| 注册
home doc ppt pdf
请输入搜索内容

热门搜索

年终总结 个人简历 事迹材料 租赁合同 演讲稿 项目管理 职场社交

Amazon Simple Storage ServiceAPI ReferenceAPI Version 2006-03-01

风***刀

贡献于2019-02-22

字数:758579 关键词: Amazon Simple Storage Service

Amazon Simple Storage Service
API Reference
API Version 20060301Amazon Simple Storage Service API ReferenceAmazon Simple Storage Service API Reference
Amazon Simple Storage Service API Reference
Copyright © 2016 Amazon Web Services Inc andor its affiliates All rights reserved
Amazon's trademarks and trade dress may not be used in connection with any product or service that is not Amazon's in any
manner that is likely to cause confusion among customers or in any manner that disparages or discredits Amazon All other
trademarks not owned by Amazon are the property of their respective owners who may or may not be affiliated with connected to
or sponsored by AmazonAmazon Simple Storage Service API Reference
Table of Contents
Amazon S3 REST API Introduction 1
Common Request Headers 3
Common Response Headers 5
Error Responses 7
REST Error Responses 7
List of Error Codes 8
Authenticating Requests (AWS Signature Version 4) 15
Authentication Methods 16
Introduction to Signing Requests 16
Using an Authorization Header 17
Overview 17
Signature Calculation Transfer Payload in a Single Chunk 20
Signature Calculation Transfer Payload in Multiple Chunks 31
Using Query Parameters 38
Calculating a Signature 40
An Example 42
Examples Signature Calculations 43
Signature Calculation Examples Using Java 44
Signature Calculation Examples Using C# 45
Authenticating HTTP POST Requests 45
Calculating a Signature 47
Amazon S3 Signature Version 4 Authentication Specific Policy Keys 47
Bucket Policy Examples Using Signature Version 4 Related Condition Keys 49
BrowserBased Uploads Using POST 52
Calculating a Signature 53
Creating HTML Forms 54
HTML Form Declaration 55
HTML Form Fields 55
Creating a POST Policy 58
Expiration 59
Condition Matching 59
Conditions 60
Character Escaping 62
Upload Examples 64
File Upload 64
Additional Considerations 66
POST with Adobe Flash 66
Operations on the Service 67
GET Service 67
Description 67
Requests 67
Responses 68
Examples 69
Related Resources 69
Operations on Buckets 70
DELETE Bucket 72
Description 72
Requests 72
Responses 72
Examples 72
Related Resources 73
DELETE Bucket cors 74
Description 74
Requests 74
Responses 74
API Version 20060301
ivAmazon Simple Storage Service API Reference
Examples 74
Related Resources 75
DELETE Bucket lifecycle 76
Description 76
Requests 76
Responses 76
Examples 77
Related Resources 77
DELETE Bucket policy 78
Description 78
Requests 78
Responses 78
Examples 79
Related Resources 79
DELETE Bucket replication 80
Description 80
Requests 80
Responses 80
Examples 80
Related Resources 81
DELETE Bucket tagging 82
Description 82
Requests 82
Responses 82
Examples 82
Related Resources 83
DELETE Bucket website 84
Description 84
Requests 84
Responses 84
Examples 85
Related Resources 85
GET Bucket (List Objects) Version 2 86
Description 86
Requests 86
Responses 88
Examples 91
Related Resources 95
GET Bucket (List Objects) Version 1 96
GET Bucket accelerate 104
Description 104
Requests 104
Responses 105
Examples 105
Related Resources 106
GET Bucket acl 107
Description 107
Requests 107
Responses 107
Examples 108
Related Resources 109
GET Bucket cors 110
Description 110
Requests 110
Responses 110
Special Errors 112
Examples 112
Related Resources 112
API Version 20060301
vAmazon Simple Storage Service API Reference
GET Bucket lifecycle 113
Description 113
Requests 113
Responses 113
Special Errors 118
Examples 118
Related Resources 119
GET Bucket policy 120
Description 120
Requests 120
Responses 120
Examples 121
Related Resources 121
GET Bucket location 122
Description 122
Requests 122
GET Bucket logging 124
Description 124
Requests 124
Responses 124
Examples 125
Related Resources 126
GET Bucket notification 127
Description 127
Requests 127
Responses 127
Examples 130
Related Resources 131
GET Bucket replication 132
Description 132
Requests 132
Responses 132
Special Errors 134
Examples 134
Related Resources 134
GET Bucket tagging 136
Description 136
Requests 136
Responses 136
Examples 137
Related Resources 137
GET Bucket Object versions 139
Description 139
Requests 139
Responses 140
Examples 143
Related Resources 150
GET Bucket requestPayment 151
Description 151
Requests 151
Responses 151
Examples 152
Related Resources 152
GET Bucket versioning 153
Description 153
Requests 153
Responses 154
Examples 154
API Version 20060301
viAmazon Simple Storage Service API Reference
Related Resources 155
GET Bucket website 156
Description 156
Requests 156
Responses 156
Examples 157
Related Resources 157
HEAD Bucket 158
Description 158
Requests 158
Responses 158
Examples 159
List Multipart Uploads 160
Description 160
Requests 160
Responses 162
Examples 164
Related Actions 168
PUT Bucket 169
Description 169
Requests 169
Examples 172
Related Resources 173
PUT Bucket accelerate 174
Description 174
Requests 174
Responses 175
Examples 175
Related Resources 176
PUT Bucket acl 177
Description 177
Requests 177
Responses 181
Examples 181
Related Resources 183
PUT Bucket cors 184
Description 184
Requests 185
Responses 187
Examples 188
Related Resources 188
PUT Bucket lifecycle 190
Description 190
Requests 190
Responses 196
Examples 196
Related Resources 199
PUT Bucket policy 200
Description 200
Requests 200
Responses 200
Examples 201
Related Resources 201
PUT Bucket logging 202
Description 202
Requests 202
Responses 204
Examples 205
API Version 20060301
viiAmazon Simple Storage Service API Reference
Related Resources 206
PUT Bucket notification 207
Description 207
Requests 207
Responses 211
Examples 212
Related Resources 214
PUT Bucket replication 215
Description 215
Requests 215
Responses 218
Examples 218
Related Resources 219
PUT Bucket tagging 221
Description 221
Requests 221
Responses 222
Examples 181
Related Resources 183
PUT Bucket requestPayment 224
Description 224
Requests 224
Responses 224
Examples 225
Related Resources 225
PUT Bucket versioning 226
Description 226
Requests 226
Responses 227
Examples 228
Related Resources 229
PUT Bucket website 230
Description 230
Requests 230
Responses 234
Examples 234
Operations on Objects 238
DELETE Object 239
Description 239
Requests 239
Responses 240
Examples 240
Related Resources 242
Delete Multiple Objects 242
Description 242
Requests 242
Responses 244
Examples 246
Related Actions 250
GET Object 251
Description 251
Versioning 251
Requests 252
Responses 255
Examples 257
Related Resources 261
GET Object ACL 262
Description 262
API Version 20060301
viiiAmazon Simple Storage Service API Reference
Versioning 262
Requests 262
Responses 262
Examples 263
Related Resources 265
GET Object torrent 266
Description 266
Requests 266
Responses 266
Examples 267
Related Resources 267
HEAD Object 268
Description 268
Versioning 268
Requests 268
Responses 271
Examples 273
Sample Request for an Amazon Glacier Object 275
Sample Response Glacier Object 275
Related Resources 275
OPTIONS object 276
Description 276
Requests 276
Responses 277
Examples 278
Related Resources 278
POST Object 279
Description 279
Versioning 279
Requests 279
Examples 287
Related Resources 287
POST Object restore 288
Description 288
Requests 288
Responses 289
Examples 290
Related Resources 199
PUT Object 291
Description 291
Versioning 291
Storage Class Options 291
Access Permissions 291
Requests 292
Responses 298
Examples 299
Related Resources 302
PUT Object acl 303
Description 303
Versioning 303
Requests 303
Responses 307
Examples 307
Related Resources 309
PUT Object Copy 310
Description 310
Versioning 311
Access Permissions 291
API Version 20060301
ixAmazon Simple Storage Service API Reference
Requests 311
Responses 319
Examples 320
Related Resources 323
Initiate Multipart Upload 324
Description 324
Requests 324
Responses 329
Examples 331
Related Actions 332
Upload Part 333
Description 333
Requests 333
Responses 335
Examples 336
Related Actions 337
Upload Part Copy 338
Description 338
Requests 338
Versioning 342
Responses 342
Examples 343
Related Actions 345
Complete Multipart Upload 346
Description 346
Requests 346
Responses 347
Examples 349
Related Actions 351
Abort Multipart Upload 352
Description 352
Requests 352
Responses 352
Examples 353
Related Actions 353
List Parts 354
Description 354
Requests 354
Responses 355
Examples 357
Related Actions 359
Resources 360
Document History 362
Appendix SOAP API 372
Operations on the Service (SOAP API) 372
ListAllMyBuckets (SOAP API) 372
Operations on Buckets (SOAP API) 373
CreateBucket (SOAP API) 374
DeleteBucket (SOAP API) 375
ListBucket (SOAP API) 376
GetBucketAccessControlPolicy (SOAP API) 378
SetBucketAccessControlPolicy (SOAP API) 379
GetBucketLoggingStatus (SOAP API) 380
SetBucketLoggingStatus (SOAP API) 381
Operations on Objects (SOAP API) 382
PutObjectInline (SOAP API) 383
PutObject (SOAP API) 385
CopyObject (SOAP API) 387
API Version 20060301
xAmazon Simple Storage Service API Reference
GetObject (SOAP API) 391
GetObjectExtended (SOAP API) 396
DeleteObject (SOAP API) 396
GetObjectAccessControlPolicy (SOAP API) 397
SetObjectAccessControlPolicy (SOAP API) 398
SOAP Error Responses 399
Glossary 401
API Version 20060301
xiAmazon Simple Storage Service API Reference
Amazon S3 REST API Introduction
Welcome to the Amazon Simple Storage Service API Reference This guide explains the Amazon
Simple Storage Service (Amazon S3) application programming interface (API) It describes various
API operations related request and response structures and error codes The current version of the
Amazon S3 API is 20060301
Amazon S3 supports the REST API
Note
Support for SOAP over HTTP is deprecated but it is still available over HTTPS However new
Amazon S3 features will not be supported for SOAP We recommend that you use either the
REST API or the AWS SDKs
Read the following about authentication and access control before going to specific API topics
Requests to Amazon S3 can be authenticated or anonymous Authenticated access requires
credentials that AWS can use to authenticate your requests When making REST API calls directly
from your code you create a signature using valid credentials and include the signature in your
request For information about various authentication methods and signature calculations see
Authenticating Requests (AWS Signature Version 4) (p 15)
Making REST API calls directly from your code can be cumbersome It requires you to write the
necessary code to calculate a valid signature to authenticate your requests We recommend the
following alternatives instead
• Use the AWS SDKs to send your requests (see Sample Code and Libraries) With this option you
don't need to write code to calculate a signature for request authentication because the SDK clients
authenticate your requests by using access keys that you provide Unless you have a good reason
not to you should always use the AWS SDKs
• Use the AWS CLI to make Amazon S3 API calls For information about setting up the AWS CLI and
example Amazon S3 commands see the following topics
Set Up the AWS CLI in the Amazon Simple Storage Service Developer Guide
Using Amazon S3 with the AWS Command Line Interface in the AWS Command Line Interface User
Guide
You can have valid credentials to authenticate your requests but unless you have permissions you
cannot create or access Amazon S3 resources For example you must have permissions to create an
API Version 20060301
1Amazon Simple Storage Service API Reference
S3 bucket or get an object from your bucket If you use root credentials of your AWS account you have
all the permissions However using root credentials is not recommended Instead we recommend
that you create IAM users in your account and manage user permissions For more information see
Managing Access Permissions to Your Amazon S3 Resources in the Amazon Simple Storage Service
Developer Guide
API Version 20060301
2Amazon Simple Storage Service API Reference
Common Request Headers
The following table describes headers that can be used by various types of Amazon S3 REST
requests
Header Name Description
Authorization The information required for request authentication For more
information go to The Authentication Header in the Amazon
Simple Storage Service Developer Guide For anonymous
requests this header is not required
ContentLength Length of the message (without the headers) according to RFC
2616 This header is required for PUTs and operations that load
XML such as logging and ACLs
ContentType The content type of the resource in case the request content in
the body Example textplain
ContentMD5 The base64 encoded 128bit MD5 digest of the message (without
the headers) according to RFC 1864 This header can be used as
a message integrity check to verify that the data is the same data
that was originally sent Although it is optional we recommend
using the ContentMD5 mechanism as an endtoend integrity
check For more information about REST request authentication
go to REST Authentication in the Amazon Simple Storage Service
Developer Guide
Date The current date and time according to the requester Example
Wed 01 Mar 2006 120000 GMT When you specify the
Authorization header you must specify either the xamz
date or the Date header
Expect When your application uses 100continue it does not send the
request body until it receives an acknowledgment If the message
is rejected based on the headers the body of the message is not
sent This header can be used only if you are sending a body
Valid Values 100continue
API Version 20060301
3Amazon Simple Storage Service API Reference
Header Name Description
Host For pathstyle requests the value is s3amazonawscom
For virtualstyle requests the value is
BucketNames3amazonawscom For more information go to
Virtual Hosting in the Amazon Simple Storage Service Developer
Guide
This header is required for HTTP 11 (most toolkits add this
header automatically) optional for HTTP10 requests
xamzcontentsha256 When using signature version 4 to authenticate request this
header provides a hash of the request payload For more
information see Signature Calculations for the Authorization
Header Transferring Payload in a Single Chunk (AWS Signature
Version 4) (p 20) When uploading object in chunks you set
the value to STREAMINGAWS4HMACSHA256PAYLOAD to
indicate that the signature covers only headers and that there is
no payload For more information see Signature Calculations
for the Authorization Header Transferring Payload in Multiple
Chunks (Chunked Upload) (AWS Signature Version 4) (p 31)
xamzdate The current date and time according to the requester Example
Wed 01 Mar 2006 120000 GMT When you specify the
Authorization header you must specify either the xamz
date or the Date header If you specify both the value specified
for the xamzdate header takes precedence
xamzsecuritytoken This header can be used in the following scenarios
• Provide security tokens for Amazon DevPay operations—Each
request that uses Amazon DevPay requires two xamz
securitytoken headers one for the product token and one
for the user token When Amazon S3 receives an authenticated
request it compares the computed signature with the provided
signature Improperly formatted multivalue headers used to
calculate a signature can cause authentication issues
• Provide security token when using temporary security
credentials—When making requests using temporary security
credentials you obtained from IAM you must provide a security
token using this header To learn more about temporary
security credentials go to Making Requests
This header is required for requests that use Amazon DevPay
and requests that are signed using temporary security
credentials
API Version 20060301
4Amazon Simple Storage Service API Reference
Common Response Headers
The following table describes response headers that are common to most AWS S3 responses
Name Description
ContentLength The length in bytes of the body in the response
Type String
Default None
ContentType The MIME type of the content For example ContentType texthtml
charsetutf8
Type String
Default None
Connection specifies whether the connection to the server is open or closed
Type Enum
Valid Values open | close
Default None
Date The date and time Amazon S3 responded for example Wed 01 Mar 2006
120000 GMT
Type String
Default None
ETag The entity tag is a hash of the object The ETag reflects changes only to the
contents of an object not its metadata The ETag may or may not be an MD5
digest of the object data Whether or not it is depends on how the object was
created and how it is encrypted as described below
• Objects created by the PUT Object POST Object or Copy operation or
through the AWS Management Console and are encrypted by SSES3 or
plaintext have ETags that are an MD5 digest of their object data
API Version 20060301
5Amazon Simple Storage Service API Reference
Name Description
• Objects created by the PUT Object POST Object or Copy operation or
through the AWS Management Console and are encrypted by SSEC or
SSEKMS have ETags that are not an MD5 digest of their object data
• If an object is created by either the Multipart Upload or Part Copy operation
the ETag is not an MD5 digest regardless of the method of encryption
Type String
Server The name of the server that created the response
Type String
Default AmazonS3
xamzdelete
marker
Specifies whether the object returned was (true) or was not (false) a delete
marker
Type Boolean
Valid Values true | false
Default false
xamzid2 A special token that helps AWS troubleshoot problems
Type String
Default None
xamzrequest
id
A value created by Amazon S3 that uniquely identifies the request In the
unlikely event that you have problems with Amazon S3 AWS can use this
value to troubleshoot the problem
Type String
Default None
xamzversion
id
The version of the object When you enable versioning Amazon S3 generates
a random number for objects added to a bucket The value is UTF8 encoded
and URL ready When you PUT an object in a bucket where versioning has
been suspended the version ID is always null
Type String
Valid Values null | any URLready UTF8 encoded string
Default null
API Version 20060301
6Amazon Simple Storage Service API Reference
REST Error Responses
Error Responses
This section provides reference information about Amazon S3 errors
Note
SOAP support over HTTP is deprecated but it is still available over HTTPS New Amazon S3
features will not be supported for SOAP We recommend that you use either the REST API or
the AWS SDKs
Topics
• REST Error Responses (p 7)
• List of Error Codes (p 8)
REST Error Responses
When there is an error the header information contains
• ContentType applicationxml
• An appropriate 3xx 4xx or 5xx HTTP status code
The body or the response also contains information about the error The following sample error
response shows the structure of response elements common to all REST error responses


NoSuchKey
The resource you requested does not exist
mybucketmyfotojpg
4442587FB7D0A2F9

The following table explains the REST error response elements
Name Description
Code The error code is a string that uniquely identifies an error condition It is meant to
be read and understood by programs that detect and handle errors by type For
more information see List of Error Codes (p 8)
Type String
Ancestor Error
API Version 20060301
7Amazon Simple Storage Service API Reference
List of Error Codes
Name Description
Error Container for all error elements
Type Container
Ancestor None
Message The error message contains a generic description of the error condition in English
It is intended for a human audience Simple programs display the message directly
to the end user if they encounter an error condition they don't know how or don't
care to handle Sophisticated programs with more exhaustive error handling and
proper internationalization are more likely to ignore the error message
Type String
Ancestor Error
RequestId ID of the request associated with the error
Type String
Ancestor Error
Resource The bucket or object that is involved in the error
Type String
Ancestor Error
Many error responses contain additional structured data meant to be read and understood by a
developer diagnosing programming errors For example if you send a ContentMD5 header with a
REST PUT request that doesn't match the digest calculated on the server you receive a BadDigest
error The error response also includes as detail elements the digest we calculated and the digest
you told us to expect During development you can use this information to diagnose the error In
production a wellbehaved program might include this information in its error log
For information about general response elements go to Error Responses
List of Error Codes
The following table lists Amazon S3 error codes
Error Code Description HTTP
Status
Code
SOAP
Fault
Code
Prefix
AccessDenied Access Denied 403
Forbidden
Client
AccountProblem There is a problem with your AWS
account that prevents the operation
from completing successfully Please
use Contact Us
403
Forbidden
Client
AmbiguousGrantByEmailAddress The email address you provided
is associated with more than one
account
400 Bad
Request
Client
BadDigest The ContentMD5 you specified did
not match what we received
400 Bad
Request
Client
API Version 20060301
8Amazon Simple Storage Service API Reference
List of Error Codes
Error Code Description HTTP
Status
Code
SOAP
Fault
Code
Prefix
BucketAlreadyExists The requested bucket name is not
available The bucket namespace
is shared by all users of the system
Please select a different name and
try again
409
Conflict
Client
BucketAlreadyOwnedByYou Your previous request to create the
named bucket succeeded and you
already own it You get this error
in all AWS regions except US East
(N Virginia) region useast1 In
useast1 region you will get 200
OK but it is noop (if bucket exists it
Amazon S3 will not do anything)
409
Conflict
(in all
regions
except
US
East (N
Virginia)
region)
Client
BucketNotEmpty The bucket you tried to delete is not
empty
409
Conflict
Client
CredentialsNotSupported This request does not support
credentials
400 Bad
Request
Client
CrossLocationLoggingProhibited Crosslocation logging not allowed
Buckets in one geographic location
cannot log information to a bucket in
another location
403
Forbidden
Client
EntityTooSmall Your proposed upload is smaller
than the minimum allowed object
size
400 Bad
Request
Client
EntityTooLarge Your proposed upload exceeds the
maximum allowed object size
400 Bad
Request
Client
ExpiredToken The provided token has expired 400 Bad
Request
Client
IllegalVersioningConfigurationExceptionIndicates that the versioning
configuration specified in the request
is invalid
400 Bad
Request
Client
IncompleteBody You did not provide the number
of bytes specified by the Content
Length HTTP header
400 Bad
Request
Client
IncorrectNumberOfFilesInPostRequestPOST requires exactly one file
upload per request
400 Bad
Request
Client
InlineDataTooLarge Inline data exceeds the maximum
allowed size
400 Bad
Request
Client
InternalError We encountered an internal error
Please try again
500
Internal
Server
Error
Server
API Version 20060301
9Amazon Simple Storage Service API Reference
List of Error Codes
Error Code Description HTTP
Status
Code
SOAP
Fault
Code
Prefix
InvalidAccessKeyId The AWS access key Id you
provided does not exist in our
records
403
Forbidden
Client
InvalidAddressingHeader You must specify the Anonymous
role
NA Client
InvalidArgument Invalid Argument 400 Bad
Request
Client
InvalidBucketName The specified bucket is not valid 400 Bad
Request
Client
InvalidBucketState The request is not valid with the
current state of the bucket
409
Conflict
Client
InvalidDigest The ContentMD5 you specified is
not valid
400 Bad
Request
Client
InvalidEncryptionAlgorithmError The encryption request you specified
is not valid The valid value is
AES256
400 Bad
Request
Client
InvalidLocationConstraint The specified location constraint is
not valid For more information about
regions see How to Select a Region
for Your Buckets
400 Bad
Request
Client
InvalidObjectState The operation is not valid for the
current state of the object
403
Forbidden
Client
InvalidPart One or more of the specified parts
could not be found The part might
not have been uploaded or the
specified entity tag might not have
matched the part's entity tag
400 Bad
Request
Client
InvalidPartOrder The list of parts was not in
ascending orderParts list must
specified in order by part number
400 Bad
Request
Client
InvalidPayer All access to this object has been
disabled
403
Forbidden
Client
InvalidPolicyDocument The content of the form does not
meet the conditions specified in the
policy document
400 Bad
Request
Client
InvalidRange The requested range cannot be
satisfied
416
Requested
Range
Not
Satisfiable
Client
API Version 20060301
10Amazon Simple Storage Service API Reference
List of Error Codes
Error Code Description HTTP
Status
Code
SOAP
Fault
Code
Prefix
InvalidRequest Please use AWS4HMACSHA256 400 Bad
Request
NA
InvalidRequest SOAP requests must be made over
an HTTPS connection
400 Bad
Request
Client
InvalidRequest S3 Transfer Acceleration is not
supported for buckets with nonDNS
compliant names
400 Bad
Request
NA
InvalidRequest S3 Transfer Acceleration is not
supported for buckets with periods
() in their names
400 Bad
Request
NA
InvalidRequest S3 Transfer Accelerate endpoint
only supports virtual style requests
400 Bad
Request
NA
InvalidRequest S3 Transfer Accelerate is not
configured on this bucket
400 Bad
Request
NA
InvalidRequest S3 Transfer Accelerate is disabled
on this bucket
400 Bad
Request
NA
InvalidRequest S3 Transfer Acceleration is not
supported on this bucket Contact
AWS Support for more information
400 Bad
Request
NA
InvalidRequest S3 Transfer Acceleration cannot
be enabled on this bucket Contact
AWS Support for more information
400 Bad
Request
NA
InvalidSecurity The provided security credentials are
not valid
403
Forbidden
Client
InvalidSOAPRequest The SOAP request body is invalid 400 Bad
Request
Client
InvalidStorageClass The storage class you specified is
not valid
400 Bad
Request
Client
InvalidTargetBucketForLogging The target bucket for logging does
not exist is not owned by you or
does not have the appropriate grants
for the logdelivery group
400 Bad
Request
Client
InvalidToken The provided token is malformed or
otherwise invalid
400 Bad
Request
Client
InvalidURI Couldn't parse the specified URI 400 Bad
Request
Client
KeyTooLong Your key is too long 400 Bad
Request
Client
API Version 20060301
11Amazon Simple Storage Service API Reference
List of Error Codes
Error Code Description HTTP
Status
Code
SOAP
Fault
Code
Prefix
MalformedACLError The XML you provided was not well
formed or did not validate against
our published schema
400 Bad
Request
Client
MalformedPOSTRequest The body of your POST request is
not wellformed multipartformdata
400 Bad
Request
Client
MalformedXML This happens when the user sends
malformed xml (xml that doesn't
conform to the published xsd) for the
configuration The error message
is The XML you provided was
not wellformed or did not validate
against our published schema
400 Bad
Request
Client
MaxMessageLengthExceeded Your request was too big 400 Bad
Request
Client
MaxPostPreDataLengthExceededErrorYour POST request fields preceding
the upload file were too large
400 Bad
Request
Client
MetadataTooLarge Your metadata headers exceed the
maximum allowed metadata size
400 Bad
Request
Client
MethodNotAllowed The specified method is not allowed
against this resource
405
Method
Not
Allowed
Client
MissingAttachment A SOAP attachment was expected
but none were found
NA Client
MissingContentLength You must provide the Content
Length HTTP header
411
Length
Required
Client
MissingRequestBodyError This happens when the user sends
an empty xml document as a
request The error message is
Request body is empty
400 Bad
Request
Client
MissingSecurityElement The SOAP 11 request is missing a
security element
400 Bad
Request
Client
MissingSecurityHeader Your request is missing a required
header
400 Bad
Request
Client
NoLoggingStatusForKey There is no such thing as a logging
status subresource for a key
400 Bad
Request
Client
NoSuchBucket The specified bucket does not exist 404 Not
Found
Client
NoSuchKey The specified key does not exist 404 Not
Found
Client
API Version 20060301
12Amazon Simple Storage Service API Reference
List of Error Codes
Error Code Description HTTP
Status
Code
SOAP
Fault
Code
Prefix
NoSuchLifecycleConfiguration The lifecycle configuration does not
exist
404 Not
Found
Client
NoSuchUpload The specified multipart upload does
not exist The upload ID might be
invalid or the multipart upload might
have been aborted or completed
404 Not
Found
Client
NoSuchVersion Indicates that the version ID
specified in the request does not
match an existing version
404 Not
Found
Client
NotImplemented A header you provided implies
functionality that is not implemented
501 Not
Implemented
Server
NotSignedUp Your account is not signed up for
the Amazon S3 service You must
sign up before you can use Amazon
S3 You can sign up at the following
URL httpawsamazoncoms3
403
Forbidden
Client
NoSuchBucketPolicy The specified bucket does not have
a bucket policy
404 Not
Found
Client
OperationAborted A conflicting conditional operation
is currently in progress against this
resource Try again
409
Conflict
Client
PermanentRedirect The bucket you are attempting to
access must be addressed using the
specified endpoint Send all future
requests to this endpoint
301
Moved
Permanently
Client
PreconditionFailed At least one of the preconditions you
specified did not hold
412
Precondition
Failed
Client
Redirect Temporary redirect 307
Moved
Temporarily
Client
RestoreAlreadyInProgress Object restore is already in progress 409
Conflict
Client
RequestIsNotMultiPartContent Bucket POST must be of the
enclosuretype multipartformdata
400 Bad
Request
Client
RequestTimeout Your socket connection to the server
was not read from or written to within
the timeout period
400 Bad
Request
Client
RequestTimeTooSkewed The difference between the request
time and the server's time is too
large
403
Forbidden
Client
API Version 20060301
13Amazon Simple Storage Service API Reference
List of Error Codes
Error Code Description HTTP
Status
Code
SOAP
Fault
Code
Prefix
RequestTorrentOfBucketError Requesting the torrent file of a
bucket is not permitted
400 Bad
Request
Client
SignatureDoesNotMatch The request signature we calculated
does not match the signature
you provided Check your AWS
secret access key and signing
method For more information see
REST Authentication and SOAP
Authentication for details
403
Forbidden
Client
ServiceUnavailable Reduce your request rate 503
Service
Unavailable
Server
SlowDown Reduce your request rate 503 Slow
Down
Server
TemporaryRedirect You are being redirected to the
bucket while DNS updates
307
Moved
Temporarily
Client
TokenRefreshRequired The provided token must be
refreshed
400 Bad
Request
Client
TooManyBuckets You have attempted to create more
buckets than allowed
400 Bad
Request
Client
UnexpectedContent This request does not support
content
400 Bad
Request
Client
UnresolvableGrantByEmailAddress The email address you provided
does not match any account on
record
400 Bad
Request
Client
UserKeyMustBeSpecified The bucket POST must contain the
specified field name If it is specified
check the order of the fields
400 Bad
Request
Client
API Version 20060301
14Amazon Simple Storage Service API Reference
Authenticating Requests (AWS
Signature Version 4)
Topics
• Authentication Methods (p 16)
• Introduction to Signing Requests (p 16)
• Authenticating Requests Using the Authorization Header (AWS Signature Version 4) (p 17)
• Authenticating Requests Using Query Parameters (AWS Signature Version 4) (p 38)
• Examples Signature Calculations in AWS Signature Version 4 (p 43)
• Authenticating Requests BrowserBased Uploads Using POST (AWS Signature Version
4) (p 45)
• Amazon S3 Signature Version 4 Authentication Specific Policy Keys (p 47)
Every interaction with Amazon S3 is either authenticated or anonymous This section explains request
authentication with the AWS Signature Version 4 algorithm
Note
If you use the AWS SDKs (see Sample Code and Libraries) to send your requests you don't
need to read this section because the SDK clients authenticate your requests by using access
keys that you provide Unless you have a good reason not to you should always use the AWS
SDKs In regions that support both signature versions you can request AWS SDKs to use
specific signature version For more information see Specifying Signature Version in Request
Authentication in the Amazon Simple Storage Service Developer Guide You need to read this
section only if you are implementing the AWS Signature Version 4 algorithm in your custom
client
Authentication with AWS Signature version 4 provides some or all of the following depending on how
you choose to sign your request
• Verification of the identity of the requester – Authenticated requests require a signature that
you create by using your access keys (access key ID secret access key) For information about
getting access keys see Understanding and Getting Your Security Credentials in the AWS General
Reference If you are using temporary security credentials the signature calculations also require
a security token For more information see Requesting Temporary Security Credentials in the IAM
User Guide
• Intransit data protection – In order to prevent tampering with a request while it is in transit you
use some of the request elements to calculate the request signature Upon receiving the request
Amazon S3 calculates the signature by using the same request elements If any request component
API Version 20060301
15Amazon Simple Storage Service API Reference
Authentication Methods
received by Amazon S3 does not match the component that was used to calculate the signature
Amazon S3 will reject the request
• Protect against reuse of the signed portions of the request – The signed portions (using AWS
Signatures) of requests are valid within 15 minutes of the timestamp in the request An unauthorized
party who has access to a signed request can modify the unsigned portions of the request without
affecting the request's validity in the 15 minute window Because of this we recommend that you
maximize protection by signing request headers and body making HTTPS requests to Amazon S3
and by using the s3xamzcontentsha256 condition key (see Amazon S3 Signature Version 4
Authentication Specific Policy Keys (p 47)) in AWS policies to require users to sign S3 request
bodies
Note
Amazon S3 supports Signature Version 4 a protocol for authenticating inbound API requests
to AWS services in all AWS regions At this time AWS regions created before January 30
2014 will continue to support the previous protocol Signature Version 2 Any new regions
after January 30 2014 will support only Signature Version 4 and therefore all requests to
those regions must be made with Signature Version 4 For more information about AWS
Signature Version 2 see Signing and Authenticating REST Requests in the Amazon Simple
Storage Service Developer Guide
Authentication Methods
You can express authentication information by using one of the following methods
• HTTP Authorization header – Using the HTTP Authorization header is the most common
method of authenticating an Amazon S3 request All of the Amazon S3 REST operations (except
for browserbased uploads using POST requests) require this header For more information
about the Authorization header value and how to calculate signature and related options see
Authenticating Requests Using the Authorization Header (AWS Signature Version 4) (p 17)
• Query string parameters – You can use a query string to express a request entirely in a URL In
this case you use query parameters to provide request information including the authentication
information Because the request signature is part of the URL this type of URL is often referred to as
a presigned URL You can use presigned URLs to embed clickable links which can be valid for up to
seven days in HTML For more information see Authenticating Requests Using Query Parameters
(AWS Signature Version 4) (p 38)
Amazon S3 also supports browserbased uploads that use an HTTP POST requests With an HTTP
POST request you can upload content to Amazon S3 directly from the browser For information about
authenticating POST requests see BrowserBased Uploads Using POST in the Amazon Simple
Storage Service Developer Guide
Introduction to Signing Requests
Authentication information that you send in a request must include a signature To calculate a
signature you first concatenate select request elements to form a string referred to as the string to
sign You then use a signing key to calculate the hashbased message authentication code (HMAC) of
the string to sign
In AWS Signature Version 4 you don't use your secret access key to sign the request Instead you
first use your secret access key to create a signing key The signing key is scoped to a specific region
and service and it never expires
API Version 20060301
16Amazon Simple Storage Service API Reference
Using an Authorization Header
The following diagram illustrates the general process of computing a signature
The string to sign depends on the request type For example when you use the HTTP Authorization
header or the query parameters for authentication you use a varying combination of request elements
to create the string to sign For an HTTP POST request the POST policy in the request is the string
you sign
Upon receiving an authenticated request Amazon S3 servers recreate the signature by using the
authentication information that is contained in the request If the signatures match Amazon S3
processes your request otherwise the request is rejected
For more information about authenticating requests see the following topics
• Authenticating Requests Using the Authorization Header (AWS Signature Version 4) (p 17)
• Authenticating Requests Using Query Parameters (AWS Signature Version 4) (p 38)
• Authenticating Requests in BrowserBased Uploads Using POST (AWS Signature Version
4) (p 52)
Authenticating Requests Using the Authorization
Header (AWS Signature Version 4)
Topics
• Overview (p 17)
• Signature Calculations for the Authorization Header Transferring Payload in a Single Chunk (AWS
Signature Version 4) (p 20)
• Signature Calculations for the Authorization Header Transferring Payload in Multiple Chunks
(Chunked Upload) (AWS Signature Version 4) (p 31)
Overview
Using the HTTP Authorization header is the most common method of providing authentication
information Except for POST requests (p 279) and requests that are signed by using query
parameters all Amazon S3 bucket operations (p 70) and object operations (p 238) use the
Authorization request header to provide authentication information
The following is an example of the Authorization header value Line breaks are added to this
example for readability
Authorization AWS4HMACSHA256
API Version 20060301
17Amazon Simple Storage Service API Reference
Overview
CredentialAKIAIOSFODNN7EXAMPLE20130524useast1s3aws4_request
SignedHeadershostrangexamzdate
Signaturefe5f80f77d5fa3beca038a248ff027d0445342fe2855ddc963176630326f1024
The following is the properly formatted version of the same Authorization header
Note the following
• There is space between the first two components AWS4HMACSHA256 and Credential
• The subsequent components Credential SignedHeaders and Signature are separated by a
comma
The following table describes the various components of the Authorization header value in the
preceding example
Component Description
AWS4HMACSHA256 The algorithm that was used to calculate the signature You must
provide this value when you use AWS Signature Version 4 for
authentication
The string specifies AWS Signature Version 4 (AWS4) and the
signing algorithm (HMACSHA256)
Credential Your access key ID and the scope information which includes the
date region and service that were used to calculate the signature
This string has the following form
service>aws4_request
Where
value is specified using YYYYMMDD format
value is s3 when sending request to Amazon
S3
SignedHeaders A semicolonseparated list of request headers that you used to
compute Signature The list includes header names only and
the header names must be in lowercase For example
hostrangexamzdate
Signature The 256bit signature expressed as 64 lowercase hexadecimal
characters For example
fe5f80f77d5fa3beca038a248ff027d0445342fe2855ddc963176630326f1024
Note that the signature calculations vary depending on the option
you choose to transfer the payload
The signature calculations vary depending on the method you choose to transfer the request payload
S3 supports the following options
API Version 20060301
18Amazon Simple Storage Service API Reference
Overview
• Transfer payload in a single chunk – In this case you have the following signature calculation
options
• Signed payload option – You can optionally compute the entire payload checksum and include it
in signature calculation This provides added security but you need to read your payload twice or
buffer it in memory
For example in order to upload a file you need to read the file first to compute a payload hash
for signature calculation and again for transmission when you create the request For smaller
payloads this approach might be preferable However for large files reading the file twice can be
inefficient so you might want to upload data in chunks instead
We recommend you include payload checksum for added security
• Unsigned payload option – Do not include payload checksum in signature calculation
For stepbystep instructions to calculate signature and construct the Authorization header value see
Signature Calculations for the Authorization Header Transferring Payload in a Single Chunk (AWS
Signature Version 4) (p 20)
• Transfer payload in multiple chunks (chunked upload) – In this case you transfer payload in
chunks You can transfer a payload in chunks regardless of the payload size
You can break up your payload into chunks These can be fixed or variablesize chunks By
uploading data in chunks you avoid reading the entire payload to calculate the signature Instead
for the first chunk you calculate a seed signature that uses only the request headers The second
chunk contains the signature for the first chunk and each subsequent chunk contains the signature
for the chunk that precedes it At the end of the upload you send a final chunk with 0 bytes of data
that contains the signature of the last chunk of the payload For more information see Signature
Calculations for the Authorization Header Transferring Payload in Multiple Chunks (Chunked
Upload) (AWS Signature Version 4) (p 31)
When you send a request you must tell Amazon S3 which of the preceding options you have chosen
in your signature calculation by adding the xamzcontentsha256 header with one of the following
values
• If you choose chunked upload options set the header value to STREAMINGAWS4HMACSHA256
PAYLOAD
• If you choose to upload payload in a single chunk set the header value to the payload checksum
(signed payload option) or set the value to the literal string UNSIGNEDPAYLOAD (unsigned payload
option)
Upon receiving the request Amazon S3 recreates the string to sign using information in the
Authorization header and the date header It then verifies with authentication service the
signatures match The request date can be specified by using either the HTTP Date or the xamz
date header If both headers are present xamzdate takes precedence
If the signatures match Amazon S3 processes your request otherwise your request will fail
For more information see the following topics
Signature Calculations for the Authorization Header Transferring Payload in a Single Chunk (AWS
Signature Version 4) (p 20)
Signature Calculations for the Authorization Header Transferring Payload in Multiple Chunks
(Chunked Upload) (AWS Signature Version 4) (p 31)
API Version 20060301
19Amazon Simple Storage Service API Reference
Signature Calculation Transfer
Payload in a Single Chunk
Signature Calculations for the Authorization Header
Transferring Payload in a Single Chunk (AWS
Signature Version 4)
When using the Authorization header to authenticate requests the header value includes among
other things a signature The signature calculations vary depending on the choice you make for
transferring the payload (Overview (p 17)) This section explains signature calculations when you
choose to transfer the payload in a single chunk The example section (see Examples Signature
Calculations (p 25)) shows signature calculations and resulting Authorization headers that you
can use as a test suite to verify your code
Important
When transferring payload in a single chunk you can optionally choose to include the payload
hash in the signature calculations referred as signed payload (if you don't include it the
payload is considered unsigned) The signing procedure discussed in the following section
applies to both but note the following differences
• Signed payload option – You include the payload hash when constructing the canonical
request (that then becomes part of StringToSign as explained in the signature calculation
section) You also specify the same value as the xamzcontentsha256 header value
when sending the request to S3
• Unsigned payload option – You include the literal string UNSIGNEDPAYLOAD when
constructing a canonical request and set the same value as the he xamzcontent
sha256 header value when sending the request to S3
When you send your request to S3 the xamzcontentsha256 header value informs S3
whether the payload is signed or not Amazon S3 can then create signature accordingly for
verification
Calculating a Signature
To calculate a signature you first need a string to sign You then calculate a HMACSHA256 hash of
the string to sign by using a signing key The following diagram illustrates the process including the
various components of the string that you create for signing
When Amazon S3 receives an authenticated request it computes the signature and then compares it
with the signature that you provided in the request For that reason you must compute the signature
by using the same method that is used by Amazon S3 The process of putting a request in an agreed
upon form for signing is called canonicalization
API Version 20060301
20Amazon Simple Storage Service API Reference
Signature Calculation Transfer
Payload in a Single Chunk
The following table describes the functions that are shown in the diagram You need to implement code
for these functions
Function Description
Lowercase() Convert the string to lowercase
Hex() Lowercase base 16 encoding
SHA256Hash() Secure Hash Algorithm (SHA) cryptographic hash function
HMACSHA256() Computes HMAC by using the SHA256 algorithm with the signing
key provided This is the final signature
Trim() Remove any leading or trailing whitespace
UriEncode() URI encode every byte UriEncode() must enforce the following
rules
• URI encode every byte except the unreserved characters 'A''Z'
'a''z' '0''9' '' '' '_' and '~'
• The space character is a reserved character and must be
encoded as 20 (and not as +)
• Each URI encoded byte is formed by a '' and the twodigit
hexadecimal value of the byte
• Letters in the hexadecimal value must be uppercase for
example 1A
• Encode the forward slash character '' everywhere except in
the object key name For example if the object key name is
photosJansamplejpg the forward slash in the key name
is not encoded
API Version 20060301
21Amazon Simple Storage Service API Reference
Signature Calculation Transfer
Payload in a Single Chunk
Function Description
Caution
The standard UriEncode functions provided by your
development platform may not work because of
differences in implementation and related ambiguity in the
underlying RFCs We recommend that you write your own
custom UriEncode function to ensure that your encoding
will work
The following is an example uriencode() function in Java
public static String UriEncode(CharSequence input
boolean encodeSlash) {
StringBuilder result new
StringBuilder()
for (int i 0 i < inputlength() i++)
{
char ch inputcharAt(i)
if ((ch > 'A' && ch < 'Z') || (ch
> 'a' && ch < 'z') || (ch > '0' && ch < '9')
|| ch '_' || ch '' || ch '~' || ch
'') {
resultappend(ch)
} else if (ch '') {
resultappend(encodeSlash
2F ch)
} else {
resultappend(toHexUTF8(ch))
}
}
return resulttoString()
}
Task 1 Create a Canonical Request
This section provides an overview of creating a canonical request
The following is the canonical request format that Amazon S3 uses to calculate a signature For
signatures to match you must create a canonical request in this format
\n
\n
\n
\n
\n

Where
• HTTPMethod is one of the HTTP methods for example GET PUT HEAD and DELETE
• CanonicalURI is the URIencoded version of the absolute path component of the URI—everything
starting with the that follows the domain name and up to the end of the string or to the question
mark character ('') if you have query string parameters The URI in the following example
examplebucketmyphotojpg is the absolute path and you don't encode the in the absolute
path
API Version 20060301
22Amazon Simple Storage Service API Reference
Signature Calculation Transfer
Payload in a Single Chunk
https3amazonawscomexamplebucketmyphotojpg
Note
You do not normalize URI paths for requests to Amazon S3 For example you may have
a bucket with an object named myobjectexamplephotouser Normalizing the path
changes the object name in the request to myobjectexamplephotouser This is an
incorrect path for that object
• CanonicalQueryString specifies the URIencoded query string parameters You URIencode
name and values individually You must also sort the parameters in the canonical query string
alphabetically by key name The sorting occurs after encoding The query string in the following URI
example is prefixsomePrefix&markersomeMarker&maxkeys20
https3amazonawscomexamplebucket
prefixsomePrefix&markersomeMarker&maxkeys20
The canonical query string is as follows (line breaks are added to this example for readability)
URIencode(marker)++URIencode(someMarker)+&+
URIencode(maxkeys)++URIencode(20) + & +
URIencode(prefix)++URIencode(somePrefix)
When a request targets a subresource the corresponding query parameter value will be an empty
string () For example the following URI identifies the ACL subresource on the examplebucket
bucket
https3amazonawscomexamplebucketacl
The CanonicalQueryString in this case is as follows
URIencode(acl) + +
If the URI does not include a '' there is no query string in the request and you set the canonical
query string to an empty string () You will still need to include the \n
• CanonicalHeaders is a list of request headers with their values Individual header name and value
pairs are separated by the newline character (\n) Header names must be in lowercase You must
sort the header names alphabetically to construct the string as shown in the following example
Lowercase()++Trim()+\n
Lowercase()++Trim()+\n

