying objects across different AWS Regions isn't supported when the source or destination bucket is in AWS Local Zones. The source and destination buckets must have the same parent AWS Region. Otherwise, you get an HTTP `400 Bad Request` error with the error code `InvalidRequest`. **Access points** - When you use this action with an access point for general purpose buckets, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When you use this action with an access point for directory buckets, you must provide the access point name in place of the bucket name. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com. When using this action with an access point through the AWS SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see [Using access points](https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) in the *Amazon S3 User Guide*. Object Lambda access points are not supported by directory buckets. **S3 on Outposts** - When you use this action with S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form ` AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com`. When you use this action with S3 on Outposts, the destination bucket must be the Outposts access point ARN or the access point alias. For more information about S3 on Outposts, see [What is S3 on Outposts?](https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) in the *Amazon S3 User Guide*. Required: Yes ** [Key](#API_UploadPartCopy_RequestSyntax) ** Object key for which the multipart upload was initiated. Length Constraints: Minimum length of 1. Required: Yes ** [partNumber](#API_UploadPartCopy_RequestSyntax) ** Part number of part being copied. This is a positive integer between 1 and 10,000. Required: Yes ** [uploadId](#API_UploadPartCopy_RequestSyntax) ** Upload ID identifying the multipart upload whose part is being copied. Required: Yes ** [x-amz-copy-source](#API_UploadPartCopy_RequestSyntax) ** Specifies the source object for the copy operation. You specify the value in one of two formats, depending on whether you want to access the source object through an [access point](https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-points.html): + For objects not accessed through an access point, specify the name of the source bucket and key of the source object, separated by a slash (/). For example, to copy the object `reports/january.pdf` from the bucket `awsexamplebucket`, use `awsexamplebucket/reports/january.pdf`. The value must be URL-encoded. + For objects accessed through access points, specify the Amazon Resource Name (ARN) of the object as accessed through the access point, in the format `arn:aws:s3:::accesspoint//object/`. For example, to copy the object `reports/january.pdf` through access point `my-access-point` owned by account `123456789012` in Region `us-west-2`, use the URL encoding of `arn:aws:s3:us-west-2:123456789012:accesspoint/my-access-point/object/reports/january.pdf`. The value must be URL encoded. **Note** Amazon S3 supports copy operations using Access points only when the source and destination buckets are in the same AWS Region. Access points are not supported by directory buckets. Alternatively, for objects accessed through Amazon S3 on Outposts, specify the ARN of the object as accessed in the format `arn:aws:s3-outposts:::outpost//object/`. For example, to copy the object `reports/january.pdf` through outpost `my-outpost` owned by account `123456789012` in Region `us-west-2`, use the URL encoding of `arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/object/reports/january.pdf`. The value must be URL-encoded. If your bucket has versioning enabled, you could have multiple versions of the same object. By default, `x-amz-copy-source` identifies the current version of the source object to copy. To copy a specific version of the source object to copy, append `?versionId=` to the `x-amz-copy-source` request header (for example, `x-amz-copy-source: /awsexamplebucket/reports/january.pdf?versionId=QUpfdndhfd8438MNFDN93jdnJFkdmqnh893`). If the current version is a delete marker and you don't specify a versionId in the `x-amz-copy-source` request header, Amazon S3 returns a `404 Not Found` error, because the object does not exist. If you specify versionId in the `x-amz-copy-source` and the versionId is a delete marker, Amazon S3 returns an HTTP `400 Bad Request` error, because you are not allowed to specify a delete marker as a version for the `x-amz-copy-source`. **Directory buckets** - S3 Versioning isn't enabled and supported for directory buckets. Pattern: `\/?.+\/.