Lowercase()++Trim()+\n
The Lowercase() and Trim() functions used in this example are described in the preceding
section
The CanonicalHeaders list must include the following
• HTTP host header
• If the ContentType header is present in the request you must add it to the
CanonicalHeaders list
API Version 20060301
23Amazon Simple Storage Service API Reference
Signature Calculation Transfer
Payload in a Single Chunk
• Any xamz* headers that you plan to include in your request must also be added For example
if you are using temporary security credentials you need to include xamzsecuritytoken in
your request You must add this header in the list of CanonicalHeaders
Note
The xamzcontentsha256 header is required for all AWS Signature Version 4
requests It provides a hash of the request payload If there is no payload you must provide
the hash of an empty string
The following is an example CanonicalHeaders string The header names are in lowercase and
sorted
hosts3amazonawscom
xamzcontent
sha256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b785
2b855
xamzdate20130708T220855Z
Note
For the purpose of calculating an authorization signature only the host and any xamz
* headers are required however in order to prevent data tampering you should consider
including all the headers in the signature calculation
• SignedHeaders is an alphabetically sorted semicolonseparated list of lowercase request
header names The request headers in the list are the same headers that you included in the
CanonicalHeaders string For example for the previous example the value of SignedHeaders
would be as follows
hostxamzcontentsha256xamzdate
• HashedPayload is the hexadecimal value of the SHA256 hash of the request payload
Hex(SHA256Hash()
If there is no payload in the request you compute a hash of the empty string as follows
Hex(SHA256Hash())
The hash returns the following value
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
For example when you upload an object by using a PUT request you provide object data in the
body When you retrieve an object by using a GET request you compute the empty string hash
Task 2 Create a String to Sign
This section provides an overview of creating a string to sign For stepbystep instructions see Task 2
Create a String to Sign in the AWS General Reference
The string to sign is a concatenation of the following strings
AWS4HMACSHA256 + \n +
timeStampISO8601Format + \n +
+ \n +
API Version 20060301
24Amazon Simple Storage Service API Reference
Signature Calculation Transfer
Payload in a Single Chunk
Hex(SHA256Hash())
The constant string AWS4HMACSHA256 specifies the hash algorithm that you are using
HMACSHA256 The timeStamp is the current UTC time in ISO 8601 format (for example
20130524T000000Z)
Scope binds the resulting signature to a specific date an AWS region and a service Thus your
resulting signature will work only in the specific region and for a specific service The signature is valid
for seven days after the specified date
dateFormat() + + + + + aws4_request
For Amazon S3 the service string is s3 For a list of region strings see Regions and Endpoints in the
AWS General Reference The region column in this table provides the list of valid region strings
The following scope restricts the resulting signature to the useast1 region and Amazon S3
20130606useast1s3aws4_request
Note
Scope must use the same date that you use to compute the signing key as discussed in the
following section
Task 3 Calculate Signature
In AWS Signature Version 4 instead of using your AWS access keys to sign a request you first create
a signing key that is scoped to a specific region and service For more information about signing keys
see Introduction to Signing Requests (p 16)
DateKey HMACSHA256(AWS4+ )
DateRegionKey HMACSHA256( )
DateRegionServiceKey HMACSHA256( )
SigningKey HMACSHA256( aws4_request)
Note
This signing key is valid for seven days from the date specified in the DateKey hash
For a list of region strings see Regions and Endpoints in the AWS General Reference
Using a signing key enables you to keep your AWS credentials in one safe place For example if you
have multiple servers that communicate with Amazon S3 you share the signing key with those servers
you don’t have to keep a copy of your secret access key on each server Signing key is valid for up to
seven days So each time you calculate signing key you will need to share the signing key with your
servers For more information see Authenticating Requests (AWS Signature Version 4) (p 15)
The final signature is the HMACSHA256 hash of the string to sign using the signing key as the key
HMACSHA256(SigningKey StringToSign)
For stepbystep instructions on creating a signature see Task 3 Create a Signature in the AWS
General Reference
Examples Signature Calculations
You can use the examples in this section as a reference to check signature calculations in your code
For additional references see Signature Version 4 Test Suite of the AWS General Reference The
calculations shown in the examples use the following data
API Version 20060301
25Amazon Simple Storage Service API Reference
Signature Calculation Transfer
Payload in a Single Chunk
• Example access keys
Parameter Value
AWSAccessKeyId AKIAIOSFODNN7EXAMPLE
AWSSecretAccessKey wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY
• Request timestamp of 20130524T000000Z (Fri 24 May 2013 000000 GMT)
• Bucket name examplebucket
• The bucket is assumed to be in the US East (N Virginia) region The credential Scope and the
Signing Key calculations use useast1 as the region specifier For information about other
regions see Regions and Endpoints in the AWS General Reference
• You can use either pathstyle or virtual hosted–style requests The following examples show how to
sign a virtual hosted–style request for example
httpsexamplebuckets3amazonawscomphotosphoto1jpg
For more information see Virtual Hosting of Buckets in the Amazon Simple Storage Service
Developer Guide
Example GET Object
The following example gets the first 10 bytes of an object (testtxt) from examplebucket For more
information about the API action see GET Object (p 251)
GET testtxt HTTP11
Host examplebuckets3amazonawscom
xamzdate20130524T000000Z
Authorization SignatureToBeCalculated
Range bytes09
xamzcontent
sha256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
xamzdate 20130524T000000Z
Because this GET request does not provide any body content the xamzcontentsha256 value is
the hash of the empty request body The following steps show signature calculations and construction
of the Authorization header
1 StringToSign
a CanonicalRequest
GET
testtxt
hostexamplebuckets3amazonawscom
rangebytes09
xamzcontent
sha256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
xamzdate20130524T000000Z
hostrangexamzcontentsha256xamzdate
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
API Version 20060301
26Amazon Simple Storage Service API Reference
Signature Calculation Transfer
Payload in a Single Chunk
In the canonical request string the last line is the hash of the empty request body The third
line is empty because there are no query parameters in the request
b StringToSign
AWS4HMACSHA256
20130524T000000Z
20130524useast1s3aws4_request
7344ae5b7ee6c3e7e6b0fe0640412a37625d1fbfff95c48bbb2dc43964946972
2 SigningKey
signing key HMACSHA256(HMACSHA256(HMACSHA256(HMACSHA256(AWS4 +
20130524)useast1)s3)aws4_request)
3 Signature
f0e8bdb87c964420e857bd35b5d6ed310bd44f0170aba48dd91039c6036bdb41
4 Authorization header
The resulting Authorization header is as follows
AWS4HMACSHA256 CredentialAKIAIOSFODNN7EXAMPLE20130524useast1
s3aws4_requestSignedHeadershostrangexamzcontentsha256xamz
dateSignaturef0e8bdb87c964420e857bd35b5d6ed310bd44f0170aba48dd91039c6036bdb41
Example PUT Object
This example PUT request creates an object (testfiletext) in examplebucket The example
assumes the following
• You are requesting REDUCED_REDUNDANCY as the storage class by adding the xamzstorage
class request header For information about storage classes see Storage Classes in the Amazon
Simple Storage Service Developer Guide
• The content of the uploaded file is a string Welcome to Amazon S3 The value of xamz
contentsha256 in the request is based on this string
For information about the API action see PUT Object (p 291)
PUT testfiletext HTTP11
Host examplebuckets3amazonawscom
Date Fri 24 May 2013 000000 GMT
Authorization SignatureToBeCalculated
xamzdate 20130524T000000Z
xamzstorageclass REDUCED_REDUNDANCY
xamzcontentsha256
44ce7dd67c959e0d3524ffac1771dfbba87d2b6b4b4e99e42034a8b803f8b072

The following steps show signature calculations
API Version 20060301
27Amazon Simple Storage Service API Reference
Signature Calculation Transfer
Payload in a Single Chunk
1 StringToSign
a CanonicalRequest
PUT
test24filetext
dateFri 24 May 2013 000000 GMT
hostexamplebuckets3amazonawscom
xamzcontent
sha25644ce7dd67c959e0d3524ffac1771dfbba87d2b6b4b4e99e42034a8b803f8b072
xamzdate20130524T000000Z
xamzstorageclassREDUCED_REDUNDANCY
datehostxamzcontentsha256xamzdatexamzstorageclass
44ce7dd67c959e0d3524ffac1771dfbba87d2b6b4b4e99e42034a8b803f8b072
In the canonical request the third line is empty because there are no query parameters in the
request The last line is the hash of the body which should be same as the xamzcontent
sha256 header value
b StringToSign
AWS4HMACSHA256
20130524T000000Z
20130524useast1s3aws4_request
9e0e90d9c76de8fa5b200d8c849cd5b8dc7a3be3951ddb7f6a76b4158342019d
2 SigningKey
signing key HMACSHA256(HMACSHA256(HMACSHA256(HMACSHA256(AWS4 +
20130524)useast1)s3)aws4_request)
3 Signature
98ad721746da40c64f1a55b78f14c238d841ea1380cd77a1b5971af0ece108bd
4 Authorization header
The resulting Authorization header is as follows
AWS4HMACSHA256 CredentialAKIAIOSFODNN7EXAMPLE20130524
useast1s3aws4_requestSignedHeadersdatehostx
amzcontentsha256xamzdatexamzstorage
classSignature98ad721746da40c64f1a55b78f14c238d841ea1380cd77a1b5971af0ece108bd
Example GET Bucket Lifecycle
The following GET request retrieves the lifecycle configuration of examplebucket For information
about the API action see GET Bucket lifecycle (p 113)
GET lifecycle HTTP11
Host examplebuckets3amazonawscom
Authorization SignatureToBeCalculated
xamzdate 20130524T000000Z
API Version 20060301
28Amazon Simple Storage Service API Reference
Signature Calculation Transfer
Payload in a Single Chunk
xamzcontent
sha256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Because the request does not provide any body content the xamzcontentsha256 header value
is the hash of the empty request body The following steps show signature calculations
1 StringToSign
a CanonicalRequest
GET

lifecycle
hostexamplebuckets3amazonawscom
xamzcontent
sha256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
xamzdate20130524T000000Z
hostxamzcontentsha256xamzdate
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
In the canonical request the last line is the hash of the empty request body
b StringToSign
AWS4HMACSHA256
20130524T000000Z
20130524useast1s3aws4_request
9766c798316ff2757b517bc739a67f6213b4ab36dd5da2f94eaebf79c77395ca
2 SigningKey
signing key HMACSHA256(HMACSHA256(HMACSHA256(HMACSHA256(AWS4 +
20130524)useast1)s3)aws4_request)
3 Signature
fea454ca298b7da1c68078a5d1bdbfbbe0d65c699e0f91ac7a200a0136783543
4 Authorization header
The resulting Authorization header is as follows
AWS4HMACSHA256 CredentialAKIAIOSFODNN7EXAMPLE20130524useast1
s3aws4_requestSignedHeadershostxamzcontentsha256xamz
dateSignaturefea454ca298b7da1c68078a5d1bdbfbbe0d65c699e0f91ac7a200a0136783543
Example Get Bucket (List Objects)
The following example retrieves a list of objects from examplebucket bucket For information about
the API action see GET Bucket (List Objects) Version 1 (p 96)
GET maxkeys2&prefixJ HTTP11
Host examplebuckets3amazonawscom
Authorization SignatureToBeCalculated
xamzdate 20130524T000000Z
API Version 20060301
29Amazon Simple Storage Service API Reference
Signature Calculation Transfer
Payload in a Single Chunk
xamzcontent
sha256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Because the request does not provide a body the value of xamzcontentsha256 is the hash of
the empty request body The following steps show signature calculations
1 StringToSign
a CanonicalRequest
GET

maxkeys2&prefixJ
hostexamplebuckets3amazonawscom
xamzcontent
sha256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
xamzdate20130524T000000Z
hostxamzcontentsha256xamzdate
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
In the canonical string the last line is the hash of the empty request body
b StringToSign
AWS4HMACSHA256
20130524T000000Z
20130524useast1s3aws4_request
df57d21db20da04d7fa30298dd4488ba3a2b47ca3a489c74750e0f1e7df1b9b7
2 SigningKey
signing key HMACSHA256(HMACSHA256(HMACSHA256(HMACSHA256(AWS4 +
20130524)useast1)s3)aws4_request)
3 Signature
34b48302e7b5fa45bde8084f4b7868a86f0a534bc59db6670ed5711ef69dc6f7
4 Authorization header
The resulting Authorization header is as follows
AWS4HMACSHA256 CredentialAKIAIOSFODNN7EXAMPLE20130524useast1
s3aws4_requestSignedHeadershostxamzcontentsha256xamz
dateSignature34b48302e7b5fa45bde8084f4b7868a86f0a534bc59db6670ed5711ef69dc6f7
API Version 20060301
30Amazon Simple Storage Service API Reference
Signature Calculation Transfer
Payload in Multiple Chunks
Signature Calculations for the Authorization Header
Transferring Payload in Multiple Chunks (Chunked
Upload) (AWS Signature Version 4)
As described in the Overview (p 17) when authenticating requests using the Authorization header
you have an option of uploading the payload in chunks You can send data in fixed size or variable size
chunks This section describes the signature calculation process in chunked upload how you create
the chunk body and how the delayed signing works where you first upload the chunk and send its
signature in the subsequent chunk The example section (see Example PUT Object (p 35)) shows
signature calculations and resulting Authorization headers that you can use as test suite to verify
your code
Note
When transferring data in a series of chunks you must use the ContentLength HTTP
header to explicitly specify the total content length (object length in bytes plus metadata in
each chunk) This will require you to precompute the total length of the payload including the
metadata you will send in each chunk before starting your request The xamzdecoded
contentlength header will contain the size of the object length in bytes
Each chunk signature calculation includes the signature of the previous chunk To begin with you
create a seed signature using only the headers You use the seed signature in the signature calculation
of the first chunk For each subsequent chunk you create a chunk signature that includes signature of
the previous chunk Thus the chunk signatures are chained together that is signature of chunk n is a
function F(chunk n signature(chunk n1)) The chaining ensures you send the chunks in correct order
To perform a chunked upload do the following
1 Decide payload chunk size You need this when you write the code
Chunk size must be at least 8 KB We recommend a chunk size of a least 64 KB for better
performance This chunk size applies to all chunk except the last one The last chunk you send can
be smaller than 8 KB If your payload is small and can fit in one chunk then it can be smaller than
the 8 KB
2 Create the seed signature for inclusion in the first chunk For more information see Calculating the
Seed Signature (p 31)
3 Create the first chunk and stream it For more information see Defining the Chunk Body (p 34)
4 For each subsequent chunk calculate the chunk signature that includes the previous signature in
the string you sign construct the chunk and send it For more information see Defining the Chunk
Body (p 34)
5 Send the final additional chunk same as other chunks in construction but it has zero data bytes
For more information see Defining the Chunk Body (p 34)
Calculating the Seed Signature
The following diagram illustrates the process of calculating the seed signature
API Version 20060301
31Amazon Simple Storage Service API Reference
Signature Calculation Transfer
Payload in Multiple Chunks
The following table describes the functions that are shown in the diagram You need to implement code
for these functions
Function Description
Lowercase() Convert the string to lowercase
Hex() Lowercase base 16 encoding
SHA256Hash() Secure Hash Algorithm (SHA) cryptographic hash function
HMACSHA256() Computes HMAC by using the SHA256 algorithm with the signing
key provided This is the final signature
Trim() Remove any leading or trailing whitespace
UriEncode() URI encode every byte UriEncode() must enforce the following
rules
• URI encode every byte except the unreserved characters 'A''Z'
'a''z' '0''9' '' '' '_' and '~'
• The space character is a reserved character and must be
encoded as 20 (and not as +)
• Each URI encoded byte is formed by a '' and the twodigit
hexadecimal value of the byte
• Letters in the hexadecimal value must be uppercase for
example 1A
• Encode the forward slash character '' everywhere except in
the object key name For example if the object key name is
photosJansamplejpg the forward slash in the key name
is not encoded
API Version 20060301
32Amazon Simple Storage Service API Reference
Signature Calculation Transfer
Payload in Multiple Chunks
Function Description
Caution
The standard UriEncode functions provided by your
development platform may not work because of
differences in implementation and related ambiguity in the
underlying RFCs We recommend that you write your own
custom UriEncode function to ensure that your encoding
will work
The following is an example uriencode() function in Java
public static String UriEncode(CharSequence input
boolean encodeSlash) {
StringBuilder result new
StringBuilder()
for (int i 0 i < inputlength() i++)
{
char ch inputcharAt(i)
if ((ch > 'A' && ch < 'Z') || (ch
> 'a' && ch < 'z') || (ch > '0' && ch < '9')
|| ch '_' || ch '' || ch '~' || ch
'') {
resultappend(ch)
} else if (ch '') {
resultappend(encodeSlash
2F ch)
} else {
resultappend(toHexUTF8(ch))
}
}
return resulttoString()
}
For information about the signing process see Signature Calculations for the Authorization Header
Transferring Payload in a Single Chunk (AWS Signature Version 4) (p 20) The process is the same
except that the creation of CanonicalRequest differs as follows
• In addition to the request headers you plan to add you must include the following headers
Header Description
xamzcontent
sha256
This header is required for all AWS Signature Version 4 requests Set the
value to STREAMINGAWS4HMACSHA256PAYLOAD to indicate that the
signature covers only headers and that there is no payload
API Version 20060301
33Amazon Simple Storage Service API Reference
Signature Calculation Transfer
Payload in Multiple Chunks
Header Description
ContentEncoding Set the value to awschunked
Amazon S3 supports multiple content encodings For example
ContentEncoding awschunkedgzip
That is you can specify your custom contentencoding when using
Signature Version 4 streaming API
Note
S3 will store the resulting object without the awschunked
encoding Therefore when you retrieve the object it will not be
awschunked encoded
xamzdecoded
contentlength
Set the value to the length in bytes of the data to be chunked without
counting any metadata For example if you are uploading a 4 GB file set
the value to 4294967296
ContentLength Set the value to the length of your data including the metadata Each
chunk will have metadata such as the signature of the previous chunk
Chunk calculations are discussed in the following section
You send the first chunk with the seed signature You will need to construct the chunk as described in
the following section
Defining the Chunk Body
All chunks include some metadata Each chunk must conform to the following structure
string(IntHexBase(chunksize)) + chunksignature + signature + \r\n
+ chunkdata + \r\n
Where
• IntHexBase() is a function that you will write to convert an integer chunksize to hexadecimal For
example if chunksize is 65536 hexadecimal string is 1000
• chunksize is the size in bytes of the chunkdata without metadata For example if you are
uploading a 65 KB object and using a chunk size of 64 KB you upload the data in three chunks the
first would be 64 KB the second 1 KB and the final chunk with 0 bytes
• signature For each chunk you calculate signature using the following string to sign For the first
chunk you use the seedsignature as the previous signature
API Version 20060301
34Amazon Simple Storage Service API Reference
Signature Calculation Transfer
Payload in Multiple Chunks
The size of the final chunk data that you send is 0 although the chunk body will still contain metadata
including the signature of the previous chunk
Example PUT Object
You can use the examples in this section as a reference to check signature calculations in your code
Before you review the examples note the following
• The signature calculations in these examples use the following example security credentials
Parameter Value
AWSAccessKeyId AKIAIOSFODNN7EXAMPLE
AWSSecretAccessKey wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY
• All examples use the request timestamp 20130524T000000Z (Fri 24 May 2013 000000
GMT)
• All examples use examplebucket as the bucket name
• The bucket is assumed to be in the US East (N Virginia) region and the credential Scope and the
Signing Key calculations use useast1 as the region specifier For more information see
Regions and Endpoints in the Amazon Web Services General Reference
• You can use either path style or virtualhosted style requests The examples below show use virtual
hosted style requests for example
httpsexamplebuckets3amazonawscomphotosphoto1jpg
For more information see Virtual Hosting of Buckets in the Amazon Simple Storage Service
Developer Guide
Example PUT Object
The following example sends a PUT request to upload an object The signature calculations assume
the following
• You are uploading a 65 KB text file and the file content is a onecharacter string made up of the
letter 'a'
• The chunk size is 64 KB As a result the payload will be uploaded in three chunks 64 KB 1 KB and
the final chunk with 0 bytes of chunk data
API Version 20060301
35Amazon Simple Storage Service API Reference
Signature Calculation Transfer
Payload in Multiple Chunks
• The resulting object has the key name chunkObjecttxt
• You are requesting REDUCED_REDUNDANCY as the storage class by adding the xamzstorage
class request header
For information about the API action see PUT Object (p 291) The general request syntax is as
follows
PUT examplebucketchunkObjecttxt HTTP11
Host s3amazonawscom
xamzdate 20130524T000000Z
xamzstorageclass REDUCED_REDUNDANCY
Authorization SignatureToBeCalculated
xamzcontentsha256 STREAMINGAWS4HMACSHA256PAYLOAD
ContentEncoding awschunked
xamzdecodedcontentlength 66560
ContentLength 66824

The following steps show signature calculations
1 Seed signature — Create String to Sign
1 CanonicalRequest
PUT
examplebucketchunkObjecttxt
contentencodingawschunked
contentlength66824
hosts3amazonawscom
xamzcontentsha256STREAMINGAWS4HMACSHA256PAYLOAD
xamzdate20130524T000000Z
xamzdecodedcontentlength66560
xamzstorageclassREDUCED_REDUNDANCY
contentencodingcontentlengthhostxamzcontentsha256xamz
datexamzdecodedcontentlengthxamzstorageclass
STREAMINGAWS4HMACSHA256PAYLOAD
In the canonical request the third line is empty because there are no query parameters in the
request The last line is the constant string provided as the value of the hashed Payload which
should be same as the value of xamzcontentsha256 header
2 StringToSign
AWS4HMACSHA256
20130524T000000Z
20130524useast1s3aws4_request
cee3fed04b70f867d036f722359b0b1f2f0e5dc0efadbc082b76c4c60e316455
Note
For information about each of line in the string to sign see the diagram that explains
seed signature calculation
API Version 20060301
36Amazon Simple Storage Service API Reference
Signature Calculation Transfer
Payload in Multiple Chunks
2 SigningKey
signing key HMACSHA256(HMACSHA256(HMACSHA256(HMACSHA256(AWS4 +
20130524)useast1)s3)aws4_request)

3 Seed Signature
4f232c4386841ef735655705268965c44a0e4690baa4adea153f7db9fa80a0a9
4 Authorization header
The resulting Authorization header is as follows
AWS4HMACSHA256 CredentialAKIAIOSFODNN7EXAMPLE20130524useast1s3
aws4_requestSignedHeaderscontentencodingcontentlengthhostxamz
contentsha256xamzdatexamzdecodedcontentlengthxamzstorage
classSignature4f232c4386841ef735655705268965c44a0e4690baa4adea153f7db9fa80a0a9
5 Chunk 1 (65536 bytes with value 97 for letter 'a')
1 Chunk string to sign
AWS4HMACSHA256PAYLOAD
20130524T000000Z
20130524useast1s3aws4_request
4f232c4386841ef735655705268965c44a0e4690baa4adea153f7db9fa80a0a9
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
bf718b6f653bebc184e1479f1935b8da974d701b893afcf49e701f3e2f9f9c5a
Note
To information about each line in the string to sign see the preceding diagram that
show various components of the string to sign (for example the last three lines are
previoussignature hash() and hash(currentchunkdata))
2 Chunk signature
ad80c730a21e5b8d04586a2213dd63b9a0e99e0e2307b0ade35a65485a288648
3 Chunk data sent
10000chunk
signaturead80c730a21e5b8d04586a2213dd63b9a0e99e0e2307b0ade35a65485a288648
<65536bytes>
6 Chunk 2 (1024 bytes with value 97 for letter 'a')
1 Chunk string to sign
AWS4HMACSHA256PAYLOAD
20130524T000000Z
20130524useast1s3aws4_request
ad80c730a21e5b8d04586a2213dd63b9a0e99e0e2307b0ade35a65485a288648
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
2edc986847e209b4016e141a6dc8716d3207350f416969382d431539bf292e4a
2 Chunk signature
API Version 20060301
37Amazon Simple Storage Service API Reference
Using Query Parameters
0055627c9e194cb4542bae2aa5492e3c1575bbb81b612b7d234b86a503ef5497
3 Chunk data sent
400chunk
signature0055627c9e194cb4542bae2aa5492e3c1575bbb81b612b7d234b86a503ef5497
<1024 bytes>
7 Chunk 3 (0 byte data)
1 Chunk string to sign
AWS4HMACSHA256PAYLOAD
20130524T000000Z
20130524useast1s3aws4_request
0055627c9e194cb4542bae2aa5492e3c1575bbb81b612b7d234b86a503ef5497
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
2 Chunk signature
b6c6ea8a5354eaf15b3cb7646744f4275b71ea724fed81ceb9323e279d449df9
3 Chunk data sent
0chunk
signatureb6c6ea8a5354eaf15b3cb7646744f4275b71ea724fed81ceb9323e279d449df9
Authenticating Requests Using Query
Parameters (AWS Signature Version 4)
As described in the authentication overview (see Authentication Methods (p 16)) you can provide
authentication information using query string parameters Using query parameters to authenticate
requests is useful when you want to express a request entirely in a URL This method is also referred
as presigning a URL
A use case scenario for presigned URLs is that you can grant temporary access to your Amazon S3
resources For example you can embed a presigned URL on your website or alternatively use it in
command line client (such as Curl) to download objects
The following is an example presigned URL
httpss3amazonawscomexamplebuckettesttxt
XAmzAlgorithmAWS4HMACSHA256
&XAmzCredential20130721useast1s3aws4_request
&XAmzDate20130721T201207Z
&XAmzExpires86400
&XAmzSignedHeadershost
&XAmzSignature
In the example URL note the following
API Version 20060301
38Amazon Simple Storage Service API Reference
Using Query Parameters
• The line feeds are added for readability
• The XAmzCredential value in the URL shows the character only for readability In practice it
should be encoded as 2F For example
&XAmzCredential2F201307212Fus
east12Fs32Faws4_request
The following table describes the query parameters in the URL that provide authentication information
Query String Parameter
Name
Example Value
XAmzAlgorithm Identifies the version of AWS Signature and the algorithm that you
used to calculate the signature
For AWS Signature Version 4 you set this parameter value to
AWS4HMACSHA256 This string identifies AWS Signature Version
4 (AWS4) and the HMACSHA256 algorithm (HMACSHA256)
XAmzCredential In addition to your access key ID this parameter also provides
scope (AWS region and service) for which the signature is valid
This value must match the scope you use in signature calculations
discussed in the following section The general form for this
parameter value is as follows
service>aws4_request
For example
AKIAIOSFODNN7EXAMPLE20130721useast1s3
aws4_request
For Amazon S3 the AWSservice string is s3 For a list of S3
AWSregion strings see Regions and Endpoints in the AWS
General Reference
XAmzDate
The date and time format must follow the ISO 8601 standard and
must be formatted with the yyyyMMddTHHmmssZ format For
example if the date and time was 08012016 153241982700
then it must first be converted to UTC (Coordinated Universal
Time) and then submitted as 20160801T083241Z
XAmzExpires Provides the time period in seconds for which the generated
presigned URL is valid For example 86400 (24 hours) This
value is an integer The minimum value you can set is 1 and the
maximum is 604800 (seven days)
A presigned URL can be valid for a maximum of seven days
because the signing key you use in signature calculation is valid
for up to seven days
XAmzSignedHeaders Lists the headers that you used to calculate the signature The
following headers are required in the signature calculations
API Version 20060301
39Amazon Simple Storage Service API Reference
Calculating a Signature
Query String Parameter
Name
Example Value
• The HTTP host header
• Any xamz* headers that you plan to add to the request
Note
For added security you should sign all the request
headers that you plan to include in your request
XAmzSignature Provides the signature to authenticate your request This
signature must match the signature Amazon S3 calculates
otherwise Amazon S3 denies the request For example
733255ef022bec3f2a8701cd61d4b371f3f28c9f193a1f02279211d48d5193d7
Signature calculations are described in the following section
Calculating a Signature
The following diagram illustrates the signature calculation process
The following table describes the functions that are shown in the diagram You need to implement code
for these functions
Function Description
Lowercase() Convert the string to lowercase
Hex() Lowercase base 16 encoding
API Version 20060301
40Amazon Simple Storage Service API Reference
Calculating a Signature
Function Description
SHA256Hash() Secure Hash Algorithm (SHA) cryptographic hash function
HMACSHA256() Computes HMAC by using the SHA256 algorithm with the signing
key provided This is the final signature
Trim() Remove any leading or trailing whitespace
UriEncode() URI encode every byte UriEncode() must enforce the following
rules
• URI encode every byte except the unreserved characters 'A''Z'
'a''z' '0''9' '' '' '_' and '~'
• The space character is a reserved character and must be
encoded as 20 (and not as +)
• Each URI encoded byte is formed by a '' and the twodigit
hexadecimal value of the byte
• Letters in the hexadecimal value must be uppercase for
example 1A
• Encode the forward slash character '' everywhere except in
the object key name For example if the object key name is
photosJansamplejpg the forward slash in the key name
is not encoded
Caution
The standard UriEncode functions provided by your
development platform may not work because of
differences in implementation and related ambiguity in the
underlying RFCs We recommend that you write your own
custom UriEncode function to ensure that your encoding
will work
The following is an example uriencode() function in Java
public static String UriEncode(CharSequence input
boolean encodeSlash) {
StringBuilder result new
StringBuilder()
for (int i 0 i < inputlength() i++)
{
char ch inputcharAt(i)
if ((ch > 'A' && ch < 'Z') || (ch
> 'a' && ch < 'z') || (ch > '0' && ch < '9')
|| ch '_' || ch '' || ch '~' || ch
'') {
resultappend(ch)
} else if (ch '') {
resultappend(encodeSlash
2F ch)
} else {
resultappend(toHexUTF8(ch))
}
}
return resulttoString()
}
API Version 20060301
41Amazon Simple Storage Service API Reference
An Example
For more information about the signing process (details of creating a canonical request string to sign
and signature calculations) see Signature Calculations for the Authorization Header Transferring
Payload in a Single Chunk (AWS Signature Version 4) (p 20) The process is generally the same
except that the creation of CanonicalRequest in a presigned URL differs as follows
• You don't include a payload hash in the Canonical Request because when you create a presigned
URL you don't know the payload content because the URL is used to upload an arbitrary payload
Instead you use a constant string UNSIGNEDPAYLOAD
• The Canonical Query String must include all the query parameters from the preceding table except
for XAmzSignature
• Canonical Headers must include the HTTP host header If you plan to include any of the xamz
* headers these headers must also be added for signature calculation You can optionally add all
other headers that you plan to include in your request For added security you should sign as many
headers as possible
An Example
Suppose you have an object testtxt in your examplebucket bucket You want to share this object
with others for a period of 24 hours (86400 seconds) by creating a presigned URL
httpss3amazonawscomexamplebuckettesttxt
XAmzAlgorithmAWS4HMACSHA256
&XAmzCredentialAKIAIOSFODNN7EXAMPLE2F201305242Fus
east12Fs32Faws4_request
&XAmzDate20130524T000000Z&XAmzExpires86400&XAmzSignedHeadershost
&XAmzSignature
The following steps illustrate first the signature calculations and then construction of the presigned
URL The example makes the following additional assumptions
• Request timestamp is Fri 24 May 2013 000000 GMT
• The bucket is in the US East (N Virginia) region and the credential Scope and the Signing
Key calculations use useast1 as the region specifier For more information see Regions and
Endpoints in the AWS General Reference
You can use this example as a test case to verify the signature that your code calculates however you
must use the same bucket name object key time stamp and the following example credentials
Parameter Value
AWSAccessKeyId AKIAIOSFODNN7EXAMPLE
AWSSecretAccessKey wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY
1 StringToSign
a CanonicalRequest
GET
testtxt
XAmzAlgorithmAWS4HMACSHA256&XAmzCredentialAKIAIOSFODNN7EXAMPLE
2F201305242Fuseast12Fs32Faws4_request&XAmz
Date20130524T000000Z&XAmzExpires86400&XAmzSignedHeadershost
hostexamplebuckets3amazonawscom
API Version 20060301
42Amazon Simple Storage Service API Reference
Examples Signature Calculations
host
UNSIGNEDPAYLOAD
b StringToSign
AWS4HMACSHA256
20130524T000000Z
20130524useast1s3aws4_request
3bfa292879f6447bbcda7001decf97f4a54dc650c8942174ae0a9121cf58ad04
2 SigningKey
signing key HMACSHA256(HMACSHA256(HMACSHA256(HMACSHA256(AWS4 +
20130524)useast1)s3)aws4_request)
3 Signature
aeeed9bbccd4d02ee5c0109b86d86835f995330da4c265957d157751f604d404
Now you have all information to construct a presigned URL The resulting URL for this example is
shown as follows (you can use this to compare your presigned URL)
httpsexamplebuckets3amazonawscomtesttxtXAmz
AlgorithmAWS4HMACSHA256&XAmzCredentialAKIAIOSFODNN7EXAMPLE
2F201305242Fuseast12Fs32Faws4_request&XAmz
Date20130524T000000Z&XAmzExpires86400&XAmzSignedHeadershost&XAmz
Signatureaeeed9bbccd4d02ee5c0109b86d86835f995330da4c265957d157751f604d404
Examples Signature Calculations in AWS
Signature Version 4
Topics
• Signature Calculation Examples Using Java (AWS Signature Version 4) (p 44)
• Examples of Signature Calculations Using C# (AWS Signature Version 4) (p 45)
For authenticated requests unless you are using the AWS SDKs you have to write code to calculate
signatures that provide authentication information in your requests Signature calculation in AWS
Signature Version 4 (see Authenticating Requests (AWS Signature Version 4) (p 15)) can be a
complex undertaking and we recommend that you use the AWS SDKs whenever possible
This section provides examples of signature calculations written in Java and C# The code samples
send the following requests and use the HTTP Authorization header to provide authentication
information
• PUT object – Separate examples illustrate both uploading the full payload at once and uploading
the payload in chunks For information about using the Authorization header for authentication see
Authenticating Requests Using the Authorization Header (AWS Signature Version 4) (p 17)
• GET object – This example generates a presigned URL to get an object Query parameters provide
the signature and other authentication information Users can paste a presigned URL in their
browser to retrieve the object or you can use the URL to create a clickable link For information
API Version 20060301
43Amazon Simple Storage Service API Reference
Signature Calculation Examples Using Java
about using query parameters for authentication see Authenticating Requests Using Query
Parameters (AWS Signature Version 4) (p 38)
The rest of this section describes the examples in Java and C# The topics include instructions for
downloading the samples and for executing them
Signature Calculation Examples Using Java (AWS
Signature Version 4)
The Java sample that shows signature calculation can be downloaded at httpss3amazonawscom
awsjavasdksamplesAWSS3SigV4JavaSamplesjar In RunAllSamplesjava the main() function
executes sample requests to create an object retrieve an object and create a presigned URL for the
object The sample creates an object from the text string provided in the code
PutS3ObjectSampleputS3Object(bucketName regionName awsAccessKey
awsSecretKey)
GetS3ObjectSamplegetS3Object(bucketName regionName awsAccessKey
awsSecretKey)
PresignedUrlSamplegetPresignedUrlToS3Object(bucketName regionName
awsAccessKey awsSecretKey)
PutS3ObjectChunkedSampleputS3ObjectChunked(bucketName regionName
awsAccessKey awsSecretKey)
To test the examples on a Linuxbased computer
The following instructions are for the Linux operating system
1 At a command prompt change the directory to the directory that contains
AWSS3SigV4JavaSamplesjar
2 Extract the source files from AWSS3SigV4JavaSamplesjar
jar xvf AWSS3SigV4JavaSamplesjar
3 In a text editor open the file comamazonawsservicess3samples
RunAllSamplesjava Update code with the following information
• The name of a bucket where the new object can be created
Note
The examples use a virtualhosted style request to access the bucket To avoid potential
errors ensure that your bucket name conforms to the bucket naming rules as explained
in Bucket Restrictions and Limitations in the Amazon Simple Storage Service Developer
Guide
• AWS region where the bucket resides
If bucket is in the US East (N Virginia) region use useast1 to specify the region For a list of
other AWS regions go to Amazon Simple Storage Service (S3) in the AWS General Reference
4 Compile the source code and store the compiled classes into the bin directory
javac d bin source 6 verbose com
5 Change the directory to bin and then execute RunAllSamples
java comamazonawsservicess3sampleRunAllSamples
API Version 20060301
44Amazon Simple Storage Service API Reference
Signature Calculation Examples Using C#
The code runs all the methods in main() For each request the output will show the canonical
request the string to sign and the signature
Examples of Signature Calculations Using C# (AWS
Signature Version 4)
The C# sample that shows signature calculation can be downloaded at httpdocsawsamazoncom
AmazonS3latestAPIsamplesAmazonS3SigV4_Samples_CSharpzip In Programcs the main()
function executes sample requests to create an object retrieve an object and create a presigned URL
for the object The code for signature calculation is in the \Signers folder
PutS3ObjectSampleRun(awsRegion bucketName MySampleFiletxt)
ConsoleWriteLine(\n\n************************************************)
PutS3ObjectChunkedSampleRun(awsRegion bucketName
MySampleFileChunkedtxt)
ConsoleWriteLine(\n\n************************************************)
GetS3ObjectSampleRun(awsRegion bucketName MySampleFiletxt)
ConsoleWriteLine(\n\n************************************************)
PresignedUrlSampleRun(awsRegion bucketName MySampleFiletxt)
To test the examples with Microsoft Visual Studio 2010 or later
1 Extract the zip file
2 Start Visual Studio and then open the sln file
3 Update the Appconfig file with valid security credentials
4 Update the code as follows
• In Programcs provide the bucket name and the AWS region where the bucket resides The
sample creates an object in this bucket
5 Execute the code
6 To verify that the object was created copy the presigned URL that the program creates and then
paste it in a browser window
Authenticating Requests BrowserBased Uploads
Using POST (AWS Signature Version 4)
Amazon S3 supports HTTP POST requests so that users can upload content directly to Amazon
S3 Using HTTP POST to upload content simplifies uploads and reduces upload latency where
users upload data to store in Amazon S3 This section describes how you authenticate HTTP POST
requests For more information about HTTP POST requests how to create a form create a POST
policy and an example see Authenticating Requests in BrowserBased Uploads Using POST (AWS
Signature Version 4) (p 52)
To authenticate an HTTP POST request you do the following
1 The form must include the following fields to provide signature and relevant information that Amazon
S3 can use to recalculate the signature upon receiving the request
API Version 20060301
45Amazon Simple Storage Service API Reference
Authenticating HTTP POST Requests
Element Name Description
policy The Base64encoded security policy that describes what
is permitted in the request For signature calculation this
policy is the string you sign Amazon S3 must get this
policy so it can recalculate the signature
xamzalgorithm The signing algorithm used For AWS Signature Version
4 the value is AWS4HMACSHA256
xamzcredential In addition to your access key ID this provides scope
information you used in calculating the signing key for
signature calculation
It is a string of the following form
region>aws4_request
For example
AKIAIOSFODNN7EXAMPLE20130728useast1s3
aws4_request
For Amazon S3 the awsservice string is s3 For a list
of Amazon S3 awsregion strings see Regions and
Endpoints in the AWS General Reference
xamzdate It is the date value in ISO8601 format For example
20130728T000000Z
It is the same date you used in creating the signing key
This must also be the same value you provide in the
policy (xamzdate) that you signed
xamzsignature (AWS Signature Version 4) The HMACSHA256 hash of
the security policy
2 The POST policy must include the following elements
Element Name Description
xamzalgorithm The signing algorithm that you used to calculation the
signature For AWS Signature Version 4 the value is
AWS4HMACSHA256
xamzcredential In addition to your access key ID this provides scope
information you used in calculating the signing key for
signature calculation
It is a string of the following form
region>aws4_request
For example
AKIAIOSFODNN7EXAMPLE20130728useast1s3
aws4_request
xamzdate The date value specified in the ISO8601 formatted string
For example 20130728T000000Z The date must
be same that you used in creating the signing key for
signature calculation
API Version 20060301
46Amazon Simple Storage Service API Reference
Calculating a Signature
3 For signature calculation the POST policy is the string to sign
Calculating a Signature
The following diagram illustrates the signature calculation process
To Calculate a signature
1 Create a policy using UTF8 encoding
2 Convert the UTF8encoded policy to Base64 The result is the string to sign
3 Create the signature as an HMACSHA256 hash of the string to sign You will provide the signing
key as key to the hash function
4 Encode the signature by using hex encoding
For more information about creating HTML forms security policies and an example see the following
subtopics
• Creating an HTML Form (Using AWS Signature Version 4) (p 54)
• Creating a POST Policy (p 58)
• Examples BrowserBased Upload using HTTP POST (Using AWS Signature Version 4) (p 64)
• Additional Considerations for BrowserBased Uploads (p 66)
Amazon S3 Signature Version 4 Authentication
Specific Policy Keys
The following table shows the policy keys related Amazon S3 Signature Version 4 authentication that
can be in Amazon S3 policies In a bucket policy you can add these conditions to enforce specific
behavior when requests are authenticated by using Signature Version 4 For example policies see
Bucket Policy Examples Using Signature Version 4 Related Condition Keys (p 49)
Applicable Keys for s3* Actions or any of the Amazon S3 Actions
Applicable Keys Description
s3signatureversion Identifies the version of AWS Signature that you
want to support for authenticated requests For
authenticated requests Amazon S3 supports both
Signature Version 4 and Signature Version 2 You
API Version 20060301
47Amazon Simple Storage Service API Reference
Amazon S3 Signature Version 4
Authentication Specific Policy Keys
Applicable Keys Description
can add this condition in your bucket policy to
require a specific signature version
Valid values
AWS identifies Signature Version 2
AWS4HMACSHA256 identifies Signature
Version 4
s3authType Amazon S3 supports various methods of
authentication (see Authenticating Requests
(AWS Signature Version 4) (p 15) You can
optionally use this condition key to restrict
incoming requests to use a specific authentication
method For example you can allow only the
HTTP Authorization header to be used in
request authentication
Valid values
RESTHEADER
RESTQUERYSTRING
POST
s3signatureAge The length of time in milliseconds that a
signature is valid in an authenticated request
In Signature Version 4 the signing key is valid
for up to seven days (see Introduction to Signing
Requests (p 16) Therefore the signatures are
also valid for up to seven days You can use this
condition to further limit the signature age
Example value 100
API Version 20060301
48Amazon Simple Storage Service API Reference
Bucket Policy Examples Using Signature
Version 4 Related Condition Keys
Applicable Keys Description
s3xamzcontentsha256 You can use this condition key to disallow
unsigned content in your bucket
When you use Signature Version 4 for requests
that use the Authorization header you add the
xamzcontentsha256 header in the signature
calculation and then set its value to the hash
payload
You can use this condition key in your bucket
policy to deny any uploads where payloads are
not signed For example
• Deny uploads that use presigned URLs For
more information see Authenticating Requests
Using Query Parameters (AWS Signature
Version 4) (p 38)
• Deny uploads that use Authorization header
to authenticate requests but don't sign the
payload For more information see Signature
Calculations for the Authorization Header
Transferring Payload in a Single Chunk (AWS
Signature Version 4) (p 20)
Valid value UNSIGNEDPAYLOAD
Bucket Policy Examples Using Signature Version 4
Related Condition Keys
Deny any Amazon S3 action on the examplebucket to anyone if request is authenticated using
Signature Version 4
{
Version 20121017
Statement [
{
Sid Test
Effect Deny
Principal *
Action s3*
Resource arnawss3examplebucket*
Condition {
StringEquals {
s3signatureversion AWS4HMACSHA256
}
}
}
]
}
API Version 20060301
49Amazon Simple Storage Service API Reference
Bucket Policy Examples Using Signature
Version 4 Related Condition Keys
The following bucket policy denies any Amazon S3 action on objects in examplebucket if the
signature is more than ten minutes old
{
Version 20121017
Statement [
{
Sid Deny request if signature is more than 10 min old
Effect Deny
Principal *
Action s3*
Resource arnawss3examplebucket3*
Condition {
NumericGreaterThan {
s3signatureAge 600000
}
}
}
]
}
The following bucket policy allows only requests that use the Authorization header for request
authentication Any POST or presigned URL requests will be denied
{
Version 20121017
Statement [
{
Sid Allow only requests that use Authorization header for
request authentication Deny POST or presigned URL requests
Effect Deny
Principal *
Action s3*
Resource arnawss3examplebucket3*
Condition {
StringNotEquals {
s3authType RESTHEADER
}
}
}
]
}
The following bucket policy denies any uploads that use presigned URLs
{
Version 20121017
Statement [
{
Sid Allow only requests that use Authorization header for
request authentication Deny POST or presigned URL requests
Effect Deny
Principal *
Action s3*
Resource arnawss3examplebucket3*
Condition {
StringNotEquals {
API Version 20060301
50Amazon Simple Storage Service API Reference
Bucket Policy Examples Using Signature
Version 4 Related Condition Keys
s3xamzcontentsha256 UNSIGNEDPAYLOAD
}
}
}
]
}
API Version 20060301
51Amazon Simple Storage Service API Reference
Authenticating Requests in Browser
Based Uploads Using POST (AWS
Signature Version 4)
Topics
• Calculating a Signature (p 53)
• Creating an HTML Form (Using AWS Signature Version 4) (p 54)
• Creating a POST Policy (p 58)
• Examples BrowserBased Upload using HTTP POST (Using AWS Signature Version 4) (p 64)
• Additional Considerations for BrowserBased Uploads (p 66)
Amazon S3 supports HTTP POST requests so that users can upload content directly to Amazon S3
By using POST end users can authenticate requests without having to pass data through a secure
intermediary node that protects your credentials Thus HTTP POST has the potential to reduce
latency
The following figure shows an Amazon S3 upload using a POST request
API Version 20060301
52Amazon Simple Storage Service API Reference
Calculating a Signature
Uploading Using POST
1 The user accesses your page from a web browser
2 Your web page contains an HTTP form that contains all the information necessary for the
user to upload content to Amazon S3
3 The user uploads content to Amazon S3 through the web browser
The process for sending browserbased POST requests is as follows
1 Create a security policy specifying conditions restricting what you want to allow in the request such
as bucket name where objects can be uploaded key name prefixes that you want to allow for the
object being created
2 Create signature that is based on the policy For authenticated requests the form must include a
valid signature and the policy
3 Create an HTML form that your users can access in order to upload objects to your Amazon S3
bucket
The following section describes how to create a signature to authenticate a request For information
about creating forms and security policies see Creating an HTML Form (Using AWS Signature Version
4) (p 54)
Calculating a Signature
For authenticated requests the HTML form must include fields for a security policy and a signature
• A security policy (see Creating a POST Policy (p 58)) controls what is allowed in the request
API Version 20060301
53Amazon Simple Storage Service API Reference
Creating HTML Forms
• The security policy is the StringToSign (see Introduction to Signing Requests (p 16)) in your
signature calculation
To Calculate a signature
1 Create a policy using UTF8 encoding
2 Convert the UTF8encoded policy bytes to Base64 The result is the StringToSign
3 Create a signing key
4 Use the signing key to sign the StringToSign using HMACSHA256 signing algorithm
For more information about creating HTML forms security policies and an example see the following
• Creating an HTML Form (Using AWS Signature Version 4) (p 54)
• Creating a POST Policy (p 58)
• Examples BrowserBased Upload using HTTP POST (Using AWS Signature Version 4) (p 64)
• Additional Considerations for BrowserBased Uploads (p 66)
Creating an HTML Form (Using AWS Signature
Version 4)
Topics
• HTML Form Declaration (p 55)
• HTML Form Fields (p 55)
To allow users to upload content to Amazon S3 by using their browsers (HTTP POST requests) you
use HTML forms HTML forms consist of a form declaration and form fields The form declaration
contains highlevel information about the request The form fields contain detailed request information
This section describes how to create HTML forms For a working example of browserbased upload
using HTTP POST and related signature calculations for request authentication see Examples
BrowserBased Upload using HTTP POST (Using AWS Signature Version 4) (p 64)
The form and policy must be UTF8 encoded You can apply UTF8 encoding to the form by specifying
charsetUTF8 in the content attribute The following is an example of UTF8 encoding in the
HTML heading
API Version 20060301
54Amazon Simple Storage Service API Reference
HTML Form Declaration