+` Required: Yes ** [x-amz-copy-source-if-match](#API_UploadPartCopy_RequestSyntax) ** Copies the object if its entity tag (ETag) matches the specified tag. If both of the `x-amz-copy-source-if-match` and `x-amz-copy-source-if-unmodified-since` headers are present in the request as follows: `x-amz-copy-source-if-match` condition evaluates to `true`, and; `x-amz-copy-source-if-unmodified-since` condition evaluates to `false`; Amazon S3 returns `200 OK` and copies the data. ** [x-amz-copy-source-if-modified-since](#API_UploadPartCopy_RequestSyntax) ** Copies the object if it has been modified since the specified time. If both of the `x-amz-copy-source-if-none-match` and `x-amz-copy-source-if-modified-since` headers are present in the request as follows: `x-amz-copy-source-if-none-match` condition evaluates to `false`, and; `x-amz-copy-source-if-modified-since` condition evaluates to `true`; Amazon S3 returns `412 Precondition Failed` response code. ** [x-amz-copy-source-if-none-match](#API_UploadPartCopy_RequestSyntax) ** Copies the object if its entity tag (ETag) is different than the specified ETag. If both of the `x-amz-copy-source-if-none-match` and `x-amz-copy-source-if-modified-since` headers are present in the request as follows: `x-amz-copy-source-if-none-match` condition evaluates to `false`, and; `x-amz-copy-source-if-modified-since` condition evaluates to `true`; Amazon S3 returns `412 Precondition Failed` response code. ** [x-amz-copy-source-if-unmodified-since](#API_UploadPartCopy_RequestSyntax) ** Copies the object if it hasn't been modified since the specified time. If both of the `x-amz-copy-source-if-match` and `x-amz-copy-source-if-unmodified-since` headers are present in the request as follows: `x-amz-copy-source-if-match` condition evaluates to `true`, and; `x-amz-copy-source-if-unmodified-since` condition evaluates to `false`; Amazon S3 returns `200 OK` and copies the data. ** [x-amz-copy-source-range](#API_UploadPartCopy_RequestSyntax) ** The range of bytes to copy from the source object. The range value must use the form bytes=first-last, where the first and last are the zero-based byte offsets to copy. For example, bytes=0-9 indicates that you want to copy the first 10 bytes of the source. You can copy a range only if the source object is greater than 5 MB. ** [x-amz-copy-source-server-side-encryption-customer-algorithm](#API_UploadPartCopy_RequestSyntax) ** Specifies the algorithm to use when decrypting the source object (for example, `AES256`). This functionality is not supported when the source object is in a directory bucket. ** [x-amz-copy-source-server-side-encryption-customer-key](#API_UploadPartCopy_RequestSyntax) ** Specifies the customer-provided encryption key for Amazon S3 to use to decrypt the source object. The encryption key provided in this header must be one that was used when the source object was created. This functionality is not supported when the source object is in a directory bucket. ** [x-amz-copy-source-server-side-encryption-customer-key-MD5](#API_UploadPartCopy_RequestSyntax) ** Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. Amazon S3 uses this header for a message integrity check to ensure that the encryption key was transmitted without error. This functionality is not supported when the source object is in a directory bucket. ** [x-amz-expected-bucket-owner](#API_UploadPartCopy_RequestSyntax) ** The account ID of the expected destination bucket owner. If the account ID that you provide does not match the actual owner of the destination bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ** [x-amz-request-payer](#API_UploadPartCopy_RequestSyntax) ** Confirms that the requester knows that they will be charged for the request. Bucket owners need not specify this parameter in their requests. If either the source or destination S3 bucket has Requester Pays enabled, the requester will pay for the corresponding charges. For information about downloading objects from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets](https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) in the *Amazon S3 User Guide*. This functionality is not supported for directory buckets. Valid Values: `requester` ** [x-amz-server-side-encryption-customer-algorithm](#API_UploadPartCopy_RequestSyntax) ** Specifies the algorithm to use when encrypting the object (for example, AES256). This functionality is not supported when the destination bucket is a directory bucket. ** [x-amz-server-side-encryption-customer-key](#API_UploadPartCopy_RequestSyntax) ** Specifies the customer-provided encryption key for Amazon S3 to use in encrypting data. This value is used to store the object and then it is discarded; Amazon S3 does not store the encryption key. The key must be appropriate for use with