Following is an example of UTF8 encoding in a request header
ContentType texthtml charsetUTF8
Note
The form data and boundaries (excluding the contents of the file) cannot exceed 20K
HTML Form Declaration
The HTML form declaration has the following three attributes
• action – The URL that processes the request which must be set to the URL of the
bucket For example if the name of your bucket is examplebucket the URL is http
examplebuckets3amazonawscom
Note
The key name is specified in a form field
• method – The method must be POST
• enctype – The enclosure type (enctype) must be set to multipartformdata for both file uploads
and text area uploads For more information about enctype see RFC 1867
This is a form declaration for the bucket examplebucket
enctypemultipartformdata>
HTML Form Fields
The following table describes a list of fields that you can use within a form Among other fields there
is a signature field that you can use to authenticate requests There are fields for you to specify the
signature calculation algorithm (xamzalgorithm) the credential scope (xamzcredential)
that you used to generate the signing key and the date (xamzdate) used to calculate signature
Amazon S3 uses this information to recreate the signature If the signatures match Amazon S3
processes the request
Note
The variable {filename} is automatically replaced with the name of the file provided by
the user and is recognized by all form fields If the browser or client provides a full or partial
path to the file only the text following the last slash () or backslash (\) will be used (eg C
\Program Files\directory1\filetxt will be interpreted as filetxt) If no file or file
name is provided the variable is replaced with an empty string
If you don't provide elements required for authenticated requests such as the policy element the
request is assumed to be anonymous and will succeed only if you have configured the bucket for public
read and write
API Version 20060301
55Amazon Simple Storage Service API Reference
HTML Form Fields
Element Name Description Required
acl An Amazon S3 access control list If an invalid
access control list is specified Amazon S3
denies the request For more information about
ACLs see Using Amazon S3 ACLs
Type String
Default private
Valid Values private | publicread |
publicreadwrite | awsexecread |
authenticatedread | bucketowner
read | bucketownerfullcontrol
No
CacheControl
ContentType
ContentDisposition
ContentEncoding
Expires
RESTspecific headers For more information
see PUT Object (p 291)
No
key The key name of the uploaded object
To use the file name provided by the user use
the {filename} variable For example if you
upload a file photo1jpg and you specify
useruser1{filename} as key name the
file is stored as useruser1photo1jpg
For more information see Object Key and
Metadata in the Amazon Simple Storage
Service Developer Guide
Yes
policy The Base64encoded security policy that
describes what is permitted in the request For
authenticated requests a policy is required
Requests without a security policy are
considered anonymous and will succeed only
on a publicly writable bucket
Required for
authenticated
requests
success_action_redirect The URL to which the client is redirected upon
successful upload
If success_action_redirect is not
specified or Amazon S3 cannot interpret
the URL Amazon S3 returns the empty
document type that is specified in the
success_action_status field
If the upload fails Amazon S3 returns an error
and does not redirect the user to another URL
No
API Version 20060301
56Amazon Simple Storage Service API Reference
HTML Form Fields
Element Name Description Required
success_action_status The status code returned to the
client upon successful upload if
success_action_redirect is not specified
Valid values are 200 201 or 204 (default)
If the value is set to 200 or 204 Amazon S3
returns an empty document with the specified
status code
If the value is set to 201 Amazon S3 returns
an XML document with a 201 status code
For information about the content of the XML
document see POST Object (p 279)
If the value is not set or is invalid Amazon S3
returns an empty document with a 204 status
code
Note
Some versions of the Adobe Flash
player do not properly handle HTTP
responses with an empty body To
support uploads through Adobe
Flash we recommend setting
success_action_status to 201
No
xamzalgorithm The signing algorithm used to authenticate the
request For AWS Signature Version 4 the
value is AWS4HMACSHA256
This field is required if a policy document is
included with the request
Required for
authenticated
requests
xamzcredential In addition to your access key ID this field
also provides scope information identifying
region and service for which the signature is
valid This should be the same scope you used
in calculating the signing key for signature
calculation
It is a string of the following form
region>aws4_request
For example
AKIAIOSFODNN7EXAMPLE20130728us
east1s3aws4_request
For Amazon S3 the awsservice string is s3
For a list of Amazon S3 awsregion strings
see Regions and Endpoints in the AWS General
Reference This is required if a policy document
is included with the request
Required for
authenticated
requests
API Version 20060301
57Amazon Simple Storage Service API Reference
Creating a POST Policy
Element Name Description Required
xamzdate It is the date value in ISO8601 format For
example 20130728T000000Z
It is the same date you used in creating the
signing key This must also be the same value
you provide in the policy (xamzdate) that you
signed
This is required if a policy document is included
with the request
Required for
authenticated
requests
xamzsecuritytoken A security token used by Amazon DevPay and
session credentials
If the request is using Amazon DevPay it
requires two xamzsecuritytoken form
fields one for the product token and one for the
user token For more information see Using
DevPay in the Amazon Simple Storage Service
Developer Guide
If the request is using session credentials
it requires one xamzsecuritytoken
form For more information see Requesting
Temporary Security Credentials in the IAM User
Guide
No
xamzsignature (AWS Signature Version 4) The HMACSHA256
hash of the security policy
This field is required if a policy document is
included with the request
Required for
authenticated
requests
xamzmeta* Field names starting with this prefix are user
defined metadata Each one is stored and
returned as a set of keyvalue pairs Amazon
S3 doesn't validate or interpret userdefined
metadata For more information see PUT
Object (p 291)
No
xamz* See POST Object (POST Object (p 279) for
other xamz* headers
No
file File or text content
The file or content must be the last field in the
form
You cannot upload more than one file at a time
Yes
Conditional items are required for authenticated requests and are optional for anonymous requests
Now that you know how to create forms next you can create security policy that you can sign For
more information see Creating a POST Policy (p 58)
Creating a POST Policy
Topics
• Expiration (p 59)
API Version 20060301
58Amazon Simple Storage Service API Reference
Expiration
• Condition Matching (p 59)
• Conditions (p 60)
• Character Escaping (p 62)
The policy required for making authenticated requests using HTTP POST is a UTF8 and Base64
encoded document written in JavaScript Object Notation (JSON) that specifies conditions that the
request must meet Depending on how you design your policy document you can control the access
granularity perupload peruser for all uploads or according to other designs that meet your needs
This section describes the POST policy For example signature calculations using POST policy see
Examples BrowserBased Upload using HTTP POST (Using AWS Signature Version 4) (p 64)
Note
Although the policy document is optional we highly recommend that you use one in order to
control what is allowed in the request If you make the bucket publicly writable you have no
control at all over which users can write to your bucket
The following is an example of a POST policy document
{ expiration 20071201T120000000Z
conditions [
{acl publicread }
{bucket johnsmith }
[startswith key usereric]
]
}
The POST policy always contains the expiration and conditions elements The example policy
uses two condition matching types (exact matching and startswith matching) The following sections
describe these elements
Expiration
The expiration element specifies the expiration date and time of the POST policy in ISO8601 GMT
date format For example 20130801T120000000Z specifies that the POST policy is not valid
after midnight GMT on August 1 2013
Condition Matching
Following is a table that describes condition matching types that you can use to specify POST policy
conditions (described in the next section) Although you must specify one condition for each form field
that you specify in the form you can create more complex matching criteria by specifying multiple
conditions for a form field
Condition
Match Type
Description
Exact Matches The form field value must match the value specified This example indicates that
the ACL must be set to publicread
{acl publicread }
This example is an alternate way to indicate that the ACL must be set to public
read
API Version 20060301
59Amazon Simple Storage Service API Reference
Conditions
Condition
Match Type
Description
[ eq acl publicread ]
Starts With The value must start with the specified value This example indicates that the object
key must start with useruser1
[startswith key useruser1]
Matching Any
Content
To configure the POST policy to allow any content within a form field use
startswith with an empty value () This example allows any value for
success_action_redirect
[startswith success_action_redirect ]
Specifying
Ranges
For form fields that accept a range separate the upper and lower limit with a
comma This example allows a file size from 1 to 10 MiB
[contentlengthrange 1048579 10485760]
The specific conditions supported in a POST policy are described in Conditions (p 60)
Conditions
The conditions in a POST policy is an array of objects each of which is used to validate the request
You can use these conditions to restrict what is allowed in the request For example the preceding
policy conditions requires the following
• Request must specify johnsmith bucket name
• Object key name must have the usereric prefix
• Object ACL must be set to publicread
Each form field that you specify in a form (except xamzsignature file policy and field names
that have an xignore prefix) must appear in the list of conditions
Note
All variables within the form are expanded prior to validating the POST policy Therefore all
condition matching should be against the expanded form fields Suppose you want to restrict
your object key name to a specific prefix (useruser1) In this case you set the key form
field to useruser1{filename} Your POST policy should be [ startswith
key useruser1 ] (do not enter [ startswith key useruser1
{filename} ]) For more information see Condition Matching (p 59)
Policy document conditions are described in the following table
Element Name Description
acl Specifies the ACL value that must be used in the form
submission
This condition supports exact matching and startswith
condition match type discussed in the following section
API Version 20060301
60Amazon Simple Storage Service API Reference
Conditions
Element Name Description
bucket Specifies the acceptable bucket name
This condition supports exact matching condition match type
contentlengthrange The minimum and maximum allowable size for the uploaded
content
This condition supports contentlengthrange condition
match type
CacheControl
ContentType
ContentDisposition
ContentEncoding
Expires
RESTspecific headers For more information see POST
Object (p 279)
This condition supports exact matching and startswith
condition match type
key The acceptable key name or a prefix of the uploaded object
This condition supports exact matching and startswith
condition match type
success_action_redirect
redirect
The URL to which the client is redirected upon successful
upload
This condition supports exact matching and startswith
condition match type
success_action_status The status code returned to the client upon successful upload
if success_action_redirect is not specified
This condition supports exact matching
xamzalgorithm The signing algorithm that must be used during signature
calculation For AWS Signature Version 4 the value is AWS4
HMACSHA256
This condition supports exact matching
xamzcredential The credentials that you used to calculate the signature It
provides access key ID and scope information identifying
region and service for which the signature is valid This should
be the same scope you used in calculating the signing key for
signature calculation
It is a string of the following form
service>aws4_request
For example
AKIAIOSFODNN7EXAMPLE20130728useast1s3
aws4_request
For Amazon S3 the awsservice string is s3 For a list of
Amazon S3 awsregion strings see Regions and Endpoints
in the AWS General Reference This is required if a POST
policy document is included with the request
This condition supports exact matching
API Version 20060301
61Amazon Simple Storage Service API Reference
Character Escaping
Element Name Description
xamzdate The date value specified in the ISO8601 formatted string For
example 20130728T000000Z The date must be same that
you used in creating the signing key for signature calculation
This is required if a POST policy document is included with the
request
This condition supports exact matching
xamzsecuritytoken Amazon DevPay security token
Each request that uses Amazon DevPay requires
two xamzsecuritytoken form fields one for
the product token and one for the user token As a
result the values must be separated by commas For
example if the user token is eW91dHViZQ and the
product token is b0hnNVNKWVJIQTA you set the
POST policy entry to { xamzsecuritytoken
eW91dHViZQb0hnNVNKWVJIQTA }
For more information about Amazon DevPay see Using
DevPay in the Amazon Simple Storage Service Developer
Guide
xamzmeta* Userspecified metadata
This condition supports exact matching and startswith
condition match type
xamz* See POST Object (POST Object (p 279) for other xamz*
headers
This condition supports exact matching
Note
If your toolkit adds additional form fields (eg Flash adds filename) you must add them to the
POST policy document If you can control this functionality prefix xignore to the field so
Amazon S3 ignores the feature and it won't affect future versions of this feature
Character Escaping
Characters that must be escaped within a POST policy document are described in the following table
Escape
Sequence
Description
\\ Backslash
\ Dollar symbol
\b Backspace
\f Form feed
\n New line
\r Carriage return
\t Horizontal tab
\v Vertical tab
API Version 20060301
62Amazon Simple Storage Service API Reference
Character Escaping
Escape
Sequence
Description
\uxxxx All Unicode characters
Now that you are acquainted with forms and policies and understand how signing works you can try
a POST upload example You need to write the code to calculate the signature The example provides
a sample form and a POST policy that you can use to test your signature calculations For more
information see Examples BrowserBased Upload using HTTP POST (Using AWS Signature Version
4) (p 64)
API Version 20060301
63Amazon Simple Storage Service API Reference
Upload Examples
Examples BrowserBased Upload using HTTP
POST (Using AWS Signature Version 4)
Topics
• File Upload (p 64)
File Upload
This example provides a sample POST policy and a form that you can use to upload a file The topic
uses the example policy and fictitious credentials to show you the workflow and resulting signature and
policy hash You can use this data as test suite to verify your signature calculation code
The example uses the following example credentials the signature calculations
Parameter Value
AWSAccessKeyId AKIAIOSFODNN7EXAMPLE
AWSSecretAccessKey wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY
Sample Policy and Form
The following POST policy supports uploads to Amazon S3 with specific conditions
{ expiration 20151230T120000000Z
conditions [
{bucket sigv4examplebucket}
[startswith key useruser1]
{acl publicread}
{success_action_redirect httpsigv4examplebuckets3amazonawscom
successful_uploadhtml}
[startswith ContentType image]
{xamzmetauuid 14365123651274}
{xamzserversideencryption AES256}
[startswith xamzmetatag ]
{xamzcredential AKIAIOSFODNN7EXAMPLE20151229useast1s3
aws4_request}
{xamzalgorithm AWS4HMACSHA256}
{xamzdate 20151229T000000Z }
]
}
This POST policy sets the following conditions on the request
• The upload must occur before midnight UTC on December 30 2015
• The content can be uploaded only to the sigv4examplebucket The bucket must be in the region
that you specified in the credential scope (xamzcredential form parameter) because the
signature you provided is valid only within this scope
• You can provide any key name that starts with useruser1 For example useruser1
MyPhotojpg
• The ACL must be set to publicread
API Version 20060301
64Amazon Simple Storage Service API Reference
File Upload
• If the upload succeeds the user's browser is redirected to http
sigv4examplebuckets3amazonawscomsuccessful_uploadhtml
• The object must be an image file
• The xamzmetauuid tag must be set to 14365123651274
• The xamzmetatag can contain any value
The following is a Base64encoded version of this POST policy You use this value as your
StringToSign in signature calculation
eyAiZXhwaXJhdGlvbiI6ICIyMDE1LTEyLTMwVDEyOjAwOjAwLjAwMFoiLA0KICAiY29uZGl0aW9ucyI6IFsNCiAgICB7ImJ1Y2tldCI6ICJzaWd2NGV4YW1wbGVidWNrZXQifSwNCiAgICBbInN0YXJ0cy13aXRoIiwgIiRrZXkiLCAidXNlci91c2VyMS8iXSwNCiAgICB7ImFjbCI6ICJwdWJsaWMtcmVhZCJ9LA0KICAgIHsic3VjY2Vzc19hY3Rpb25fcmVkaXJlY3QiOiAiaHR0cDovL3NpZ3Y0ZXhhbXBsZWJ1Y2tldC5zMy5hbWF6b25hd3MuY29tL3N1Y2Nlc3NmdWxfdXBsb2FkLmh0bWwifSwNCiAgICBbInN0YXJ0cy13aXRoIiwgIiRDb250ZW50LVR5cGUiLCAiaW1hZ2UvIl0sDQogICAgeyJ4LWFtei1tZXRhLXV1aWQiOiAiMTQzNjUxMjM2NTEyNzQifSwNCiAgICB7IngtYW16LXNlcnZlci1zaWRlLWVuY3J5cHRpb24iOiAiQUVTMjU2In0sDQogICAgWyJzdGFydHMtd2l0aCIsICIkeC1hbXotbWV0YS10YWciLCAiIl0sDQoNCiAgICB7IngtYW16LWNyZWRlbnRpYWwiOiAiQUtJQUlPU0ZPRE5ON0VYQU1QTEUvMjAxNTEyMjkvdXMtZWFzdC0xL3MzL2F3czRfcmVxdWVzdCJ9LA0KICAgIHsieC1hbXotYWxnb3JpdGhtIjogIkFXUzQtSE1BQy1TSEEyNTYifSwNCiAgICB7IngtYW16LWRhdGUiOiAiMjAxNTEyMjlUMDAwMDAwWiIgfQ0KICBdDQp9
Using example credentials to create a signature the signature value is as follows
8afdbf4008c03f22c2cd3cdb72e4afbb1f6a588f3255ac628749a66d7f09699e
The following example form specifies the preceding POST policy and supports a POST request to
the sigv4examplebucket Copypaste the content in a text editor and save it as exampleformhtml
You can then upload image files to the specific bucket using the exampleformhtml You request will
succeed if you signature you provide matches the signature Amazon S3 calculates
Note
You must update the bucket name dates credential policy and signature with valid values
for this to successfully upload to S3







enctypemultipartformdata>
Key to upload



sigv4examplebuckets3amazonawscomsuccessful_uploadhtml >
ContentType



>
valueAKIAIOSFODNN7EXAMPLE20151229useast1s3aws4_request >


Tags for File


string>' >
>
File
API Version 20060301
65Amazon Simple Storage Service API Reference
Additional Considerations


< The elements after this will be ignored >




Additional Considerations for BrowserBased
Uploads
This section discusses additional considerations for uploading objects with an HTTP POST request
POST with Adobe Flash
This section describes how to use POST with Adobe Flash
Adobe Flash Player Security
By default the Adobe Flash Player security model prohibits making network connections to servers
outside the domain that serves the Adobe Flash (swf) file
To override the default you must upload a publicly readable crossdomainxml file to the bucket that
will accept POST uploads Here is a sample crossdomainxml file

httpwwwmacromediacomxmldtdscrossdomainpolicydtd>



For more information about the Adobe Flash security model go to the Adobe web site
When you add the crossdomainxml file to your bucket any Adobe Flash Player can connect to the
crossdomainxml file within your bucket However crossdomainxml does not grant access to the
Amazon S3 bucket
Other Adobe Flash Considerations
The FileReference class in the Adobe Flash API adds the Filename form field to the POST
request When you build an Adobe Flash application that uploads files to Amazon S3 by using the
FileReference class include the following condition in your policy
['startswith' 'Filename' '']
Some versions of the Adobe Flash Player do not properly handle HTTP responses that have
an empty body To configure POST to return a response that does not have an empty body set
success_action_status to 201 Then Amazon S3 will return an XML document with a 201 status
code For information about using this as an optional element (currently the only allowed value is the
content of the XML document) see POST Object (p 279) For information about form fields see
HTML Form Fields (p 55)
API Version 20060301
66Amazon Simple Storage Service API Reference
GET Service
Operations on the Service
This section describes operations you can perform on the Amazon S3 service
Topics
• GET Service (p 67)
GET Service
Description
This implementation of the GET operation returns a list of all buckets owned by the authenticated
sender of the request
To authenticate a request you must use a valid AWS Access Key ID that is registered with Amazon
S3 Anonymous requests cannot list buckets and you cannot list buckets that you did not create
Requests
Syntax
GET HTTP11
Host s3amazonawscom
Date date
Authorization authorization string (see Authenticating Requests (AWS
Signature Version
4) (p 15))
Request Parameters
This implementation of the operation does not use request parameters
Request Headers
This implementation of the operation uses only request headers that are common to all operations For
more information see Common Request Headers (p 3)
API Version 20060301
67Amazon Simple Storage Service API Reference
Responses
Request Elements
This implementation of the operation does not use request elements
Responses
Response Elements
Name Description
Bucket Container for bucket information
Type Container
Children Name CreationDate
Ancestor ListAllMyBucketsResultBuckets
Buckets Container for one or more buckets
Type Container
Children Bucket
Ancestor ListAllMyBucketsResult
CreationDate Date the bucket was created
Type date ( of the form yyyymmddThhmmsstimezone eg
20090203T164509000Z)
Ancestor ListAllMyBucketsResultBucketsBucket
DisplayName Bucket owner's display name
Type String
Ancestor ListAllMyBucketsResultOwner
ID Bucket owner's user ID
Type String
Ancestor ListAllMyBucketsResultOwner
ListAllMyBucketsResult Container for response
Type Container
Children Owner Buckets
Ancestor None
Name Bucket's name
Type String
Ancestor ListAllMyBucketsResultBucketsBucket
Owner Container for bucket owner information
Type Container
Ancestor ListAllMyBucketsResult
Special Errors
This implementation of the operation does not return special errors For general information about
Amazon S3 errors and a list of error codes see Error Responses (p 7)
API Version 20060301
68Amazon Simple Storage Service API Reference
Examples
Examples
Sample Request
The GET operation on the Service endpoint (s3amazonawscom) returns a list of all of the buckets
owned by the authenticated sender of the request
GET HTTP11
Host s3amazonawscom
Date Wed 01 Mar 2006 120000 GMT
Authorization authorization string
Sample Response



bcaf1ffd86f461ca5fb16fd081034f
webfile



quotes
20060203T164509000Z


samples
20060203T164158000Z



Related Resources
• GET Bucket (List Objects) Version 1 (p 96)
• GET Object (p 251)
API Version 20060301
69Amazon Simple Storage Service API Reference
Operations on Buckets
This section describes operations you can perform on Amazon S3 buckets
Topics
• DELETE Bucket (p 72)
• DELETE Bucket cors (p 74)
• DELETE Bucket lifecycle (p 76)
• DELETE Bucket policy (p 78)
• DELETE Bucket replication (p 80)
• DELETE Bucket tagging (p 82)
• DELETE Bucket website (p 84)
• GET Bucket (List Objects) Version 2 (p 86)
• GET Bucket accelerate (p 104)
• GET Bucket acl (p 107)
• GET Bucket cors (p 110)
• GET Bucket lifecycle (p 113)
• GET Bucket policy (p 120)
• GET Bucket location (p 122)
• GET Bucket logging (p 124)
• GET Bucket notification (p 127)
• GET Bucket replication (p 132)
• GET Bucket tagging (p 136)
• GET Bucket Object versions (p 139)
• GET Bucket requestPayment (p 151)
• GET Bucket versioning (p 153)
• GET Bucket website (p 156)
• HEAD Bucket (p 158)
• List Multipart Uploads (p 160)
• PUT Bucket (p 169)
• PUT Bucket accelerate (p 174)
• PUT Bucket acl (p 177)
• PUT Bucket cors (p 184)
• PUT Bucket lifecycle (p 190)
API Version 20060301
70Amazon Simple Storage Service API Reference
• PUT Bucket policy (p 200)
• PUT Bucket logging (p 202)
• PUT Bucket notification (p 207)
• PUT Bucket replication (p 215)
• PUT Bucket tagging (p 221)
• PUT Bucket requestPayment (p 224)
• PUT Bucket versioning (p 226)
• PUT Bucket website (p 230)
API Version 20060301
71Amazon Simple Storage Service API Reference
DELETE Bucket
DELETE Bucket
Description
This implementation of the DELETE operation deletes the bucket named in the URI All objects
(including all object versions and delete markers) in the bucket must be deleted before the bucket itself
can be deleted
Requests
Syntax
DELETE HTTP11
Host BucketNames3amazonawscom
Date date
Authorization authorization string (see Authenticating Requests (AWS
Signature Version
4) (p 15))
Request Parameters
This implementation of the operation does not use request parameters
Request Headers
This implementation of the operation uses only request headers that are common to all operations For
more information see Common Request Headers (p 3)
Request Elements
This implementation of the operation does not use request elements
Responses
Response Headers
This implementation of the operation uses only response headers that are common to most responses
For more information see Common Response Headers (p 5)
Response Elements
This implementation of the operation does not return response elements
Special Errors
This implementation of the operation does not return special errors For general information about
Amazon S3 errors and a list of error codes see Error Responses (p 7)
Examples
Sample Request
This request deletes the bucket named quotes
API Version 20060301
72Amazon Simple Storage Service API Reference
Related Resources
DELETE HTTP11
Host quotess3amazonawscom
Date Wed 01 Mar 2006 120000 GMT
Authorization authorization string
Sample Response
HTTP11 204 No Content
xamzid2 JuKZqmXuiwFeDQxhD7M8KtsKobSzWA1QEjLbTMTagkKdBX2z7IljGhDeJ3j6s80
xamzrequestid 32FE2CEB32F5EE25
Date Wed 01 Mar 2006 120000 GMT
Connection close
Server AmazonS3
Related Resources
• PUT Bucket (p 169)
• DELETE Object (p 239)
API Version 20060301
73Amazon Simple Storage Service API Reference
DELETE Bucket cors
DELETE Bucket cors
Description
Deletes the cors configuration information set for the bucket
To use this operation you must have permission to perform the s3PutCORSConfiguration action
The bucket owner has this permission by default and can grant this permission to others
For information more about cors go to Enabling CrossOrigin Resource Sharing in the Amazon
Simple Storage Service Developer Guide
Requests
Syntax
DELETE cors HTTP11
Host bucketnames3amazonawscom
Date date
Authorization authorization string (see Authenticating Requests (AWS
Signature Version
4) (p 15))
Request Parameters
This implementation of the operation does not use request parameters
Request Headers
This implementation of the operation uses only request headers that are common to all operations For
more information see Common Request Headers (p 3)
Request Elements
This implementation of the operation does not use request elements
Responses
Response Headers
This implementation of the operation uses only response headers that are common to most responses
For more information see Common Response Headers (p 5)
Examples
Example 1 Retrieve cors subresource
The following DELETE request deletes the cors subresource from the specified bucket This action
removes cors configuration that is stored in the subresource
API Version 20060301
74Amazon Simple Storage Service API Reference
Related Resources
Sample Request
DELETE cors HTTP11
Host examplebuckets3amazonawscom
Date Tue 13 Dec 2011 191442 GMT
Authorization signatureValue
Sample Response
HTTP11 204 No Content
xamzid2 0FmFIWshPpBuzZ0JFRC55ZGVmQW4SHJ7xVDqKwhEdJmf3q63RtrvH8ZuxW1Bol5
xamzrequestid 0CF038E9BCF63097
Date Tue 13 Dec 2011 191442 GMT
Server AmazonS3
ContentLength 0
Related Resources
• PUT Bucket cors (p 184)
• DELETE Bucket cors (p 74)
• OPTIONS object (p 276)
API Version 20060301
75Amazon Simple Storage Service API Reference
DELETE Bucket lifecycle
DELETE Bucket lifecycle
Description
Deletes the lifecycle configuration from the specified bucket Amazon S3 removes all the lifecycle
configuration rules in the lifecycle subresource associated with the bucket Your objects never expire
and Amazon S3 no longer automatically deletes any objects on the basis of rules contained in the
deleted lifecycle configuration
To use this operation you must have permission to perform the s3PutLifecycleConfiguration
action By default the bucket owner has this permission and the bucket owner can grant this
permission to others
There is usually some time lag before lifecycle configuration deletion is fully propagated to all the
Amazon S3 systems
For more information about the object expiration go to Elements to Describe Lifecycle Actions in the
Amazon Simple Storage Service Developer Guide
Requests
Syntax
DELETE lifecycle HTTP11
Host bucketnames3amazonawscom
Date date
Authorization authorization string (see Authenticating Requests (AWS
Signature Version
4) (p 15))
Request Parameters
This implementation of the operation does not use request parameters
Request Headers
This implementation of the operation uses only request headers that are common to all operations For
more information see Common Request Headers (p 3)
Request Elements
This implementation of the operation does not use request elements
Responses
Response Headers
This implementation of the operation uses only response headers that are common to most responses
For more information see Common Response Headers (p 5)
API Version 20060301
76Amazon Simple Storage Service API Reference
Examples
Examples
Sample Request
The following DELETE request deletes the lifecycle subresource from the specified bucket This
removes lifecycle configuration stored in the subresource
DELETE lifecycle HTTP11
Host examplebuckets3amazonawscom
Date Wed 14 Dec 2011 053716 GMT
Authorization signatureValue
Sample Response
The following successful response shows Amazon S3 returning a 204 No Content response
Objects in your bucket no longer expire
HTTP11 204 No Content
xamzid2 Uuag1LuByRx9e6j5OnimrSAMPLEtRPfTaOAa
xamzrequestid 656c76696e672SAMPLE5657374
Date Wed 14 Dec 2011 053716 GMT
Connection keepalive
Server AmazonS3
Related Resources
• PUT Bucket lifecycle (p 190)
• GET Bucket lifecycle (p 113)
API Version 20060301
77Amazon Simple Storage Service API Reference
DELETE Bucket policy
DELETE Bucket policy
Description
This implementation of the DELETE operation uses the policy subresource to delete the policy on a
specified bucket To use the operation you must have DeletePolicy permissions on the specified
bucket and be the bucket owner
If you do not have DeletePolicy permissions Amazon S3 returns a 403 Access Denied error If
you have the correct permissions but are not the bucket owner Amazon S3 returns a 405 Method
Not Allowed error If the bucket doesn't have a policy Amazon S3 returns a 204 No Content error
There are restrictions about who can create bucket policies and which objects in a bucket they can
apply to For more information go to Using Bucket Policies
Requests
Syntax
DELETE policy HTTP11
Host BucketNames3amazonawscom
Date date
Authorization authorization string (see Authenticating Requests (AWS
Signature Version
4) (p 15))
Request Parameters
This implementation of the operation does not use request parameters
Request Headers
This implementation of the operation uses only request headers that are common to all operations For
more information see Common Request Headers (p 3)
Request Elements
This implementation of the operation does not use request elements
Responses
Response Headers
This implementation of the operation uses only response headers that are common to most responses
For more information see Common Response Headers (p 5)
Response Elements
The response elements contain the status of the DELETE operation including the error code if the
request failed
Special Errors
This implementation of the operation does not return special errors For general information about
Amazon S3 errors and a list of error codes see Error Responses (p 7)
API Version 20060301
78Amazon Simple Storage Service API Reference
Examples
Examples
Sample Request
This request deletes the bucket named BucketName
DELETE policy HTTP11
Host BucketNames3amazonawscom
Date Tue 04 Apr 2010 203456 GMT
Authorization signatureValue
Sample Response
HTTP11 204 No Content
xamzid2 Uuag1LuByRx9e6j5OnimrSAMPLEtRPfTaOFg
xamzrequestid 656c76696e672SAMPLE5657374
Date Tue 04 Apr 2010 203456 GMT
Connection keepalive
Server AmazonS3
Related Resources
• PUT Bucket (p 169)
• DELETE Object (p 239)
API Version 20060301
79Amazon Simple Storage Service API Reference
DELETE Bucket replication
DELETE Bucket replication
Description
Deletes the replication subresource associated with the specified bucket
This operation requires permission for the s3DeleteReplicationConfiguration action For
more information about permissions go to Using Bucket Policies and User Policies in the Amazon
Simple Storage Service Developer Guide
Note
There is usually some time lag before replication configuration deletion is fully propagated to
all the Amazon S3 systems
For more information about the replication go to CrossRegion Replication in the Amazon Simple
Storage Service Developer Guide
Requests
Syntax
DELETE replication HTTP11
Host bucketnames3amazonawscom
Date date
Authorization authorization string (see Authenticating Requests (AWS
Signature Version
4) (p 15))
Request Parameters
This implementation of the operation does not use request parameters
Request Headers
This implementation of the operation uses only request headers that are common to all operations For
more information see Common Request Headers (p 3)
Request Elements
This implementation of the operation does not use request elements
Responses
Response Headers
This implementation of the operation uses only response headers that are common to most responses
For more information see Common Response Headers (p 5)
Examples
The following DELETE request deletes the replication subresource from the specified bucket This
removes the replication configuration set for the bucket
API Version 20060301
80Amazon Simple Storage Service API Reference
Related Resources
DELETE replication HTTP11
Host examplebuckets3amazonawscom
Date Wed 11 Feb 2015 053716 GMT
20150211T171320Z
Authorization signatureValue
Amazon S3 returns a 204 No Content response upon successfully deleting the replication
subresource Amazon S3 will no longer replicate any new objects you create in the examplebucket
bucket
HTTP11 204 No Content
xamzid2 Uuag1LuByRx9e6j5OnimrSAMPLEtRPfTaOAa
xamzrequestid 656c76696e672example
Date Wed 11 Feb 2015 053716 GMT
Connection keepalive
Server AmazonS3
Related Resources
• PUT Bucket replication (p 215)
• GET Bucket replication (p 132)
API Version 20060301
81Amazon Simple Storage Service API Reference
DELETE Bucket tagging
DELETE Bucket tagging
Description
This implementation of the DELETE operation uses the tagging subresource to remove a tag set from
the specified bucket
To use this operation you must have permission to perform the s3PutBucketTagging action By
default the bucket owner has this permission and can grant this permission to others
Requests
Syntax
DELETE tagging HTTP11
Host bucketnames3amazonawscom
Date date
Authorization authorization string (see Authenticating Requests (AWS
Signature Version
4) (p 15))
Request Parameters
This implementation of the operation does not use request parameters
Request Headers
This implementation of the operation uses only request headers that are common to all operations For
more information see Common Request Headers (p 3)
Request Elements
This implementation of the operation does not use request elements
Responses
Response Headers
This implementation of the operation uses only response headers that are common to most responses
For more information see Common Response Headers (p 5)
Examples
Sample Request
The following DELETE request deletes the tag set from the specified bucket
DELETE tagging HTTP11
Host examplebuckets3amazonawscom
Date Wed 14 Dec 2011 053716 GMT
Authorization signatureValue
API Version 20060301
82Amazon Simple Storage Service API Reference
Related Resources
Sample Response
The following successful response shows Amazon S3 returning a 204 No Content response The
tag set for the bucket has been removed
HTTP11 204 No Content
Date Wed 25 Nov 2009 120000 GMT
Connection close
Server AmazonS3
Related Resources
• GET Bucket tagging (p 136)
• PUT Bucket tagging (p 221)
API Version 20060301
83Amazon Simple Storage Service API Reference
DELETE Bucket website
DELETE Bucket website
Description
This operation removes the website configuration for a bucket Amazon S3 returns a 200 OK response
upon successfully deleting a website configuration on the specified bucket You will get a 200 OK
response if the website configuration you are trying to delete does not exist on the bucket Amazon S3
returns a 404 response if the bucket specified in the request does not exist
This DELETE operation requires the S3DeleteBucketWebsite permission By default only the
bucket owner can delete the website configuration attached to a bucket However bucket owners can
grant other users permission to delete the website configuration by writing a bucket policy granting
them the S3DeleteBucketWebsite permission
For more information about hosting websites go to Hosting Websites on Amazon S3 in the Amazon
Simple Storage Service Developer Guide
Requests
Syntax
DELETE website HTTP11
Host bucketnames3amazonawscom
Date date
Authorization authorization string (see Authenticating Requests (AWS
Signature Version
4) (p 15))
Request Parameters
This implementation of the operation does not use request parameters
Request Headers
This implementation of the operation uses only request headers that are common to all operations For
more information see Common Request Headers (p 3)
Request Elements
This operation does not use request elements
Responses
Response Headers
This implementation of the operation uses only response headers that are common to most responses
For more information see Common Response Headers (p 5)
Response Elements
This implementation of the operation does not return response elements
API Version 20060301
84Amazon Simple Storage Service API Reference
Examples
Examples
Sample Request
This request deletes the website configuration on the specified bucket
DELETE website HTTP11
Host examplebuckets3amazonawscom
Date Thu 27 Jan 2011 120000 GMT
Authorization signatureValue
Sample Response
HTTP11 204 No Content
xamzid2 awss3integs3ws31008sea31amazoncom
xamzrequestid AF1DD829D3B49707
Date Thu 03 Feb 2011 221026 GMT
Server AmazonS3
Related Resources
• GET Bucket website (p 156)
• PUT Bucket website (p 230)
API Version 20060301
85Amazon Simple Storage Service API Reference
GET Bucket (List Objects) Version 2
GET Bucket (List Objects) Version 2
Description
This implementation of the GET operation returns some or all (up to 1000) of the objects in a bucket
You can use the request parameters as selection criteria to return a subset of the objects in a bucket
A 200 OK response can contain valid or invalid XML Make sure to design your application to parse the
contents of the response and handle it appropriately
To use this implementation of the operation you must have READ access to the bucket
Important
This section describe the latest revision of the API We recommend that you use this revised
API GET Bucket (List Objects) version 2 for application development For backward
compatibility Amazon S3 continues to support the prior version of this API GET Bucket (List
Objects) version 1 For more information about the previous version see GET Bucket (List
Objects) Version 1 (p 96)
Note
To get a list of your buckets see GET Service (p 67)
Requests
Syntax
GET listtype2 HTTP11
Host BucketNames3amazonawscom
Date date
Authorization authorization string (see Authenticating Requests (AWS
Signature Version
4) (p 15))
Request Parameters
This implementation of GET uses the parameters in the following table
Parameter Description Required
delimiter A delimiter is a character you use to group keys
If you specify a prefix all keys that contain the same string between the
prefix and the first occurrence of the delimiter after the prefix are grouped
under a single result element called CommonPrefixes If you don't specify
the prefix parameter the substring starts at the beginning of the key The
keys that are grouped under the CommonPrefixes result element are not
returned elsewhere in the response
Type String
Default None
No
encoding
type
Requests Amazon S3 to encode the response and specifies the encoding
method to use
An object key can contain any Unicode character However XML 10
parsers cannot parse some characters such as characters with an ASCII
value from 0 to 10 For characters that are not supported in XML 10 you
No
API Version 20060301
86Amazon Simple Storage Service API Reference
Requests
Parameter Description Required
can add this parameter to request that Amazon S3 encode the keys in the
response
Type String
Default None
Valid value url
max
keys
Sets the maximum number of keys returned in the response body If you
want to retrieve fewer than the default 1000 keys you can add this to your
request
The response might contain fewer keys but it will never contain more If
there are additional keys that satisfy the search criteria but these keys were
not returned because maxkeys was exceeded the response contains
true To return the additional keys see
NextContinuationToken
Type String
Default 1000
No
prefix Limits the response to keys that begin with the specified prefix You can use
prefixes to separate a bucket into different groupings of keys (You can think
of using prefix to make groups in the same way you'd use a folder in a file
system)
Type String
Default None
No
list
type
Version 2 of the API requires this parameter and you must set its value to 2
Type String
Default The value is always 2
Yes
continuation
token
When the Amazon S3 response to this API call is truncated (that is
IsTruncated response element value is true) the response also includes
the NextContinuationToken element the value of which you can use
in the next request as the continuationtoken to list the next set of
objects
• The continuation token is an opaque value that Amazon S3 understands
• Amazon S3 lists objects in UTF8 character encoding in lexicographical
order
Type String
Default None
No
fetch
owner
By default the API does not return the Owner information in the response
If you want the owner information in the response you can specify this
parameter with the value set to true
Type String
Default false
No
API Version 20060301
87Amazon Simple Storage Service API Reference
Responses
Parameter Description Required
start
after
If you want the API to return key names after a specific object key in your
key space you can add this parameter Amazon S3 lists objects in UTF8
character encoding in lexicographical order
This parameter is valid only in your first request In case the response is
truncated you can specify this parameter along with the continuation
token parameter and then Amazon S3 will ignore this parameter
Type String
Default None
No
Request Elements
This implementation of the operation does not use request elements
Request Headers
This implementation of the operation uses only request headers that are common to all operations For
more information see Common Request Headers (p 3)
Responses
Response Headers
This implementation of the operation uses only response headers that are common to most responses
For more information see Common Response Headers (p 5)
Response Elements
Name Description
Contents Metadata about each object returned
Type XML metadata
Ancestor ListBucketResult
CommonPrefixes
All of the keys rolled up into a common prefix count as a single return
when calculating the number of returns See MaxKeys
• A response can contain CommonPrefixes only if you specify a
delimiter
• CommonPrefixes contains all (if there are any) keys between
Prefix and the next occurrence of the string specified by a
delimiter
• CommonPrefixes lists keys that act like subdirectories in the
directory specified by Prefix
For example if the prefix is notes and the delimiter is a slash () as
in notessummerjuly the common prefix is notessummer All
of the keys that roll up into a common prefix count as a single return
when calculating the number of returns See MaxKeys
Type String
Ancestor ListBucketResult
API Version 20060301
88Amazon Simple Storage Service API Reference
Responses
Name Description
Delimiter Causes keys that contain the same string between the prefix and
the first occurrence of the delimiter to be rolled up into a single result
element in the CommonPrefixes collection These rolledup keys are
not returned elsewhere in the response Each rolledup result counts
as only one return against the MaxKeys value
Type String
Ancestor ListBucketResult
DisplayName Object owner's name
Note
This value is not included in the response in the Asia Pacific
(Mumbai) Asia Pacific (Seoul) EU (Frankfurt) China
(Beijing) or AWS GovCloud (US) regions
Type String
Ancestor ListBucketResultContentsOwner
EncodingType Encoding type used by Amazon S3 to encode object key names in the
XML response
If you specify encodingtype request parameter Amazon S3
includes this element in the response and returns encoded key name
values in the following response elements
Delimiter Prefix ContinuationToken Key and StartAfter
Type String
Ancestor ListBucketResult
ETag The entity tag is an MD5 hash of the object The ETag only reflects
changes to the contents of an object not its metadata
Type String
Ancestor ListBucketResultContents
ID Object owner's ID
Type String
Ancestor ListBucketResultContentsOwner
IsTruncated Specifies whether (true) or not (false) all of the results were
returned If the number of results exceeds that specified by MaxKeys
all of the results might not be returned
Type Boolean
Ancestor ListBucketResult
Key The object's key
Type String
Ancestor ListBucketResultContents
LastModified Date and time the object was last modified
Type Date
Ancestor ListBucketResultContents
MaxKeys The maximum number of keys returned in the response body
Type String
Ancestor ListBucketResult
API Version 20060301
89Amazon Simple Storage Service API Reference
Responses
Name Description
Name Name of the bucket
Type String
Ancestor ListBucketResult
Owner Bucket owner
Type String
Children DisplayName ID
Ancestor ListBucketResultContents | CommonPrefixes
Prefix Keys that begin with the indicated prefix
Type String
Ancestor ListBucketResult
Size Size in bytes of the object
Type String
Ancestor ListBucketResultContents
StorageClass STANDARD | STANDARD_IA | REDUCED_REDUNDANCY | GLACIER
Type String
Ancestor ListBucketResultContents
ContinuationToken ContinuationToken is included in the response if it was sent with
the request
Type String
Ancestor ListBucketResult
KeyCount Returns the number of keys included in the response The value is
always less than or equal to the MaxKeys value
Type String
Ancestor ListBucketResult
NextContinuationToken If the response is truncated Amazon S3 returns this parameter with a
continuation token that you can specify as the continuationtoken
in your next request to retrieve the next set of keys
Type String
Ancestor ListBucketResult
StartAfter StartAfter is included in the response if it was sent with the
request
Type String
Ancestor ListBucketResult
Special Errors
This implementation of the operation does not return special errors For general information about
Amazon S3 errors and a list of error codes see Error Responses (p 7)
API Version 20060301
90Amazon Simple Storage Service API Reference
Examples
Examples
Example 1 Listing Keys
This request returns the objects in BucketName The request specifies the listtype parameter
which indicates version 2 of the API
Sample Request
GET listtype2 HTTP11
Host buckets3amazonawscom
xamzdate 20160430T233541Z
Authorization authorization string
ContentType textplain
Sample Response


bucket

205
1000
false

myimagejpg
20091012T175030000Z
"fba9dede5f27731c9771645a39863328"
434234
STANDARD






Example 2 Listing Keys Using the maxkeys prefix and start
after Parameters
In addition to the listtype parameter indicating the version 2 of the API the request also specifies
additional parameters to retrieve up to 3 keys in the quotes bucket that start with E and occur
lexicographically after ExampleGuidepdf
Sample Request
GET listtype2&maxkeys3&prefixE&startafterExampleGuidepdf HTTP11
Host quotess3amazonawscom
xamzdate 20160430T232933Z
Authorization authorization string
API Version 20060301
91Amazon Simple Storage Service API Reference
Examples
Sample Response
HTTP11 200 OK
xamzid2 gyB+3jRPnrkN98ZajxHXr3u7EFM67bNgSAxexeEHndCX7GRnfTXxReKUQF28IfP
xamzrequestid 3B3C7C725673C630
Date Sat 30 Apr 2016 232937 GMT
ContentType applicationxml
ContentLength length
Connection close
Server AmazonS3


quotes
E
ExampleGuidepdf
1
3
false

ExampleObjecttxt
20130917T180753000Z
"599bab3ed2c697f1d26842727561fd94"
857
REDUCED_REDUNDANCY


Example 3 Listing Keys Using the prefix and delimiter
Parameters
This example illustrate the use of the prefix and the delimiter parameters in the request For this
example we assume that you have the following keys in your bucket
samplejpg
photos2006Januarysamplejpg
photos2006Februarysample2jpg
photos2006Februarysample3jpg
photos2006Februarysample4jpg
The following GET request specifies the delimiter parameter with value
GET listtype2&delimiter HTTP11
Host examplebuckets3amazonawscom
xamzdate 20160430T235931Z
Authorization authorization string
The key samplejpg does not contain the delimiter character and Amazon S3 returns it in the
Contents element in the response However all other keys contain the delimiter character Amazon
S3 groups these keys and returns a single CommonPrefixes element with prefix value photos that
is a substring from the beginning of these keys to the first occurrence of the specified delimiter
API Version 20060301
92Amazon Simple Storage Service API Reference
Examples

examplebucket

2
1000

false

samplejpg
20110226T015620000Z
"bf1d737a4d46a19f3bced6905cc8b902"
142863
STANDARD


photos


The following GET request specifies the delimiter parameter with value and the prefix
parameter with value photos2006
GET listtype2&prefixphotos2006&delimiter HTTP11
Host examplebuckets3amazonawscom
xamzdate 20160501T000433Z
Authorization authorization string
In response Amazon S3 returns only the keys that start with the specified prefix Further it uses
the delimiter character to group keys that contain the same substring until the first occurrence
of the delimiter character after the specified prefix For each such key group Amazon S3 returns
one element in the response The keys grouped under this CommonPrefixes
element are not returned elsewhere in the response The value returned in the CommonPrefixes
element is a substring from the beginning of the key to the first occurrence of the specified delimiter
after the prefix

examplebucket
photos2006
3
1000

false

photos2006
20160430T235129000Z
"d41d8cd98f00b204e9800998ecf8427e"
0
STANDARD


photos2006February


photos2006January

API Version 20060301
93Amazon Simple Storage Service API Reference
Examples

Example 4 Using a Continuation Token
In addition to the listtype parameter indicating the version 2 of the API the request also specifies
additional parameters to retrieve up to 3 keys in the quotes bucket that start with E and occur
lexicographically after ExampleGuidepdf
In response to this request Amazon S3 returns
GET listtype2 HTTP11
Host buckets3amazonawscom
Date Mon 02 May 2016 231707 GMT
Authorization authorization string
The following is sample response
HTTP11 200 OK
xamzid2 gyB+3jRPnrkN98ZajxHXr3u7EFM67bNgSAxexeEHndCX7GRnfTXxReKUQF28IfP
xamzrequestid 3B3C7C725673C630
Date Sat 30 Apr 2016 232937 GMT
ContentType applicationxml
ContentLength length
Connection close
Server AmazonS3

bucket

1ueGcxLPRx1TrXYExHnhbYLgveDs2Jwm36Hy4vbOwM<
NextContinuationToken>
1000
1000
true

happyfacejpg
20141121T194005000Z
"70ee1738b6b21e2c8a43f3a5ab0eee71"
11
STANDARD



In the following subsequent request we include a continuationtoken query parameter in the
request with value of the from the preceding response
GET listtype2 HTTP11
GET listtype2&continuationtoken1ueGcxLPRx1TrXYExHnhbYLgveDs2J
wm36Hy4vbOwM HTTP11
Host buckets3amazonawscom
Date Mon 02 May 2016 231707 GMT
Authorization authorization string
API Version 20060301
94Amazon Simple Storage Service API Reference
Related Resources
Amazon S3 returns a list of the next set of keys starting where the previous request ended
HTTP11 200 OK
xamzid2 gyB+3jRPnrkN98ZajxHXr3u7EFM67bNgSAxexeEHndCX7GRnfTXxReKUQF28IfP
xamzrequestid 3B3C7C725673C630
Date Sat 30 Apr 2016 232937 GMT
ContentType applicationxml
ContentLength length
Connection close
Server AmazonS3

bucket

1ueGcxLPRx1TrXYExHnhbYLgveDs2Jwm36Hy4vbOwM<
ContinuationToken>
112
1000
false

happyfacexjpg
20141121T194005000Z
"70ee1738b6b21e2c8a43f3a5ab0eee71"
1111
STANDARD



Related Resources
• GET Object (p 251)
• PUT Object (p 291)
• PUT Bucket (p 169)
API Version 20060301
95Amazon Simple Storage Service API Reference
GET Bucket (List Objects) Version 1
GET Bucket (List Objects) Version 1
Description
Important
This API has been revised We recommend that you use the newer version GET Bucket (List
Objects) version 2 when developing applications For more information see GET Bucket (List
Objects) Version 2 (p 86) For backward compatibility Amazon S3 continues to support GET
Bucket (List Objects) version 1
This implementation of the GET operation returns some or all (up to 1000) of the objects in a bucket
You can use the request parameters as selection criteria to return a subset of the objects in a bucket
A 200 OK response can contain valid or invalid XML Make sure to design your application to parse the
contents of the response and handle it appropriately
To use this implementation of the operation you must have READ access to the bucket
Note
To get a list of your buckets see GET Service (p 67)
Requests
Syntax
GET HTTP11
Host BucketNames3amazonawscom
Date date
Authorization authorization string (see Authenticating Requests (AWS
Signature Version
4) (p 15))
Request Parameters
This implementation of GET uses the parameters in the following table to return a subset of the objects
in a bucket
Parameter Description Required
delimiter A delimiter is a character you use to group keys
If you specify a prefix all keys that contain the same string between the
prefix and the first occurrence of the delimiter after the prefix are grouped
under a single result element called CommonPrefixes If you don't specify
the prefix parameter the substring starts at the beginning of the key The
keys that are grouped under the CommonPrefixes result element are not
returned elsewhere in the response
Type String
Default None
No
encoding
type
Requests Amazon S3 to encode the response and specifies the encoding
method to use
An object key can contain any Unicode character However XML 10
parsers cannot parse some characters such as characters with an ASCII
value from 0 to 10 For characters that are not supported in XML 10 you
No
API Version 20060301
96Amazon Simple Storage Service API Reference
GET Bucket (List Objects) Version 1
Parameter Description Required
can add this parameter to request that Amazon S3 encode the keys in the
response
Type String
Default None
Valid value url
marker Specifies the key to start with when listing objects in a bucket Amazon S3
returns object keys in UTF8 binary order starting with key after the marker
in order
Type String
Default None
No
max
keys
Sets the maximum number of keys returned in the response body If you
want to retrieve fewer than the default 1000 keys you can add this to your
request
The response might contain fewer keys but it will never contain more If
there are additional keys that satisfy the search criteria but these keys were
not returned because maxkeys was exceeded the response contains
true To return the additional keys see
marker
Type String
Default 1000
No
prefix Limits the response to keys that begin with the specified prefix You can use
prefixes to separate a bucket into different groupings of keys (You can think
of using prefix to make groups in the same way you'd use a folder in a file
system)
Type String
Default None
No
Request Elements
This implementation of the operation does not use request elements
Request Headers
This implementation of the operation uses only request headers that are common to all operations For
more information see Common Request Headers (p 3)
Responses
Response Headers
This implementation of the operation uses only response headers that are common to most responses
For more information see Common Response Headers (p 5)
Response Elements
Name Description
Contents Metadata about each object returned
Type XML metadata
Ancestor ListBucketResult
API Version 20060301
97Amazon Simple Storage Service API Reference
GET Bucket (List Objects) Version 1
Name Description
CommonPrefixes All of the keys rolled up in a common prefix count as a single return
when calculating the number of returns See MaxKeys
• A response can contain CommonPrefixes only if you specify a
delimiter
• CommonPrefixes contains all (if there are any) keys between
Prefix and the next occurrence of the string specified by delimiter
• CommonPrefixes lists keys that act like subdirectories in the
directory specified by Prefix
For example if the prefix is notes and the delimiter is a slash () as
in notessummerjuly the common prefix is notessummer All
of the keys that roll up into a common prefix count as a single return
when calculating the number of returns See MaxKeys
Type String
Ancestor ListBucketResult
Delimiter Causes keys that contain the same string between the prefix and
the first occurrence of the delimiter to be rolled up into a single result
element in the CommonPrefixes collection These rolledup keys are
not returned elsewhere in the response Each rolledup result counts
as only one return against the MaxKeys value
Type String
Ancestor ListBucketResult
DisplayName Object owner's name
Note
This value is not included in the response in the Asia Pacific
(Mumbai) Asia Pacific (Seoul) EU (Frankfurt) China
(Beijing) or AWS GovCloud (US) regions
Type String
Ancestor ListBucketResultContentsOwner
EncodingType Encoding type used by Amazon S3 to encode object key names in the
XML response
If you specify encodingtype request parameter Amazon S3
includes this element in the response and returns encoded key name
values in the following response elements
Delimiter Marker Prefix NextMarker Key
Type String
Ancestor ListBucketResult
ETag The entity tag is an MD5 hash of the object The ETag only reflects
changes to the contents of an object not its metadata
Type String
Ancestor ListBucketResultContents
ID Object owner's ID
Type String
Ancestor ListBucketResultContentsOwner
API Version 20060301
98Amazon Simple Storage Service API Reference
GET Bucket (List Objects) Version 1
Name Description
IsTruncated Specifies whether (true) or not (false) all of the results were
returned If the number of results exceeds that specified by MaxKeys
all of the results might not be returned
Type Boolean
Ancestor ListBucketResult
Key The object's key
Type String
Ancestor ListBucketResultContents
LastModified Date and time the object was last modified
Type Date
Ancestor ListBucketResultContents
Marker Indicates where in the bucket listing begins Marker is included in the
response if it was sent with the request
Type String
Ancestor ListBucketResult
MaxKeys The maximum number of keys returned in the response body
Type String
Ancestor ListBucketResult
Name Name of the bucket
Type String
Ancestor ListBucketResult
NextMarker When the response is truncated (that is the IsTruncated element
value in the response is true) you can use the key name in this field as
a marker in the subsequent request to get next set of objects Amazon
S3 lists objects in UTF8 character encoding in lexicographical order
Note
This element is returned only if you specify a delimiter
request parameter If the response does not include the
NextMaker and it is truncated you can use the value of the
last Key in the response as the marker in the subsequent
request to get the next set of object keys
Type String
Ancestor ListBucketResult
Owner Bucket owner
Type String
Children DisplayName ID
Ancestor ListBucketResultContents | CommonPrefixes
Prefix Keys that begin with the indicated prefix
Type String
Ancestor ListBucketResult
Size Size in bytes of the object
Type String
Ancestor ListBucketResultContents
API Version 20060301
99Amazon Simple Storage Service API Reference
GET Bucket (List Objects) Version 1
Name Description
StorageClass STANDARD | STANDARD_IA | REDUCED_REDUNDANCY | GLACIER
Type String
Ancestor ListBucketResultContents
Special Errors
This implementation of the operation does not return special errors For general information about
Amazon S3 errors and a list of error codes see Error Responses (p 7)
Examples
Sample Request
This requests returns the objects in BucketName
GET HTTP11
Host BucketNames3amazonawscom
Date Wed 12 Oct 2009 175000 GMT
Authorization authorization string
ContentType textplain
Sample Response


bucket


1000
false

myimagejpg
20091012T175030000Z
"fba9dede5f27731c9771645a39863328"
434234
STANDARD


75aa57f09aa0c8caeab4f8c24e99d10f8e7faeebf76c078efc7c6caea54ba06a
mtd@amazoncom



mythirdimagejpg
20091012T175030000Z
"1b2cf535f27731c974343645a3985328"
64994
STANDARD_IA


75aa57f09aa0c8caeab4f8c24e99d10f8e7faeebf76c078efc7c6caea54ba06a
mtd@amazoncom


API Version 20060301
100Amazon Simple Storage Service API Reference
GET Bucket (List Objects) Version 1

Sample Request Using Request Parameters
This example lists up to 40 keys in the quotes bucket that start with N and occur lexicographically after
Ned
GET prefixN&markerNed&maxkeys40 HTTP11
Host quotess3amazonawscom
Date Wed 01 Mar 2006 120000 GMT
Authorization authorization string
Sample Response
HTTP11 200 OK
xamzid2 gyB+3jRPnrkN98ZajxHXr3u7EFM67bNgSAxexeEHndCX7GRnfTXxReKUQF28IfP
xamzrequestid 3B3C7C725673C630
Date Wed 01 Mar 2006 120000 GMT
ContentType applicationxml
ContentLength 302
Connection close
Server AmazonS3


quotes
N
Ned
40
false

Nelson
20060101T120000000Z
"828ef3fdfa96f00ad9f27c383fc9ac7f"
5
STANDARD

bcaf161ca5fb16fd081034f
webfile



Neo
20060101T120000000Z
"828ef3fdfa96f00ad9f27c383fc9ac7f"
4
STANDARD

bcaf1ffd86a5fb16fd081034f
webfile



Sample Request Using Prefix and Delimiter
For this example we assume that you have the following keys in your bucket
API Version 20060301
101Amazon Simple Storage Service API Reference
GET Bucket (List Objects) Version 1
samplejpg
photos2006Januarysamplejpg
photos2006Februarysample2jpg
photos2006Februarysample3jpg
photos2006Februarysample4jpg
The following GET request specifies the delimiter parameter with value
GET delimiter HTTP11
Host examplebuckets3amazonawscom
Date Wed 01 Mar 2006 120000 GMT
Authorization authorization string
The key samplejpg does not contain the delimiter character and Amazon S3 returns it in the
Contents element in the response However all other keys contain the delimiter character Amazon
S3 groups these keys and return a single CommonPrefixes element with prefix value photos that is
a substring from the beginning of these keys to the first occurrence of the specified delimiter

examplebucket


1000

false

samplejpg
20110226T015620000Z
"bf1d737a4d46a19f3bced6905cc8b902"
142863

canonicaluserid
displayname

STANDARD


photos


The following GET request specifies the delimiter parameter with the value and the prefix
parameter with the value photos2006
GET prefixphotos2006&delimiter HTTP11
Host examplebuckets3amazonawscom
Date Wed 01 Mar 2006 120000 GMT
Authorization authorization string
In response Amazon S3 returns only the keys that start with the specified prefix Further it uses
the delimiter character to group keys that contain the same substring until the first occurrence
of the delimiter character after the specified prefix For each such key group Amazon S3 returns
API Version 20060301
102Amazon Simple Storage Service API Reference
GET Bucket (List Objects) Version 1
one element in the response The keys grouped under this CommonPrefixes
element are not returned elsewhere in the response The value returned in the CommonPrefixes
element is a substring from the beginning of the key to the first occurrence of the specified delimiter
after the prefix

examplebucket
photos2006

1000

false

photos2006February


photos2006January


Related Resources
• GET Object (p 251)
• PUT Object (p 291)
• PUT Bucket (p 169)
API Version 20060301
103Amazon Simple Storage Service API Reference
GET Bucket accelerate
GET Bucket accelerate
Description
This implementation of the GET operation uses the accelerate subresource to return the Transfer
Acceleration state of a bucket which is either Enabled or Suspended Amazon S3 Transfer
Acceleration is a bucketlevel feature that enables you to perform faster data transfers to and from
Amazon S3
To use this operation you must have permission to perform the s3GetAccelerateConfiguration
action The bucket owner has this permission by default The bucket owner can grant this permission
to others For more information about permissions see Permissions Related to Bucket Subresource
Operations and Managing Access Permissions to Your Amazon S3 Resources in the Amazon Simple
Storage Service Developer Guide
You set the Transfer Acceleration state of an existing bucket to Enabled or Suspended by using the
PUT Bucket accelerate (p 174) operation
A GET accelerate request does not return a state value for a bucket that has no transfer
acceleration state A bucket has no Transfer Acceleration state if a state has never been set on the
bucket
This implementation of the GET operation returns the following responses
• If the transfer acceleration state is set to Enabled on a bucket the response is

Enabled

• If the transfer acceleration state is set to Suspended on a bucket the response is

Suspended

• If the transfer acceleration state on a bucket has never been set to Enabled or Suspended the
response is

For more information on transfer acceleration see Transfer Acceleration in the Amazon Simple
Storage Service Developer Guide
Requests
Syntax
GET accelerate HTTP11
Host bucketnames3amazonawscom
ContentLength length
Date date
Authorization authorization string (see Authenticating Requests (AWS
Signature Version
API Version 20060301
104Amazon Simple Storage Service API Reference
Responses
4) (p 15))
Request Parameters
This implementation of the operation does not use request parameters
Request Headers
This implementation of the operation uses only request headers that are common to all operations For
more information see Common Request Headers (p 3)
Request Elements
This implementation of the operation does not use request elements
Responses
Response Headers
This implementation of the operation uses only response headers that are common to most responses
For more information see Common Response Headers (p 5)
Response Elements
This implementation of GET returns the following response elements
Name Description
AccelerateConfiguration Container for the Status response element
Type Container
Ancestor None
Status The transfer acceleration state of the bucket
Type Enum
Valid Values Suspended | Enabled
Ancestor AccelerateConfiguration
Special Errors
This implementation of the operation does not return special errors For general information about
Amazon S3 errors and a list of error codes see Error Responses (p 7)
Examples
Example 1 Retrieve the transfer acceleration configuration for
a bucket
The following example shows a GET accelerate request to retrieve the transfer acceleration state
of the bucket named examplebucket
GET accelerate HTTP11
API Version 20060301
105Amazon Simple Storage Service API Reference
Related Resources
Host examplebuckets3amazonawscom
Date Mon 11 Apr 2016 120000 GMT
Authorization authorization string
ContentType textplain
The following is a sample of the response body (only) that shows bucket transfer acceleration is
enabled

Enabled

Related Resources
• PUT Bucket accelerate (p 174)
API Version 20060301
106Amazon Simple Storage Service API Reference
GET Bucket acl
GET Bucket acl
Description
This implementation of the GET operation uses the acl subresource to return the access control list
(ACL) of a bucket To use GET to return the ACL of the bucket you must have READ_ACP access to
the bucket If READ_ACP permission is granted to the anonymous user you can return the ACL of the
bucket without using an authorization header
Requests
Syntax
GET acl HTTP11
Host BucketNames3amazonawscom
Date date
Authorization authorization string (see Authenticating Requests (AWS
Signature Version
4) (p 15))
Request Parameters
This implementation of the operation does not use request parameters
Request Headers
This implementation of the operation uses only request headers that are common to all operations For
more information see Common Request Headers (p 3)
Request Elements
This implementation of the operation does not use request elements
Responses
Response Headers
This implementation of the operation uses only response headers that are common to most responses
For more information see Common Response Headers (p 5)
Response Elements
Name Description
AccessControlList Container for ACL information
Type Container
Ancestry AccessControlPolicy
AccessControlPolicy Container for the response
Type Container
Ancestry None
API Version 20060301
107Amazon Simple Storage Service API Reference
Examples
Name Description
DisplayName Bucket owner's display name This is returned only if the owner's e
mail address (or the forum name if configured) can be determined
from the ID
Type String
Ancestry AccessControlPolicyOwner
Grant Container for Grantee and Permission
Type Container
Ancestry AccessControlPolicyAccessControlList
Grantee Container for DisplayName and ID of the person being granted
permissions
Type Container
Ancestry AccessControlPolicyAccessControlListGrant
ID Bucket owner's ID
Type String
Ancestry AccessControlPolicyOwner
Owner Container for bucket owner information
Type Container
Ancestry AccessControlPolicy
Permission Permission given to the Grantee for bucket
Type String
Valid Values FULL_CONTROL | WRITE | WRITE_ACP | READ |
READ_ACP
Ancestry AccessControlPolicyAccessControlListGrant
Special Errors
This implementation of the operation does not return special errors For general information about
Amazon S3 errors and a list of error codes see Error Responses (p 7)
Examples
Sample Request
The following request returns the ACL of the specified bucket
GET acl HTTP11
Host buckets3amazonawscom
Date Wed 28 Oct 2009 223200 GMT
Authorization authorization string
Sample Response
HTTP11 200 OK
xamzid2 eftixk72aD6Ap51TnqcoF8eFidJG9Z2mkiDFu8yU9AS1ed4OpIszj7UDNEHGran
xamzrequestid 318BC8BC148832E5
API Version 20060301
108Amazon Simple Storage Service API Reference
Related Resources
Date Wed 28 Oct 2009 223200 GMT
LastModified Sun 1 Jan 2006 120000 GMT
ContentLength 124
ContentType textplain
Connection close
Server AmazonS3


75aa57f09aa0c8caeab4f8c24e99d10f8e7faeebf76c078efc7c6caea54ba06a
CustomersName@amazoncom



xsitypeCanonicalUser>

75aa57f09aa0c8caeab4f8c24e99d10f8e7faeebf76c078efc7c6caea54ba06a
CustomersName@amazoncom

FULL_CONTROL



Related Resources
• GET Bucket Objects (p 96)
API Version 20060301
109Amazon Simple Storage Service API Reference
GET Bucket cors
GET Bucket cors
Description
Returns the cors configuration information set for the bucket
To use this operation you must have permission to perform the s3GetBucketCORS action By
default the bucket owner has this permission and can grant it to others
To learn more cors go to Enabling CrossOrigin Resource Sharing in the Amazon Simple Storage
Service Developer Guide
Requests
Syntax
GET cors HTTP11
Host bucketnames3amazonawscom
Date date
Authorization authorization string (see Authenticating Requests (AWS
Signature Version
4) (p 15))
Request Parameters
This implementation of the operation does not use request parameters
Request Headers
This implementation of the operation uses only request headers that are common to all operations For
more information see Common Request Headers (p 3)
Request Elements
This implementation of the operation does not use request elements
Responses
Response Headers
This implementation of the operation uses only response headers that are common to most responses
For more information see Common Response Headers (p 5)
Response Elements
This implementation of GET returns the following response elements
Name Description
CORSConfiguration Container for up to 100 CORSRules elements
Type Container
Children CORSRules
Ancestor None
API Version 20060301
110Amazon Simple Storage Service API Reference
Responses
Name Description
CORSRule A set of origins and methods (crossorigin access that you want to
allow) You can add up to 100 rules to the configuration
Type Container
Children AllowedOrigin AllowedMethod MaxAgeSeconds
ExposeHeader ID
Ancestor CORSConfiguration
AllowedHeader Specifies which headers are allowed in a preflight OPTIONS
request through the AccessControlRequestHeaders
header Each header name specified in the AccessControl
RequestHeaders must have a corresponding entry in the rule
Only the headers that were requested will be sent back This
element can contain at most one * wildcard character
A CORSRule can have at most one MaxAgeSeconds element
Type Integer (seconds)
Ancestor CORSRule
AllowedMethod Identifies an HTTP method that the domainorigin specified in the
rule is allowed to execute
Each CORSRule must contain at least one AllowedMethod and
one AllowedOrigin element
Type Enum (GET PUT HEAD POST DELETE)
Ancestor CORSRule
AllowedOrigin One or more response headers that you want customers to be able
to access from their applications (for example from a JavaScript
XMLHttpRequest object)
Each CORSRule must have at least one AllowedOrigin element
The string value can include at most one '*' wildcard character for
example http*examplecom You can also specify only * to
allow crossorigin access for all domainsorigins
Type String
Ancestor CORSRule
ExposeHeader One or more headers in the response that you want customers
to be able to access from their applications (for example from a
JavaScript XMLHttpRequest object)
You add one ExposeHeader in the rule for each header
Type String
Ancestor CORSRule
ID An optional unique identifier for the rule The ID value can be
up to 255 characters long The IDs help you find a rule in the
configuration
Type String
Ancestor CORSRule
MaxAgeSeconds The time in seconds that your browser is to cache the preflight
response for the specified resource
A CORSRule can have at most one MaxAgeSeconds element
Type Integer (seconds)
Ancestor CORSRule
API Version 20060301
111Amazon Simple Storage Service API Reference
Special Errors
Special Errors
This implementation of the operation does not return special errors For general information about
Amazon S3 errors and a list of error codes see Error Responses (p 7)
Examples
Example 1 Retrieve cors subresource
The following example gets the cors subresource of a bucket
Sample Request
GET cors HTTP11
Host examplebuckets3amazonawscom
Date Tue 13 Dec 2011 191442 GMT
Authorization signatureValue
Sample Response
HTTP11 200 OK
xamzid2 0FmFIWshPpBuzZ0JFRC55ZGVmQW4SHJ7xVDqKwhEdJmf3q63RtrvH8ZuxW1Bol5
xamzrequestid 0CF038E9BCF63097
Date Tue 13 Dec 2011 191442 GMT
Server AmazonS3
ContentLength 280


httpwwwexamplecom
GET
3000
xamzserversideencryption


Related Resources
• PUT Bucket cors (p 184)
• DELETE Bucket cors (p 74)
• OPTIONS object (p 276)
API Version 20060301
112Amazon Simple Storage Service API Reference
GET Bucket lifecycle
GET Bucket lifecycle
Description
Returns the lifecycle configuration information set on the bucket For information about lifecycle
configuration go to Object Lifecycle Management in the Amazon Simple Storage Service Developer
Guide
To use this operation you must have permission to perform the s3GetLifecycleConfiguration
action The bucket owner has this permission by default The bucket owner can grant this permission
to others For more information about permissions see Managing Access Permissions to Your Amazon
S3 Resources in the Amazon Simple Storage Service Developer Guide
Requests
Syntax
GET lifecycle HTTP11
Host bucketnames3amazonawscom
Date date
Authorization authorization string (see Authenticating Requests (AWS
Signature Version
4) (p 15))
Request Parameters
This implementation of the operation does not use request parameters
Request Headers
This implementation of the operation uses only request headers that are common to all operations For
more information see Common Request Headers (p 3)
Request Elements
This implementation of the operation does not use request elements
Responses
Response Headers
This implementation of the operation uses only response headers that are common to most responses
For more information see Common Response Headers (p 5)
Response Elements
This implementation of GET returns the following response elements
Name Description Required
AbortIncompleteMultipartUploadContainer for specifying when an incomplete
multipart upload becomes eligible for an abort
operation
Yes if no
other action
API Version 20060301
113Amazon Simple Storage Service API Reference
Responses
Name Description Required
Child DaysAfterInitiation
Type Container
Ancestor Rule
is specified
for the rule
Date Specifies the date after which you want the
corresponding action to take effect When the
action is in effect Amazon S3 will perform the
specific action on the applicable objects as they
appear in the bucket (you identify applicable
objects in the lifecycle Rule in which the action
is defined)
For example suppose you add a Transition
action to take effect on Dec 31 2014 Suppose
this action applies to objects with the key prefix
documents When the action takes effect
on this date Amazon S3 transitions existing
applicable objects to the GLACIER storage
class As long as the action is in effect Amazon
S3 will transition all objects that satisfy the prefix
condition
The date value must conform to the ISO 8601
format The time is always midnight UTC
Type String
Ancestor Expiration or Transition
Yes if
Days and
ExpiredObjectDeleteMarker
are absent
Days Specifies the number of days after object
creation when the specific rule action takes
effect The object's eligibility time is calculated
as creation time + the number of days and
rounding the resulting time to the next day
midnight UTC
Type Nonnegative Integer when used with
Transition Positive Integer when used with
Expiration
Ancestor Transition or Expiration
Yes if
Date and
ExpiredObjectDeleteMarker
are absent
DaysAfterInitiation Specifies the number of days after initiating a
multipart upload when the multipart upload must
be completed If it does not complete by the
specified number of days it becomes eligible for
an abort operation and Amazon S3 aborts the
incomplete multipart upload
Type Positive Integer
Ancestor
AbortIncompleteMultipartUpload
Yes if Date
is absent
API Version 20060301
114Amazon Simple Storage Service API Reference
Responses
Name Description Required
Expiration This action specifies a period in the object's
lifetime when Amazon S3 should take the
appropriate expiration action The expiration
action occurs only on objects that are eligible
according to the period specified in the child
Date or Days element The action Amazon
S3 takes depends on whether the bucket is
versioning enabled
• If versioning has never been enabled on the
bucket Amazon S3 deletes the only copy of
the object permanently
• Otherwise if your bucket is versioning
enabled (or versioning is suspended) the
action applies only to the current version
of the object Buckets with versioning
enabled or versioningsuspended can have
many versions of the same object one
current version and zero or more noncurrent
versions
Instead of deleting the current version
Amazon S3 makes it a noncurrent version by
adding a delete marker as the new current
version
Important
If your bucket state is versioning
suspended Amazon S3 creates a
delete marker with version ID null
If you have a version with version ID
null then Amazon S3 overwrites
that version
Note
To set expiration for noncurrent
objects you must use the
NoncurrentVersionExpiration
action
Type Container
Children Days or Date
Ancestor Rule
Yes if
parent tag is
specified
ID Unique identifier for the rule The value cannot
be longer than 255 characters
Type String
Ancestor Rule
No
LifecycleConfiguration Container for lifecycle rules You can add as
many as 1000 rules
Type Container
Children Rule
Ancestor None
Yes
API Version 20060301
115Amazon Simple Storage Service API Reference
Responses
Name Description Required
ExpiredObjectDeleteMarker On a versioned bucket (versioningenabled
or versioningsuspended bucket) this element
indicates if Amazon S3 will delete any expired
object delete markers in the bucket For an
example go to Example 8 Specify Expiration
Action to Remove Expired Object Delete
Markers in the Amazon Simple Storage Service
Developer Guide
Type String
Valid values true | false (the value false is
allowed but it is noop Amazon S3 will not take
action if the value is false)
Ancestor Expiration
Yes if Date
and Days
are absent
NoncurrentDays Specifies the number of days an object is
noncurrent before Amazon S3 can perform the
associated action For information about the
noncurrent days calculations see Lifecycle
Rules Based on the Number of Days in the
Amazon Simple Storage Service Developer
Guide
Type Nonnegative Integer when used
with NoncurrentVersionTransition
Positive Integer when used with
NoncurrentVersionExpiration
Ancestor NoncurrentVersionExpiration
or NoncurrentVersionTransition
Yes only if
the ancestor
is present
NoncurrentVersionExpiration Specifies when noncurrent object versions
expire Upon expiration Amazon S3
permanently deletes the noncurrent object
versions
You set this lifecycle configuration action
on a bucket that has versioning enabled (or
suspended) to request that Amazon S3 delete
noncurrent object versions at a specific period in
the object's lifetime
Type Container
Children NoncurrentDays
Ancestor Rule
Yes if no
other action
is present in
the Rule
NoncurrentVersionTransition Container for the transition rule that describes
when noncurrent objects transition to the
STANDARD_IA or the GLACIER storage class
If your bucket is versioningenabled (or
versioning is suspended) you can set this
action to request Amazon S3 to transition
noncurrent object versions to the GLACIER
storage class at a specific period in the object's
lifetime
Type Container
Children NoncurrentDays and StorageClass
Ancestor Rule
Yes if no
other action
is present in
the Rule
API Version 20060301
116Amazon Simple Storage Service API Reference
Responses
Name Description Required
Prefix Object key prefix identifying one or more objects
to which the rule applies
Type String
Ancestor Rule
Yes
Rule Container for a lifecycle rule
Type Container
Ancestor LifecycleConfiguration
Yes
Status If Enabled Amazon S3 executes the rule as
scheduled If Disabled Amazon S3 ignores the
rule
Type String
Ancestor Rule
Valid values Enabled or Disabled
Yes
StorageClass Specifies the Amazon S3 storage class to which
you want to transition the object
Type String
Ancestor Transition and
NoncurrentVersionTransition
Valid values STANDARD_IA | GLACIER
Yes
Transition This action specifies a period in the objects'
lifetime when Amazon S3 should transition
them to the STANDARD_IA or the GLACIER
storage class When this action is in effect
what Amazon S3 does depends on whether the
bucket is versioningenabled
• If versioning has never been enabled on the
bucket Amazon S3 transitions the only copy
of the object specified storage class
• Otherwise when your bucket is versioning
enabled (or versioning is suspended)
Amazon S3 transitions only the current
versions of objects identified in the rule
Note
A versioningenabled or versioning
suspended bucket can have many
versions of an object This action
has no impact on the noncurrent
object versions To transition
noncurrent objects you must use the
NoncurrentVersionTransition
action
Type Container
Children Days or Date and StorageClass
Ancestor Rule
Yes if no
other action
is present in
the Rule
API Version 20060301
117Amazon Simple Storage Service API Reference
Special Errors
Special Errors
Error Code Description HTTP
Status Code
SOAP Fault
Code Prefix
NoSuchLifecycleConfigurationThe lifecycle configuration does not
exist
404 Not
Found
Client
For general information about Amazon S3 errors and a list of error codes see Error Responses (p 7)
Examples
Example 1 Retrieve lifecycle subresource
This example shows a GET request to retrieve the lifecycle subresource from the specified bucket
and an example response with the returned lifecycle configuration
Sample Request
GET lifecycle HTTP11
Host examplebuckets3amazonawscom
xamzdate Thu 15 Nov 2012 001721 GMT
Authorization signatureValue
Sample Response
HTTP11 200 OK
xamzid2 ITnGT1y4RyTmXa3rPi4hklTXouTf0hccUjo0iCPjz6FnfIutBj3M7fPGlWO2SEWp
xamzrequestid 51991C342C575321
Date Thu 15 Nov 2012 001723 GMT
Server AmazonS3
ContentLength 358



Archive and then delete rule
projectdocs
Enabled

30
STANDARD_IA


365
GLACIER


3650



API Version 20060301
118Amazon Simple Storage Service API Reference
Related Resources
Related Resources
• PUT Bucket lifecycle (p 190)
• DELETE Bucket lifecycle (p 76)
API Version 20060301
119Amazon Simple Storage Service API Reference
GET Bucket policy
GET Bucket policy
Description
This implementation of the GET operation uses the policy subresource to return the policy of a
specified bucket To use this operation you must have GetPolicy permissions on the specified
bucket and you must be the bucket owner
If you don't have GetPolicy permissions Amazon S3 returns a 403 Access Denied error If you
have the correct permissions but you're not the bucket owner Amazon S3 returns a 405 Method
Not Allowed error If the bucket does not have a policy Amazon S3 returns a 404 Policy Not
found error There are restrictions about who can create bucket policies and which objects in a bucket
they can apply to For more information go to Using Bucket Policies
Requests
Syntax
GET policy HTTP11
Host BucketNames3amazonawscom
Date date
Authorization authorization string (see Authenticating Requests (AWS
Signature Version
4) (p 15))
Request Parameters
This implementation of the operation does not use request parameters
Request Headers
This implementation of the operation uses only request headers that are common to all operations For
more information see Common Request Headers (p 3)
Request Elements
This implementation of the operation does not use request elements
Responses
Response Headers
This implementation of the operation uses only response headers that are common to most responses
For more information see Common Response Headers (p 5)
Response Elements
The response contains the (JSON) policy of the specified bucket
Special Errors
This implementation of the operation does not return special errors For general information about
Amazon S3 errors and a list of error codes see Error Responses (p 7)
API Version 20060301
120Amazon Simple Storage Service API Reference
Examples
Examples
Sample Request
The following request returns the policy of the specified bucket
GET policy HTTP11
Host buckets3amazonawscom
Date Wed 28 Oct 2009 223200 GMT
Authorization authorization string
Sample Response
HTTP11 200 OK
xamzid2 Uuag1LuByru9pO4SAMPLEAtRPfTaOFg
xamzrequestid 656c76696e67SAMPLE57374
Date Tue 04 Apr 2010 203456 GMT
Connection keepalive
Server AmazonS3
{
Version20081017
Idaaaabbbbccccdddd
Statement [
{
EffectDeny
Sid1
Principal {
AWS[111122223333444455556666]
}
Action[s3*]
Resourcearnawss3bucket*
}
]
}
Related Resources
• GET Bucket Objects (p 96)
API Version 20060301
121Amazon Simple Storage Service API Reference
GET Bucket location
GET Bucket location
Description
This implementation of the GET operation uses the location subresource to return a bucket's region
You set the bucket's region using the LocationConstraint request parameter in a PUT Bucket
request For more information see PUT Bucket (p 169)
To use this implementation of the operation you must be the bucket owner
Requests
Syntax
GET location HTTP11
Host BucketNames3amazonawscom
Date date
Authorization authorization string (see Authenticating Requests (AWS
Signature Version
4) (p 15))
Request Parameters
This implementation of the operation does not use request parameters
Request Headers
This implementation of the operation uses only request headers that are common to all operations For
more information see Common Request Headers (p 3)
Request Elements
This implementation of the operation does not use request elements
Responses
Response Headers
This implementation of the operation uses only response headers that are common to most responses
For more information see Common Response Headers (p 5)
Response Elements
Name Description
LocationConstraint Specifies the region where the bucket resides For more information about
region endpoints and location constraints go to Regions and Endpoints in
the Amazon Web Services Glossary
Type String
Valid Values [ uswest1 | uswest2 | EU or euwest1 | eucentral1 | ap
south1 | apsoutheast1 | apsoutheast2 | apnortheast1 | apnortheast2
| saeast1 | empty string (for the US East (N Virginia) region)]
Ancestry None
API Version 20060301
122Amazon Simple Storage Service API Reference
Requests
When the bucket's region is US East (N Virginia) Amazon S3 returns an empty string for the bucket's
region

Special Errors
This implementation of the operation does not return special errors For general information about
Amazon S3 errors and a list of error codes see Error Responses (p 7)
Examples
Sample Request
The following request returns the region of the specified bucket
GET location HTTP11
Host myBuckets3amazonawscom
Date Tue 09 Oct 2007 202604 +0000
Authorization signatureValue
Sample Response

EU<
LocationConstraint>
Related Resources
• GET Bucket Objects (p 96)
• PUT Bucket (p 169)
API Version 20060301
123Amazon Simple Storage Service API Reference
GET Bucket logging
GET Bucket logging
Note
Logging functionality is currently in beta
Description
This implementation of the GET operation uses the logging subresource to return the logging status
of a bucket and the permissions users have to view and modify that status To use GET you must be
the bucket owner
Requests
Syntax
GET logging HTTP11
Host BucketNames3amazonawscom
Date date
Authorization authorization string
Request Parameters
This implementation of the operation does not use request parameters
Request Headers
This implementation of the operation uses only request headers that are common to all operations For
more information see Common Request Headers (p 3)
Request Elements
This implementation of the operation does not use request elements
Responses
Response Headers
This implementation of the operation uses only response headers that are common to most responses
For more information see Common Response Headers (p 5)
Response Elements
Name Description
BucketLoggingStatus Container for the response
Type Container
Ancestry None
EmailAddress Email address of the person whose logging permissions are displayed
Type String
API Version 20060301
124Amazon Simple Storage Service API Reference
Examples
Name Description
Ancestry
BucketLoggingStatusLoggingEnabledTargetGrantsGrantGrantee
Grant Container for Grantee and Permission
Type Container
Ancestry BucketLoggingStatusLoggingEnabledTargetGrants
Grantee Container for EmailAddress of the person whose logging permissions
are displayed
Type Container
Ancestry BucketLoggingStatusLoggingEnabledTargetGrantsGrant
LoggingEnabled Container for logging information This element and its children are
present when logging is enabled otherwise this element and its
children are absent
Type Container
Ancestry BucketLoggingStatus
Permission Logging permissions assigned to the Grantee for the bucket
Type String
Valid Values FULL_CONTROL | READ | WRITE
Ancestry BucketLoggingStatusLoggingEnabledTargetGrantsGrant
TargetBucket Specifies the bucket whose logging status is being returned This
element specifies the bucket where server access logs will be delivered
Type String
Ancestry BucketLoggingStatusLoggingEnabled
TargetGrants Container for granting information
Type Container
Ancestry BucketLoggingStatusLoggingEnabled
TargetPrefix Specifies the prefix for the keys that the log files are being stored under
Type String
Ancestry BucketLoggingStatusLoggingEnabled
Special Errors
This implementation of the operation does not return special errors For general information about
Amazon S3 errors and a list of error codes see Error Responses (p 7)
Examples
Sample Request
The following request returns the logging status for mybucket
GET logging HTTP11
Host mybuckets3amazonawscom
Date Wed 25 Nov 2009 120000 GMT
Authorization authorization string
API Version 20060301
125Amazon Simple Storage Service API Reference
Related Resources
Sample Response Showing an Enabled Logging Status
HTTP11 200 OK
Date Wed 25 Nov 2009 120000 GMT
Connection close
Server AmazonS3



mybucketlogs
mybucketaccess_log


xsitypeAmazonCustomerByEmail>
user@companycom

READ




Sample Response Showing a Disabled Logging Status
HTTP11 200 OK
Date Wed 25 Nov 2009 120000 GMT
Connection close
Server AmazonS3


Related Resources
• PUT Bucket (p 169)
• PUT Bucket logging (p 202)
API Version 20060301
126Amazon Simple Storage Service API Reference
GET Bucket notification
GET Bucket notification
Description
This implementation of the GET operation uses the notification subresource to return the
notification configuration of a bucket
If notifications are not enabled on the bucket the operation returns an empty
NotificationConfiguration element
By default you must be the bucket owner to read the notification configuration of a bucket However
the bucket owner can use a bucket policy to grant permission to other users to read this configuration
with the s3GetBucketNotification permission
For more information about setting and reading the notification configuration on a bucket see Setting
Up Notification of Bucket Events For more information about bucket policies see Using Bucket
Policies
Requests
Syntax
GET notification HTTP11
Host BucketNames3amazonawscom
Date date
Authorization authorization string (see Authenticating Requests (AWS
Signature Version
4) (p 15))
Request Parameters
This implementation of the operation does not use request parameters
Request Headers
This implementation of the operation uses only request headers that are common to all operations For
more information see Common Request Headers (p 3)
Request Elements
This implementation of the operation does not use request elements
Responses
Response Headers
This implementation of the operation uses only response headers that are common to most responses
For more information see Common Response Headers (p 5)
Response Elements
Name Description
CloudFunction Lambda cloud function ARN that Amazon S3 can
invoke when it detects events of the specified type
API Version 20060301
127Amazon Simple Storage Service API Reference
Responses
Name Description
Type String
Ancestry CloudFunctionConfiguration
CloudFunctionConfiguration Container for specifying the AWS Lambda
notification configuration
Type Container
Children An Id CloudFunction and one or
more Event
Ancestry NotificationConfiguration
Event Bucket event for which to send notifications
Note
You can add multiple instance
of QueueConfiguration
TopicConfiguration or
CloudFunctionConfiguration to the
notification configuration
Type String
Valid Values For a list of supported event types
go to Configuring Event Notifications in the Amazon
Simple Storage Service Developer Guide
Ancestry TopicConfiguration and
QueueConfiguration
Filter Container for S3Key which contains object key
name filtering rules For information about key name
filtering go to Configuring Event Notifications in the
Amazon Simple Storage Service Developer Guide
Type Container
Children S3Key
Ancestor TopicConfiguration
QueueConfiguration or
CloudFunctionConfiguration
FilterRule Container for key value pair that defines the criteria
for the filter rule
Container S3Key
Type Container
Children Name and Value
Ancestor S3Key
API Version 20060301
128Amazon Simple Storage Service API Reference
Responses
Name Description
Id Optional unique identifier for
each of the configurations in the
NotificationConfiguration If you don't
provide Amazon S3 will assign an ID
Type String
Ancestry TopicConfiguration and
QueueConfiguration
Name Object key name prefix or suffix identifying
one or more objects to which the filtering rule
applies Maximum prefix length can be up to 1024
characters Overlapping prefixes and suffixes
are not supported For more information go to
Configuring Event Notifications in the Amazon
Simple Storage Service Developer Guide
Type String
Ancestor FilterRule
Valid values prefix or suffix
NotificationConfiguration Container for specifying the notification configuration
of the bucket If this element is empty notifications
are turned off on the bucket
Type Container
Children one or more TopicConfiguration
QueueConfiguration and
CloudFunctionConfiguration elements
Ancestry None
Queue Amazon SQS queue ARN to which Amazon S3
will publish a message when it detects events of
specified type
Type String
Ancestry TopicConfiguration
QueueConfiguration Container for specifying a configuration when you
want Amazon S3 to publish events to an Amazon
Simple Queue Service (Amazon SQS) queue
Type Container
Children An Id Topic and one or more Event
Ancestry NotificationConfiguration
S3Key Container for object key name prefix and suffix
filtering rules
Type Container
Children One or more FilterRule
Ancestor Filter
API Version 20060301
129Amazon Simple Storage Service API Reference
Examples
Name Description
Topic Amazon SNS topic ARN to which Amazon S3
will publish a message when it detects events of
specified type
Type String
Ancestry TopicConfiguration
TopicConfiguration Container for specifying the configuration when you
want Amazon S3 to publish events to an Amazon
Simple Notification Service (Amazon SNS) topic
Type Container
Children An Id Topic and one or more Event
Ancestry NotificationConfiguration
Value Specifies the object key name prefix or suffix to filter
on
Type String
Ancestor FilterRule
Special Errors
This implementation of the operation does not return special errors For general information about
Amazon S3 errors and a list of error codes see Error Responses (p 7)
Examples
Sample Request
This request returns the notification configuration on the bucket quotess3amazonawscom
GET notification HTTP11
Host quotess3amazonawscom
Date Wed 15 Oct 2014 165903 GMT
Authorization authorization string
Sample Response
This response returns that the notification configuration for the specified bucket
HTTP11 200 OK
xamzid2 YgIPIfBiKa2bj0KMgUAdQkf3ShJTOOpXUueF6QKo
xamzrequestid 236A8905248E5A02
Date Wed 15 Oct 2014 165904 GMT
Server AmazonS3



YjVkM2Y0YmUtNGI3NC00ZjQyLWEwNGItNDIyYWUxY2I0N2M4
API Version 20060301
130Amazon Simple Storage Service API Reference
Related Resources
arnawssnsuseast1accountids3notificationtopic2
s3ReducedRedundancyLostObject
s3ObjectCreated*