the algorithm specified in the `x-amz-server-side-encryption-customer-algorithm` header. This must be the same encryption key specified in the initiate multipart upload request. This functionality is not supported when the destination bucket is a directory bucket. ** [x-amz-server-side-encryption-customer-key-MD5](#API_UploadPartCopy_RequestSyntax) ** Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. Amazon S3 uses this header for a message integrity check to ensure that the encryption key was transmitted without error. This functionality is not supported when the destination bucket is a directory bucket. ** [x-amz-source-expected-bucket-owner](#API_UploadPartCopy_RequestSyntax) ** The account ID of the expected source bucket owner. If the account ID that you provide does not match the actual owner of the source bucket, the request fails with the HTTP status code `403 Forbidden` (access denied). ## Request Body The request does not have a request body. ## Response Syntax ``` HTTP/1.1 200 x-amz-copy-source-version-id: CopySourceVersionId x-amz-server-side-encryption: ServerSideEncryption x-amz-server-side-encryption-customer-algorithm: SSECustomerAlgorithm x-amz-server-side-encryption-customer-key-MD5: SSECustomerKeyMD5 x-amz-server-side-encryption-aws-kms-key-id: SSEKMSKeyId x-amz-server-side-encryption-bucket-key-enabled: BucketKeyEnabled x-amz-request-charged: RequestCharged string timestamp string string string string string ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response. The response returns the following HTTP headers. ** [x-amz-copy-source-version-id](#API_UploadPartCopy_ResponseSyntax) ** The version of the source object that was copied, if you have enabled versioning on the source bucket. This functionality is not supported when the source object is in a directory bucket. ** [x-amz-request-charged](#API_UploadPartCopy_ResponseSyntax) ** If present, indicates that the requester was successfully charged for the request. For more information, see [Using Requester Pays buckets for storage transfers and usage](https://docs.aws.amazon.com/AmazonS3/latest/userguide/RequesterPaysBuckets.html) in the *Amazon Simple Storage Service user guide*. This functionality is not supported for directory buckets. Valid Values: `requester` ** [x-amz-server-side-encryption](#API_UploadPartCopy_ResponseSyntax) ** The server-side encryption algorithm used when you store this object in Amazon S3 or Amazon FSx. When accessing data stored in Amazon FSx file systems using S3 access points, the only valid server side encryption option is `aws:fsx`. Valid Values: `AES256 | aws:fsx | aws:kms | aws:kms:dsse` ** [x-amz-server-side-encryption-aws-kms-key-id](#API_UploadPartCopy_ResponseSyntax) ** If present, indicates the ID of the KMS key that was used for object encryption. ** [x-amz-server-side-encryption-bucket-key-enabled](#API_UploadPartCopy_ResponseSyntax) ** Indicates whether the multipart upload uses an S3 Bucket Key for server-side encryption with AWS Key Management Service (AWS KMS) keys (SSE-KMS). ** [x-amz-server-side-encryption-customer-algorithm](#API_UploadPartCopy_ResponseSyntax) ** If server-side encryption with a customer-provided encryption key was requested, the response will include this header to confirm the encryption algorithm that's used. This functionality is not supported for directory buckets. ** [x-amz-server-side-encryption-customer-key-MD5](#API_UploadPartCopy_ResponseSyntax) ** If server-side encryption with a customer-provided encryption key was requested, the response will include this header to provide the round-trip message integrity verification of the customer-provided encryption key. This functionality is not supported for directory buckets. The following data is returned in XML format by the service. ** [CopyPartResult](#API_UploadPartCopy_ResponseSyntax) ** Root level tag for the CopyPartResult parameters. Required: Yes ** [ChecksumCRC32](#API_UploadPartCopy_ResponseSyntax) ** This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This header specifies the Base64 encoded, 32-bit `CRC32` checksum of the part. For more information, see [Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) in the *Amazon S3 User Guide*. Type: String ** [ChecksumCRC32C](#API_UploadPartCopy_ResponseSyntax) ** This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This header specifies the Base64 encoded, 32-bit `CRC32C` checksum of the part. For more information, see [Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) in the *Amazon S3 User Guide*. Type: String ** [ChecksumCRC64NVME](#API_UploadPartCopy_ResponseSyntax) ** The Base64 encoded, 64-bit `CRC64NVME` checksum of the