Related Resources
• PUT Bucket notification (p 207)
API Version 20060301
131Amazon Simple Storage Service API Reference
GET Bucket replication
GET Bucket replication
Description
Returns the replication configuration information set on the bucket For information about
replication configuration go to Adding Replication Configuration to a Bucket in the Amazon Simple
Storage Service Developer Guide
This operation requires permission for the s3GetReplicationConfiguration action For more
information about permissions go to Using Bucket Policies and User Policies in the Amazon Simple
Storage Service Developer Guide
Requests
Syntax
GET replication HTTP11
Host bucketnames3amazonawscom
Date date
Authorization authorization string (see Authenticating Requests (AWS
Signature Version
4) (p 15))
Request Parameters
This implementation of the operation does not use request parameters
Request Headers
This implementation of the operation uses only request headers that are common to all operations For
more information see Common Request Headers (p 3)
Request Elements
This implementation of the operation does not use request elements
Responses
Response Headers
This implementation of the operation uses only response headers that are common to most responses
For more information see Common Response Headers (p 5)
Response Elements
This implementation of GET returns the following response elements
Name Description
ReplicationConfiguration Container for replication rules You can add
as many as 1000 rules Total replication
configuration size can be up to 2 MB
Type Container
API Version 20060301
132Amazon Simple Storage Service API Reference
Responses
Name Description
Children Rule
Ancestor None
Role Amazon Resource Name (ARN) of an IAM role
for Amazon S3 to assume when replicating the
objects
Type String
Ancestor Rule
Rule Container for information about a particular
replication rule Replication configuration must
have at least one rule and can contain up to
1000 rules
Type Container
AncestorReplicationConfiguration
ID Unique identifier for the rule The value cannot
be longer than 255 characters
Type String
Ancestor Rule
Status The rule is ignored if status is not Enabled
Type String
Ancestor Rule
Valid values Enabled Disabled
Prefix Object key name prefix identifying one or more
objects to which the rule applies Maximum
prefix length can be up to 1024 characters
Overlapping prefixes are not supported
Type String
Ancestor Rule
Destination Container for destination information
Type Container
Ancestor Rule
Bucket Bucket name for storing replicas of objects
identified by the rule
Type String
Ancestor Destination
StorageClass Storage class to use for the replicated objects
If you did not set the storage class when you
configured the crossregion replication (PUT
Bucket replication (p 215)) this field is not
returned
Type String
Ancestor Destination
API Version 20060301
133Amazon Simple Storage Service API Reference
Special Errors
Special Errors
Error Code Description HTTP
Status Code
SOAP Fault
Code Prefix
NoSuchReplicationConfigurationThe replication configuration does
not exist
404 Not
Found
Client
For general information about Amazon S3 errors and a list of error codes see Error Responses (p 7)
Examples
Example 1 Retrieve replication configuration information
The following example GET request retrieves replication configuration information set for the
examplebucket bucket
GET replication HTTP11
Host examplebuckets3amazonawscom
xamzdate Tue 10 Feb 2015 001721 GMT
Authorization signatureValue
The following sample response shows that replication is enabled on the bucket and the empty
prefix indicates that Amazon S3 will replicate all objects created in the examplebucket bucket The
Destination element shows the target bucket where Amazon S3 creates the object replicas and the
storage class (STANDARD_IA) that Amazon S3 will use when creating replicas
Amazon S3 will assume the specified role to replicate objects on behalf of the bucket owner which is
the AWS account that created the bucket
HTTP11 200 OK
xamzid2 ITnGT1y4RyTmXa3rPi4hklTXouTf0hccUjo0iCPjz6FnfIutBj3M7fPGlWO2SEWp
xamzrequestid 51991C342example
Date Tue 10 Feb 2015 001723 GMT
Server AmazonS3
ContentLength contentlength



rule1
Enabled


arnawss3exampletargetbucket
STANDARD_IA


arnawsiam35667exampleroleCrossRegionReplicationRoleForS3

Related Resources
• PUT Bucket replication (p 215)
API Version 20060301
134Amazon Simple Storage Service API Reference
Related Resources
• DELETE Bucket replication (p 80)
API Version 20060301
135Amazon Simple Storage Service API Reference
GET Bucket tagging
GET Bucket tagging
Description
This implementation of the GET operation uses the tagging subresource to return the tag set
associated with the bucket
To use this operation you must have permission to perform the s3GetBucketTagging action By
default the bucket owner has this permission and can grant this permission to others
Requests
Syntax
GET tagging HTTP11
Host BucketNames3amazonawscom
Date date
Authorization authorization string (see Authenticating Requests (AWS
Signature Version
4) (p 15))
Request Parameters
This implementation of the operation does not use request parameters
Request Headers
This implementation of the operation uses only request headers that are common to all operations For
more information see Common Request Headers (p 3)
Request Elements
This implementation of the operation does not use request elements
Responses
Response Headers
This implementation of the operation uses only response headers that are common to most responses
For more information see Common Response Headers (p 5)
Response Elements
Name Description
Tagging Contains the TagSet and Tag elements
Type Container
Ancestry None
TagSet Contains the tag set
Type Container
Ancestry Tagging
API Version 20060301
136Amazon Simple Storage Service API Reference
Examples
Name Description
Tag Contains the tag information
Type Container
Ancestry TagSet
Key Name of the tag
Type String
Ancestry Tag
Value Value of the tag
Type String
Ancestry Tag
Special Errors
• NoSuchTagSetError There is no tag set associated with the bucket
Examples
Sample Request
The following request returns the tag set of the specified bucket
GET tagging HTTP11
Host buckets3amazonawscom
Date Wed 28 Oct 2009 223200 GMT
Authorization authorization string
Sample Response
HTTP11 200 OK
Date Wed 25 Nov 2009 120000 GMT
Connection close
Server AmazonS3



Project
Project One


User
jsmith



Related Resources
• PUT Bucket tagging (p 221)
API Version 20060301
137Amazon Simple Storage Service API Reference
Related Resources
• DELETE Bucket tagging (p 82)
API Version 20060301
138Amazon Simple Storage Service API Reference
GET Bucket Object versions
GET Bucket Object versions
Description
You can use the versions subresource to list metadata about all of the versions of objects in a
bucket You can also use request parameters as selection criteria to return metadata about a subset of
all the object versions For more information see Request Parameters (p 139)
Note
A 200 OK response can contain valid or invalid XML Make sure to design your application to
parse the contents of the response and handle it appropriately
To use this operation you must have READ access to the bucket
Requests
Syntax
GET versions HTTP11
Host BucketNames3amazonawscom
Date date
Authorization authorization string (see Authenticating Requests (AWS
Signature Version
4) (p 15))
Request Parameters
This implementation of GET uses the parameters in the following table to return a subset of the objects
in a bucket
Parameter Description Required
delimiter A delimiter is a character that you specify to group keys All keys
that contain the same string between the prefix and the first
occurrence of the delimiter are grouped under a single result
element in CommonPrefixes These groups are counted as
one result against the maxkeys limitation These keys are not
returned elsewhere in the response Also see prefix
Type String
Default None
No
encodingtype Requests Amazon S3 to encode the response and specifies the
encoding method to use
An object key can contain any Unicode character however XML
10 parser cannot parse some characters such as characters
with an ASCII value from 0 to 10 For characters that are not
supported in XML 10 you can add this parameter to request that
Amazon S3 encode the keys in the response
Type String
Default None
Valid value url
No
API Version 20060301
139Amazon Simple Storage Service API Reference
Responses
Parameter Description Required
keymarker Specifies the key in the bucket that you want to start listing from
Also see versionidmarker
Type String
Default None
No
maxkeys Sets the maximum number of keys returned in the response
body The response might contain fewer keys but will never
contain more If additional keys satisfy the search criteria but
were not returned because maxkeys was exceeded the
response contains true To
return the additional keys see keymarker and versionid
marker
Type String
Default 1000
No
prefix Use this parameter to select only those keys that begin with the
specified prefix You can use prefixes to separate a bucket into
different groupings of keys (You can think of using prefix to
make groups in the same way you'd use a folder in a file system)
You can use prefix with delimiter to roll up numerous
objects into a single result under CommonPrefixes Also see
delimiter
Type String
Default None
No
versionid
marker
Specifies the object version you want to start listing from Also
see keymarker
Type String
Default None
Valid Values Valid version ID | Default
Constraint May not be an empty string
No
Request Headers
This implementation of the operation uses only request headers that are common to all operations For
more information see Common Request Headers (p 3)
Responses
Response Headers
This implementation of the operation uses only response headers that are common to most responses
For more information see Common Response Headers (p 5)
Response Elements
Name Description
DeleteMarker Container for an object that is a delete marker
Type Container
Children Key VersionId IsLatest LastModified Owner
Ancestor ListVersionsResult
API Version 20060301
140Amazon Simple Storage Service API Reference
Responses
Name Description
DisplayName Object owner's name
Type String
Ancestor ListVersionsResultVersionOwner |
ListVersionsResultDeleteMarkerOwner
EncodingType Encoding type used by Amazon S3 to encode object key names in the
XML response
If you specify encodingtype request parameter Amazon S3 includes
this element in the response and returns encoded key name values in
the following response elements
KeyMarker NextKeyMarker Prefix Key and Delimiter
Type String
Ancestor ListBucketResult
ETag The entity tag is an MD5 hash of the object The ETag only reflects
changes to the contents of an object not its metadata
Type String
Ancestor ListVersionsResultVersion
ID Object owner's ID
Type String
Ancestor ListVersionsResultVersionOwner |
ListVersionsResultDeleteMarkerOwner
IsLatest Specifies whether the object is (true) or is not (false) the current
version of an object
Type Boolean
Valid Values true | false
Ancestor ListVersionsResultVersion | ListVersionsResultDeleteMarker
IsTruncated A flag that indicates whether (true) or not (false) Amazon S3
returned all of the results that satisfied the search criteria If your results
were truncated you can make a followup paginated request using the
NextKeyMarker and NextVersionIdMarker response parameters
as a starting place in another request to return the rest of the results
Type Boolean
Valid Values true | false
Ancestor ListVersionsResult
Key The object's key
Type String
Ancestor ListVersionsResultVersion | ListVersionsResultDeleteMarker
KeyMarker Marks the last Key returned in a truncated response
Type String
Ancestor ListVersionsResult
LastModified Date and time the object was last modified
Type Date
Ancestor ListVersionsResultVersion | ListVersionsResultDeleteMarker
API Version 20060301
141Amazon Simple Storage Service API Reference
Responses
Name Description
ListVersionsResult Container for the result
Type Container
Children All elements in the response
Ancestor ListVersionsResult
MaxKeys Specifies the maximum number of objects to return
Type String
Default 1000
Valid Values Integers from 1 to 1000 inclusive
Ancestor ListVersionsResult
Name Bucket owner's name
Type String
Ancestor ListVersionsResult
NextKeyMarker When the number of responses exceeds the value of MaxKeys
NextKeyMarker specifies the first key not returned that satisfies the
search criteria Use this value for the keymarker request parameter in
a subsequent request
Type String
Ancestor ListVersionsResult
NextVersionIdMarker When the number of responses exceeds the value of MaxKeys
NextVersionIdMarker specifies the first object version not returned
that satisfies the search criteria Use this value for the versionid
marker request parameter in a subsequent request
Type String
Ancestor ListVersionsResult
Owner Bucket owner
Type String
Children DisplayName ID
Ancestor ListVersionsResultVersion | ListVersionsResultDeleteMarker
Prefix Selects objects that start with the value supplied by this parameter
Type String
Ancestor ListVersionsResult
Size Size in bytes of the object
Type String
Ancestor ListVersionsResultVersion
StorageClass Always STANDARD
Type String
Ancestor ListVersionsResultVersion
Version Container for version information
Type Container
Ancestor ListVersionsResult
API Version 20060301
142Amazon Simple Storage Service API Reference
Examples
Name Description
VersionId Version ID of an object
Type String
Ancestor ListVersionsResultVersion | ListVersionsResultDeleteMarker
VersionIdMarker Marks the last version of the Key returned in a truncated response
Type String
Ancestor ListVersionsResult
Special Errors
This implementation of the operation does not return special errors For general information about
Amazon S3 errors and a list of error codes see Error Responses (p 7)
Examples
Sample Request
The following request returns all of the versions of all of the objects in the specified bucket
GET versions HTTP11
Host BucketNames3amazonawscom
Date Wed 28 Oct 2009 223200 +0000
Authorization authorization string (see Authenticating Requests (AWS
Signature Version
4) (p 15))
Sample Response to GET Versions


bucket
my


5
false

myimagejpg
3L4kqtJl40Nr8X8gdRQBpUMLUo
true
20091012T175030000Z
"fba9dede5f27731c9771645a39863328"
434234
STANDARD


75aa57f09aa0c8caeab4f8c24e99d10f8e7faeebf76c078efc7c6caea54ba06a
mtd@amazoncom


API Version 20060301
143Amazon Simple Storage Service API Reference
Examples

mysecondimagejpg
03jpff543dhffds434rfdsFDN943fdsFkdmqnh892
true
20091112T175030000Z


75aa57f09aa0c8caeab4f8c24e99d10f8e7faeebf76c078efc7c6caea54ba06a
mtd@amazoncom



mysecondimagejpg
QUpfdndhfd8438MNFDN93jdnJFkdmqnh893
false
20091010T175030000Z
"9b2cf535f27731c974343645a3985328"
166434
STANDARD


75aa57f09aa0c8caeab4f8c24e99d10f8e7faeebf76c078efc7c6caea54ba06a
mtd@amazoncom



mythirdimagejpg
03jpff543dhffds434rfdsFDN943fdsFkdmqnh892
true
20091015T175030000Z


75aa57f09aa0c8caeab4f8c24e99d10f8e7faeebf76c078efc7c6caea54ba06a
mtd@amazoncom



mythirdimagejpg
UIORUnfndfhnw89493jJFJ
false
20091011T125030000Z
"772cf535f27731c974343645a3985328"
64
STANDARD


75aa57f09aa0c8caeab4f8c24e99d10f8e7faeebf76c078efc7c6caea54ba06a
mtd@amazoncom



Sample Request
The following request returns objects in the order they were stored returning the most recently stored
object first starting with the value for keymarker
GET versions&keymarkerkey2 HTTP11
API Version 20060301
144Amazon Simple Storage Service API Reference
Examples
Host s3amazonawscom
Pragma nocache
Accept imagegif imagexxbitmap imagejpeg imagepjpeg **
Date Thu 10 Dec 2009 224632 +0000
Authorization signatureValue
Sample Response


mtpversioningfresh

key2

1000
false

key3
I5VhmK6CDDdQ5Pwfe1gcHZWmHDpcv7gfmfc29UBxsKU
true
20091209T001904000Z
"396fefef536d5ce46c7537ecf978a360"
217

75aa57f09aa0c8caeab4f8c24e99d10f8e7faeebf76c078efc7c6caea54ba06a<
ID>

STANDARD


sourcekey
qDhprLU80sAlCFLu2DWgXAEDgKzWarnHS_JU0TvYqs
true
20091210T163811000Z

75aa57f09aa0c8caeab4f8c24e99d10f8e7faeebf76c078efc7c6caea54ba06a<
ID>



sourcekey
wxxQ7ezLaL5JN2Sislq66Syxxo0k7uHTUpb9qiiMxNg
false
20091210T163744000Z
"396fefef536d5ce46c7537ecf978a360"
217

75aa57f09aa0c8caeab4f8c24e99d10f8e7faeebf76c078efc7c6caea54ba06a<
ID>

STANDARD


Sample Request Using prefix
This example returns objects whose keys begin with source
API Version 20060301
145Amazon Simple Storage Service API Reference
Examples
GET versions&prefixsource HTTP11
Host buckets3amazonawscom
Date Wed 28 Oct 2009 223200 +0000
Authorization authorization string
Sample Response


mtpversioningfresh
source


1000
false

sourcekey
qDhprLU80sAlCFLu2DWgXAEDgKzWarnHS_JU0TvYqs
true
20091210T163811000Z

75aa57f09aa0c8caeab4f8c24e99d10f8e7faeebf76c078efc7c6caea54ba06a<
ID>



sourcekey
wxxQ7ezLaL5JN2Sislq66Syxxo0k7uHTUpb9qiiMxNg
false
20091210T163744000Z
"396fefef536d5ce46c7537ecf978a360"
217

75aa57f09aa0c8caeab4f8c24e99d10f8e7faeebf76c078efc7c6caea54ba06a<
ID>

STANDARD


Sample Request Using keymarker and versionidmarker
Parameters
The following example returns objects starting at the specified key (keymarker) and version ID
(versionidmarker)
GET versions&keymarkerkey3&versionidmarkert46ZenlYTZBnj HTTP11
Host buckets3amazonawscom
Date Wed 28 Oct 2009 223200 +0000
Authorization signatureValue
Sample Response

API Version 20060301
146Amazon Simple Storage Service API Reference
Examples

mtpversioningfresh

key3
t46ZenlYTZBnj
1000
false

sourcekey
qDhprLU80sAlCFLu2DWgXAEDgKzWarnHS_JU0TvYqs
true
20091210T163811000Z

75aa57f09aa0c8caeab4f8c24e99d10f8e7faeebf76c078efc7c6caea54ba06a<
ID>



sourcekey
wxxQ7ezLaL5JN2Sislq66Syxxo0k7uHTUpb9qiiMxNg
false
20091210T163744000Z
"396fefef536d5ce46c7537ecf978a360"
217

75aa57f09aa0c8caeab4f8c24e99d10f8e7faeebf76c078efc7c6caea54ba06a<
ID>

STANDARD


Sample Request Using keymarker versionidmarker and
maxkeys
The following request returns up to three (the value of maxkeys) objects starting with the key
specified by keymarker and the version ID specified by versionidmarker
GET versions&keymarkerkey3&versionidmarkert46Z0menlYTZBnj HTTP11
Host buckets3amazonawscom
Date Wed 28 Oct 2009 223200 +0000
Authorization authorization string
Sample Response


mtpversioningfresh

key3
null
key3
dd309mfjFrUmoQ0DBsVqmcMV15OI
2
true
API Version 20060301
147Amazon Simple Storage Service API Reference
Examples

key3
8XECiENpj8pydEDJdd_VRrvaGKAHOaGMNW7tg6UViI
false
20091209T001823000Z
"396fefef536d5ce46c7537ecf978a360"
217

75aa57f09aa0c8caeab4f8c24e99d10f8e7faeebf76c078efc7c6caea54ba06a<
ID>

STANDARD


key3
dd309mfjFri40QYukDozqBt3UmoQ0DBsVqmcMV15OI
false
20091209T001808000Z
"396fefef536d5ce46c7537ecf978a360"
217

75aa57f09aa0c8caeab4f8c24e99d10f8e7faeebf76c078efc7c6caea54ba06a<
ID>

STANDARD


Sample Request Using the Delimiter and the Prefix
Parameters
Assume you have the following keys in your bucket examplebucket
photos2006Januarysamplejpg
photos2006Februarysamplejpg
photos2006Marchsamplejpg
videos2006Marchsamplewmv
samplejpg
The following GET versions request specifies the delimiter parameter with value
GET versions&delimiter HTTP11
Host examplebuckets3amazonawscom
Date Wed 02 Feb 2011 203456 GMT
Authorization authorization string
The list of keys from the specified bucket are shown in the following response
The response returns the samplejpg key in a element However because all the other
keys contain the specified delimiter a distinct substring from the beginning of the key to the first
occurrence of the delimiter from each of these keys is returned in a element The
key substrings photos and videos in the element indicate that there are one
or more keys with these key prefixes
API Version 20060301
148Amazon Simple Storage Service API Reference
Examples
This is a useful scenario if you use key prefixes for your objects to create a logical folder like structure
In this case you can interpret the result as the folders photos and videos have one or more
objects

mvbucketwithversionon1



1000

false


Samplejpg
toxMzQlBsGyGCz1YuMWMp90cdXLzqOCH
true
20110202T184620000Z
"3305f2cfc46c0f04559748bb039d69ae"
3191

852b113e7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc<
ID>
displayname

STANDARD



photos


videos


In addition to the delimiter parameter you can filter results by adding a prefix parameter as shown in
the following request
GET versions&prefixphotos2006&delimiter HTTP11
Host examplebuckets3amazonawscom
Date Wed 02 Feb 2011 193402 GMT
Authorization authorization string
In this case the response will include only objects keys that start with the specified prefix The value
returned in the element is a substring from the beginning of the key to the first
occurrence of the specified delimiter after the prefix


examplebucket
photos2006


1000

false
API Version 20060301
149Amazon Simple Storage Service API Reference
Related Resources

photos2006
3U275dAA4gz8ZOqOPHtJCUOi60krpCdy
true
20110202T184727000Z
"d41d8cd98f00b204e9800998ecf8427e"
0

75aa57f09aa0c8caeab4f8c24e99d10f8e7faeebf76c078efc7c6caea54ba06a<
ID>
displayname

STANDARD


photos2006February


photos2006January


photos2006March


Related Resources
• GET Bucket Objects (p 96)
• GET Object (p 251)
• PUT Object (p 291)
• DELETE Object (p 239)
API Version 20060301
150Amazon Simple Storage Service API Reference
GET Bucket requestPayment
GET Bucket requestPayment
Description
This implementation of the GET operation uses the requestPayment subresource to return the
request payment configuration of a bucket To use this version of the operation you must be the
bucket owner For more information see Requester Pays Buckets
Requests
Syntax
GET requestPayment HTTP11
Host BucketNames3amazonawscom
Date Date
Authorization authorization string
Request Parameters
This implementation of the operation does not use request parameters
Request Headers
This implementation of the operation uses only request headers that are common to all operations For
more information see Common Request Headers (p 3)
Responses
Response Headers
This implementation of the operation uses only response headers that are common to most responses
For more information see Common Response Headers (p 5)
Response Elements
Name Description
Payer Specifies who pays for the download and request fees
Type Enum
Valid Values Requester | BucketOwner
Ancestor RequestPaymentConfiguration
RequestPaymentConfiguration Container for Payer
Type Container
Special Errors
This implementation of the operation does not return special errors For general information about
Amazon S3 errors and a list of error codes see Error Responses (p 7)
API Version 20060301
151Amazon Simple Storage Service API Reference
Examples
Examples
Sample Request
The following request returns the payer for the bucket colorpictures
GET requestPayment HTTP11
Host colorpicturess3amazonawscom
Date Wed 01 Mar 2009 120000 GMT
Authorization authorization string
Sample Response
HTTP11 200 OK
xamzid2 YgIPIfBiKa2bj0KMg95r0zo3emzU4dzsD4rcKCHQUAdQkf3ShJTOOpXUueF6QKo
xamzrequestid 236A8905248E5A01
Date Wed 01 Mar 2009 120000 GMT
ContentType [type]
ContentLength 0
Connection close
Server AmazonS3


Requester

This response shows that the bucket is a Requester Pays bucket meaning the person requesting a
download from this bucket pays the transfer fees
Related Resources
• GET Bucket (List Objects) Version 1 (p 96)
API Version 20060301
152Amazon Simple Storage Service API Reference
GET Bucket versioning
GET Bucket versioning
Description
This implementation of the GET operation uses the versioning subresource to return the versioning
state of a bucket To retrieve the versioning state of a bucket you must be the bucket owner
This implementation also returns the MFA Delete status of the versioning state ie if the MFA Delete
status is enabled the bucket owner must use an authentication device to change the versioning state
of the bucket
There are three versioning states
• If you enabled versioning on a bucket the response is

Enabled

• If you suspended versioning on a bucket the response is

Suspended

• If you never enabled (or suspended) versioning on a bucket the response is

Requests
Syntax
GET versioning HTTP11
Host BucketNames3amazonawscom
ContentLength length
Date date
Authorization authorization string (see Authenticating Requests (AWS
Signature Version
4) (p 15))
Request Parameters
This implementation of the operation does not use request parameters
Request Headers
This implementation of the operation uses only request headers that are common to all operations For
more information see Common Request Headers (p 3)
Request Elements
This implementation of the operation does not use request elements
API Version 20060301
153Amazon Simple Storage Service API Reference
Responses
Responses
Response Headers
This implementation of the operation uses only response headers that are common to most responses
For more information see Common Response Headers (p 5)
Response Elements
This implementation of GET returns the following response elements
Name Description
MfaDelete Specifies whether MFA delete is enabled in the bucket versioning
configuration This element is only returned if the bucket has
been configured with MfaDelete If the bucket has never been so
configured this element is not returned
Type Enum
Valid Values Disabled | Enabled
Ancestor VersioningConfiguration
Status The versioning state of the bucket
Type Enum
Valid Values Suspended | Enabled
Ancestor VersioningConfiguration
VersioningConfiguration Container for the Status response element
Type Container
Ancestor None
Special Errors
This implementation of the operation does not return special errors For general information about
Amazon S3 errors and a list of error codes see Error Responses (p 7)
Examples
Sample Request
This example returns the versioning state of myBucket
GET versioning HTTP11
Host myBuckets3amazonawscom
Date Wed 12 Oct 2009 175000 GMT
Authorization authorization string
ContentType textplain
Sample Response
The following is a sample of the response body (only) that shows bucket versioning is enabled

API Version 20060301
154Amazon Simple Storage Service API Reference
Related Resources
Enabled

Related Resources
• GET Object (p 251)
• PUT Object (p 291)
• DELETE Object (p 239)
API Version 20060301
155Amazon Simple Storage Service API Reference
GET Bucket website
GET Bucket website
Description
This implementation of the GET operation returns the website configuration associated with a
bucket To host website on Amazon S3 you can configure a bucket as website by adding a website
configuration For more information about hosting websites go to Hosting Websites on Amazon S3 in
the Amazon Simple Storage Service Developer Guide
This GET operation requires the S3GetBucketWebsite permission By default only the bucket
owner can read the bucket website configuration However bucket owners can allow other users to
read the website configuration by writing a bucket policy granting them the S3GetBucketWebsite
permission
Requests
Syntax
GET website HTTP11
Host bucketnames3amazonawscom
Date date
Authorization authorization string (see Authenticating Requests (AWS
Signature Version
4) (p 15))
Request Parameters
This implementation of the operation does not use request parameters
Request Headers
This implementation of the operation uses only request headers that are common to all operations For
more information see Common Request Headers (p 3)
Request Elements
This operation does not use request elements
Responses
Response Headers
This implementation of the operation uses only response headers that are common to most responses
For more information see Common Response Headers (p 5)
Response Elements
The response XML includes same elements that were uploaded when you configured the bucket as
website For more information see PUT Bucket website (p 230)
API Version 20060301
156Amazon Simple Storage Service API Reference
Examples
Examples
Sample Request
This request retrieves website configuration on the specified bucket
GET website HTTP11
Host examplebuckets3amazoncom
Date Thu 27 Jan 2011 004920 GMT
Authorization AWS AKIAIOSFODNN7EXAMPLEn0Nhek72Ufgu7Sm5C1dqRLs8XX
Sample Response
HTTP11 200 OK
xamzid2 YgIPIfBiKa2bj0KMgUAdQkf3ShJTOOpXUueF6QKo
xamzrequestid 3848CD259D811111
Date Thu 27 Jan 2011 004926 GMT
ContentLength 240
ContentType applicationxml
TransferEncoding chunked
Server AmazonS3



indexhtml


404html


Related Resources
• DELETE Bucket website (p 84)
• PUT Bucket website (p 230)
API Version 20060301
157Amazon Simple Storage Service API Reference
HEAD Bucket
HEAD Bucket
Description
This operation is useful to determine if a bucket exists and you have permission to access it The
operation returns a 200 OK if the bucket exists and you have permission to access it Otherwise the
operation might return responses such as 404 Not Found and 403 Forbidden
For information about permissions required for this bucket operation go to Specifying Permissions in a
Policy in the Amazon Simple Storage Service Developer Guide
Requests
Syntax
HEAD HTTP11
Host BucketNames3amazonawscom
Date date
Authorization authorization string (see Authenticating Requests (AWS
Signature Version
4) (p 15))
Request Parameters
This implementation of the operation does not use request parameters
Request Elements
This implementation of the operation does not use request elements
Request Headers
This implementation of the operation uses only request headers that are common to all operations For
more information see Common Request Headers (p 3)
Responses
Response Headers
This implementation of the operation uses only response headers that are common to most responses
For more information see Common Response Headers (p 5)
Response Elements
This implementation of the operation does not return response elements
Special Errors
This implementation of the operation does not return special errors For general information about
Amazon S3 errors and a list of error codes see Error Responses (p 7)
API Version 20060301
158Amazon Simple Storage Service API Reference
Examples
Examples
Sample Request
This requests returns the objects in BucketName
HEAD HTTP11
Date Fri 10 Feb 2012 213455 GMT
Authorization authorization string
Host myawsbuckets3amazonawscom
Connection KeepAlive
Sample Response
HTTP11 200 OK
xamzid2 JuKZqmXuiwFeDQxhD7M8KtsKobSzWA1QEjLbTMTagkKdBX2z7IljGhDeJ3j6s80
xamzrequestid 32FE2CEB32F5EE25
Date Fri 10 2012 213456 GMT
Server AmazonS3
API Version 20060301
159Amazon Simple Storage Service API Reference
List Multipart Uploads
List Multipart Uploads
Description
This operation lists inprogress multipart uploads An inprogress multipart upload is a multipart upload
that has been initiated using the Initiate Multipart Upload request but has not yet been completed or
aborted
This operation returns at most 1000 multipart uploads in the response 1000 multipart uploads is the
maximum number of uploads a response can include which is also the default value You can further
limit the number of uploads in a response by specifying the maxuploads parameter in the response
If additional multipart uploads satisfy the list criteria the response will contain an IsTruncated
element with the value true To list the additional multipart uploads use the keymarker and
uploadidmarker request parameters
In the response the uploads are sorted by key If your application has initiated more than one multipart
upload using the same object key then uploads in the response are first sorted by key Additionally
uploads are sorted in ascending order within each key by the upload initiation time
For more information on multipart uploads see Uploading Objects Using Multipart Upload in the
Amazon Simple Storage Service Developer Guide
For information on permissions required to use the multipart upload API see Multipart Upload API and
Permissions in the Amazon Simple Storage Service Developer Guide
Requests
Syntax
GET uploads HTTP11
Host BucketNames3amazonawscom
Date Date
Authorization authorization string
Request Parameters
Parameter Description Required
delimiter Character you use to group keys
All keys that contain the same string between the prefix if
specified and the first occurrence of the delimiter after the prefix
are grouped under a single result element CommonPrefixes
If you don't specify the prefix parameter then the substring
starts at the beginning of the key The keys that are grouped under
CommonPrefixes result element are not returned elsewhere in the
response
Type String
No
encodingtype Requests Amazon S3 to encode the response and specifies the
encoding method to use
An object key can contain any Unicode character however XML
10 parser cannot parse some characters such as characters with
No
API Version 20060301
160Amazon Simple Storage Service API Reference
Requests
Parameter Description Required
an ASCII value from 0 to 10 For characters that are not supported
in XML 10 you can add this parameter to request that Amazon S3
encode the keys in the response
Type String
Default None
Valid value url
maxuploads Sets the maximum number of multipart uploads from 1 to 1000
to return in the response body 1000 is the maximum number of
uploads that can be returned in a response
Type Integer
Default 1000
No
keymarker Together with uploadidmarker this parameter specifies the
multipart upload after which listing should begin
If uploadidmarker is not specified only the keys
lexicographically greater than the specified keymarker will be
included in the list
If uploadidmarker is specified any multipart uploads for a key
equal to the keymarker might also be included provided those
multipart uploads have upload IDs lexicographically greater than the
specified uploadidmarker
Type String
No
prefix Lists inprogress uploads only for those keys that begin with the
specified prefix You can use prefixes to separate a bucket into
different grouping of keys (You can think of using prefix to make
groups in the same way you'd use a folder in a file system)
Type String
No
uploadid
marker
Together with keymarker specifies the multipart upload after
which listing should begin If keymarker is not specified the
uploadidmarker parameter is ignored Otherwise any multipart
uploads for a key equal to the keymarker might be included in the
list only if they have an upload ID lexicographically greater than the
specified uploadidmarker
Type String
No
Request Headers
This operation uses only Request Headers common to most requests For more information see
Common Request Headers (p 3)
Request Elements
This operation does not use request elements
API Version 20060301
161Amazon Simple Storage Service API Reference
Responses
Responses
Response Headers
This operation uses only response headers that are common to most responses For more information
see Common Response Headers (p 5)
Response Elements
Name Description
ListMultipartUploadsResult Container for the response
Children Bucket KeyMarker UploadIdMarker
NextKeyMarker NextUploadIdMarker MaxUploads
Delimiter Prefix CommonPrefixes IsTruncated
Type Container
Ancestor None
Bucket Name of the bucket to which the multipart upload was
initiated
Type String
Ancestor ListMultipartUploadsResult
KeyMarker The key at or after which the listing began
Type String
Ancestor ListMultipartUploadsResult
UploadIdMarker Upload ID after which listing began
Type String
Ancestor ListMultipartUploadsResult
NextKeyMarker When a list is truncated this element specifies the value that
should be used for the keymarker request parameter in a
subsequent request
Type String
Ancestor ListMultipartUploadsResult
NextUploadIdMarker When a list is truncated this element specifies the value
that should be used for the uploadidmarker request
parameter in a subsequent request
Type String
Ancestor ListMultipartUploadsResult
EncodingType Encoding type used by Amazon S3 to encode object key
names in the XML response
If you specify encodingtype request parameter Amazon
S3 includes this element in the response and returns
encoded key name values in the following response
elements
Delimiter KeyMarker Prefix NextKeyMarker Key
Type String
Ancestor ListBucketResult
MaxUploads Maximum number of multipart uploads that could have been
included in the response
API Version 20060301
162Amazon Simple Storage Service API Reference
Responses
Name Description
Type Integer
Ancestor ListMultipartUploadsResult
IsTruncated Indicates whether the returned list of multipart uploads
is truncated A value of true indicates that the list was
truncated The list can be truncated if the number of
multipart uploads exceeds the limit allowed or specified by
MaxUploads
Type Boolean
Ancestor ListMultipartUploadsResult
Upload Container for elements related to a particular multipart
upload A response can contain zero or more Upload
elements
Type Container
Children Key UploadId InitiatorOwner
StorageClass Initiated
Ancestor ListMultipartUploadsResult
Key Key of the object for which the multipart upload was initiated
Type Integer
Ancestor Upload
UploadId Upload ID that identifies the multipart upload
Type Integer
Ancestor Upload
Initiator Container element that identifies who initiated the multipart
upload If the initiator is an AWS account this element
provides the same information as the Owner element If the
initiator is an IAM User then this element provides the user
ARN and display name
Children ID DisplayName
Type Container
Ancestor Upload
ID If the principal is an AWS account it provides the Canonical
User ID If the principal is an IAM User it provides a user
ARN value
Type String
Ancestor Initiator Owner
DisplayName Principal's name
Type String
Ancestor Initiator Owner
Owner Container element that identifies the object owner after the
object is created If multipart upload is initiated by an IAM
user this element provides a the parent account ID and
display name
Type Container
Children ID DisplayName
Ancestor Upload
API Version 20060301
163Amazon Simple Storage Service API Reference
Examples
Name Description
StorageClass The class of storage (STANDARD or REDUCED_REDUDANCY)
that will be used to store the object when the multipart upload
is complete
Type String
Ancestor Upload
Initiated Date and time at which the multipart upload was initiated
Type Date
Ancestor Upload
ListMultipartUploadsResultPrefixWhen a prefix is provided in the request this field contains
the specified prefix The result contains only keys starting
with the specified prefix
Type String
Ancestor ListMultipartUploadsResult
Delimiter Contains the delimiter you specified in the request If you
don't specify a delimiter in your request this element is
absent from the response
Type String
Ancestor ListMultipartUploadsResult
CommonPrefixes If you specify a delimiter in the request then the result
returns each distinct key prefix containing the delimiter in
a CommonPrefixes element The distinct key prefixes are
returned in the Prefix child element
Type Container
Ancestor ListMultipartUploadsResult
CommonPrefixesPrefix If the request does not include the Prefix parameter
then this element shows only the substring of the key that
precedes the first occurrence of the delimiter character
These keys are not returned anywhere else in the response
If the request includes the Prefix parameter then this
element shows the substring of the key from the beginning to
the first occurrence of the delimiter after the prefix
Type String
Ancestor CommonPrefixes
Examples
Sample Request
The following request lists three multipart uploads The request specifies the maxuploads request
parameter to set the maximum number of multipart uploads to return in the response body
GET uploads&maxuploads3 HTTP11
Host examplebuckets3amazonawscom
Date Mon 1 Nov 2010 203456 GMT
Authorization authorization string
API Version 20060301
164Amazon Simple Storage Service API Reference
Examples
Sample Response
The following sample response indicates that the multipart upload list was truncated and provides
the NextKeyMarker and the NextUploadIdMarker elements You specify these values in
your subsequent requests to read the next set of multipart uploads That is send a subsequent
request specifying keymarkermymovie2m2ts (value of the NextKeyMarker element) and
uploadidmarkerYW55IGlkZWEgd2h5IGVsdmluZydzIHVwbG9hZCBmYWlsZWQ (value of the
NextUploadIdMarker)
The sample response also shows a case of two multipart uploads in progress with the same key (my
moviem2ts) That is the response shows two uploads with the same key This response shows the
uploads sorted by key and within each key the uploads are sorted in ascending order by the time the
multipart upload was initiated
HTTP11 200 OK
xamzid2 Uuag1LuByRx9e6j5Onimru9pO4ZVKnJ2Qz7C1NPcfTWAtRPfTaOFg
xamzrequestid 656c76696e6727732072657175657374
Date Mon 1 Nov 2010 203456 GMT
ContentLength 1330
Connection keepalive
Server AmazonS3


bucket


mymoviem2ts
YW55IGlkZWEgd2h5IGVsdmluZydzIHVwbG9hZCBmYWlsZWQ<
NextUploadIdMarker>
3
true

mydivisor
XMgbGlrZSBlbHZpbmcncyBub3QgaGF2aW5nIG11Y2ggbHVjaw

arnawsiam111122223333useruser111111a3117b54fb79df5
b111111f13de
user111111a3117b54fb79df5b111111f13de


75aa57f09aa0c8caeab4f8c24e99d10f8e7faeebf76c078efc7c6caea54ba06a<
ID>
OwnerDisplayName

STANDARD
20101110T204833000Z


mymoviem2ts
VXBsb2FkIElEIGZvciBlbHZpbmcncyBteS1tb3ZpZS5tMnRzIHVwbG9hZA<
UploadId>

b1d16700c70b0b05597d7acd6a3f92be
InitiatorDisplayName


b1d16700c70b0b05597d7acd6a3f92be
API Version 20060301
165Amazon Simple Storage Service API Reference
Examples
OwnerDisplayName

STANDARD
20101110T204833000Z


mymoviem2ts
YW55IGlkZWEgd2h5IGVsdmluZydzIHVwbG9hZCBmYWlsZWQ

arnawsiam444455556666useruser122222a3117b54fb79df5
b222222f13de
user122222a3117b54fb79df5b222222f13de


b1d16700c70b0b05597d7acd6a3f92be
OwnerDisplayName

STANDARD
20101110T204933000Z


Sample Request Using the Delimiter and the Prefix
Parameters
Assume you have a multipart upload in progress for the following keys in your bucket example
bucket
photos2006Januarysamplejpg
photos2006Februarysamplejpg
photos2006Marchsamplejpg
videos2006Marchsamplewmv
samplejpg
The following list multipart upload request specifies the delimiter parameter with value
GET uploads&delimiter HTTP11
Host examplebuckets3amazonawscom
Date Mon 1 Nov 2010 203456 GMT
Authorization authorization string
The following sample response lists multipart uploads on the specified bucket examplebucket
The response returns multipart upload for the samplejpg key in an element
However because all the other keys contain the specified delimiter a distinct substring from the
beginning of the key to the first occurrence of the delimiter from each of these keys is returned in a
element The key substrings photos and videos in the
element indicate that there are one or more inprogress multipart uploads with these key prefixes
This is a useful scenario if you use key prefixes for your objects to create a logical folder like structure
In this case you can interpret the result as the folders photos and videos have one or more
multipart uploads in progress
API Version 20060301
166Amazon Simple Storage Service API Reference
Examples

examplebucket


samplejpg

Xgw4MJT6ZPAVxpY0SAuGN7q4uWJJM22ZYg1W99trdp4tpO88PT6MhO0w2E17eutfAvQfQWoajgE_W2gpcxQw



1000
false

samplejpg

Agw4MJT6ZPAVxpY0SAuGN7q4uWJJM22ZYg1N99trdp4tpO88PT6MhO0w2E17eutfAvQfQWoajgE_W2gpcxQw


314133b66967d86f031c7249d1d9a80249109428335cd0ef1cdc487b4566cb1b<
ID>
s3nickname


314133b66967d86f031c7249d1d9a80249109428335cd0ef1cdc487b4566cb1b<
ID>
s3nickname

STANDARD
20101126T192417000Z


photos


videos


In addition to the delimiter parameter you can filter results by adding a prefix parameter as shown in
the following request
GET uploads&delimiter&prefixphotos2006 HTTP11
Host examplebuckets3amazonawscom
Date Mon 1 Nov 2010 203456 GMT
Authorization authorization string
In this case the response will include only multipart uploads for keys that start with the specified prefix
The value returned in the element is a substring from the beginning of the key to
the first occurrence of the specified delimiter after the prefix


examplebucket




API Version 20060301
167Amazon Simple Storage Service API Reference
Related Actions

photos2006
1000
false

photos2006February


photos2006January


photos2006March


Related Actions
• Initiate Multipart Upload (p 324)
• Upload Part (p 333)
• Complete Multipart Upload (p 346)
• Abort Multipart Upload (p 352)
• List Parts (p 354)
API Version 20060301
168Amazon Simple Storage Service API Reference
PUT Bucket
PUT Bucket
Description
This implementation of the PUT operation creates a new bucket To create a bucket you must register
with Amazon S3 and have a valid AWS Access Key ID to authenticate requests Anonymous requests
are never allowed to create buckets By creating the bucket you become the bucket owner
Not every string is an acceptable bucket name For information on bucket naming restrictions see
Working with Amazon S3 Buckets
By default the bucket is created in the US East (N Virginia) region You can optionally specify a
region in the request body You might choose a region to optimize latency minimize costs or address
regulatory requirements For example if you reside in Europe you will probably find it advantageous to
create buckets in the EU (Ireland) region For more information see How to Select a Region for Your
Buckets
Note
If you create a bucket in a region other than US East (N Virginia) region your application
must be able to handle 307 redirect For more information go to Virtual Hosting of Buckets in
Amazon Simple Storage Service Developer Guide
When creating a bucket using this operation you can optionally specify the accounts or groups that
should be granted specific permissions on the bucket There are two ways to grant the appropriate
permissions using the request headers
• Specify a canned ACL using the xamzacl request header For more information see Canned
ACL in the Amazon Simple Storage Service Developer Guide
• Specify access permissions explicitly using the xamzgrantread xamzgrantwrite x
amzgrantreadacp xamzgrantwriteacp xamzgrantfullcontrol headers
These headers map to the set of permissions Amazon S3 supports in an ACL For more information
go to Access Control List (ACL) Overview in the Amazon Simple Storage Service Developer Guide
Note
You can use either a canned ACL or specify access permissions explicitly You cannot do
both
Requests
Syntax
PUT HTTP11
Host BucketNames3amazonawscom
ContentLength length
Date date
Authorization authorization string (see Authenticating Requests (AWS
Signature Version
4) (p 15))

BucketRegion

Note
The syntax shows some of the request headers For a complete list see the Request Headers
section
API Version 20060301
169Amazon Simple Storage Service API Reference
Requests
Note
If you send your create bucket request to the s3amazonawscom endpoint the request go
to the useast1 region Accordingly the signature calculations in Signature Version 4 must
use useast1 as region even if the location constraint in the request specifies another
region where the bucket is to be created
Request Parameters
This implementation of the operation does not use request parameters
Request Headers
This implementation of the operation can use the following request headers in addition to the request
headers common to all operations Request headers are limited to 8 KB in size For more information
see Common Request Headers (p 3)
When creating a bucket you can grant permissions to individual AWS accounts or predefined groups
defined by Amazon S3 This results in creation of the Access Control List (ACL) on the bucket For
more information see Using ACLs You have the following two ways to grant these permissions
• Specify a canned ACL — Amazon S3 supports a set of predefined ACLs known as canned ACLs
Each canned ACL has a predefined set of grantees and permissions For more information go to
Canned ACL
Name Description Required
xamzacl The canned ACL to apply to the bucket you are creating For
more information go to Canned ACL in the Amazon Simple
Storage Service Developer Guide
Type String
Valid Values private | publicread | publicread
write | awsexecread | authenticatedread |
bucketownerread | bucketownerfullcontrol
No
• Specify access permissions explicitly — If you want to explicitly grant access permissions to
specific AWS accounts or groups you use the following headers Each of these headers maps to
specific permissions Amazon S3 supports in an ACL For more information go to Access Control List
(ACL) Overview In the header value you specify a list of grantees who get the specific permission
Name Description Required
xamzgrant
read
Allows grantee to list the objects in the bucket
Type String
Default None
Constraints None
No
xamzgrant
write
Allows grantee to create overwrite and delete any object in the
bucket
Type String
Default None
Constraints None
No
xamzgrant
readacp
Allows grantee to read the bucket ACL
Type String
Default None
No
API Version 20060301
170Amazon Simple Storage Service API Reference
Requests
Name Description Required
Constraints None
xamzgrant
writeacp
Allows grantee to write the ACL for the applicable bucket
Type String
Default None
Constraints None
No
xamzgrant
fullcontrol
Allows grantee the READ WRITE READ_ACP and
WRITE_ACP permissions on the bucket
Type String
Default None
Constraints None
No
You specify each grantee as a typevalue pair where the type can be one of the following
• emailAddress — if value specified is the email address of an AWS account
• id — if value specified is the canonical user ID of an AWS account
• uri — if granting permission to a predefined group
For example the following xamzgrantread header grants list objects permission to the AWS
accounts identified by their email addresses
xamzgrantread emailAddressxyz@amazoncom
emailAddressabc@amazoncom
For more information see ACL Overview
Request Elements
Name Description Required
CreateBucketConfiguration Container for bucket configuration settings
Type Container
Ancestor None
No
LocationConstraint Specifies the region where the bucket will be
created If you are creating a bucket on the US
East (N Virginia) region (useast1) you do not
need to specify the location constraint For more
information about region endpoints and location
constraints go to Regions and Endpoints in the
AWS General Reference
Type Enum
Valid Values [ uswest1 | uswest2 | EU or eu
west1 | eucentral1 | apsouth1 | apsoutheast1
| apsoutheast2 | apnortheast1 | apnortheast2
| saeast1 ]
Default US East (N Virginia) region
Ancestor CreateBucketConfiguration
No
API Version 20060301
171Amazon Simple Storage Service API Reference
Examples
Response Elements
This implementation of the operation does not return response elements
Special Errors
This implementation of the operation does not return special errors For general information about
Amazon S3 errors and a list of error codes see Error Responses (p 7)
Examples
Sample Request
This request creates a bucket named colorpictures
PUT HTTP11
Host colorpicturess3amazonawscom
ContentLength 0
Date Wed 01 Mar 2006 120000 GMT
Authorization authorization string
Sample Response
HTTP11 200 OK
xamzid2 YgIPIfBiKa2bj0KMg95r0zo3emzU4dzsD4rcKCHQUAdQkf3ShJTOOpXUueF6QKo
xamzrequestid 236A8905248E5A01
Date Wed 01 Mar 2006 120000 GMT
Location colorpictures
ContentLength 0
Connection close
Server AmazonS3
Sample Request Setting the region of a bucket
The following request sets the region the bucket to EU
PUT HTTP11
Host bucketNames3amazonawscom
Date Wed 12 Oct 2009 175000 GMT
Authorization authorization string
ContentType textplain
ContentLength 124

EU


API Version 20060301
172Amazon Simple Storage Service API Reference
Related Resources
Sample Response
Sample Request Creating a bucket and configuring access
permission using a canned ACL
This request creates a bucket named colorpictures and sets the ACL to private
PUT HTTP11
Host colorpicturess3amazonawscom
ContentLength 0
xamzacl private
Date Wed 01 Mar 2006 120000 GMT
Authorization authorization string
Sample Response
HTTP11 200 OK
xamzid2 YgIPIfBiKa2bj0KMg95r0zo3emzU4dzsD4rcKCHQUAdQkf3ShJTOOpXUueF6QKo
xamzrequestid 236A8905248E5A01
Date Wed 01 Mar 2006 120000 GMT
Location colorpictures
ContentLength 0
Connection close
Server AmazonS3
Sample Request Creating a bucket and configuring access
permissions explicitly
This request creates a bucket named colorpictures and grants WRITE permission to the AWS
account identified by an email address
PUT HTTP11
Host colorpicturess3amazonawscom
xamzdate Sat 07 Apr 2012 005440 GMT
Authorization authorization string
xamzgrantwrite emailAddressxyz@amazoncom
emailAddressabc@amazoncom
Sample Response
HTTP11 200 OK
Related Resources
• PUT Object (p 291)
• DELETE Bucket (p 72)
API Version 20060301
173Amazon Simple Storage Service API Reference
PUT Bucket accelerate
PUT Bucket accelerate
Description
This implementation of the PUT operation uses the accelerate subresource to set the Transfer
Acceleration state of an existing bucket Amazon S3 Transfer Acceleration is a bucketlevel feature that
enables you to perform faster data transfers to Amazon S3
To use this operation you must have permission to perform the s3PutAccelerateConfiguration
action The bucket owner has this permission by default The bucket owner can grant this permission
to others For more information about permissions see Permissions Related to Bucket Subresource
Operations and Managing Access Permissions to Your Amazon S3 Resources in the Amazon Simple
Storage Service Developer Guide
The Transfer Acceleration state of a bucket can be set to one of the following two values
• Enabled – Enables accelerated data transfers to the bucket
• Suspended – Disables accelerated data transfers to the bucket
The GET Bucket accelerate (p 104) operation returns the transfer acceleration state of a bucket
After setting the Transfer Acceleration state of a bucket to Enabled it might take up to thirty minutes
before the data transfer rates to the bucket increase
The name of the bucket used for Transfer Acceleration must be DNScompliant and must not contain
periods ()
For more information about transfer acceleration see Transfer Acceleration in the Amazon Simple
Storage Service Developer Guide
Requests
Syntax
PUT accelerate HTTP11
Host bucketnames3amazonawscom
ContentLength length
Date date
Authorization authorization string (see Authenticating Requests (AWS
Signature Version
4) (p 15))
Transfer acceleration configuration in the request body
Request Parameters
This implementation of the operation does not use request parameters
Request Headers
This implementation of the operation uses only request headers that are common to all operations For
more information see Common Request Headers (p 3)
API Version 20060301
174Amazon Simple Storage Service API Reference
Responses
Request Body
In the request you specify the acceleration configuration in the request body The acceleration
configuration is specified as XML The following is an example of an acceleration configuration used
in a request The Status indicates whether to set the transfer acceleration state to Enabled or
Suspended

transfer acceleration state

The following table describes the XML elements in the acceleration configuration
Name Description Required
AccelerateConfiguration Container for setting the transfer acceleration state
Type Container
Children Status
Ancestor None
Yes
Status Sets the transfer acceleration state of the bucket
Type Enum
Valid Values Enabled | Suspended
Ancestor AccelerateConfiguration
Yes
Responses
Response Headers
This implementation of the operation uses only response headers that are common to most responses
For more information see Common Response Headers (p 5)
Response Elements
This implementation of the operation does not return response elements
Special Errors
This implementation of the operation does not return special errors For general information about
Amazon S3 errors and a list of error codes see Error Responses (p 7)
Examples
Example 1 Add Transfer Acceleration Configuration to Set
Acceleration Status
The following is an example of a PUT accelerate request that enables transfer acceleration for
the bucket named examplebucket
PUT accelerate HTTP11
Host examplebuckets3amazonawscom
API Version 20060301
175Amazon Simple Storage Service API Reference
Related Resources
Date Mon 11 Apr 2016 120000 GMT
Authorization authorization string
ContentType textplain
ContentLength length


Enabled

The following is an example response
HTTP11 200 OK
xamzid2 YgIPIfBiKa2bj0KMg95r0zo3emzU4dzsD4rcKCHQUAdQkf3ShJTOOpXUueF6QKo
xamzrequestid 236A8905248E5A01
Date Mon 11 Apr 2016 120000 GMT
ContentLength 0
Server AmazonS3
Related Resources
• GET Bucket accelerate (p 104)
• PUT Bucket (p 169)
API Version 20060301
176Amazon Simple Storage Service API Reference
PUT Bucket acl
PUT Bucket acl
Description
This implementation of the PUT operation uses the acl subresource to set the permissions on an
existing bucket using access control lists (ACL) For more information go to Using ACLs To set the
ACL of a bucket you must have WRITE_ACP permission
You can use one of the following two ways to set a bucket's permissions
• Specify the ACL in the request body
• Specify permissions using request headers
Note
You cannot specify access permission using both the body and the request headers
Depending on your application needs you may choose to set the ACL on a bucket using either the
request body or the headers For example if you have an existing application that updates a bucket
ACL using the request body then you can continue to use that approach
Requests
Syntax
The following request shows the syntax for sending the ACL in the request body If you want to use
headers to specify the permissions for the bucket you cannot send the ACL in the request body
Instead see Request Headers section for a list of headers you can use
PUT acl HTTP11
Host BucketNames3amazonawscom
Date date
Authorization authorization string (see Authenticating Requests (AWS
Signature Version
4) (p 15))


ID
EmailAddress



xsitypeCanonicalUser>
ID
EmailAddress

Permission




API Version 20060301
177Amazon Simple Storage Service API Reference
Requests
Request Parameters
This implementation of the operation does not use request parameters
Request Headers
You can use the following request headers in addition to the Common Request Headers (p 3)
These headers enable you to set access permissions using one of the following methods
• Specify a canned ACL or
• Specify the permission for each grantee explicitly
Amazon S3 supports a set of predefined ACLs known as canned ACLs Each canned ACL has a
predefined set of grantees and permissions For more information see Canned ACL To grant access
permissions by specifying canned ACLs you use the following header and specify the canned ACL
name as its value If you use this header you cannot use other access control specific headers in your
request
Name Description Required
xamzacl Sets the ACL of the bucket using the specified canned ACL
For more information go to Canned ACL in the Amazon Simple
Storage Service Developer Guide
Type String
Valid Values private | publicread | publicreadwrite |
authenticatedread
Default private
No
If you need to grant individualized access permissions on a bucket you can use the following xamz
grantpermission headers When using these headers you specify explicit access permissions and
grantees (AWS accounts or a Amazon S3 groups) who will receive the permission If you use these
ACL specific headers you cannot use xamzacl header to set a canned ACL
Note
Each of the following request headers maps to specific permissions Amazon S3 supports in
an ACL For more information go to Access Control List (ACL) Overview
Name Description Required
xamzgrant
read
Allows the specified grantee(s) to list the objects in the bucket
Type String
Default None
Constraints None
No
xamzgrant
write
Allows the specified grantee(s) to create overwrite and delete
any object in the bucket
Type String
Default None
Constraints None
No
xamzgrant
readacp
Allows the specified grantee(s) to read the bucket ACL
Type String
Default None
No
API Version 20060301
178Amazon Simple Storage Service API Reference
Requests
Name Description Required
Constraints None
xamzgrant
writeacp
Allows the specified grantee(s) to write the ACL for the applicable
bucket
Type String
Default None
Constraints None
No
xamzgrant
fullcontrol
Allows the specified grantee(s) the READ WRITE READ_ACP
and WRITE_ACP permissions on the bucket
Type String
Default None
Constraints None
No
For each of these headers the value is a commaseparated list of one or more grantees You specify
each grantee as a typevalue pair where the type can be one of the following
• emailAddress — if value specified is the email address of an AWS account
• id — if value specified is the canonical User ID of an AWS account
• uri — if granting permission to a predefined Amazon S3 group
For example the following xamzgrantwrite header grants create overwrite and delete objects
permission to LogDelivery group predefined by Amazon S3 and two AWS accounts identified by
their email addresses
xamzgrantwrite urihttpacsamazonawscomgroupss3LogDelivery
emailAddressxyz@amazoncom emailAddressabc@amazoncom
For more information go to Access Control List (ACL) Overview For more information about bucket
logging go to Server Access Logging
Request Elements
If you decide to use the request body to specify an ACL you must use the following elements
Note
If you request the request body you cannot use the request headers to set an ACL
Name Description Required
AccessControlList Container for Grant Grantee and Permission
Type Container
Ancestors AccessControlPolicy
No
AccessControlPolicy Contains the elements that set the ACL permissions for an
object per grantee
Type String
Ancestors None
No
DisplayName Screen name of the bucket owner No
API Version 20060301
179Amazon Simple Storage Service API Reference
Requests
Name Description Required
Type String
Ancestors AccessControlPolicyOwner
Grant Container for the grantee and his or her permissions
Type Container
Ancestors
AccessControlPolicyAccessControlList
No
Grantee The subject whose permissions are being set For more
information see Grantee Values (p 180)
Type String
Ancestors
AccessControlPolicyAccessControlListGrant
No
ID ID of the bucket owner or the ID of the grantee
Type String
Ancestors AccessControlPolicyOwner |
AccessControlPolicyAccessControlListGrant
No
Owner Container for the bucket owner's display name and ID
Type Container
Ancestors AccessControlPolicy
No
Permission Specifies the permission given to the grantee
Type String
Valid Values FULL_CONTROL | WRITE | WRITE_ACP |
READ | READ_ACP
Ancestors
AccessControlPolicyAccessControlListGrant
No
Grantee Values
You can specify the person (grantee) to whom you're assigning access rights (using request elements)
in the following ways
• By the person's ID
xsitypeCanonicalUser>IDGranteesEmail<
DisplayName>

DisplayName is optional and ignored in the request
• By Email address
xsitypeAmazonCustomerByEmail>Grantees@emailcom<
EmailAddress>ltGrantee>
The grantee is resolved to the CanonicalUser and in a response to a GET Object acl request
appears as the CanonicalUser
• By URI
API Version 20060301
180Amazon Simple Storage Service API Reference
Responses
xsitypeGroup>httpacsamazonawscomgroupsglobal
AuthenticatedUsers
Responses
Response Headers
The operation returns response header that are common to most responses For more information see
Common Response Headers (p 5)
Response Elements
This operation does not return response elements
Special Errors
This operation does not return special errors For general information about Amazon S3 errors and a
list of error codes see Error Responses (p 7)
Examples
Sample Request Access permissions specified in the body
The following request grants access permission to the existing examplebucket bucket The request
specifies the ACL in the body In addition to granting full control to the bucket owner the XML specifies
the following grants
• Grant AllUsers group READ permission on the bucket
• Grant the LogDelivery group WRITE permission on the bucket
• Grant an AWS account identified by email address WRITE_ACP permission
• Grant an AWS account identified by canonical user ID READ_ACP permission
PUT acl HTTP11
Host examplebuckets3amazonawscom
ContentLength 1660
xamzdate Thu 12 Apr 2012 200421 GMT
Authorization authorization string


852b113e7a2f25102679df27bb0ae12b3f85be6BucketOwnerCanonicalUserID<
ID>
OwnerDisplayName



xsitypeCanonicalUser>

852b113e7a2f25102679df27bb0ae12b3f85be6BucketOwnerCanonicalUserID
API Version 20060301
181Amazon Simple Storage Service API Reference
Examples
OwnerDisplayName

FULL_CONTROL


xsitypeGroup>
httpacsamazonawscomgroupsglobalAllUsers

READ


xsitypeGroup>
httpacsamazonawscomgroupss3LogDelivery

WRITE


xsitypeAmazonCustomerByEmail>
xyz@amazoncom

WRITE_ACP


xsitypeCanonicalUser>
xmlns>f30716ab7115dcb44a5ef76e9d74b8e20567f63TestAccountCanonicalUserID<
ID>

READ_ACP



Sample Response
HTTP11 200 OK
xamzid2 NxqO3PNiMHXXGwjgv15LLgUoAmPVmG0xtZw2sxePXLhpIvcyouXDrcQUaWWXcOK0
xamzrequestid C651BC9B4E1BD401
Date Thu 12 Apr 2012 200428 GMT
ContentLength 0
Server AmazonS3
Sample Request Access permissions specified using headers
The following request uses ACLspecific request headers to grant the following permissions
• Write permission to the Amazon S3 LogDelivery group and an AWS account identified by the
email xyz@amazoncom
• Read permission to the Amazon S3 AllUsers group
PUT acl HTTP11
API Version 20060301
182Amazon Simple Storage Service API Reference
Related Resources
Host examplebuckets3amazonawscom
xamzdate Sun 29 Apr 2012 220057 GMT
xamzgrantwrite urihttpacsamazonawscomgroupss3LogDelivery
emailAddressxyz@amazoncom
xamzgrantread urihttpacsamazonawscomgroupsglobalAllUsers
Accept **
Authorization authorization string
Sample Response
HTTP11 200 OK
xamzid2 0w9iImt23VF9s6QofOTDzelF7mrryz7d04Mw23FQCi4O205Zw28Zn+d340RytoQ
xamzrequestid A6A8F01A38EC7138
Date Sun 29 Apr 2012 220110 GMT
ContentLength 0
Server AmazonS3
Related Resources
• PUT Bucket (p 169)
• DELETE Bucket (p 72)
• GET Object ACL (p 262)
API Version 20060301
183Amazon Simple Storage Service API Reference
PUT Bucket cors
PUT Bucket cors
Description
Sets the cors configuration for your bucket If the configuration exists Amazon S3 replaces it
To use this operation you must be allowed to perform the s3PutBucketCORS action By default the
bucket owner has this permission and can grant it to others
You set this configuration on a bucket so that the bucket can service crossorigin requests For
example you might want to enable a request whose origin is httpwwwexamplecom to access
your Amazon S3 bucket at myexamplebucketcom by using the browser's XMLHttpRequest
capability
To enable crossorigin resource sharing (CORS) on a bucket you add the cors subresource to the
bucket The cors subresource is an XML document in which you configure rules that identify origins
and the HTTP methods that can be executed on your bucket The document is limited to 64 KB in size
For example the following cors configuration on a bucket has two rules
• The first CORSRule allows crossorigin PUT POST and DELETE requests whose origin is
httpswwwexamplecom origins The rule also allows all headers in a preflight OPTIONS
request through the AccessControlRequestHeaders header Therefore in response to any
preflight OPTIONS request Amazon S3 will return any requested headers
• The second rule allows crossorigin GET requests from all the origins The '*' wildcard character
refers to all origins


httpwwwexamplecom
PUT
POST
DELETE
*


*
GET


The cors configuration also allows additional optional configuration parameters as shown in the
following cors configuration on a bucket For example this cors configuration allows crossorigin PUT
and POST requests from httpwwwexamplecom


httpwwwexamplecom
PUT
POST
DELETE
*
3000
xamzserversideencryption
API Version 20060301
184Amazon Simple Storage Service API Reference
Requests


In the preceding configuration CORSRule includes the following additional optional parameters
• MaxAgeSeconds—Specifies the time in seconds that the browser will cache an Amazon S3
response to a preflight OPTIONS request for the specified resource In this example this parameter
is 3000 seconds Caching enables the browsers to avoid sending preflight OPTIONS request to
Amazon S3 for repeated requests
• ExposeHeader—Identifies the response header (in this case xamzserversideencryption)
that you want customers to be able to access from their applications (for example from a JavaScript
XMLHttpRequest object)
When Amazon S3 receives a crossorigin request (or a preflight OPTIONS request) against a bucket
it evaluates the cors configuration on the bucket and uses the first CORSRule rule that matches the
incoming browser request to enable a crossorigin request For a rule to match the following conditions
must be met
• The request's Origin header must match AllowedOrigin elements
• The request method (for example GET PUT HEAD and so on) or the AccessControl
RequestMethod header in case of a preflight OPTIONS request must be one of the
AllowedMethod elements
• Every header specified in the AccessControlRequestHeaders request header of a preflight
request must match an AllowedHeader element
For more information about CORS go to Enabling CrossOrigin Resource Sharing in the Amazon
Simple Storage Service Developer Guide
Requests
Syntax
PUT cors HTTP11
Host bucketnames3amazonawscom
ContentLength length
Date date
Authorization authorization string (see Authenticating Requests (AWS
Signature Version
4) (p 15))
ContentMD5 MD5


Origin you want to allow crossdomain requests from<
AllowedOrigin>


HTTP method


Time in seconds your browser to cache the preflight
OPTIONS response for a resource
Headers that you want the browser to be allowed to send<
AllowedHeader>
API Version 20060301
185Amazon Simple Storage Service API Reference
Requests


Headers in the response that you want accessible from
client application








Request Parameters
This implementation of the operation does not use request parameters
Request Headers
Name Description Required
ContentMD5 The base64encoded 128bit MD5 digest of the data This header
must be used as a message integrity check to verify that the
request body was not corrupted in transit For more information go
to RFC 1864
Type String
Default None
Yes
Request Elements
Name Description Required
CORSConfigurationContainer for up to 100 CORSRules elements
Type Container
Children CORSRules
Ancestor None
Yes
CORSRule A set of origins and methods (crossorigin access that
you want to allow) You can add up to 100 rules to the
configuration
Type Container
Children AllowedOrigin AllowedMethod
MaxAgeSeconds ExposeHeader ID
Ancestor CORSConfiguration
Yes
ID A unique identifier for the rule The ID value can be up to
255 characters long The IDs help you find a rule in the
configuration
Type String
Ancestor CORSRule
No
AllowedMethod An HTTP method that you want to allow the origin to
execute
Yes
API Version 20060301
186Amazon Simple Storage Service API Reference
Responses
Name Description Required
Each CORSRule must identify at least one origin and one
method
Type Enum (GET PUT HEAD POST DELETE)
Ancestor CORSRule
AllowedOrigin An origin that you want to allow crossdomain requests from
This can contain at most one * wild character
Each CORSRule must identify at least one origin and one
method
The origin value can include at most one '*' wild character
For example http*examplecom You can also specify
only * as the origin value allowing all origins crossdomain
access
Type String
Ancestor CORSRule
Yes
AllowedHeader Specifies which headers are allowed in a preflight
OPTIONS request via the AccessControlRequest
Headers header Each header name specified in the
AccessControlRequestHeaders header must have
a corresponding entry in the rule Amazon S3 will send only
the allowed headers in a response that were requested
This can contain at most one * wild character
Type String
Ancestor CORSRule
No
MaxAgeSeconds The time in seconds that your browser is to cache the
preflight response for the specified resource
A CORSRule can have at most one MaxAgeSeconds
element
Type Integer (seconds)
Ancestor CORSRule
No
ExposeHeader One or more headers in the response that you want
customers to be able to access from their applications (for
example from a JavaScript XMLHttpRequest object)
You add one ExposeHeader element in the rule for each
header
Type String
Ancestor CORSRule
No
Responses
Response Headers
This implementation of the operation uses only response headers that are common to most responses
For more information see Common Response Headers (p 5)
Response Elements
This implementation of the operation does not return response elements
API Version 20060301
187Amazon Simple Storage Service API Reference
Examples
Special Errors
This implementation of the operation does not return special errors For general information about
Amazon S3 errors and a list of error codes see Error Responses (p 7)
Examples
The following examples add the cors subresource to a bucket
Example Configure cors
Sample Request
The following PUT request adds the cors subresource to a bucket (examplebucket)
PUT cors HTTP11
Host examplebuckets3amazonawscom
xamzdate Tue 21 Aug 2012 175450 GMT
ContentMD5 8dYiLewFWZyGgV2Q5FNI4W
Authorization authorization string
ContentLength 216


httpwwwexamplecom
PUT
POST
DELETE
*
3000
xamzserversideencryption


*
GET
*
3000


Sample Response
HTTP11 200 OK
xamzid2 CCshOvbOPfxzhwOADyC4qHjCk3F9Q0viXKw3rivZ+GcBoZSOOahvEJfPisZB7B
xamzrequestid BDC4B83DF5096BBE
Date Tue 21 Aug 2012 175450 GMT
Server AmazonS3
Related Resources
• GET Bucket cors (p 110)
• DELETE Bucket cors (p 74)
• OPTIONS object (p 276)
API Version 20060301
188Amazon Simple Storage Service API Reference
Related Resources
API Version 20060301
189Amazon Simple Storage Service API Reference
PUT Bucket lifecycle
PUT Bucket lifecycle
Description
Creates a new lifecycle configuration for the bucket or replaces an existing lifecycle configuration For
information about lifecycle configuration go to Object Lifecycle Management in the Amazon Simple
Storage Service Developer Guide
Permissions
By default all Amazon S3 resources are private including buckets objects and related subresources
(for example lifecycle configuration and website configuration) Only the resource owner (that is
the AWS account that created it) can access the resource The resource owner can optionally grant
access permissions to others by writing an access policy For this operation a user must get the
s3PutLifecycleConfiguration permission
You can also explicitly deny permissions Explicit deny also supersedes any other permissions If you
want to block users or accounts from removing or deleting objects from your bucket you must deny
them permissions for the following actions
• s3DeleteObject
• s3DeleteObjectVersion
• s3PutLifecycleConfiguration
For more information about permissions see Managing Access Permissions to Your Amazon S3
Resources in the Amazon Simple Storage Service Developer Guide
Requests
Syntax
PUT lifecycle HTTP11
Host bucketnames3amazonawscom
ContentLength length
Date date
Authorization authorization string
ContentMD5 MD5
Lifecycle configuration in the request body
For details about authorization string see Authenticating Requests (AWS Signature Version
4) (p 15)
Request Parameters
This implementation of the operation does not use request parameters
Request Headers
Name Description Required
ContentMD5 The base64encoded 128bit MD5 digest of the
data This header must be used as a message
integrity check to verify that the request body was
Yes
API Version 20060301
190Amazon Simple Storage Service API Reference
Requests
Name Description Required
not corrupted in transit For more information go
to RFC 1864
Type String
Default None
Request Body
In the request you specify lifecycle configuration in the request body The lifecycle configuration is
specified as XML The following is an introductory example lifecycle configuration skeleton It specifies
one rule The Prefix in the rule identifies objects to which the rule applies The rule also specifies two
actions (Transitionand Expiration) Each action specifies a timeline when you want Amazon S3
to perform the action The Status indicates whether the rule is enabled or disabled


samplerule
keyprefix
rulestatus

value
storage class


value



If the state of your bucket is versioningenabled or versioningsuspended you can have many
versions of the same object one current version and zero or more noncurrent versions The
following lifecycle configuration specifies the actions (NoncurrentVersionTransition
NoncurrentVersionExpiration) that are specific to noncurrent object versions


samplerule
keyprefix
rulestatus

value
storage class


value



You can use the multipart upload API to upload large objects in parts For more information about
multipart uploads see Multipart Upload Overview in the Amazon Simple Storage Service Developer
Guide Using lifecycle configuration you can direct Amazon S3 to abort incomplete multipart uploads
(identified by the key name prefix specified in the rule) if they don't complete within a specified
API Version 20060301
191Amazon Simple Storage Service API Reference
Requests
number of days after initiation When Amazon S3 aborts a multipart upload it deletes all parts
associated with the multipart upload This ensures that you don't have incomplete multipart uploads
with parts that are stored in Amazon S3 and therefore you don't have to pay any storage costs
for these parts The following is an example lifecycle configuration that specifies a rule with the
AbortIncompleteMultipartUpload action This action requests Amazon S3 to abort incomplete
multipart uploads seven days after initiation


samplerule
SomeKeyPrefix
rulestatus

7



The following table describes the XML elements in the lifecycle configuration
Name Description Required
AbortIncompleteMultipartUploadContainer for specifying when an incomplete
multipart upload becomes eligible for an abort
operation
Child DaysAfterInitiation
Type Container
Ancestor Rule
Yes if no
other action
is specified
for the rule
Date Specifies the date after which you want the
corresponding action to take effect When the
action is in effect Amazon S3 performs the
specific action on the applicable objects as they
appear in the bucket (you identify applicable
objects in the lifecycle Rule in which the action
is defined)
For example suppose you add a Transition
action to take effect on December 31 2014
Suppose this action applies to objects with key
prefix documents When the action takes
effect on this date Amazon S3 transitions
existing applicable objects to the GLACIER
storage class As long as the action is in effects
Amazon S3 transitions any new objects even
after December 31 2014
The date value must conform to the ISO 8601
format The time is always midnight UTC
Type String
Ancestor Expiration or Transition
Yes if
Days and
ExpiredObjectDeleteMarker
are absent
Days Specifies the number of days after object
creation when the specific rule action takes
effect
Type Nonnegative Integer when used with
Transition Positive Integer when used with
Expiration
Yes if
Date and
ExpiredObjectDeleteMarker
are absent
API Version 20060301
192Amazon Simple Storage Service API Reference
Requests
Name Description Required
Ancestor Expiration Transition
DaysAfterInitiation Specifies the number of days after initiating a
multipart upload when the multipart upload must
be completed If it does not complete by the
specified number of days it becomes eligible for
an abort operation and Amazon S3 aborts the
incomplete multipart upload
Type Positive Integer
Ancestor
AbortIncompleteMultipartUpload
Yes if
parent tag is
specified
Expiration This action specifies a period in an object's
lifetime when Amazon S3 should take the
appropriate expiration action The action
Amazon S3 takes depends on whether the
bucket is versioningenabled
• If versioning has never been enabled on the
bucket Amazon S3 deletes the only copy of
the object permanently
• Otherwise if your bucket is versioning
enabled (or versioning is suspended) the
action applies only to the current version of
the object A versioningenabled bucket can
have many versions of the same object one
current version and zero or more noncurrent
versions
Instead of deleting the current version
Amazon S3 makes it a noncurrent version by
adding a delete marker as the new current
version
Important
If your bucket state is versioning
suspended Amazon S3 creates a
delete marker with version ID null
If you have a version with version ID
null then Amazon S3 overwrites
that version
Note
To set expiration for noncurrent
objects you must use the
NoncurrentVersionExpiration
action
Type Container
Children Days or Date
Ancestor Rule
Yes if no
other action
is present in
the Rule
API Version 20060301
193Amazon Simple Storage Service API Reference
Requests
Name Description Required
ID Unique identifier for the rule The value cannot
be longer than 255 characters
Type String
Ancestor Rule
No
LifecycleConfiguration Container for lifecycle rules You can add as
many as 1000 rules
Type Container
Children Rule
Ancestor None
Yes
ExpiredObjectDeleteMarker On a versioned bucket (versioningenabled or
versioningsuspended bucket) you can add this
element in the lifecycle configuration to direct
Amazon S3 to delete expired object delete
markers For an example go to Example 8
Removing Expired Object Delete Markers in
the Amazon Simple Storage Service Developer
Guide On a nonversioned bucket adding this
element in a policy is meaningless because you
cannot have delete markers and the element
will not do anything
Type String
Valid values true | false (the value false is
allowed but it is noop and Amazon S3 will not
take action if the value is false)
Ancestor Expiration
Yes if Date
and Days
are absent
NoncurrentDays Specifies the number of days an object is
noncurrent before Amazon S3 can perform the
associated action For information about the
noncurrent days calculations see How Amazon
S3 Calculates When an Object Became
Noncurrent in the Amazon Simple Storage
Service Developer Guide
Type Nonnegative Integer when used
with NoncurrentVersionTransition
Positive Integer when used with
NoncurrentVersionExpiration
Ancestor NoncurrentVersionExpiration
or NoncurrentVersionTransition
Yes
API Version 20060301
194Amazon Simple Storage Service API Reference
Requests
Name Description Required
NoncurrentVersionExpiration Specifies when noncurrent object versions
expire Upon expiration Amazon S3
permanently deletes the noncurrent object
versions
You set this lifecycle configuration action
on a bucket that has versioning enabled (or
suspended) to request that Amazon S3 delete
noncurrent object versions at a specific period in
the object's lifetime
Type Container
Children NoncurrentDays
Ancestor Rule
Yes if no
other action
is present in
the Rule
NoncurrentVersionTransition Container for the transition rule that describes
when noncurrent objects transition to the
STANDARD_IA or GLACIER storage class
If your bucket is versioningenabled (or
versioning is suspended) you can set this
action to request that Amazon S3 transition
noncurrent object versions at a specific period in
the object's lifetime
Type Container
Children NoncurrentDays and StorageClass
Ancestor Rule
Yes if no
other action
is present in
the Rule
Prefix Object key prefix identifying one or more objects
to which the rule applies
Type String
Ancestor Rule
Yes
Rule Container for a lifecycle rule A lifecycle
configuration can contain as many as 1000
rules
Type Container
AncestorLifecycleConfiguration
Yes
Status If Enabled Amazon S3 executes the rule as
scheduled If Disabled Amazon S3 ignores the
rule
Type String
Ancestor Rule
Valid values Enabled Disabled
Yes
StorageClass Specifies the Amazon S3 storage class to which
you want the object to transition
Type String
Ancestor Transition and
NoncurrentVersionTransition
Valid values STANDARD_IA | GLACIER
Yes
This element
is required
only if you
specify one
or both its
ancestors
API Version 20060301
195Amazon Simple Storage Service API Reference
Responses
Name Description Required
Transition This action specifies a period in the objects'
lifetime when Amazon S3 should transition
them to the STANDARD_IA or the GLACIER
storage class When this action is in effect
what Amazon S3 does depends on whether the
bucket is versioningenabled
• If versioning has never been enabled on the
bucket Amazon S3 transitions the only copy
of the object to the specified storage class
• Otherwise when your bucket is versioning
enabled (or versioning is suspended) Amazon
S3 transitions only the current versions of
objects identified in the rule
Note
A versioningenabled bucket
can have many versions of
an object This action has no
impact on the noncurrent object
versions To transition noncurrent
objects you must use the
NoncurrentVersionTransition
action
Type Container
Children Days or Date and StorageClass
Ancestor Rule
Yes if no
other action
is present in
the Rule
Responses
Response Headers
This implementation of the operation uses only response headers that are common to most responses
For more information see Common Response Headers (p 5)
Response Elements
This implementation of the operation does not return response elements
Special Errors
This implementation of the operation does not return special errors For general information about
Amazon S3 errors and a list of error codes see Error Responses (p 7)
Examples
Example 1 Add lifecycle configuration bucket not versioning
enabled
The following lifecycle configuration specifies two rules each with one action
API Version 20060301
196Amazon Simple Storage Service API Reference
Examples
• The Transition action requests Amazon S3 to transition objects with the documents prefix to the
GLACIER storage class 30 days after creation
• The Expiration action requests Amazon S3 to delete objects with the logs prefix 365 days after
creation


id1
documents
Enabled

30
GLACIER



id2
logs
Enabled

365



The following is a sample PUT lifecycle request that adds the preceding lifecycle configuration to
the examplebucket bucket
PUT lifecycle HTTP11
Host examplebuckets3amazonawscom
xamzdate Wed 14 May 2014 021121 GMT
ContentMD5 q6yJDlIkcBaGGfb3QLY69A
Authorization authorization string
ContentLength 415


id1
documents
Enabled

30
GLACIER



id2
logs
Enabled

365



API Version 20060301
197Amazon Simple Storage Service API Reference
Examples
The following is a sample response
HTTP11 200 OK
xamzid2 r+qR7+nhXtJDDIJ0JJYcd+1j5nMrUFiiiZfNbDOsd3JUE8NWMLNHXmvPfwMpdc
xamzrequestid 9E26D08072A8EF9E
Date Wed 14 May 2014 021122 GMT
ContentLength 0
Server AmazonS3
Example 2 Add lifecycle configuration bucket is versioning
enabled
The following lifecycle configuration specifies two rules each with one action for Amazon S3 to
perform You specify these actions when your bucket is versioningenabled or versioning is suspended
• The NoncurrentVersionExpiration action requests Amazon S3 to expire noncurrent versions of
objects with the logs prefix 100 days after the objects become noncurrent
• The NoncurrentVersionTransition action requests Amazon S3 to transition noncurrent
versions of objects with the documents prefix to the GLACIER storage class 30 days after they
become noncurrent


DeleteAfterBecomingNonCurrent
logs
Enabled

100



TransitionAfterBecomingNonCurrent
documents
Enabled

30
GLACIER



The following is a sample PUT lifecycle request that adds the preceding lifecycle configuration to
the examplebucket bucket
PUT lifecycle HTTP11
Host examplebuckets3amazonawscom
xamzdate Wed 14 May 2014 022148 GMT
ContentMD5 96rxH9mDqVNKkaZDddgnw
Authorization authorization string
ContentLength 598


DeleteAfterBecomingNonCurrent
logs
API Version 20060301
198Amazon Simple Storage Service API Reference
Related Resources
Enabled

1



TransitionSoonAfterBecomingNonCurrent
documents
Enabled

0
GLACIER



The following is a sample response
HTTP11 200 OK
xamzid2 aXQ+KbIrmMmoO3bMdDTwCnjArwje+J49Hf+j44yRbVmbIkgIO5A
+PT98Cp6k07hf+LD2mY
xamzrequestid 02D7EC4C10381EB1
Date Wed 14 May 2014 022150 GMT
ContentLength 0
Server AmazonS3
Additional Examples
Lifecycle configuration topic in the developer guide provides additional examples of transitioning
objects to storage classes such as STANDARD_IA For more information go to Examples of Lifecycle
Configuration
Related Resources
• GET Bucket lifecycle (p 113)
• POST Object restore (p 288)
• By default a resource owner in this case a bucket owner (the AWS account that created the
bucket) can perform any of the operations and can also grant others permission to perform the
operation For more information see the following topics in the Amazon Simple Storage Service
Developer Guide
• Specifying Permissions in a Policy
• Managing Access Permissions to Your Amazon S3 Resources
API Version 20060301
199Amazon Simple Storage Service API Reference
PUT Bucket policy
PUT Bucket policy
Description
This implementation of the PUT operation uses the policy subresource to add to or replace a policy
on a bucket If the bucket already has a policy the one in this request completely replaces it To
perform this operation you must be the bucket owner
If you are not the bucket owner but have PutBucketPolicy permissions on the bucket Amazon S3
returns a 405 Method Not Allowed In all other cases for a PUT bucket policy request that is not
from the bucket owner Amazon S3 returns 403 Access Denied There are restrictions about who
can create bucket policies and which objects in a bucket they can apply to For more information go to
Using Bucket Policies
Requests
Syntax
PUT policy HTTP11
Host BucketNames3amazonawscom
Date date
Authorization authorization string (see Authenticating Requests (AWS
Signature Version
4) (p 15))
Policy written in JSON
Request Parameters
This implementation of the operation does not use request parameters
Request Headers
This implementation of the operation uses only request headers that are common to all operations For
more information see Common Request Headers (p 3)
Request Elements
The body is a JSON string containing the policy contents containing the policy statements
Responses
Response Headers
This implementation of the operation uses only response headers that are common to most responses
For more information see Common Response Headers (p 5)
Response Elements
PUT response elements return whether the operation succeeded or not
API Version 20060301
200Amazon Simple Storage Service API Reference
Examples
Special Errors
This implementation of the operation does not return special errors For general information about
Amazon S3 errors and a list of error codes see Error Responses (p 7)
Examples
Sample Request
The following request shows the PUT individual policy request for the bucket
PUT policy HTTP11
Host buckets3amazonawscom
Date Tue 04 Apr 2010 203456 GMT
Authorization authorization string
{
Version20081017
Idaaaabbbbccccdddd
Statement [
{
EffectAllow
Sid1
Principal {
AWS[111122223333444455556666]
}
Action[s3*]
Resourcearnawss3bucket*
}
]
}
Sample Response
HTTP11 204 No Content
xamzid2 Uuag1LuByR5Onimru9SAMPLEAtRPfTaOFg
xamzrequestid 656c76696e6727732SAMPLE7374
Date Tue 04 Apr 2010 203456 GMT
Connection keepalive
Server AmazonS3
Related Resources
• PUT Bucket (p 169)
• DELETE Bucket (p 72)
API Version 20060301
201Amazon Simple Storage Service API Reference
PUT Bucket logging
PUT Bucket logging
Description
Note
The logging implementation of PUT Bucket is a beta feature
This implementation of the PUT operation uses the logging subresource to set the logging
parameters for a bucket and to specify permissions for who can view and modify the logging
parameters To set the logging status of a bucket you must be the bucket owner
The bucket owner is automatically granted FULL_CONTROL to all logs You use the Grantee request
element to grant access to other people The Permissions request element specifies the kind of
access the grantee has to the logs
To enable logging you use LoggingEnabled and its children request elements
To disable logging you use an empty BucketLoggingStatus request element

For more information about creating a bucket see PUT Bucket (p 169) For more information about
returning the logging status of a bucket see GET Bucket logging (p 124)
Requests
Syntax
PUT logging HTTP11
Host BucketNames3amazonawscom
Date date
Authorization authorization string (see Authenticating Requests (AWS
Signature Version
4) (p 15))
Request elements vary depending on what you're setting
Request Parameters
This implementation of the operation does not use request parameters
Request Headers
This implementation of the operation uses only request headers that are common to all operations For
more information see Common Request Headers (p 3)
Request Elements
Name Description Required
BucketLoggingStatus Container for logging status information
Type Container
Children LoggingEnabled
Ancestry None
Yes
API Version 20060301
202Amazon Simple Storage Service API Reference
Requests
Name Description Required
EmailAddress Email address of the person being granted logging
permissions
Type String
Children None
Ancestry
BucketLoggingStatusLoggingEnabledTargetGrantsGrantGrantee
No
Grant Container for the grantee and hisher logging permissions
Type Container
Children Grantee Permission
Ancestry
BucketLoggingStatusLoggingEnabledTargetGrants
No
Grantee Container for EmailAddress of the person being granted
logging permissions For more information see Grantee
Values (p 204)
Type Container
Children EmailAddress
Ancestry
BucketLoggingStatusLoggingEnabledTargetGrantsGrant
No
LoggingEnabled Container for logging information This element is present
when you are enabling logging (and not present when you
are disabling logging)
Type Container
Children Grant TargetBucket TargetPrefix
Ancestry BucketLoggingStatus
No
Permission Logging permissions given to the Grantee for the bucket
The bucket owner is automatically granted FULL_CONTROL
to all logs delivered to the bucket This optional element
enables you grant access to others
Type String
Valid Values FULL_CONTROL | READ | WRITE
Children None
Ancestry
BucketLoggingStatusLoggingEnabledTargetGrantsGrant
No
TargetBucket Specifies the bucket where you want Amazon S3 to store
server access logs You can have your logs delivered to any
bucket that you own including the same bucket that is being
logged You can also configure multiple buckets to deliver
their logs to the same target bucket In this case you should
choose a different TargetPrefix for each source bucket so
that the delivered log files can be distinguished by key
Type String
Children None
Ancestry BucketLoggingStatusLoggingEnabled
No
API Version 20060301
203Amazon Simple Storage Service API Reference
Responses
Name Description Required
TargetGrants Container for granting information
Type Container
Children Grant Permission
Ancestry BucketLoggingStatusLoggingEnabled
No
TargetPrefix This element lets you specify a prefix for the keys that the
log files will be stored under
Type String
Children None
Ancestry BucketLoggingStatusLoggingEnabled
No
Grantee Values
You can specify the person (grantee) to whom you're assigning access rights (using request elements)
in the following ways
• By the person's ID
xsitypeCanonicalUser>IDGranteesEmail<
DisplayName>

DisplayName is optional and ignored in the request
• By Email address
xsitypeAmazonCustomerByEmail>Grantees@emailcom<
EmailAddress>ltGrantee>
The grantee is resolved to the CanonicalUser and in a response to a GET Object acl request
appears as the CanonicalUser
• By URI
xsitypeGroup>httpacsamazonawscomgroupsglobal
AuthenticatedUsers
Responses
Response Headers
This implementation of the operation uses only response headers that are common to most responses
For more information see Common Response Headers (p 5)
Response Elements
This implementation of the operation does not return response elements
API Version 20060301
204Amazon Simple Storage Service API Reference
Examples
Special Errors
This implementation of the operation does not return special errors For general information about
Amazon S3 errors and a list of error codes see Error Responses (p 7)
Examples
Sample Request
This request enables logging and gives the grantee of the bucket READ access to the logs
PUT logging HTTP11
Host quotess3amazonawscom
ContentLength 214
Date Wed 25 Nov 2009 120000 GMT
Authorization authorization string



mybucketlogs
mybucketaccess_log


xsitypeAmazonCustomerByEmail>
user@companycom

READ




Sample Response
HTTP11 200 OK
xamzid2 YgIPIfBiKa2bj0KMg95r0zo3emzU4dzsD4rcKCHQUAdQkf3ShJTOOpXUueF6QKo
xamzrequestid 236A8905248E5A01
Date Wed 01 Mar 2006 120000 GMT
Sample Request Disabling Logging
This request disables logging on the bucket quotes
PUT logging HTTP11
Host quotess3amazonawscom
ContentLength 214
Date Wed 25 Nov 2009 120000 GMT
Authorization authorization string


API Version 20060301
205Amazon Simple Storage Service API Reference
Related Resources
Sample Response
HTTP11 200 OK
xamzid2 YgIPIfBiKa2bj0KMg95r0zo3emzU4dzsD4rcKCHQUAdQkf3ShJTOOpXUueF6QKo
xamzrequestid 236A8905248E5A01
Date Wed 01 Mar 2006 120000 GMT
Related Resources
• PUT Object (p 291)
• DELETE Bucket (p 72)
• PUT Bucket (p 169)
• GET Bucket logging (p 124)
API Version 20060301
206Amazon Simple Storage Service API Reference
PUT Bucket notification
PUT Bucket notification
Description
The Amazon S3 notification feature enables you to receive notifications when certain events happen in
your bucket For more information about event notifications go to Configuring Event Notifications in the
Amazon Simple Storage Service Developer Guide
Using this API you can replace an existing notification configuration The configuration is an XML file
that defines the event types that you want Amazon S3 to publish and the destination where you want
Amazon S3 to publish an event notification when it detects an event of the specified type
By default your bucket has no event notifications configured That is the notification configuration will
be an empty NotificationConfiguration


This operation replaces the existing notification configuration with the configuration you include in the
request body
After Amazon S3 receives this request it first verifies that any Amazon Simple Notification Service
(Amazon SNS) or Amazon Simple Queue Service (Amazon SQS) destination exists and that the
bucket owner has permission to publish to it by sending a test notification In the case of AWS Lambda
destinations Amazon S3 verifies that the Lambda function permissions grant Amazon S3 permission to
invoke the function from the Amazon S3 bucket For more information go to Configuring Notifications
for Amazon S3 Events in the Amazon Simple Storage Service Developer Guide
You can disable notifications by adding the empty NotificationConfiguration element
By default only the bucket owner can configure notifications on a bucket However bucket
owners can use a bucket policy to grant permission to other users to set this configuration with
s3PutBucketNotification permission
Note
The PUT notification is an atomic operation For example suppose your notification
configuration includes SNS topic SQS queue and Lambda function configurations When you
send a PUT request with this configuration Amazon S3 sends test messages to your SNS
topic If the message fails the entire PUT operation will fail and Amazon S3 will not add the
configuration to your bucket
Requests
Syntax
PUT notification HTTP11
Host bucketnames3amazonawscom
Date date
Authorization authorization string (see Authenticating Requests (AWS
Signature Version
4) (p 15))