part. This checksum is present if the multipart upload request was created with the `CRC64NVME` checksum algorithm to the uploaded object). For more information, see [Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) in the *Amazon S3 User Guide*. Type: String ** [ChecksumSHA1](#API_UploadPartCopy_ResponseSyntax) ** This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This header specifies the Base64 encoded, 160-bit `SHA1` checksum of the part. For more information, see [Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) in the *Amazon S3 User Guide*. Type: String ** [ChecksumSHA256](#API_UploadPartCopy_ResponseSyntax) ** This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This header specifies the Base64 encoded, 256-bit `SHA256` checksum of the part. For more information, see [Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) in the *Amazon S3 User Guide*. Type: String ** [ETag](#API_UploadPartCopy_ResponseSyntax) ** Entity tag of the object. Type: String ** [LastModified](#API_UploadPartCopy_ResponseSyntax) ** Date and time at which the object was uploaded. Type: Timestamp ## Examples ### Sample Request for general purpose buckets The following PUT request uploads a part (part number 2) in a multipart upload. The request specifies a byte range from an existing object as the source of this upload. The request includes the upload ID that you get in response to your Initiate Multipart Upload request. ``` PUT /newobject?partNumber=2&uploadId=VCVsb2FkIElEIGZvciBlbZZpbmcncyBteS1tb3ZpZS5tMnRzIHVwbG9hZR HTTP/1.1 Host: target-bucket.s3..amazonaws.com Date: Mon, 11 Apr 2011 20:34:56 GMT x-amz-copy-source: /source-bucket/sourceobject x-amz-copy-source-range:bytes=500-6291456 Authorization: authorization string ``` ### Sample Response for general purpose buckets The response includes the ETag value. You need to retain this value to use when you send the Complete Multipart Upload request. ``` HTTP/1.1 200 OK x-amz-id-2: Vvag1LuByRx9e6j5Onimru9pO4ZVKnJ2Qz7/C1NPcfTWAtRPfTaOFg== x-amz-request-id: 656c76696e6727732072657175657374 Date: Mon, 11 Apr 2011 20:34:56 GMT Server: AmazonS3 2011-04-11T20:34:56.000Z "9b2cf535f27731c974343645a3985328" ``` ### Sample Request for general purpose buckets The following PUT request uploads a part (part number 2) in a multipart upload. The request does not specify the optional byte range header, but requests the entire source object copy as part 2. The request includes the upload ID that you got in response to your Initiate Multipart Upload request. ``` PUT /newobject?partNumber=2&uploadId=VCVsb2FkIElEIGZvciBlbZZpbmcncyBteS1tb3ZpZS5tMnRzIHVwbG9hZR HTTP/1.1 Host: target-bucket.s3..amazonaws.com Date: Mon, 11 Apr 2011 20:34:56 GMT x-amz-copy-source: /source-bucket/sourceobject?versionId=3/L4kqtJlcpXroDTDmJ+rmSpXd3dIbrHY+MTRCxf3vjVBH40Nr8X8gdRQBpUMLUo Authorization: authorization string ``` ### Sample Response for general purpose buckets The response includes the ETag value. You need to retain this value to use when you send the Complete Multipart Upload request. ``` HTTP/1.1 200 OK x-amz-id-2: Vvag1LuByRx9e6j5Onimru9pO4ZVKnJ2Qz7/C1NPcfTWAtRPfTaOFg== x-amz-request-id: 656c76696e6727732072657175657374 x-amz-copy-source-version-id: 3/L4kqtJlcpXroDTDmJ+rmSpXd3dIbrHY+MTRCxf3vjVBH40Nr8X8gdRQBpUMLUo Date: Mon, 11 Apr 2011 20:34:56 GMT Server: AmazonS3 2011-04-11T20:34:56.000Z "9b2cf535f27731c974343645a3985328" ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/UploadPartCopy) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/UploadPartCopy) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/UploadPartCopy) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/UploadPartCopy) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/UploadPartCopy) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/UploadPartCopy) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/UploadPartCopy) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/UploadPartCopy) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/UploadPartCopy) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/UploadPartCopy) # WriteGetObjectResponse **Note** This operation is not supported for directory buckets. Passes transformed objects to a `GetObject` operation when using Object Lambda access points. For information about Object Lambda access points, see [Transforming objects with Object Lambda access points](https://docs.aws.amazon.com/AmazonS3/latest/userguide/transforming-objects.html) in the *Amazon S3 User Guide*. This operation supports metadata that can be returned by [GetObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html), in addition to `RequestRoute`, `RequestToken`, `StatusCode`, `ErrorCode`, and `ErrorMessage`. The `GetObject` response metadata is supported so that the `WriteGetObjectResponse` caller, typically an AWS Lambda function, can provide the same metadata when it internally invokes `GetObject`. When `WriteGetObjectResponse` is called by a customer-owned Lambda function, the metadata returned to the end user `GetObject` call might differ from what Amazon S3 would normally return. You can include any number of metadata headers. When including a metadata header, it should be prefaced with `x-amz-meta`. For example, `x-amz-meta-my-custom-header: MyCustomValue`. The primary use case for this is to forward `GetObject` metadata. AWS provides some prebuilt Lambda functions that you can use with S3 Object Lambda to detect and redact personally identifiable information (PII) and decompress S3 objects. These Lambda functions are available in the AWS Serverless Application Repository, and can be selected through the AWS Management Console when you create your Object Lambda access point. Example 1: PII Access Control - This Lambda function uses Amazon Comprehend, a natural language processing (NLP) service using machine learning to find insights and relationships in text. It automatically detects personally identifiable information (PII) such as names, addresses, dates, credit card numbers, and social security numbers from documents in your Amazon S3 bucket. Example 2: PII Redaction - This Lambda function uses Amazon Comprehend, a natural language processing (NLP) service using machine learning to find insights and relationships in text. It automatically redacts personally identifiable information (PII) such as names, addresses, dates, credit card numbers, and social security numbers from documents in your Amazon S3 bucket. Example 3: Decompression - The Lambda function S3ObjectLambdaDecompression, is equipped to decompress objects stored in S3 in one of six compressed file formats including bzip2, gzip, snappy, zlib, zstandard and ZIP. For information on how to view and use these functions, see [Using AWS built Lambda functions](https://docs.aws.amazon.com/AmazonS3/latest/userguide/olap-examples.html) in the *Amazon S3 User Guide*. **Important** You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. ## Request Syntax ``` POST /WriteGetObjectResponse HTTP/1.1 Host: s3.amazonaws.com x-amz-request-route: RequestRoute x-amz-request-token: RequestToken x-amz-fwd-status: StatusCode x-amz-fwd-error-code: ErrorCode x-amz-fwd-error-message: ErrorMessage x-amz-fwd-header-accept-ranges: AcceptRanges x-amz-fwd-header-Cache-Control: CacheControl x-amz-fwd-header-Content-Disposition: ContentDisposition x-amz-fwd-header-Content-Encoding: ContentEncoding x-amz-fwd-header-Content-Language: ContentLanguage Content-Length: ContentLength x-amz-fwd-header-Content-Range: ContentRange x-amz-fwd-header-Content-Type: ContentType x-amz-fwd-header-x-amz-checksum-crc32: ChecksumCRC32 x-amz-fwd-header-x-amz-checksum-crc32c: ChecksumCRC32C x-amz-fwd-header-x-amz-checksum-crc64nvme: ChecksumCRC64NVME x-amz-fwd-header-x-amz-checksum-sha1: ChecksumSHA1 x-amz-fwd-header-x-amz-checksum-sha256: ChecksumSHA256 x-amz-fwd-header-x-amz-delete-marker: DeleteMarker x-amz-fwd-header-ETag: ETag x-amz-fwd-header-Expires: Expires x-amz-fwd-header-x-amz-expiration: Expiration x-amz-fwd-header-Last-Modified: LastModified x-amz-fwd-header-x-amz-missing-meta: MissingMeta x-amz-fwd-header-x-amz-object-lock-mode: ObjectLockMode x-amz-fwd-header-x-amz-object-lock-legal-hold: ObjectLockLegalHoldStatus x-amz-fwd-header-x-amz-object-lock-retain-until-date: ObjectLockRetainUntilDate x-amz-fwd-header-x-amz-mp-parts-count: PartsCount x-amz-fwd-header-x-amz-replication-status: ReplicationStatus x-amz-fwd-header-x-amz-request-charged: RequestCharged x-amz-fwd-header-x-amz-restore: Restore x-amz-fwd-header-x-amz-server-side-encryption: ServerSideEncryption x-amz-fwd-header-x-amz-server-side-encryption-customer-algorithm: SSECustomerAlgorithm x-amz-fwd-header-x-amz-server-side-encryption-aws-kms-key-id: SSEKMSKeyId x-amz-fwd-header-x-amz-server-side-encryption-customer-key-MD5: SSECustomerKeyMD5 x-amz-fwd-header-x-amz-storage-class: StorageClass x-amz-fwd-header-x-amz-tagging-count: TagCount x-amz-fwd-header-x-amz-version-id: VersionId x-amz-fwd-header-x-amz-server-side-encryption-bucket-key-enabled: BucketKeyEnabled Body ``` ## URI Request Parameters The request uses the following URI parameters. ** [Content-Length](#API_WriteGetObjectResponse_RequestSyntax) ** The size of the content body in bytes. ** [x-amz-fwd-error-code](#API_WriteGetObjectResponse_RequestSyntax) ** A string that uniquely identifies an error condition. Returned in the