ConfigurationId
API Version 20060301
207Amazon Simple Storage Service API Reference
Requests



prefix
prefixvalue


suffix
prefixvalue



TopicARN
eventtype
eventtype



ConfigurationId



QueueARN
eventtype
eventtype




ConfigurationId



cloudfunctionarn
eventtype




Request Parameters
This implementation of the operation does not use request parameters
Request Headers
This implementation of the operation uses only request headers that are common to all operations For
more information see Common Request Headers (p 3)
Request Elements
Name Description Required
CloudFunction Lambda cloud function ARN that Amazon S3 can invoke
when it detects events of the specified type
Type String
Ancestor CloudFunctionConfiguration
Required if
CloudFunctionConfiguration
is added
API Version 20060301
208Amazon Simple Storage Service API Reference
Requests
Name Description Required
CloudFunctionConfigurationContainer for specifying the AWS Lambda notification
configuration
Type Container
Children An IdFilter CloudFunction and one or
more Event
Ancestor NotificationConfiguration
No
Event Bucket event for which to send notifications
Note
You can add multiple instance of
QueueConfiguration TopicConfiguration
or CloudFunctionConfiguration to the
notification configuration
Type String
Valid Values For a list of supported event types go to
Configuring Event Notifications in the Amazon Simple
Storage Service Developer Guide
Ancestor TopicConfiguration
QueueConfiguration and
CloudFunctionConfiguration
Required if
TopicConfiguration
QueueConfiguration
or
CloudFunctionConfiguration
is added
Filter Container for S3Key which contains object key name
filtering rules For information about key name filtering go
to Configuring Event Notifications in the Amazon Simple
Storage Service Developer Guide
Type Container
Children S3Key
Ancestor TopicConfiguration
QueueConfiguration or
CloudFunctionConfiguration
No
FilterRule Container for key value pair that defines the criteria for the
filter rule
Container S3Key
Type Container
Children Name and Value
Ancestor S3Key
No
Id Optional unique identifier for each of the configurations in
the NotificationConfiguration If you don't provide
Amazon S3 will assign an ID
Type String
Ancestor TopicConfiguration and
QueueConfiguration
No
API Version 20060301
209Amazon Simple Storage Service API Reference
Requests
Name Description Required
Name Object key name prefix or suffix identifying one or more
objects to which the filtering rule applies Maximum prefix
length can be up to 1024 characters Overlapping prefixes
and suffixes are not supported For more information go
to Configuring Event Notifications in the Amazon Simple
Storage Service Developer Guide
Type String
Ancestor FilterRule
Valid values prefix or suffix
No
NotificationConfigurationContainer for specifying the notification configuration of the
bucket If this element is empty notifications are turned off
on the bucket
Type Container
Children one or more TopicConfiguration
QueueConfiguration and
CloudFunctionConfiguration elements
Ancestor None
Yes
Queue Amazon SQS queue ARN to which Amazon S3 will publish
a message when it detects events of specified type
Type String
Ancestor TopicConfiguration
Required if
QueueConfiguration
is added
QueueConfigurationContainer for specifying the SQS queue configuration for
the notification You can add one or more of these queue
configurations each identifying one or more event types
Type Container
Children An Id Filter Topic and one or more
Event
Ancestor NotificationConfiguration
No
S3Key Container for object key name prefix and suffix filtering
rules
Type Container
Children One or more FilterRule
Ancestor Filter
No
Topic Amazon SNS topic ARN to which Amazon S3 will publish
a message when it detects events of specified type
Type String
Ancestor TopicConfiguration
Required if
TopicConfiguration
is added
API Version 20060301
210Amazon Simple Storage Service API Reference
Responses
Name Description Required
TopicConfigurationContainer for specifying an SNS topic configuration for the
notification
Type Container
Children An Id Filter Topic and one or more
Event
Ancestor NotificationConfiguration
No
Value Specifies the object key name prefix or suffix to filter on
Type String
Ancestor FilterRule
No
Responses
Response Headers
In addition to the common response headers (see Common Response Headers (p 5)) if the
configuration in the request body includes only one TopicConfiguration specifying only the
s3ReducedRedundancyLostObject event type the response will also include the xamzsnstest
messageid header containing the message ID of the test notification sent to topic
This implementation of the operation uses only response headers that are common to most responses
For more information see Common Response Headers (p 5)
Response Elements
This implementation of the operation does not return response elements
Special Errors
Amazon S3 checks the validity of the proposed NotificationConfiguration element and verifies
whether the proposed configuration is valid when you call the PUT operation The following table lists
the errors and possible causes
HTTP Error Code Cause
HTTP 400 Bad
Request
InvalidArgument The following conditions can cause this error
• A specified event is not supported for notifications
• A specified destination ARN does not exist or is not
wellformed Verify the destination ARN
• A specified destination is in a different region than the
bucket You must use a destination that resides in the
same region as the bucket
• The bucket owner does not have appropriate
permissions on the specified destination
• An object key name filtering rule defined with
overlapping prefixes overlapping suffixes or
overlapping combinations of prefixes and suffixes for
the same event types
API Version 20060301
211Amazon Simple Storage Service API Reference
Examples
HTTP Error Code Cause
HTTP 403
Forbidden
AccessDenied You are not the owner of the specified bucket or you
do not have the s3PutBucketNotification bucket
permission to set the notification configuration on the
bucket
For general information about Amazon S3 errors and a list of error codes see Error Responses (p 7)
Examples
Example 1 Configure Notification to Invoke a cloud function in
Lambda
The following notification configuration includes CloudFunctionConfiguration which identifies
the event type for which Amazon S3 can invoke a cloud function and the name of the cloud function to
invoke


ObjectCreatedEvents
arnawslambdaus
west235667examplefunctionCreateThumbnail
s3ObjectCreated*


The following PUT uploads the notification configuration The operation replaces the existing
notification configuration
PUT https3amazonawscomexamplebucketnotification HTTP11
UserAgent s3curl 20
Host s3amazonawscom
Pragma nocache
Accept **
ProxyConnection KeepAlive
Authorization authorization string
Date Mon 13 Oct 2014 231452 +0000
ContentLength length
[request body]
The following is a sample response
HTTP11 200 OK
xamzid2 8+FlwagBSoT2qpMaGlfCUkRkFR5W3OeS7UhhoBb17j+kqvpS2cSFlgJ5coLd53d2
xamzrequestid E5BA4600A3937335
Date Fri 31 Oct 2014 014950 GMT
ContentLength 0
Server AmazonS3
Example 2 Configure a Notification with Multiple Destinations
API Version 20060301
212Amazon Simple Storage Service API Reference
Examples
The following notification configuration includes the topic and queue configurations
• A topic configuration identifying an SNS topic for Amazon S3 to publish events of the
s3ReducedRedundancyLostObject type
• A queue configuration identifying an SQS queue for Amazon S3 to publish events of the
s3ObjectCreated* type


arnawssnsuseast1356671443308s3notificationtopic2
s3ReducedRedundancyLostObject


arnawssqsuseast1356671443308s3notificationqueue
s3ObjectCreated*


The following PUT request against the notification subresource of the examplebucket bucket sends
the preceding notification configuration in the request body The operation replaces the existing
notification configuration on the bucket
PUT https3amazonawscomexamplebucketnotification HTTP11
UserAgent s3curl 20
Host s3amazonawscom
Pragma nocache
Accept **
ProxyConnection KeepAlive
Authorization authorization string
Date Mon 13 Oct 2014 225843 +0000
ContentLength 391
Expect 100continue
The following is a sample response
HTTP11 200 OK
xamzid2 SlvJLkfunoAGILZK3KqHSSUq4kwbudkrROmESoHOpDacULy+cxRoR1Svrfoyvg2A
xamzrequestid BB1BA8E12D6A80B7
Date Mon 13 Oct 2014 225844 GMT
ContentLength 0
Server AmazonS3
Example 3 Configure a Notification with Object Key Name
Filtering
The following notification configuration contains a queue configuration identifying an Amazon SQS
queue for Amazon S3 to publish events to of the s3ObjectCreatedPut type The events will be
published whenever an object that has a prefix of images and a jpg suffix is PUT to a bucket For
more examples of notification configurations that use filtering go to Configuring Event Notifications in
the Amazon Simple Storage Service Developer Guide


API Version 20060301
213Amazon Simple Storage Service API Reference
Related Resources
1



prefix
images


suffix
jpg



arnawssqsuswest2444455556666s3notificationqueue
s3ObjectCreatedPut


The following PUT request against the notification subresource of the examplebucket bucket sends
the preceding notification configuration in the request body The operation replaces the existing
notification configuration on the bucket
PUT https3amazonawscomexamplebucketnotification HTTP11
UserAgent s3curl 20
Host s3amazonawscom
Pragma nocache
Accept **
ProxyConnection KeepAlive
Authorization authorization string
Date Mon 13 Oct 2014 225843 +0000
ContentLength length
Expect 100continue
The following is a sample response
HTTP11 200 OK
xamzid2 SlvJLkfunoAGILZK3KqHSSUq4kwbudkrROmESoHOpDacULy+cxRoR1Svrfoyvg2A
xamzrequestid BB1BA8E12D6A80B7
Date Mon 13 Oct 2014 225844 GMT
ContentLength 0
Server AmazonS3
Related Resources
• GET Bucket notification (p 127)
API Version 20060301
214Amazon Simple Storage Service API Reference
PUT Bucket replication
PUT Bucket replication
Description
In a versioningenabled bucket this operation creates a new replication configuration (or replaces
an existing one if present) Amazon S3 stores the configuration in the replication subresource
associated with the bucket If the replication subresource does not exist Amazon S3 creates it
otherwise Amazon S3 replaces the configuration stored in the subresource For information about
replication configuration go to CrossRegion Replication in the Amazon Simple Storage Service
Developer Guide
Important
If you have an object expiration lifecycle policy in your nonversioned bucket and you want to
maintain the same permanent delete behavior when you enable versioning you must add a
noncurrent expiration policy The noncurrent expiration lifecycle policy will manage the deletes
of the noncurrent object versions in the versionenabled bucket (A versionenabled bucket
maintains one current and zero or more noncurrent object versions) For more information
see Lifecycle and Versioning in the Amazon Simple Storage Service Developer Guide
This operation requires permission for the s3PutReplicationConfiguration action For more
information about permissions go to Using Bucket Policies and User Policies in the Amazon Simple
Storage Service Developer Guide
Requests
Syntax
PUT replication HTTP11
Host bucketnames3amazonawscom
ContentLength length
Date date
Authorization authorization string (see Authenticating Requests (AWS
Signature Version
4) (p 15))
ContentMD5 MD5
Replication configuration XML in the body
Request Parameters
This implementation of the operation does not use request parameters
Request Headers
Name Description Required
ContentMD5 The base64encoded 128bit MD5 digest of the
data This header must be used as a message
integrity check to verify that the request body was
not corrupted in transit For more information go
to RFC 1864
Type String
Default None
Yes
API Version 20060301
215Amazon Simple Storage Service API Reference
Requests
Request Body
You specify the replication configuration in the request body The configuration includes one or more
rules Each rule provides information such as an key name prefix identifying objects with specific
prefixes that you want to replicate (an empty prefix indicates all objects) rule status and details about
the destination
The destination details include the bucket where you want replicas stored and optional storage class
you want to use to store the replicas
Amazon S3 acts only on rules with the status Enabled The configuration also identifies an IAM role
for Amazon S3 to assume for copying objects This role must have sufficient permissions to read
objects from the source bucket and replicate them into the target bucket

IAMroleARN

Rule1
rulestatus
keyprefix

arnawss3bucketname
optionaldestinationstorageclassoverride<
StorageClass>



Rule2




The following table describes the XML elements in the replication configuration
Name Description Required
ReplicationConfiguration Container for replication rules You can add
as many as 1000 rules Total replication
configuration size can be up to 2 MB
Type Container
Children Rule
Ancestor None
Yes
Role Amazon Resource Name (ARN) of an IAM role
for Amazon S3 to assume when replicating the
objects
Type String
Ancestor Rule
Yes
Rule Container for information about a particular
replication rule Replication configuration must
have at least one rule and can contain up to
1000 rules
Type Container
AncestorReplicationConfiguration
Yes
API Version 20060301
216Amazon Simple Storage Service API Reference
Requests
Name Description Required
ID Unique identifier for the rule The value cannot
be longer than 255 characters
Type String
Ancestor Rule
No
Status The rule is ignored if status is not Enabled
Type String
Ancestor Rule
Valid values Enabled Disabled
Yes
Prefix Object keyname prefix identifying one or more
objects to which the rule applies Maximum
prefix length can be up to 1024 characters
Overlapping prefixes are not supported
Type String
Ancestor Rule
Yes
Destination Container for destination information
Type Container
Ancestor Rule
Yes
Bucket Amazon resource name (ARN) of the bucket
where you want Amazon S3 to store replicas of
the object identified by the rule
If you have multiple rules in your replication
configuration note that all these rules must
specify the same bucket as the destination That
is replication configuration can replicate objects
only to one destination bucket
Type String
Ancestor Destination
Yes
StorageClass Optional destination storage class override to
use when replicating objects If not specified
Amazon S3 uses the storage class of the
source object to create object replica
Type String
Ancestor Destination
Default Storage class of the source object
Valid Values STANDARD | STANDARD_IA |
REDUCED_REDUNDANCY
Constraints You cannot specify GLACIER as
the storage class You can transition objects
to the GLACIER storage class using lifecycle
configuration For more information go to
Object Lifecycle Management in the Amazon
Simple Storage Service Developer Guide
No
API Version 20060301
217Amazon Simple Storage Service API Reference
Responses
Responses
Response Headers
This implementation of the operation uses only response headers that are common to most responses
For more information see Common Response Headers (p 5)
Response Elements
This implementation of the operation does not return response elements
Special Errors
This implementation of the operation does not return special errors For general information about
Amazon S3 errors and a list of error codes see Error Responses (p 7)
Examples
Example 1 Add replication configuration
The following is a sample PUT request that creates a replication subresource on the specified
bucket and saves the replication configuration in it The replication configuration specifies a rule to
replicate to the exampletargetbucket bucket any new objects created with the key name prefix
TaxDocs
After you add a replication configuration to your bucket Amazon S3 assumes the IAM role specified in
the configuration in order to replicate objects on behalf of the bucket owner which is the AWS account
that created the bucket
PUT replication HTTP11
Host examplebuckets3amazonawscom
xamzdate Wed 11 Feb 2015 021121 GMT
ContentMD5 q6yJDlIkcBaGGfb3QLY69A
Authorization authorization string
ContentLength 406

arnawsiam35667exampleroleCrossRegionReplicationRoleForS3

rule1
TaxDocs
Enabled

arnawss3exampletargetbucket



The following is a sample response
HTTP11 200 OK
xamzid2 r+qR7+nhXtJDDIJ0JJYcd+1j5nMrUFiiiZfNbDOsd3JUE8NWMLNHXmvPfwMpdc
xamzrequestid 9E26D08072A8EF9E
Date Wed 11 Feb 2015 021122 GMT
API Version 20060301
218Amazon Simple Storage Service API Reference
Related Resources
ContentLength 0
Server AmazonS3
If you want Amazon S3 to replicate objects having key name prefixes other than TaxDocs you
can add more rules to the replication configuration However you cannot set two rules that specify
overlapping prefixes implying two rules for the same set of objects For example Amazon S3 will
respond with an error if you attempt to set the following replication configuration on a bucket

arnawsiam35667exampleroleCrossRegionReplicationRoleForS3

rule1
TaxDocs
Enabled

arnawss3exampletargetbucket1



rule2
TaxDocs2015
Enabled

arnawss3exampletargetbucket1



In this nonworking replication configuration note the following
• The first rule requests Amazon S3 to replicate objects with the key name prefix TaxDocs to a
bucket
• The second rule requests Amazon S3 to replicate objects with the key name prefix TaxDocs2015
to another bucket
Suppose you upload an object with keyname TaxDocs2015doc1pdf the keyname prefix satisfies
both rules Amazon S3 does not support adding replication configuration with rules that specify
overlapping prefixes
You can optionally specify storage class for the object replicas as shown in the XML fragment which
directs Amazon S3 to use the STANDARD_IA storage class when creating object replicas

arnawss3exampletargetbucket1
STANDARD_IA

Related Resources
• GET Bucket replication (p 132)
• DELETE Bucket replication (p 80)
• For information about enabling versioning on a bucket go to Using Versioning in the Amazon Simple
Storage Service Developer Guide
API Version 20060301
219Amazon Simple Storage Service API Reference
Related Resources
• By default a resource owner in this case the AWS account that created the bucket can perform this
operation and can also grant others permission to perform the operation For more information see
the following topics in the Amazon Simple Storage Service Developer Guide
• Specifying Permissions in a Policy
• Managing Access Permissions to Your Amazon S3 Resources
API Version 20060301
220Amazon Simple Storage Service API Reference
PUT Bucket tagging
PUT Bucket tagging
Description
This implementation of the PUT operation uses the tagging subresource to add a set of tags to an
existing bucket
Use tags to organize your AWS bill to reflect your own cost structure To do this sign up to get your
AWS account bill with tag key values included Then to see the cost of combined resources organize
your billing information according to resources with the same tag key values For example you can tag
several resources with a specific application name and then organize your billing information to see
the total cost of that application across several services For more information see Cost Allocation and
Tagging in About AWS Billing and Cost Management
To use this operation you must have permission to perform the s3PutBucketTagging action By
default the bucket owner has this permission and can grant this permission to others
Requests
Syntax
The following request shows the syntax for sending tagging information in the request body
PUT tagging HTTP11
Host BucketNames3amazonawscom
Date date
Authorization authorization string (see Authenticating Requests (AWS
Signature Version
4) (p 15))



Tag Name
Tag Value



Request Parameters
This implementation of the operation does not use request parameters
Request Headers
ContentMD5 will be a required header for this operation
Request Elements
Name Description Required
Tagging Container for the TagSet and Tag elements
Type String
Ancestors None
Yes
API Version 20060301
221Amazon Simple Storage Service API Reference
Responses
Name Description Required
TagSet Container for a set of tags
Type Container
Ancestors Tagging
Yes
Tag Container for tag information
Type Container
Ancestors TagSet
Yes
Key Name of the tag
Type String
Ancestors Tag
Yes
Value Value of the tag
Type String
Ancestors Tag
Yes
Responses
Response Headers
The operation returns response header that are common to most responses For more information see
Common Response Headers (p 5)
Response Elements
This operation does not return response elements
Special Errors
• InvalidTagError The tag provided was not a valid tag This error can occur if the tag did not pass
input validation See the CostAllocation docs for a description of valid tags
• MalformedXMLError The XML provided does not match the schema
• OperationAbortedError A conflicting conditional operation is currently in progress against this
resource Please try again
• InternalError The service was unable to apply the provided tag to the bucket
Examples
Sample Request Add tag set to a bucket
The following request adds a tag set to the existing examplebucket bucket
PUT tagging HTTP11
Host examplebuckets3amazonawscom
ContentLength 1660
xamzdate Thu 12 Apr 2012 200421 GMT
Authorization authorization string

API Version 20060301
222Amazon Simple Storage Service API Reference
Related Resources


Project
Project One


User
jsmith



Sample Response
HTTP11 204 No Content
xamzid2 YgIPIfBiKa2bj0KMgUAdQkf3ShJTOOpXUueF6QKo
xamzrequestid 236A8905248E5A01
Date Wed 01 Oct 2012 120000 GMT
Related Resources
• GET Bucket tagging (p 136)
• DELETE Bucket tagging (p 82)
API Version 20060301
223Amazon Simple Storage Service API Reference
PUT Bucket requestPayment
PUT Bucket requestPayment
Description
This implementation of the PUT operation uses the requestPayment subresource to set the request
payment configuration of a bucket By default the bucket owner pays for downloads from the bucket
This configuration parameter enables the bucket owner (only) to specify that the person requesting the
download will be charged for the download For more information see Requester Pays Buckets
Requests
Syntax
PUT requestPayment HTTP11
Host BucketNames3amazonawscom
ContentLength length
Date date
AuthorizationsignatureValue

payer

Request Parameters
This implementation of the operation does not use request parameters
Request Headers
This implementation of the operation uses only request headers that are common to all operations For
more information see Common Request Headers (p 3)
Request Elements
Name Description
Payer Specifies who pays for the download and request fees
Type Enum
Valid Values Requester | BucketOwner
Ancestor RequestPaymentConfiguration
RequestPaymentConfiguration Container for Payer
Type Container
Responses
Response Headers
This implementation of the operation uses only response headers that are common to most responses
For more information see Common Response Headers (p 5)
API Version 20060301
224Amazon Simple Storage Service API Reference
Examples
Response Elements
This implementation of the operation does not return response elements
Special Errors
This implementation of the operation does not return special errors For general information about
Amazon S3 errors and a list of error codes see Error Responses (p 7)
Examples
Sample Request
This request creates a Requester Pays bucket named colorpictures
PUT requestPayment HTTP11
Host colorpicturess3amazonawscom
ContentLength 173
Date Wed 01 Mar 2006 120000 GMT
Authorization authorization string

Requester

Sample Response
HTTP11 200 OK
xamzid2 YgIPIfBiKa2bj0KMg95r0zo3emzU4dzsD4rcKCHQUAdQkf3ShJTOOpXUueF6QKo
xamzrequestid 236A8905248E5A01
Date Wed 01 Mar 2006 120000 GMT
Location colorpictures
ContentLength 0
Connection close
Server AmazonS3
Related Resources
• PUT Bucket (p 169)
• GET Bucket requestPayment (p 151)
API Version 20060301
225Amazon Simple Storage Service API Reference
PUT Bucket versioning
PUT Bucket versioning
Description
This implementation of the PUT operation uses the versioning subresource to set the versioning
state of an existing bucket To set the versioning state you must be the bucket owner
You can set the versioning state with one of the following values
• Enabled—Enables versioning for the objects in the bucket
All objects added to the bucket receive a unique version ID
• Suspended—Disables versioning for the objects in the bucket
All objects added to the bucket receive the version ID null
If the versioning state has never been set on a bucket it has no versioning state a GET versioning
request does not return a versioning state value
If the bucket owner enables MFA Delete in the bucket versioning configuration the bucket owner must
include the xamzmfa request header and the Status and the MfaDelete request elements in a
request to set the versioning state of the bucket
Important
If you have an object expiration lifecycle policy in your nonversioned bucket and you want to
maintain the same permanent delete behavior when you enable versioning you must add a
noncurrent expiration policy The noncurrent expiration lifecycle policy will manage the deletes
of the noncurrent object versions in the versionenabled bucket (A versionenabled bucket
maintains one current and zero or more noncurrent object versions) For more information
see Lifecycle and Versioning in the Amazon Simple Storage Service Developer Guide
For more information about creating a bucket see PUT Bucket (p 169) For more information about
returning the versioning state of a bucket see GET Bucket Versioning Status (p 153)
Requests
Syntax
PUT versioning HTTP11
Host BucketNames3amazonawscom
ContentLength length
Date date
Authorization authorization string (see Authenticating Requests (AWS
Signature Version
4) (p 15))
xamzmfa [SerialNumber] [TokenCode]

VersioningState
MfaDeleteState

Note the space between [SerialNumber] and [TokenCode]
Request Parameters
This implementation of the operation does not use request parameters
API Version 20060301
226Amazon Simple Storage Service API Reference
Responses
Request Headers
Name Description Required
xamzmfa The value is the concatenation of the authentication device's serial
number a space and the value displayed on your authentication
device
Type String
Default None
Condition Required to configure the versioning state if versioning
is configured with MFA Delete enabled
Conditional
Request Elements
Name Description Required
Status Sets the versioning state of the bucket
Type Enum
Valid Values Suspended | Enabled
Ancestor VersioningConfiguration
No
MfaDelete Specifies whether MFA Delete is enabled in the
bucket versioning configuration When enabled
the bucket owner must include the xamz
mfa request header in requests to change the
versioning state of a bucket and to permanently
delete a versioned object
Type Enum
Valid Values Disabled | Enabled
Ancestor VersioningConfiguration
Constraint Can only be used when you use
Status
No
VersioningConfiguration Container for setting the versioning state
Type Container
Children Status
Ancestor None
Yes
Responses
Response Headers
This implementation of the operation uses only response headers that are common to most responses
For more information see Common Response Headers (p 5)
Response Elements
This implementation of the operation does not return response elements
API Version 20060301
227Amazon Simple Storage Service API Reference
Examples
Special Errors
This implementation of the operation does not return special errors For general information about
Amazon S3 errors and a list of error codes see Error Responses (p 7)
Examples
Sample Request
The following request enables versioning for the specified bucket
PUT versioning HTTP11
Host buckets3amazonawscom
Date Wed 01 Mar 2006 120000 GMT
Authorization authorization string
ContentType textplain
ContentLength 124


Enabled

Sample Response
HTTP11 200 OK
xamzid2 YgIPIfBiKa2bj0KMg95r0zo3emzU4dzsD4rcKCHQUAdQkf3ShJTOOpXUueF6QKo
xamzrequestid 236A8905248E5A01
Date Wed 01 Mar 2006 120000 GMT
Sample Request
The following request suspends versioning for the specified bucket
PUT versioning HTTP11
Host buckets3amazonawscom
Date Wed 12 Oct 2009 175000 GMT
Authorization authorization string
ContentType textplain
ContentLength 124


Suspended

Sample Response
HTTP11 200 OK
xamzid2 YgIPIfBiKa2bj0KMg95r0zo3emzU4dzsD4rcKCHQUAdQkf3ShJTOOpXUueF6QKo
xamzrequestid 236A8905248E5A01
Date Wed 01 Mar 2006 120000 GMT
API Version 20060301
228Amazon Simple Storage Service API Reference
Related Resources
Sample Request
The following request enables versioning and MFA Delete on a bucket
PUT versioning HTTP11
Host buckets3amazonawscom
Date Wed 12 Oct 2009 175000 GMT
xamzmfa[SerialNumber] [TokenCode]
Authorization authorization string
ContentType textplain
ContentLength 124


Enabled
Enabled

Note the space between [SerialNumber] and [TokenCode] and that you must include Status
whenever you use MfaDelete
Sample Response
HTTPS11 200 OK
xamzid2 YgIPIfBiKa2bj0KMg95r0zo3emzU4dzsD4rcKCHQUAdQkf3ShJTOOpXUueF6QKo
xamzrequestid 236A8905248E5A01
Date Wed 01 Mar 2006 120000 GMT
Location colorpictures
ContentLength 0
Connection close
Server AmazonS3
Related Resources
• DELETE Bucket (p 72)
• PUT Bucket (p 169)
API Version 20060301
229Amazon Simple Storage Service API Reference
PUT Bucket website
PUT Bucket website
Description
Sets the configuration of the website that is specified in the website subresource To configure a
bucket as a website you can add this subresource on the bucket with website configuration information
such as the file name of the index document and any redirect rules For more information go to
Hosting Websites on Amazon S3 in the Amazon Simple Storage Service Developer Guide
This PUT operation requires the S3PutBucketWebsite permission By default only the bucket
owner can configure the website attached to a bucket however bucket owners can allow
other users to set the website configuration by writing a bucket policy that grants them the
S3PutBucketWebsite permission
Requests
Syntax
PUT website HTTP11
Host bucketnames3amazonawscom
Date date
ContentLength ContentLength
Authorization authorization string (see Authenticating Requests (AWS
Signature Version
4) (p 15))

< website configuration information >

Request Parameters
This implementation of the operation does not use request parameters
Request Headers
This implementation of the operation uses only request headers that are common to all operations For
more information see Common Request Headers (p 3)
Request Elements
You can use a website configuration to redirect all requests to the website endpoint of a bucket or you
can add routing rules that redirect only specific requests
• To redirect all website requests sent to the bucket's website endpoint you add a website
configuration with the following elements Because all requests are send to another website you
don't need to provide index document name for the bucket
Name Description Required
WebsiteConfigurationThe root element for the website configuration
Type Container
Ancestors None
Yes
API Version 20060301
230Amazon Simple Storage Service API Reference
Requests
Name Description Required
RedirectAllRequestsToDescribes the redirect behavior for every request
to this bucket's website endpoint If this element is
present no other siblings are allowed
Type Container
Ancestors WebsiteConfiguration
Yes
HostName Name of the host where requests will be redirected
Type String
Ancestors RedirectAllRequestsTo
Yes
Protocol Protocol to use (http https) when redirecting requests
The default is the protocol that is used in the original
request
Type String
Ancestors RedirectAllRequestsTo
No
• If you want granular control over redirects you can use the following elements to add routing rules
that describe conditions for redirecting requests and information about the redirect destination In
this case the website configuration must provide an index document for the bucket because some
requests might not be redirected
Name Description Required
WebsiteConfigurationContainer for the request
Type Container
Ancestors None
Yes
IndexDocument Container for the Suffix element
Type Container
Ancestors WebsiteConfiguration
Yes
Suffix A suffix that is appended to a request that is for
a directory on the website endpoint (eg if the
suffix is indexhtml and you make a request to
samplebucketimages the data that is returned will
be for the object with the key name imagesindexhtml)
The suffix must not be empty and must not include a
slash character
Type String
Ancestors WebsiteConfigurationIndexDocument
Yes
ErrorDocument Container for the Key element
Type Container
Ancestors WebsiteConfiguration
No
Key The object key name to use when a 4XX class error
occurs This key identifies the page that is returned
when such an error occurs
Type String
Ancestors WebsiteConfigurationErrorDocument
Condition Required when ErrorDocument is
specified
Conditional
RoutingRules Container for a collection of RoutingRule elements No
API Version 20060301
231Amazon Simple Storage Service API Reference
Requests
Name Description Required
Type Container
Ancestors WebsiteConfiguration
RoutingRule Container for one routing rule that identifies a condition
and a redirect that applies when the condition is met
Type String
Ancestors WebsiteConfigurationRoutingRules
Condition In a RoutingRules container there must
be at least one of RoutingRule element
Yes
Condition A container for describing a condition that must be met
for the specified redirect to apply For example
• If request is for pages in the docs folder redirect to
the documents folder
• If request results in HTTP error 4xx redirect request
to another host where you might process the error
Type Container
Ancestors
WebsiteConfigurationRoutingRulesRoutingRule
No
KeyPrefixEquals The object key name prefix when the redirect
is applied For example to redirect requests
for ExamplePagehtml the key prefix will be
ExamplePagehtml To redirect request for all pages
with the prefix docs the key prefix will be docs
which identifies all objects in the docs folder
Type String
Ancestors
WebsiteConfigurationRoutingRulesRoutingRuleCondition
Condition Required when the parent
element Condition is specified and sibling
HttpErrorCodeReturnedEquals is not specified If
both conditions are specified both must be true for the
redirect to be applied
Conditional
HttpErrorCodeReturnedEqualsThe HTTP error code when the redirect is applied
In the event of an error if the error code equals this
value then the specified redirect is applied
Type String
Ancestors
WebsiteConfigurationRoutingRulesRoutingRuleCondition
Condition Required when parent element Condition
is specified and sibling KeyPrefixEquals is not
specified If both are specified then both must be true
for the redirect to be applied
Conditional
API Version 20060301
232Amazon Simple Storage Service API Reference
Requests
Name Description Required
Redirect Container for redirect information You can redirect
requests to another host to another page or with
another protocol In the event of an error you can
specify a different error code to return
Type String
Ancestors
WebsiteConfigurationRoutingRulesRoutingRule
Yes
Protocol The protocol to use in the redirect request
Type String
Ancestors
WebsiteConfigurationRoutingRulesRoutingRuleRedirect
Valid Values http https
Condition Not required if one of the siblings is present
No
HostName The host name to use in the redirect request
Type String
Ancestors
WebsiteConfigurationRoutingRulesRoutingRuleRedirect
Condition Not required if one of the siblings is present
No
ReplaceKeyPrefixWithThe object key prefix to use in the redirect request
For example to redirect requests for all pages
with prefix docs (objects in the docs folder) to
documents you can set a condition block with
KeyPrefixEquals set to docs and in the Redirect
set ReplaceKeyPrefixWith to documents
Type String
Ancestors
WebsiteConfigurationRoutingRulesRoutingRuleRedirect
Condition Not required if one of the siblings is present
Can be present only if ReplaceKeyWith is not
provided
No
ReplaceKeyWith The specific object key to use in the redirect request
For example redirect request to errorhtml
Type String
Ancestors
WebsiteConfigurationRoutingRulesRoutingRuleRedirect
Condition Not required if one of the sibling is present
Can be present only if ReplaceKeyPrefixWith is not
provided
No
HttpRedirectCode The HTTP redirect code to use on the response
Type String
Ancestors
WebsiteConfigurationRoutingRulesRoutingRuleRedirect
Condition Not required if one of the siblings is present
No
API Version 20060301
233Amazon Simple Storage Service API Reference
Responses
Responses
Response Headers
This implementation of the operation uses only response headers that are common to most responses
For more information see Common Response Headers (p 5)
Response Elements
This implementation of the operation does not return response elements
Examples
Example 1 Configure bucket as a website (add website
configuration)
The following request configures a bucket examplecom as a website The configuration in the
request specifies indexhtml as the index document It also specifies the optional error document
SomeErrorDocumenthtml
PUT website HTTP11
Host examplecoms3amazonawscom
ContentLength 256
Date Thu 27 Jan 2011 120000 GMT
Authorization signatureValue


indexhtml


SomeErrorDocumenthtml


Amazon S3 returns the following sample response
HTTP11 200 OK
xamzid2 YgIPIfBiKa2bj0KMgUAdQkf3ShJTOOpXUueF6QKo
xamzrequestid 80CD4368BD211111
Date Thu 27 Jan 2011 000000 GMT
ContentLength 0
Server AmazonS3
Example 2 Configure bucket as a website but redirect all
requests
The following request configures a bucket wwwexamplecom as a website however the
configuration specifies that all GET requests for the wwwexamplecom bucket's website endpoint will
be redirected to host examplecom
PUT website HTTP11
API Version 20060301
234Amazon Simple Storage Service API Reference
Examples
Host wwwexamplecoms3amazonawscom
ContentLength lengthvalue
Date Thu 27 Jan 2011 120000 GMT
Authorization signatureValue


examplecom


This redirect can be useful when you want to serve requests for both httpwwwexamplecom and
httpexamplecom but you want to maintain the website content in only one bucket in this case
examplecom For more information go to Hosting Websites on Amazon S3 in the Amazon Simple
Storage Service Developer Guide
Example 3 Configure bucket as a website and also specify
optional redirection rules
Example 1 is the simplest website configuration It configures a bucket as a website by providing only
an index document and an error document You can further customize the website configuration by
adding routing rules that redirect requests for one or more objects For example suppose your bucket
contained the following objects
indexhtml
docsarticle1html
docsarticle2html
If you decided to rename the folder from docs to documents you would need to redirect requests
for prefix docs to documents For example a request for docsarticle1html will need to be
redirected to documentsarticle1html
In this case you update the website configuration and add a routing rule as shown in the following
request
PUT website HTTP11
Host wwwexamplecoms3amazonawscom
ContentLength lengthvalue
Date Thu 27 Jan 2011 120000 GMT
Authorization signatureValue


indexhtml


Errorhtml




docs


documents
API Version 20060301
235Amazon Simple Storage Service API Reference
Examples




Example 4 Configure bucket as a website and redirect errors
You can use a routing rule to specify a condition that checks for a specific HTTP error code When a
page request results in this error you can optionally reroute requests For example you might route
requests to another host and optionally process the error The routing rule in the following requests
redirects requests to an EC2 instance in the event of an HTTP error 404 For illustration the redirect
also inserts a object key prefix report404 in the redirect For example if you request a page
ExamplePagehtml and it results in a HTTP 404 error the request is routed to a page report404
testPagehtml on the specified EC2 instance If there is no routing rule and the HTTP error 404
occurred then Errorhtml would be returned
PUT website HTTP11
Host wwwexamplecoms3amazonawscom
ContentLength 580
Date Thu 27 Jan 2011 120000 GMT
Authorization signatureValue


indexhtml


Errorhtml




404


ec2112233344compute1amazonawscom
report404




Example 5 Configure a bucket as a website and redirect folder
requests to a page
Suppose you have the following pages in your bucket
imagesphoto1jpg
imagesphoto2jpg
imagesphoto3jpg
Now you want to route requests for all pages with the images prefix to go to a single page
errorpagehtml You can add a website configuration to your bucket with the routing rule shown in
the following request
API Version 20060301
236Amazon Simple Storage Service API Reference
Examples
PUT website HTTP11
Host wwwexamplecoms3amazonawscom
ContentLength 481
Date Thu 27 Jan 2011 120000 GMT
Authorization signatureValue


indexhtml


Errorhtml




images


errorpagehtml




API Version 20060301
237Amazon Simple Storage Service API Reference
Operations on Objects
This section describes operations you can perform on Amazon S3 objects
Topics
• DELETE Object (p 239)
• Delete Multiple Objects (p 242)
• GET Object (p 251)
• GET Object ACL (p 262)
• GET Object torrent (p 266)
• HEAD Object (p 268)
• OPTIONS object (p 276)
• POST Object (p 279)
• POST Object restore (p 288)
• PUT Object (p 291)
• PUT Object acl (p 303)
• PUT Object Copy (p 310)
• Initiate Multipart Upload (p 324)
• Upload Part (p 333)
• Upload Part Copy (p 338)
• Complete Multipart Upload (p 346)
• Abort Multipart Upload (p 352)
• List Parts (p 354)
API Version 20060301
238Amazon Simple Storage Service API Reference
DELETE Object
DELETE Object
Description
The DELETE operation removes the null version (if there is one) of an object and inserts a delete
marker which becomes the current version of the object If there isn't a null version Amazon S3 does
not remove any objects
Versioning
To remove a specific version you must be the bucket owner and you must use the versionId
subresource Using this subresource permanently deletes the version If the object deleted is a delete
marker Amazon S3 sets the response header xamzdeletemarker to true
If the object you want to delete is in a bucket where the bucket versioning configuration is MFA Delete
enabled you must include the xamzmfa request header in the DELETE versionId request
Requests that include xamzmfa must use HTTPS
For more information about MFA Delete go to Using MFA Delete To see sample requests that use
versioning see Sample Request (p 241)
You can delete objects by explicitly calling the DELETE Object API or configure its lifecycle (see PUT
Bucket lifecycle (p 190)) to enable Amazon S3 to remove them for you If you want to block users or
accounts from removing or deleting objects from your bucket you must deny them s3DeleteObject
s3DeleteObjectVersion and s3PutLifeCycleConfiguration actions
Requests
Syntax
DELETE ObjectName HTTP11
Host BucketNames3amazonawscom
Date date
ContentLength length
Authorization authorization string (see Authenticating Requests (AWS
Signature Version
4) (p 15))
Request Parameters
This implementation of the operation does not use request parameters
Request Headers
Name Description Required
xamzmfa The value is the concatenation of the authentication device's serial
number a space and the value displayed on your authentication
device
Type String
Default None
Condition Required to permanently delete a versioned object if
versioning is configured with MFA Delete enabled
Conditional
API Version 20060301
239Amazon Simple Storage Service API Reference
Responses
Request Elements
This implementation of the operation does not use request elements
Responses
Response Headers
Header Description
xamzdelete
marker
Specifies whether the versioned object that was permanently deleted was
(true) or was not (false) a delete marker In a simple DELETE this header
indicates whether (true) or not (false) a delete marker was created
Type Boolean
Valid Values true | false
Default false
xamzversion
id
Returns the version ID of the delete marker created as a result of the DELETE
operation If you delete a specific object version the value returned by this
header is the version ID of the object version deleted
Type String
Default None
Response Elements
This implementation of the operation does not return response elements
Special Errors
This implementation of the operation does not return special errors For general information about
Amazon S3 errors and a list of error codes see Error Responses (p 7)
Examples
Sample Request
The following request deletes the object mysecondimagejpg
DELETE mysecondimagejpg HTTP11
Host buckets3amazonawscom
Date Wed 12 Oct 2009 175000 GMT
Authorization authorization string
ContentType textplain
Sample Response
HTTP11 204 NoContent
xamzid2 LriYPLdmOdAiIfgSmF1YsViT1LW94xUQxMsF7xiEb1a0wiIOIxl+zbwZ163pt7
xamzrequestid 0A49CE4060975EAC
Date Wed 12 Oct 2009 175000 GMT
ContentLength 0
API Version 20060301
240Amazon Simple Storage Service API Reference
Examples
Connection close
Server AmazonS3
Sample Request Deleting a Specified Version of an Object
The following request deletes the specified version of the object mythirdimagejpg
DELETE mythirdimagejpg
versionIdUIORUnfndfiufdisojhr398493jfdkjFJjkndnqUifhnw89493jJFJ HTTP11
Host buckets3amazonawscom
Date Wed 12 Oct 2009 175000 GMT
Authorization authorization string
ContentType textplain
ContentLength 0
Sample Response
HTTP11 204 NoContent
xamzid2 LriYPLdmOdAiIfgSmF1YsViT1LW94xUQxMsF7xiEb1a0wiIOIxl+zbwZ163pt7
xamzrequestid 0A49CE4060975EAC
xamzversionid UIORUnfndfiufdisojhr398493jfdkjFJjkndnqUifhnw89493jJFJ
Date Wed 12 Oct 2009 175000 GMT
ContentLength 0
Connection close
Server AmazonS3
Sample Response if the Object Deleted is a Delete Marker
HTTP11 204 NoContent
xamzid2 LriYPLdmOdAiIfgSmF1YsViT1LW94xUQxMsF7xiEb1a0wiIOIxl+zbwZ163pt7
xamzrequestid 0A49CE4060975EAC
xamzversionid 3L4kqtJlcpXroDTDmJ+rmSpXd3dIbrHY
+MTRCxf3vjVBH40Nr8X8gdRQBpUMLUo
xamzdeletemarker true
Date Wed 12 Oct 2009 175000 GMT
ContentLength 0
Connection close
Server AmazonS3
Sample Request Deleting a Specified Version of an Object in
an MFAEnabled Bucket
The following request deletes the specified version of the object mythirdimagejpg which is
stored in an MFAenabled bucket
DELETE mythirdimagejpgversionIdUIORUnfndfiuf HTTP11
Host buckets3amazonawscom
Date Wed 12 Oct 2009 175000 GMT
xamzmfa[SerialNumber] [AuthenticationCode]
Authorization authorization string
ContentType textplain
ContentLength 0
API Version 20060301
241Amazon Simple Storage Service API Reference
Related Resources
Sample Response
HTTPS11 204 NoContent
xamzid2 LriYPLdmOdAiIfgSmF1YsViT1LW94xUQxMsF7xiEb1a0wiIOIxl+zbwZ163pt7
xamzrequestid 0A49CE4060975EAC
xamzversionid UIORUnfndfiuf
Date Wed 12 Oct 2009 175000 GMT
ContentLength 0
Connection close
Server AmazonS3
Related Resources
• PUT Object (p 291)
• DELETE Object (p 239)
Delete Multiple Objects
Description
The MultiObject Delete operation enables you to delete multiple objects from a bucket using a single
HTTP request If you know the object keys that you want to delete then this operation provides a
suitable alternative to sending individual delete requests (see DELETE Object (p 239)) reducing
perrequest overhead
The MultiObject Delete request contains a list of up to 1000 keys that you want to delete In the
XML you provide the object key names and optionally version IDs if you want to delete a specific
version of the object from a versioningenabled bucket For each key Amazon S3 performs a delete
operation and returns the result of that delete success or failure in the response Note that if the
object specified in the request is not found Amazon S3 returns the result as deleted
The MultiObject Delete operation supports two modes for the response verbose and quiet By default
the operation uses verbose mode in which the response includes the result of deletion of each key in
your request In quiet mode the response includes only keys where the delete operation encountered
an error For a successful deletion the operation does not return any information about the delete in
the response body
When performing a MultiObject Delete operation on an MFA Delete enabled bucket that attempts to
delete any versioned objects you must include an MFA token If you do not provide one the entire
request will fail even if there are non versioned objects you are attempting to delete If you provide
an invalid token whether there are versioned keys in the request or not the entire MultiObject Delete
request will fail For information about MFA Delete see MFA Delete
Finally the ContentMD5 header is required for all MultiObject Delete requests Amazon S3 uses the
header value to ensure that your request body has not be altered in transit
Requests
Syntax
POST delete HTTP11
Host bucketnames3amazonawscom
Authorization authorization string
ContentLength Size
API Version 20060301
242Amazon Simple Storage Service API Reference
Requests
ContentMD5 MD5


true

Key
VersionId


Key



Request Parameters
The MultiObject Delete operation requires a single query string parameter called delete to distinguish
it from other bucket POST operations
Request Headers
This operation uses the following Request Headers in addition to the request headers common to most
requests For more information see Common Request Headers (p 3)
Name Description Required
ContentMD5 The base64encoded 128bit MD5 digest of the data This header
must be used as a message integrity check to verify that the request
body was not corrupted in transit For more information go to RFC
1864
Type String
Default None
Yes
Content
Length
Length of the body according to RFC 2616
Type String
Default None
Yes
xamzmfa The value is the concatenation of the authentication device's
serial number a space and the value that is displayed on your
authentication device
Type String
Default None
Condition Required to permanently delete a versioned object if
versioning is configured with MFA Delete enabled
Conditional
Request Elements
Name Description Required
Delete Container for the request Yes
API Version 20060301
243Amazon Simple Storage Service API Reference
Responses
Name Description Required
Ancestor None
Type Container
Children One or more Object elements and an optional
Quiet element
Quiet Element to enable quiet mode for the request When you
add this element you must set its value to true
Ancestor Delete
Type Boolean
Default false
No
Object Container element that describes the delete request for an
object
Ancestor Delete
Type Container
Children Key element and an optional VersionId
element
Yes
Key Key name of the object to delete
Ancestor Object
Type String
Yes
VersionId VersionId for the specific version of the object to delete
Ancestor Object
Type String
No
Responses
Response Headers
This operation uses only response headers that are common to most responses For more information
see Common Response Headers (p 5)
Response Elements
Name Description
DeleteResult Container for the response
Children Deleted Error
Type Container
Ancestor None
Deleted Container element for a successful delete It identifies the
object that was successfully deleted
Children Key VersionId
Type Container
Ancestor DeleteResult
Key Key name for the object that Amazon S3 attempted to
delete
API Version 20060301
244Amazon Simple Storage Service API Reference
Responses
Name Description
Type String
Ancestor Deleted or Error
VersionId VersionId for the versioned object in the case of a versioned
delete
Type String
Ancestor Deleted
DeleteMarker DeleteMarker element with a true value indicates that the
request accessed a delete marker
If a specific delete request either creates or deletes a delete
marker Amazon S3 returns this element in the response
with a value of true This is only the case when your Multi
Object Delete request is on a bucket that has versioning
enabled or suspended For more information about delete
markers go to Object Versioning
Type Boolean
Ancestor Deleted
DeleteMarkerVersionId Version ID of the delete marker accessed (deleted or
created) by the request
If the specific delete request in the MultiObject Delete either
creates or deletes a delete marker Amazon S3 returns
this element in response with the version ID of the delete
marker When deleting an object in a bucket with versioning
enabled this value is present for the following two reasons
• You send a nonversioned delete request that is you
specify only object key and not the version ID In this
case Amazon S3 creates a delete marker and returns its
version ID in the response
• You send a versioned delete request that is you specify
an object key and a version ID in your request however
the version ID identifies a delete marker In this case
Amazon S3 deletes the delete marker and returns the
specific version ID in response For information about
versioning go to Object Versioning
Type String
Ancestor Deleted
Error Container for a failed delete operation that describes the
object that Amazon S3 attempted to delete and the error it
encountered
Children Key VersionId Code Message
Type String
Ancestor DeleteResult
Key Key for the object Amazon S3 attempted to delete
Type String
Ancestor Error
API Version 20060301
245Amazon Simple Storage Service API Reference
Examples
Name Description
VersionId Version ID of the versioned object Amazon S3 attempted to
delete Amazon S3 includes this element only in case of a
versioneddelete request
Type String
Ancestor Deleted Error
Code Status code for the result of the failed delete
Type String
Values AccessDenied InternalError
Ancestor Error
Message Error description
Type String
Ancestor Error
Examples
Example 1 MultiObject Delete resulting in mixed success
error response
This example illustrates a MultiObject Delete request to delete objects that result in mixed success
and errors response
Sample Request
The following MultiObject Delete request deletes two objects from a bucket (bucketname) In this
example the requester does not have permission to delete the sample2txt object
POST delete HTTP11
Host bucketnameS3amazonawscom
Accept **
xamzdate Wed 30 Nov 2011 033905 GMT
ContentMD5 p5WAoEr30qrEEl21PAqw
Authorization AWS AKIAIOSFODNN7EXAMPLEW0qPYCLe6JwkZAD1ei6hp9XZIee
ContentLength 125
Connection KeepAlive


sample1txt


sample2txt


Sample Response
The response includes a DeleteResult element that includes a Deleted element for the item that
Amazon S3 successfully deleted and an Error element that Amazon S3 did not delete because you
didn't have permission to delete the object
API Version 20060301
246Amazon Simple Storage Service API Reference
Examples
HTTP11 200 OK
xamzid2 5h4FxSNCUS7wP5z92eGCWDshNpMnRuXvETa4HH3LvvH6VAIr0jU7tH9kM7X+njXx
xamzrequestid A437B3B641629AEE
Date Fri 02 Dec 2011 015342 GMT
ContentType applicationxml
Server AmazonS3
ContentLength 251



sample1txt


sample2txt
AccessDenied
Access Denied


Example 2 Deleting Object from a Versioned Bucket
If you delete an item from a versioning enabled bucket all versions of that object remain in the bucket
however Amazon S3 inserts a delete marker For more information go to Object Versioning
The following scenarios describe the behavior of a MultiObject Delete request when versioning is
enabled for your bucket
Case 1 Simple Delete
The following sample the MultiObject Delete request specifies only one key
POST delete HTTP11
Host bucketnameS3amazonawscom
Accept **
xamzdate Wed 30 Nov 2011 033905 GMT
ContentMD5 p5WAoEr30qrEEl21PAqw
Authorization AWS AKIAIOSFODNN7EXAMPLEW0qPYCLe6JwkZAD1ei6hp9XZIee
ContentLength 79
Connection KeepAlive