 tag of the error XML response for a corresponding `GetObject` call. Cannot be used with a successful `StatusCode` header or when the transformed object is provided in the body. All error codes from S3 are sentence-cased. The regular expression (regex) value is `"^[A-Z][a-zA-Z]+$"`.

 ** [x-amz-fwd-error-message](#API_WriteGetObjectResponse_RequestSyntax) **   
Contains a generic description of the error condition. Returned in the  tag of the error XML response for a corresponding `GetObject` call. Cannot be used with a successful `StatusCode` header or when the transformed object is provided in body.

 ** [x-amz-fwd-header-accept-ranges](#API_WriteGetObjectResponse_RequestSyntax) **   
Indicates that a range of bytes was specified.

 ** [x-amz-fwd-header-Cache-Control](#API_WriteGetObjectResponse_RequestSyntax) **   
Specifies caching behavior along the request/reply chain.

 ** [x-amz-fwd-header-Content-Disposition](#API_WriteGetObjectResponse_RequestSyntax) **   
Specifies presentational information for the object.

 ** [x-amz-fwd-header-Content-Encoding](#API_WriteGetObjectResponse_RequestSyntax) **   
Specifies what content encodings have been applied to the object and thus what decoding mechanisms must be applied to obtain the media-type referenced by the Content-Type header field.

 ** [x-amz-fwd-header-Content-Language](#API_WriteGetObjectResponse_RequestSyntax) **   
The language the content is in.

 ** [x-amz-fwd-header-Content-Range](#API_WriteGetObjectResponse_RequestSyntax) **   
The portion of the object returned in the response.

 ** [x-amz-fwd-header-Content-Type](#API_WriteGetObjectResponse_RequestSyntax) **   
A standard MIME type describing the format of the object data.

 ** [x-amz-fwd-header-ETag](#API_WriteGetObjectResponse_RequestSyntax) **   
An opaque identifier assigned by a web server to a specific version of a resource found at a URL. 

 ** [x-amz-fwd-header-Expires](#API_WriteGetObjectResponse_RequestSyntax) **   
The date and time at which the object is no longer cacheable.

 ** [x-amz-fwd-header-Last-Modified](#API_WriteGetObjectResponse_RequestSyntax) **   
The date and time that the object was last modified.

 ** [x-amz-fwd-header-x-amz-checksum-crc32](#API_WriteGetObjectResponse_RequestSyntax) **   
This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This specifies the Base64 encoded, 32-bit `CRC32` checksum of the object returned by the Object Lambda function. This may not match the checksum for the object stored in Amazon S3. Amazon S3 will perform validation of the checksum values only when the original `GetObject` request required checksum validation. For more information about checksums, see [Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) in the *Amazon S3 User Guide*.  
Only one checksum header can be specified at a time. If you supply multiple checksum headers, this request will fail.  


 ** [x-amz-fwd-header-x-amz-checksum-crc32c](#API_WriteGetObjectResponse_RequestSyntax) **   
This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This specifies the Base64 encoded, 32-bit `CRC32C` checksum of the object returned by the Object Lambda function. This may not match the checksum for the object stored in Amazon S3. Amazon S3 will perform validation of the checksum values only when the original `GetObject` request required checksum validation. For more information about checksums, see [Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) in the *Amazon S3 User Guide*.  
Only one checksum header can be specified at a time. If you supply multiple checksum headers, this request will fail.

 ** [x-amz-fwd-header-x-amz-checksum-crc64nvme](#API_WriteGetObjectResponse_RequestSyntax) **   
This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This header specifies the Base64 encoded, 64-bit `CRC64NVME` checksum of the part. For more information, see [Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) in the *Amazon S3 User Guide*.

 ** [x-amz-fwd-header-x-amz-checksum-sha1](#API_WriteGetObjectResponse_RequestSyntax) **   
This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This specifies the Base64 encoded, 160-bit `SHA1` digest of the object returned by the Object Lambda function. This may not match the checksum for the object stored in Amazon S3. Amazon S3 will perform validation of the checksum values only when the original `GetObject` request required checksum validation. For more information about checksums, see [Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) in the *Amazon S3 User Guide*.  
Only one checksum header can be specified at a time. If you supply multiple checksum headers, this request will fail.

 ** [x-amz-fwd-header-x-amz-checksum-sha256](#API_WriteGetObjectResponse_RequestSyntax) **   
This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This specifies the Base64 encoded, 256-bit `SHA256` digest of the object returned by the Object Lambda function. This may not match the checksum for the object stored in Amazon S3. Amazon S3 will perform validation of the checksum values only when the original `GetObject` request required checksum validation. For more information about checksums, see [Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) in the *Amazon S3 User Guide*.  
Only one checksum header can be specified at a time. If you supply multiple checksum headers, this request will fail.

 ** [x-amz-fwd-header-x-amz-delete-marker](#API_WriteGetObjectResponse_RequestSyntax) **   
Specifies whether an object stored in Amazon S3 is (`true`) or is not (`false`) a delete marker. To learn more about delete markers, see [Working with delete markers](https://docs.aws.amazon.com/AmazonS3/latest/userguide/DeleteMarker.html).

 ** [x-amz-fwd-header-x-amz-expiration](#API_WriteGetObjectResponse_RequestSyntax) **   
If the object expiration is configured (see PUT Bucket lifecycle), the response includes this header. It includes the `expiry-date` and `rule-id` key-value pairs that provide the object expiration information. The value of the `rule-id` is URL-encoded. 

 ** [x-amz-fwd-header-x-amz-missing-meta](#API_WriteGetObjectResponse_RequestSyntax) **   
Set to the number of metadata entries not returned in `x-amz-meta` headers. This can happen if you create metadata using an API like SOAP that supports more flexible metadata than the REST API. For example, using SOAP, you can create metadata whose values are not legal HTTP headers.

 ** [x-amz-fwd-header-x-amz-mp-parts-count](#API_WriteGetObjectResponse_RequestSyntax) **   
The count of parts this object has.

 ** [x-amz-fwd-header-x-amz-object-lock-legal-hold](#API_WriteGetObjectResponse_RequestSyntax) **   
Indicates whether an object stored in Amazon S3 has an active legal hold.  
Valid Values: `ON | OFF` 

 ** [x-amz-fwd-header-x-amz-object-lock-mode](#API_WriteGetObjectResponse_RequestSyntax) **   
Indicates whether an object stored in Amazon S3 has Object Lock enabled. For more information about S3 Object Lock, see [Object Lock](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock.html).  
Valid Values: `GOVERNANCE | COMPLIANCE` 

 ** [x-amz-fwd-header-x-amz-object-lock-retain-until-date](#API_WriteGetObjectResponse_RequestSyntax) **   
The date and time when Object Lock is configured to expire.

 ** [x-amz-fwd-header-x-amz-replication-status](#API_WriteGetObjectResponse_RequestSyntax) **   
Indicates if request involves bucket that is either a source or destination in a Replication rule. For more information about S3 Replication, see [Replication](https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication.html).  
Valid Values: `COMPLETE | PENDING | FAILED | REPLICA | COMPLETED` 

 ** [x-amz-fwd-header-x-amz-request-charged](#API_WriteGetObjectResponse_RequestSyntax) **   
If present, indicates that the requester was successfully charged for the request. For more information, see [Using Requester Pays buckets for storage transfers and usage](https://docs.aws.amazon.com/AmazonS3/latest/userguide/RequesterPaysBuckets.html) in the *Amazon Simple Storage Service user guide*.  
This functionality is not supported for directory buckets.
Valid Values: `requester` 

 ** [x-amz-fwd-header-x-amz-restore](#API_WriteGetObjectResponse_RequestSyntax) **   
Provides information about object restoration operation and expiration time of the restored object copy.

 ** [x-amz-fwd-header-x-amz-server-side-encryption](#API_WriteGetObjectResponse_RequestSyntax) **   
 The server-side encryption algorithm used when storing requested object in Amazon S3 or Amazon FSx.  
When accessing data stored in Amazon FSx file systems using S3 access points, the only valid server side encryption option is `aws:fsx`.
Valid Values: `AES256 | aws:fsx | aws:kms | aws:kms:dsse` 

 ** [x-amz-fwd-header-x-amz-server-side-encryption-aws-kms-key-id](#API_WriteGetObjectResponse_RequestSyntax) **   
 If present, specifies the ID (Key ID, Key ARN, or Key Alias) of the AWS Key Management Service (AWS KMS) symmetric encryption customer managed key that was used for stored in Amazon S3 object. 

 ** [x-amz-fwd-header-x-amz-server-side-encryption-bucket-key-enabled](#API_WriteGetObjectResponse_RequestSyntax) **   
 Indicates whether the object stored in Amazon S3 uses an S3 bucket key for server-side encryption with AWS KMS (SSE-KMS).

 ** [x-amz-fwd-header-x-amz-server-side-encryption-customer-algorithm](#API_WriteGetObjectResponse_RequestSyntax) **   
Encryption algorithm used if server-side encryption with a customer-provided encryption key was specified for object stored in Amazon S3.

 ** [x-amz-fwd-header-x-amz-server-side-encryption-customer-key-MD5](#API_WriteGetObjectResponse_RequestSyntax) **   
 128-bit MD5 digest of customer-provided encryption key used in Amazon S3 to encrypt data stored in S3. For more information, see [Protecting data using server-side encryption with customer-provided encryption keys (SSE-C)](https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerSideEncryptionCustomerKeys.html).

 ** [x-amz-fwd-header-x-amz-storage-class](#API_WriteGetObjectResponse_RequestSyntax) **   
Provides storage class information of the object. Amazon S3 returns this header for all objects except for S3 Standard storage class objects.  
For more information, see [Storage Classes](https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html).  
Valid Values: `STANDARD | REDUCED_REDUNDANCY | STANDARD_IA | ONEZONE_IA | INTELLIGENT_TIERING | GLACIER | DEEP_ARCHIVE | OUTPOSTS | GLACIER_IR | SNOW | EXPRESS_ONEZONE | FSX_OPENZFS | FSX_ONTAP` 

 ** [x-amz-fwd-header-x-amz-tagging-count](#API_WriteGetObjectResponse_RequestSyntax) **   
The number of tags, if any, on the object.

 ** [x-amz-fwd-header-x-amz-version-id](#API_WriteGetObjectResponse_RequestSyntax) **   
An ID used to reference a specific version of the object.

 ** [x-amz-fwd-status](#API_WriteGetObjectResponse_RequestSyntax) **   
The integer status code for an HTTP response of a corresponding `GetObject` request. The following is a list of status codes.  
+  `200 - OK` 
+  `206 - Partial Content` 
+  `304 - Not Modified` 
+  `400 - Bad Request` 
+  `401 - Unauthorized` 
+  `403 - Forbidden` 
+  `404 - Not Found` 
+  `405 - Method Not Allowed` 
+  `409 - Conflict` 
+  `411 - Length Required` 
+  `412 - Precondition Failed` 
+  `416 - Range Not Satisfiable` 
+  `500 - Internal Server Error` 
+  `503 - Service Unavailable` 

 ** [x-amz-request-route](#API_WriteGetObjectResponse_RequestSyntax) **   
Route prefix to the HTTP URL generated.  
Required: Yes

 ** [x-amz-request-token](#API_WriteGetObjectResponse_RequestSyntax) **   
A single use encrypted token that maps `WriteGetObjectResponse` to the end user `GetObject` request.  
Required: Yes

## Request Body


The request accepts the following binary data.

 ** [Body](#API_WriteGetObjectResponse_RequestSyntax) **   

## Response Syntax


```
HTTP/1.1 200
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

## Examples


### Sample Response


The following illustrates a sample response.

```
             HTTP/1.1 200 OK
             x-amz-request-id: 19684529-d1aa-413e-9382-9ff490962d12
             Date: Wed, 24 Feb 2021 10:57:53 GMT
             Content-Length: 0
```

### Sample Request


The following illustrates a sample request from a POST.

```
             POST /WriteGetObjectResponse HTTP/1.1
             Host: .s3-object-lambda..amazonaws.com
             x-amz-request-token: 
             Authorization: authorization string
             Content-Type: text/plain
             Content-Length: 16
             [16 bytes of object data]
```

### Sample Error Response


The following response returns a `ValidationError` error because the RequestToken could not be decrypted.

```
            
            
            ValidationError
            Invalid token
            fcd2cd5e-def0-4001-8030-1fd1d61d2c9d
            
```

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/s3-2006-03-01/WriteGetObjectResponse) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/s3-2006-03-01/WriteGetObjectResponse) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/WriteGetObjectResponse) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/s3-2006-03-01/WriteGetObjectResponse) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/WriteGetObjectResponse) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/s3-2006-03-01/WriteGetObjectResponse) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/s3-2006-03-01/WriteGetObjectResponse) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/s3-2006-03-01/WriteGetObjectResponse) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/WriteGetObjectResponse) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/WriteGetObjectResponse)