SampleDocumenttxt


Because versioning is enabled on the bucket Amazon S3 does not delete the object Instead it
adds a delete marker for this object The response indicates that a delete marker was added (the
DeleteMarker element in the response as a value of true) and the version number of the delete
marker it added
HTTP11 200 OK
xamzid2 P3xqrhuhYxlrefdw3rEzmJh8z5KDtGzb+FB7oiQaScI9Yaxd8olYXc7d1111ab+
xamzrequestid 264A17BF16E9E80A
Date Wed 30 Nov 2011 033932 GMT
ContentType applicationxml
API Version 20060301
247Amazon Simple Storage Service API Reference
Examples
Server AmazonS3
ContentLength 276



SampleDocumenttxt
true
NeQt5xeFTfgPJD8B4CGWnkSLtluMr11s<
DeleteMarkerVersionId>


Case 2 Versioned Delete
The following MultiObject Delete attempts to delete a specific version of an object
POST delete HTTP11
Host bucketnameS3amazonawscom
Accept **
xamzdate Wed 30 Nov 2011 033905 GMT
ContentMD5 p5WAoEr30qrEEl21PAqw
Authorization AWS AKIAIOSFODNN7EXAMPLEW0qPYCLe6JwkZAD1ei6hp9XZIxx
ContentLength 140
Connection KeepAlive


SampleDocumenttxt
OYcLXagmSWaDoyH4KRguB95_YhLs7


In this case Amazon S3 deletes the specific object version from the bucket and returns the following
response In the response Amazon S3 returns the key and version ID of the object deleted
HTTP11 200 OK
xamzid2 P3xqrhuhYxlrefdw3rEzmJh8z5KDtGzb+FB7oiQaScI9Yaxd8olYXc7d1111xx+
xamzrequestid 264A17BF16E9E80A
Date Wed 30 Nov 2011 033932 GMT
ContentType applicationxml
Server AmazonS3
ContentLength 219



SampleDocumenttxt
OYcLXagmSWaDoyH4KRguB95_YhLs7


Case 3 Versioned Delete of a Delete Marker
In the preceding example the request refers to a delete marker (instead of an object) then Amazon S3
deletes the delete marker The effect of this operation is to make your object reappear in your bucket
API Version 20060301
248Amazon Simple Storage Service API Reference
Examples
Amazon S3 returns a response that indicates the delete marker it deleted (DeleteMarker element
with value true) and the version ID of the delete marker
HTTP11 200 OK
xamzid2 IIPUZrtolxDEmWsKOae9JlSZe6yWfTye3HQ3T2iAe0ZE4XHa6NKvAJcPp51zZaBr
xamzrequestid D6B284CEC9B05E4E
Date Wed 30 Nov 2011 034325 GMT
ContentType applicationxml
Server AmazonS3
ContentLength 331



SampleDocumenttxt
NeQt5xeFTfgPJD8B4CGWnkSLtluMr11s
true
NeQt5xeFTfgPJD8B4CGWnkSLtluMr11s<
DeleteMarkerVersionId>


In general when a MultiObject Delete request results in Amazon S3 either adding a delete marker or
removing a delete marker the response returns the following elements
true
NeQt5xeFTfgPJD8B4CGWnkSLtluMr11s<
DeleteMarkerVersionId>
Example 3 Malformed XML in the Request
This example shows how Amazon S3 responds to a request that includes a malformed XML document
Sample Request
The following requests sends a malformed XML document (missing the Delete end element)
POST delete HTTP11
Host bucketnameS3amazonawscom
Accept **
xamzdate Wed 30 Nov 2011 033905 GMT
ContentMD5 p5WAoEr30qrEEl21PAqw
Authorization AWS AKIAIOSFODNN7EXAMPLEW0qPYCLe6JwkZAD1ei6hp9XZIee
ContentLength 104
Connection KeepAlive


404txt


atxt

Sample Response
The response returns the Error messages that describe the error
API Version 20060301
249Amazon Simple Storage Service API Reference
Related Actions
HTTP11 200 OK
xamzid2 P3xqrhuhYxlrefdw3rEzmJh8z5KDtGzb+FB7oiQaScI9Yaxd8olYXc7d1111ab+
xamzrequestid 264A17BF16E9E80A
Date Wed 30 Nov 2011 033932 GMT
ContentType applicationxml
Server AmazonS3
ContentLength 207


MalformedXML
The XML you provided was not wellformed or did not
validate against our published schema
264A17BF16E9E80A
P3xqrhuhYxlrefdw3rEzmJh8z5KDtGzb+FB7oiQaScI9Yaxd8olYXc7d1111ab+<
HostId>

Related Actions
• Initiate Multipart Upload (p 324)
• Upload Part (p 333)
• Complete Multipart Upload (p 346)
• Abort Multipart Upload (p 352)
• List Parts (p 354)
API Version 20060301
250Amazon Simple Storage Service API Reference
GET Object
GET Object
Description
This implementation of the GET operation retrieves objects from Amazon S3 To use GET you must
have READ access to the object If you grant READ access to the anonymous user you can return the
object without using an authorization header
An Amazon S3 bucket has no directory hierarchy such as you would find in a typical computer file
system You can however create a logical hierarchy by using object key names that imply a folder
structure For example instead of naming an object samplejpg you can name it photos2006
Februarysamplejpg
To get an object from such a logical hierarchy specify the full key name for the object in the GET
operation For a virtual hostedstyle request example if you have the object photos2006
Februarysamplejpg specify the resource as photos2006Februarysamplejpg For
a pathstyle request example if you have the object photos2006Februarysamplejpg in
the bucket named examplebucket specify the resource as examplebucketphotos2006
Februarysamplejpg For more information about request types see HTTP Host Header Bucket
Specification in the Amazon Simple Storage Service Developer Guide
To distribute large files to many people you can save bandwidth costs by using BitTorrent For more
information see Amazon S3 Torrent in the Amazon Simple Storage Service Developer Guide For
more information about returning the ACL of an object see GET Object ACL (p 262)
If the object you are retrieving is a GLACIER storage class object the object is archived in Amazon
Glacier You must first restore a copy using the POST Object restore (p 288) API before you can
retrieve the object Otherwise this operation returns an InvalidObjectStateError error For
information about archiving objects in Amazon Glacier go to Object Lifecycle Management in the
Amazon Simple Storage Service Developer Guide
If you encrypt an object by using serverside encryption with customerprovided encryption keys (SSE
C) when you store the object in Amazon S3 then when you GET the object you must use the headers
documented in the section Specific Request Headers for ServerSide Encryption with Customer
Provided Encryption Keys (p 254) For more information about SSEC go to ServerSide Encryption
(Using CustomerProvided Encryption Keys) in the Amazon Simple Storage Service Developer Guide
Permissions
You need the s3GetObject permission for this operation For more information go to Specifying
Permissions in a Policy in the Amazon Simple Storage Service Developer Guide If the object
you request does not exist the error Amazon S3 returns depends on whether you also have the
s3ListBucket permission
• If you have the s3ListBucket permission on the bucket Amazon S3 will return an HTTP status
code 404 (no such key) error
• if you don’t have the s3ListBucket permission Amazon S3 will return an HTTP status code 403
(access denied) error
Versioning
By default the GET operation returns the current version of an object To return a different version use
the versionId subresource
Note
If the current version of the object is a delete marker Amazon S3 behaves as if the object was
deleted and includes xamzdeletemarker true in the response
API Version 20060301
251Amazon Simple Storage Service API Reference
Requests
For more information about versioning see PUT Bucket versioning (p 226) To see sample requests
that use versioning see Sample Request Getting a Specified Version of an Object (p 259)
Requests
Syntax
GET ObjectName HTTP11
Host BucketNames3amazonawscom
Date date
Authorization authorization string (see Authenticating Requests (AWS
Signature Version
4) (p 15))
Rangebytesbyte_range
Request Parameters
There are times when you want to override certain response header values in a GET response For
example you might override the ContentDisposition response header value in your GET request
You can override values for a set of response headers using the query parameters listed in the
following table These response header values are sent only on a successful request that is when
status code 200 OK is returned The set of headers you can override using these parameters is a
subset of the headers that Amazon S3 accepts when you create an object The response headers that
you can override for the GET response are ContentType ContentLanguage Expires Cache
Control ContentDisposition and ContentEncoding To override these header values in the
GET response you use the request parameters described in the following table
Note
You must sign the request either using an Authorization header or a presigned URL
when using these parameters They cannot be used with an unsigned (anonymous) request
Parameter Description Required
responsecontenttype Sets the ContentType header of the response
Type String
Default None
No
responsecontent
language
Sets the ContentLanguage header of the response
Type String
Default None
No
responseexpires Sets the Expires header of the response
Type String
Default None
No
responsecachecontrol Sets the CacheControl header of the response
Type String
Default None
No
responsecontent
disposition
Sets the ContentDisposition header of the
response
Type String
Default None
No
responsecontent
encoding
Sets the ContentEncoding header of the response
Type String
No
API Version 20060301
252Amazon Simple Storage Service API Reference
Requests
Parameter Description Required
Default None
Request Headers
This implementation of the operation can use the following request headers in addition to the request
headers common to all operations Request headers are limited to 8 KB in size For more information
see Common Request Headers (p 3)
Name Description Required
Range Downloads the specified range bytes of an object For more
information about the HTTP Range header go to http
wwww3orgProtocolsrfc2616rfc2616sec14html#sec1435
Type String
Default None
Constraints None
No
IfModified
Since
Return the object only if it has been modified since the specified
time otherwise return a 304 (not modified)
See Consideration 2 (p 254)
Type String
Default None
Constraints None
No
IfUnmodified
Since
Return the object only if it has not been modified since the
specified time otherwise return a 412 (precondition failed)
See Consideration 1 (p 254)
Type String
Default None
Constraints None
No
IfMatch Return the object only if its entity tag (ETag) is the same as the
one specified otherwise return a 412 (precondition failed)
See Consideration 1 (p 254)
Type String
Default None
Constraints None
No
IfNoneMatch Return the object only if its entity tag (ETag) is different from the
one specified otherwise return a 304 (not modified)
See Consideration 2 (p 254)
Type String
No
API Version 20060301
253Amazon Simple Storage Service API Reference
Requests
Name Description Required
Default None
Constraints None
Note
Encryption request headers like xamzserversideencryption should not be sent for
GET requests if your object uses serverside encryption with AWS KMS–managed encryption
keys (SSEKMS) or serverside encryption with Amazon S3–managed encryption keys (SSE
S3) If your object does use these types of keys you’ll get an HTTP 400 BadRequest error
Note the following additional considerations about the preceding request headers
• Consideration 1 – If both of the IfMatch and IfUnmodifiedSince headers are present in the
request as follows
IfMatch condition evaluates to true and
IfUnmodifiedSince condition evaluates to false
then S3 returns 200 OK and the data requested For more information about conditional requests
see RFC 7232

• Consideration 2 – If both of the IfNoneMatch and IfModifiedSince headers are present in
the request as follows
IfNoneMatch condition evaluates to false and
IfModifiedSince condition evaluates to true
then S3 returns 304 Not Modified response code For more information about conditional
requests see RFC 7232
Specific Request Headers for ServerSide Encryption with CustomerProvided
Encryption Keys
When you retrieve an object from Amazon S3 that was encrypted by using serverside encryption with
customerprovided encryption keys (SSEC) you must use the following request headers For more
information about SSEC go to ServerSide Encryption (Using CustomerProvided Encryption Keys) in
the Amazon Simple Storage Service Developer Guide
Name Description Required
xamz
serverside
encryption
customer
algorithm
Specifies the algorithm to use to when decrypting the requested
object
Type String
Default None
Valid Values AES256
Constraints Must be accompanied by valid xamzserver
sideencryptioncustomerkey and xamzserver
sideencryptioncustomerkeyMD5 headers
Yes
API Version 20060301
254Amazon Simple Storage Service API Reference
Responses
Name Description Required
xamz
serverside
encryption
customerkey
Specifies the customerprovided base64encoded encryption
key to use to decrypt the requested object This value is used to
perform the decryption and then it is discarded Amazon does
not store the key The key must be appropriate for use with the
algorithm specified in the xamzserversideencryption
customeralgorithm header
Type String
Default None
Constraints Must be accompanied by valid xamzserver
sideencryptioncustomeralgorithm and xamz
serversideencryptioncustomerkeyMD5 headers
Yes
xamz
serverside
encryption
customerkey
MD5
Specifies the base64encoded 128bit MD5 digest of the
customerprovided encryption key according to RFC 1321
Amazon S3 uses this header for a message integrity check to
ensure that the encryption key was transmitted without error
Type String
Default None
Constraints Must be accompanied by valid xamzserver
sideencryptioncustomeralgorithm and xamz
serversideencryptioncustomerkey headers
Yes
Request Elements
This implementation of the operation does not use request elements
Responses
Response Headers
Header Description
xamzdelete
marker
Specifies whether the object retrieved was (true) or was not (false) a delete
marker If false this response header does not appear in the response
Type Boolean
Valid Values true | false
Default false
xamz
expiration
Amazon S3 returns this header if an Expiration action is configured for
the object as part of the bucket's lifecycle configuration The header value
includes an expirydate component and a URLencoded ruleid component
Note that for versioningenabled buckets this header applies only to current
versions Amazon S3 does not provide a header to infer when a noncurrent
version will be eligible for permanent deletion For more information see PUT
Bucket lifecycle (p 190)
Type String
API Version 20060301
255Amazon Simple Storage Service API Reference
Responses
Header Description
xamzmeta* Headers starting with this prefix are userdefined metadata Each one is
stored and returned as a set of keyvalue pairs Amazon S3 doesn't validate or
interpret userdefined metadata
Type String
xamz
replication
status
Amazon S3 can return this header if your request involves a bucket that is
either a source or destination in a crossregion replication
In crossregion replication you have a source bucket on which you configure
replication and destination bucket where Amazon S3 stores object replicas
When you request an object (GET Object) or object metadata (HEAD Object)
from these buckets Amazon S3 will return the xamzreplicationstatus
header in the response as follow
• If requesting object from the source bucket — Amazon S3 will return the x
amzreplicationstatus header if object in your request is eligible for
replication
For example suppose in your replication configuration you specify object
prefix TaxDocs requesting Amazon S3 to replicate objects with key prefix
TaxDocs Then any objects you upload with this key name prefix for
example TaxDocsdocument1pdf is eligible for replication For any
object request with this key name prefix Amazon S3 will return the xamz
replicationstatus header with value PENDING COMPLETED or
FAILED indicating object replication status
• If requesting object from the destination bucket — Amazon S3 will return the
xamzreplicationstatus header with value REPLICA if object in your
request is a replica that Amazon S3 created
For more information go to CrossRegion Replication in the Amazon Simple
Storage Service Developer Guide
Valid Values PENDING COMPLETED FAILED REPLICA
Type String
xamz
serverside
encryption
If the object is stored using serverside encryption either with an AWS KMS or
an Amazon S3managed encryption key the response includes this header
with the value of the encryption algorithm used
Type String
xamz
serverside
encryption
awskmskeyid
If the xamzserversideencryption is present and has the value of
awskms this header specifies the ID of the AWS Key Management Service
(KMS) master encryption key that was used for the object
Type String
xamz
serverside
encryption
customer
algorithm
If serverside encryption with customerprovided encryption keys decryption
was requested the response will include this header confirming the decryption
algorithm used
Type String
Valid Values AES256
API Version 20060301
256Amazon Simple Storage Service API Reference
Examples
Header Description
xamz
serverside
encryption
customerkey
MD5
If serverside encryption with customerprovided encryption keys decryption
was requested the response includes this header to provide roundtrip
message integrity verification of the customerprovided encryption key
Type String
xamzstorage
class
Provides storage class information of the object Amazon S3 returns this
header for all objects except for Standard storage class objects
For more information go to Storage Classes in Amazon Simple Storage
Service Developer Guide
Type String
Default None
xamzrestore Provides information about the object restoration operation and expiration time
of the restored object copy
For more information about archiving objects and restoring them go to
Transitioning Objects General Considerations in the Amazon Simple Storage
Service Developer Guide
Type String
Default None
xamzversion
id
Returns the version ID of the retrieved object if it has a unique version ID
Type String
Default None
xamzwebsite
redirect
location
When a bucket is configured as a website you can set this metadata on the
object so the website endpoint will evaluate the request for the object as a 301
redirect to another object in the same bucket or an external URL
Type String
Default None
Response Elements
This implementation of the operation does not return response elements
Special Errors
This implementation of the operation does not return special errors For general information about
Amazon S3 errors and a list of error codes see Error Responses (p 7)
Examples
Sample Request
The following request returns the object myimagejpg
API Version 20060301
257Amazon Simple Storage Service API Reference
Examples
GET myimagejpg HTTP11
Host buckets3amazonawscom
Date Wed 28 Oct 2009 223200 GMT
Authorization authorization string
Sample Response
HTTP11 200 OK
xamzid2 eftixk72aD6Ap51TnqcoF8eFidJG9Z2mkiDFu8yU9AS1ed4OpIszj7UDNEHGran
xamzrequestid 318BC8BC148832E5
Date Wed 28 Oct 2009 223200 GMT
LastModified Wed 12 Oct 2009 175000 GMT
ETag fba9dede5f27731c9771645a39863328
ContentLength 434234
ContentType textplain
Connection close
Server AmazonS3
[434234 bytes of object data]
If the object had expiration set using lifecycle configuration you get the following response with the x
amzexpiration header
HTTP11 200 OK
xamzid2 eftixk72aD6Ap51TnqcoF8eFidJG9Z2mkiDFu8yU9AS1ed4OpIszj7UDNEHGran
xamzrequestid 318BC8BC148832E5
Date Wed 28 Oct 2009 223200 GMT
LastModified Wed 12 Oct 2009 175000 GMT
xamzexpiration expirydateFri 23 Dec 2012 000000 GMT rule
idpicturedeletionrule
ETag fba9dede5f27731c9771645a39863328
ContentLength 434234
ContentType textplain
Connection close
Server AmazonS3
[434234 bytes of object data]
Sample Response if an Object Is Archived in Amazon Glacier
An object archived in Amazon Glacier must first be restored before you can access it If you attempt to
access an Amazon Glacier object without restoring it Amazon S3 returns the following error
HTTP11 403 Forbidden
xamzrequestid CD4BD8A1310A11B3
xamzid2 m9RDbQU0+RRBTjOUN1ChQ1eqMUnr9dv8b+KP6I2gHfRJZSTSrMCoRP8RtPRzX9mb
ContentType applicationxml
Date Mon 12 Nov 2012 235321 GMT
Server AmazonS3
ContentLength 231

InvalidObjectState
The operation is not valid for the object's storage class<
Message>
9FEFFF118E15B86F
API Version 20060301
258Amazon Simple Storage Service API Reference
Examples
WVQ5kzhiT+oiUfDCOiOYv8W4Tk9eNcxWiMK+hTSav34Xy4rBU3zsavf0aaaaa<
HostId>

Sample Response if the Latest Object Is a Delete Marker
HTTP11 404 Not Found
xamzrequestid 318BC8BC148832E5
xamzid2 eftixk72aD6Ap51Tnqzj7UDNEHGran
xamzversionid 3GL4kqtJlcpXroDTDm3vjVBH40Nr8X8g
xamzdeletemarker true
Date Wed 28 Oct 2009 223200 GMT
ContentType textplain
Connection close
Server AmazonS3
Notice that the delete marker returns a 404 Not Found error
Sample Request Getting a Specified Version of an Object
The following request returns the specified version of an object
GET myObjectversionId3L4kqtJlcpXroDTDmpUMLUo HTTP11
Host buckets3amazonawscom
Date Wed 28 Oct 2009 223200 GMT
Authorization authorization string
Sample Response to a Versioned Object GET Request
HTTP11 200 OK
xamzid2 eftixk72aD6Ap54OpIszj7UDNEHGran
xamzrequestid 318BC8BC148832E5
Date Wed 28 Oct 2009 223200 GMT
LastModified Sun 1 Jan 2006 120000 GMT
xamzversionid 3L4kqtJlcpXroDTDmJ+rmSpXd3QBpUMLUo
ETag fba9dede5f27731c9771645a39863328
ContentLength 434234
ContentType textplain
Connection close
Server AmazonS3
[434234 bytes of object data]
Sample Request with Parameters Altering Response Header
Values
The following request specifies all the query string parameters in a GET request overriding the
response header values
GET Junk3txtresponsecachecontrolNocache&responsecontent
dispositionattachment3B20filename3Dtestingtxt&responsecontent
encodingxgzip&responsecontentlanguagemi2C20en&responseexpiresThu2C
200120Dec2019942016000020GMT HTTP11
xamzdate Sun 19 Dec 2010 015344 GMT
API Version 20060301
259Amazon Simple Storage Service API Reference
Examples
Accept **
Authorization AWS AKIAIOSFODNN7EXAMPLEaaStE6nKnw8ihhiIdReoXYlMamW
Sample Response with Overridden Response Header Values
In the following sample response note the header values are set to the values specified in the true
request
HTTP11 200 OK
xamzid2 SIidWAK3hK+Il3Qqiu1ZKEuegzLAAspwsgwnwygb9GgFseeFHL5CII8NXSrfWW2
xamzrequestid 881B1CBD9DF17WA1
Date Sun 19 Dec 2010 015401 GMT
xamzmetaparam1 value 1
xamzmetaparam2 value 2
CacheControl Nocache
ContentLanguage mi en
Expires Thu 01 Dec 1994 160000 GMT
ContentDisposition attachment filenametestingtxt
ContentEncoding xgzip
LastModified Fri 17 Dec 2010 181041 GMT
ETag 0332bee1a7bf845f176c5c0d1ae7cf07
AcceptRanges bytes
ContentType textplain
ContentLength 22
Server AmazonS3
[object data not shown]
Sample Request with a Range Header
The following request specifies the HTTP Range header to retrieve the first 10 bytes of an object For
more information about the HTTP Range header go to httpwwww3orgProtocolsrfc2616rfc2616
sec14html
GET exampleobject HTTP11
Host examplebuckets3amazonawscom
xamzdate Fri 28 Jan 2011 213202 GMT
Range bytes09
Authorization AWS AKIAIOSFODNN7EXAMPLEYxg83MZaEgh3OZ3l0rLo5RTX11o
Sample Response with Specified Range of the Object Bytes
Note
Amazon S3 doesn't support retrieving multiple ranges of data per GET request
Sample Response
In the following sample response note that the header values are set to the values specified in the
true request
HTTP11 206 Partial Content
xamzid2 MzRISOwyjmnupCzjI1WC06l5TTAzm7JypPGXLh0OVFGcJaaO3KWhRAqKOpIEEp
xamzrequestid 47622117804B3E11
Date Fri 28 Jan 2011 213209 GMT
xamzmetatitle the title
LastModified Fri 28 Jan 2011 201032 GMT
API Version 20060301
260Amazon Simple Storage Service API Reference
Related Resources
ETag b2419b1e3fd45d596ee22bdf62aaaa2f
AcceptRanges bytes
ContentRange bytes 09443
ContentType textplain
ContentLength 10
Server AmazonS3
[10 bytes of object data]
Sample Get an Object Stored Using ServerSide Encryption
with CustomerProvided Encryption Keys
If an object is stored in Amazon S3 using serverside encryption with customerprovided encryption
keys Amazon S3 needs encryption information so that it can decrypt the object before sending it
to you in response to a GET request You provide the encryption information in your GET request
using the relevant headers (see Specific Request Headers for ServerSide Encryption with Customer
Provided Encryption Keys (p 254)) as shown in the following example request
GET exampleobject HTTP11
Host examplebuckets3amazonawscom
Accept **
Authorizationauthorization string
Date Wed 28 May 2014 192444 +0000
xamzserversideencryptioncustomer
keyg0lCfA3Dv40jZz5SQJ1ZukLRFqtI5WorC8SEKEXAMPLE
xamzserversideencryptioncustomerkeyMD5ZjQrne1XiTcskbY2m3example
xamzserversideencryptioncustomeralgorithmAES256
The following sample response shows some of the response headers Amazon S3 returns Note that it
includes the encryption information in the response
HTTP11 200 OK
xamzid2 ka5jRm8X3N12ZiY29Z989zg2tNSJPMcK+to7jNjxImXBbyChqc6tLAv+sau7Vjzh
xamzrequestid 195157E3E073D3F9
Date Wed 28 May 2014 192445 GMT
LastModified Wed 28 May 2014 192101 GMT
ETag c12022c9a3c6d3a28d29d90933a2b096
xamzserversideencryptioncustomeralgorithm AES256
xamzserversideencryptioncustomerkeyMD5 ZjQrne1XiTcskbY2m3example

Related Resources
• GET Service (p 67)
• GET Object ACL (p 262)
API Version 20060301
261Amazon Simple Storage Service API Reference
GET Object ACL
GET Object ACL
Description
This implementation of the GET operation uses the acl subresource to return the access control list
(ACL) of an object To use this operation you must have READ_ACP access to the object
Versioning
By default GET returns ACL information about the current version of an object To return ACL
information about a different version use the versionId subresource
To see sample requests that use Versioning see Sample Request Getting the ACL of the Specific
Version of an Object (p 264)
Requests
Syntax
GET ObjectNameacl HTTP11
Host BucketNames3amazonawscom
Date date
Authorization authorization string (see Authenticating Requests (AWS
Signature Version
4) (p 15))
Rangebytesbyte_range
Request Parameters
This implementation of the operation does not use request parameters
Request Headers
This implementation of the operation uses only request headers that are common to all operations For
more information see Common Request Headers (p 3)
Request Elements
This implementation of the operation does not use request elements
Responses
Response Headers
This implementation of the operation uses only response headers that are common to most responses
For more information see Common Response Headers (p 5)
Response Elements
Name Description
AccessControlList Container for Grant Grantee and Permission
API Version 20060301
262Amazon Simple Storage Service API Reference
Examples
Name Description
Type Container
Ancestors AccessControlPolicy
AccessControlPolicy Contains the elements that set the ACL permissions for an object per
Grantee
Type Container
Ancestors None
DisplayName Screen name of the bucket owner
Note
This value will not be in the response in the Asia Pacific (Mumbai)
Asia Pacific (Seoul) EU (Frankfurt) China (Beijing) or AWS
GovCloud (US) regions
Type String
Ancestors AccessControlPolicyOwner
Grant Container for the grantee and his or her permissions
Type Container
Ancestors AccessControlPolicyAccessControlList
Grantee The subject whose permissions are being set
Type String
Ancestors AccessControlPolicyAccessControlListGrant
ID ID of the bucket owner or the ID of the grantee
Type String
Ancestors AccessControlPolicyOwner or
AccessControlPolicyAccessControlListGrant
Owner Container for the bucket owner's display name and ID
Type Container
Ancestors AccessControlPolicy
Permission Specifies the permission (FULL_CONTROL WRITE READ_ACP) given to
the grantee
Type String
Ancestors AccessControlPolicyAccessControlListGrant
Special Errors
This implementation of the operation does not return special errors For general information about
Amazon S3 errors and a list of error codes see Error Responses (p 7)
Examples
Sample Request
The following request returns information including the ACL of the object myimagejpg
GET myimagejpgacl HTTP11
Host buckets3amazonawscom
API Version 20060301
263Amazon Simple Storage Service API Reference
Examples
Date Wed 28 Oct 2009 223200 GMT
Authorization authorization string
Sample Response
HTTP11 200 OK
xamzid2 eftixk72aD6Ap51TnqcoF8eFidJG9Z2mkiDFu8yU9AS1ed4OpIszj7UDNEHGran
xamzrequestid 318BC8BC148832E5
xamzversionid 4HL4kqtJlcpXroDTDmJ+rmSpXd3dIbrHY+MTRCxf3vjVBH40Nrjfkd
Date Wed 28 Oct 2009 223200 GMT
LastModified Sun 1 Jan 2006 120000 GMT
ContentLength 124
ContentType textplain
Connection close
Server AmazonS3



75aa57f09aa0c8caeab4f8c24e99d10f8e7faeebf76c078efc7c6caea54ba06a
mtd@amazoncom



xsitypeCanonicalUser>

75aa57f09aa0c8caeab4f8c24e99d10f8e7faeebf76c078efc7c6caea54ba06a
mtd@amazoncom

FULL_CONTROL



Sample Request Getting the ACL of the Specific Version of an
Object
The following request returns information including the ACL of the specified version of the object my
imagejpg
GET myimagejpgversionId3L4kqtJlcpXroDVBH40Nr8X8gdRQBpUMLUo&acl HTTP11
Host buckets3amazonawscom
Date Wed 28 Oct 2009 223200 GMT
Authorization authorization string
Sample Response Showing the ACL of the Specific Version
HTTP11 200 OK
xamzid2 eftixk72aD6Ap51TnqcoF8eFidJG9Z2mkiDFu8yU9AS1ed4OpIszj7UDNEHGran
xamzrequestid 318BC8BC148832E5
Date Wed 28 Oct 2009 223200 GMT
LastModified Sun 1 Jan 2006 120000 GMT
xamzversionid 3L4kqtJlcpXroDTDmJ+rmSpXd3dIbrHY
+MTRCxf3vjVBH40Nr8X8gdRQBpUMLUo
API Version 20060301
264Amazon Simple Storage Service API Reference
Related Resources
ContentLength 124
ContentType textplain
Connection close
Server AmazonS3



75aa57f09aa0c8caeab4f8c24e99d10f8e7faeebf76c078efc7c6caea54ba06a
mdtd@amazoncom



xsitypeCanonicalUser>

75aa57f09aa0c8caeab4f8c24e99d10f8e7faeebf76c078efc7c6caea54ba06a
mdtd@amazoncom

FULL_CONTROL



Related Resources
• GET Object (p 251)
• PUT Object (p 291)
• DELETE Object (p 239)
API Version 20060301
265Amazon Simple Storage Service API Reference
GET Object torrent
GET Object torrent
Description
This implementation of the GET operation uses the torrent subresource to return torrent files from a
bucket BitTorrent can save you bandwidth when you're distributing large files For more information
about BitTorrent see Amazon S3 Torrent
Note
You can get torrent only for objects that are less than 5 GB in size and that are not encrypted
using serverside encryption with customerprovided encryption key
To use GET you must have READ access to the object
Requests
Syntax
GET ObjectNametorrent HTTP11
Host BucketNames3amazonawscom
Date date
Authorization authorization string (see Authenticating Requests (AWS
Signature Version
4) (p 15))
Request Parameters
This implementation of the operation does not use request parameters
Request Headers
This implementation of the operation uses only request headers that are common to all operations For
more information see Common Request Headers (p 3)
Request Elements
This implementation of the operation does not use request elements
Responses
Response Headers
This implementation of the operation uses only response headers that are common to most responses
For more information see Common Response Headers (p 5)
Response Elements
This implementation of the operation does not return response elements
Special Errors
This implementation of the operation does not return special errors For general information about
Amazon S3 errors and a list of error codes see Error Responses (p 7)
API Version 20060301
266Amazon Simple Storage Service API Reference
Examples
Examples
Getting Torrent Files in a Bucket
This example retrieves the Torrent file for the Nelson object in the quotes bucket
GET quotesNelsontorrent HTTP10
Host buckets3amazonawscom
Date Wed 28 Oct 2009 223200 GMT
Authorization authorization string
Sample Response
HTTP11 200 OK
xamzrequestid 7CD745EBB7AB5ED9
Date Wed 25 Nov 2009 120000 GMT
ContentDisposition attachment filenameNelsontorrent
ContentType applicationxbittorrent
ContentLength 537
Server AmazonS3

Related Resources
• GET Object (p 251)
API Version 20060301
267Amazon Simple Storage Service API Reference
HEAD Object
HEAD Object
Description
The HEAD operation retrieves metadata from an object without returning the object itself This operation
is useful if you are interested only in an object's metadata To use HEAD you must have READ access
to the object
A HEAD request has the same options as a GET operation on an object The response is identical to the
GET response except that there is no response body
If you encrypt an object by using serverside encryption with customerprovided encryption keys (SSE
C) when you store the object in Amazon S3 then when you retrieve the metadata from the object you
must use the headers documented in the section Specific Request Headers for ServerSide Encryption
with CustomerProvided Encryption Keys (p 270) For more information about SSEC go to Server
Side Encryption (Using CustomerProvided Encryption Keys) in the Amazon Simple Storage Service
Developer Guide
Permissions
You need the s3GetObject permission for this operation For more information go to Specifying
Permissions in a Policy in the Amazon Simple Storage Service Developer Guide If the object
you request does not exist the error Amazon S3 returns depends on whether you also have the
s3ListBucket permission
• If you have the s3ListBucket permission on the bucket Amazon S3 will return a HTTP status
code 404 (no such key) error
• if you don’t have the s3ListBucket permission Amazon S3 will return a HTTP status code 403
(access denied) error
Versioning
By default the HEAD operation retrieves metadata from the current version of an object If the current
version is a delete marker Amazon S3 behaves as if the object was deleted To retrieve metadata
from a different version use the versionId subresource For more information see Versions in the
Amazon Simple Storage Service Developer Guide
To see sample requests that use versioning see Sample Request Getting Metadata from a Specified
Version of an Object (p 274)
Requests
Syntax
HEAD ObjectName HTTP11
Host BucketNames3amazonawscom
Authorization authorization string (see Authenticating Requests (AWS
Signature Version
4) (p 15))
Date date
Request Parameters
This implementation of the operation does not use request parameters
API Version 20060301
268Amazon Simple Storage Service API Reference
Requests
Request Headers
This implementation of the operation can use the following request headers in addition to the request
headers common to all operations Request headers are limited to 8 KB in size For more information
see Common Request Headers (p 3)
Name Description Required
Range Downloads the specified range bytes of an object For more
information about the HTTP Range header go to http
wwww3orgProtocolsrfc2616rfc2616sec14html#sec1435
Type String
Default None
Constraints None
No
IfModified
Since
Return the object only if it has been modified since the specified
time otherwise return a 304 (not modified)
See Consideration 2 (p 270)
Type String
Default None
Constraints None
No
IfUnmodified
Since
Return the object only if it has not been modified since the
specified time otherwise return a 412 (precondition failed)
See Consideration 1 (p 270)
Type String
Default None
Constraints None
No
IfMatch Return the object only if its entity tag (ETag) is the same as the
one specified otherwise return a 412 (precondition failed)
See Consideration 1 (p 270)
Type String
Default None
Constraints None
No
IfNoneMatch Return the object only if its entity tag (ETag) is different from the
one specified otherwise return a 304 (not modified)
See Consideration 2 (p 270)
Type String
Default None
Constraints None
No
API Version 20060301
269Amazon Simple Storage Service API Reference
Requests
Note
Encryption request headers like xamzserversideencryption should not be sent for
GET requests if your object uses serverside encryption with AWS KMS–managed encryption
keys (SSEKMS) or serverside encryption with Amazon S3–managed encryption keys (SSE
S3) If your object does use these types of keys you’ll get an HTTP 400 BadRequest error
Note the following additional considerations about the preceding request headers
• Consideration 1 – If both of the IfMatch and IfUnmodifiedSince headers are present in the
request as follows
IfMatch condition evaluates to true and
IfUnmodifiedSince condition evaluates to false
then S3 returns 200 OK and the data requested For more information about conditional requests
see RFC 7232

• Consideration 2 – If both of the IfNoneMatch and IfModifiedSince headers are present in
the request as follows
IfNoneMatch condition evaluates to false and
IfModifiedSince condition evaluates to true
then S3 returns 304 Not Modified response code For more information about conditional
requests see RFC 7232
Specific Request Headers for ServerSide Encryption with CustomerProvided
Encryption Keys
When you retrieve metadata from an object stored in Amazon S3 that was encrypted by using server
side encryption with customerprovided encryption keys (SSEC) you must use the following request
headers For more information about SSEC go to ServerSide Encryption (Using CustomerProvided
Encryption Keys) in the Amazon Simple Storage Service Developer Guide
Name Description Required
xamz
serverside
encryption
customer
algorithm
Specifies the algorithm to use to when decrypting the requested
object
Type String
Default None
Valid Values AES256
Constraints Must be accompanied by valid xamzserver
sideencryptioncustomerkey and xamzserver
sideencryptioncustomerkeyMD5 headers
Yes
xamz
serverside
encryption
customerkey
Specifies the customerprovided base64encoded encryption
key to use to decrypt the requested object This value is used to
perform the decryption and then it is discarded Amazon does
not store the key The key must be appropriate for use with the
algorithm specified in the xamzserversideencryption
customeralgorithm header
Yes
API Version 20060301
270Amazon Simple Storage Service API Reference
Responses
Name Description Required
Type String
Default None
Constraints Must be accompanied by valid xamzserver
sideencryptioncustomeralgorithm and xamz
serversideencryptioncustomerkeyMD5 headers
xamz
serverside
encryption
customerkey
MD5
Specifies the base64encoded 128bit MD5 digest of the
customerprovided encryption key according to RFC 1321
Amazon S3 uses this header for a message integrity check to
ensure that the encryption key was transmitted without error
Type String
Default None
Constraints Must be accompanied by valid xamzserver
sideencryptioncustomeralgorithm and xamz
serversideencryptioncustomerkey headers
Yes
Request Elements
This implementation of the operation does not use request elements
Responses
Response Headers
This implementation of the operation can include the following response headers in addition to
the response headers common to all responses For more information see Common Response
Headers (p 5)
Name Description
xamzexpiration Amazon S3 will return this header if an Expiration action is configured
for the object as part of the bucket's lifecycle configuration The header
value includes an expirydate component and a URLencoded ruleid
component Note that for versioningenabled buckets this header applies
only to current versions Amazon S3 does not provide a header to infer
when a noncurrent version will be eligible for permanent deletion For
more information see PUT Bucket lifecycle (p 190)
Type String
xamzmeta* Headers starting with this prefix are userdefined metadata Each one
is stored and returned as a set of keyvalue pairs Amazon S3 doesn't
validate or interpret userdefined metadata
Type String
xamzmissingmeta This header is set to the number of metadata entries that were not
returned in xamzmeta headers This can happen if you create
metadata using an API like SOAP that supports more flexible metadata
than the REST API For example with SOAP you can create metadata
with values that are not valid HTTP headers
Type String
API Version 20060301
271Amazon Simple Storage Service API Reference
Responses
Name Description
xamzreplication
status
Amazon S3 can return this header if your request involves a bucket that is
either a source or destination in a crossregion replication
In crossregion replication you have a source bucket on which you
configure replication and destination bucket where Amazon S3 stores
object replicas When you request an object (GET Object) or object
metadata (HEAD Object) from these buckets Amazon S3 will return the
xamzreplicationstatus header in the response as follow
• If requesting object from the source bucket — Amazon S3 will return
the xamzreplicationstatus header if object in your request is
eligible for replication
For example suppose in your replication configuration you specify
object prefix TaxDocs requesting Amazon S3 to replicate objects with
key prefix TaxDocs Then any objects you upload with this key name
prefix for example TaxDocsdocument1pdf is eligible for replication
For any object request with this key name prefix Amazon S3 will return
the xamzreplicationstatus header with value PENDING
COMPLETED or FAILED indicating object replication status
• If requesting object from the destination bucket — Amazon S3 will
return the xamzreplicationstatus header with value REPLICA
if object in your request is a replica that Amazon S3 created
For more information go to CrossRegion Replication in the Amazon
Simple Storage Service Developer Guide
Valid Values PENDING COMPLETED FAILED REPLICA
Type String
xamzrestore If the object is an archived object (an object whose storage class is
GLACIER) the response includes this header if either the archive
restoration is in progress (see POST Object restore (p 288)) or an
archive copy is already restored
If an archive copy is already restored the header value indicates when
Amazon S3 is scheduled to delete the object copy For example
xamzrestore ongoingrequestfalse expiry
dateFri 23 Dec 2012 000000 GMT
If the object restoration is in progress the header will return the value
ongoingrequesttrue
For more information about archiving objects see Transitioning Objects
General Considerations in the Amazon Simple Storage Service Developer
Guide
Type String
Default None
xamzserverside
encryption
If the object is stored using serverside encryption either with an AWS
KMS or an Amazon S3managed encryption key the response includes
this header with the value of the encryption algorithm used
Type String
API Version 20060301
272Amazon Simple Storage Service API Reference
Examples
Name Description
xamzserverside
encryptionaws
kmskeyid
If the xamzserversideencryption is present and has the value
of awskms this header specifies the ID of the AWS Key Management
Service (KMS) master encryption key that was used for the object
Type String
xamzserver
sideencryption
customeralgorithm
If serverside encryption with customerprovided encryption keys(SSE
C) decryption was requested the response will include this header
confirming the decryption algorithm used
Type String
Valid Values AES256
xamzserver
sideencryption
customerkeyMD5
If SSEC decryption was requested the response includes this header to
provide roundtrip message integrity verification of the customerprovided
encryption key
Type String
xamzstorage
class
Provides storage class information of the object Amazon S3 returns this
header for all objects except for Standard storage class objects
For more information go to Storage Classes in Amazon Simple Storage
Service Developer Guide
Type String
Default None
xamzversionid The version ID of the object returned
Type String
Response Elements
Response Elements
This implementation of the operation does not return response elements
Special Errors
This implementation of the operation does not return special errors For general information about
Amazon S3 errors and a list of error codes see Error Responses (p 7)
Examples
Sample Request
The following request returns the metadata of an object
HEAD myimagejpg HTTP11
Host buckets3amazonawscom
Date Wed 28 Oct 2009 223200 GMT
Authorization AWS AKIAIOSFODNN7EXAMPLE02236Q3V0RonhpaBX5sCYVf1bNRuU
API Version 20060301
273Amazon Simple Storage Service API Reference
Examples
Sample Response
HTTP11 200 OK
xamzid2 ef8yU9AS1ed4OpIszj7UDNEHGran
xamzrequestid 318BC8BC143432E5
xamzversionid 3HL4kqtJlcpXroDTDmjVBH40Nrjfkd
Date Wed 28 Oct 2009 223200 GMT
LastModified Sun 1 Jan 2006 120000 GMT
ETag fba9dede5f27731c9771645a39863328
ContentLength 434234
ContentType textplain
Connection close
Server AmazonS3
If the object is scheduled to expire according to a lifecycle configuration set on the bucket the
response returns the xamzexpiration tag with information about when Amazon S3 will delete the
object For more information see Transitioning Objects General Considerations in the Amazon Simple
Storage Service Developer Guide
HTTP11 200 OK
xamzid2 azQRZtQJ2m1P8R+TIsG9h0VuCDmiSJmjXUMq7snk+LKSJeurtmfzSlGhR46GzSJ
xamzrequestid 0EFF61CCE3F24A26
Date Mon 17 Dec 2012 022639 GMT
LastModified Mon 17 Dec 2012 021410 GMT
xamzexpiration expirydateFri 21 Dec 2012 000000 GMT ruleidRule
for testfiletxt
ETag 54b0c58c7ce9f2a8b551351102ee0938
AcceptRanges bytes
ContentType textplain
ContentLength 14
Server AmazonS3
Sample Request Getting Metadata from a Specified Version of
an Object
The following request returns the metadata of the specified version of an object
HEAD myimagejpgversionId3HL4kqCxf3vjVBH40Nrjfkd HTTP11
Host buckets3amazonawscom
Date Wed 28 Oct 2009 223200 GMT
Authorization AWS AKIAIOSFODNN7EXAMPLE02236Q3V0WpaBX5sCYVf1bNRuU
Sample Response to a Versioned HEAD Request
HTTP11 200 OK
xamzid2 eftixk72aD6Ap51TnqcoF8epIszj7UDNEHGran
xamzrequestid 318BC8BC143432E5
xamzversionid 3HL4kqtJlcpXrof3vjVBH40Nrjfkd
Date Wed 28 Oct 2009 223200 GMT
LastModified Sun 1 Jan 2006 120000 GMT
ETag fba9dede5f27731c9771645a39863328
ContentLength 434234
ContentType textplain
API Version 20060301
274Amazon Simple Storage Service API Reference
Sample Request for an Amazon Glacier Object
Connection close
Server AmazonS3
Sample Request for an Amazon Glacier Object
For an archived object the xamzrestore header provides the date when the restored copy expires
as shown in the following response Even if the object is stored in Amazon Glacier all object metadata
is still available
HEAD myimagejpg HTTP11
Host buckets3amazonawscom
Date 13 Nov 2012 002838 GMT
Authorization AWS AKIAIOSFODNN7EXAMPLE02236Q3V0RonhpaBX5sCYVf1bNRuU
Sample Response Glacier Object
If the object is already restored the xamzrestore header provides the date when the restored copy
will expire as shown in the following response
HTTP11 200 OK
xamzid2 FSVaTMjrmBp3Izs1NnwBZeu7M19iI8UbxMbi0A8AirHANJBo+hEftBuiESACOMJp
xamzrequestid E5CEFCB143EB505A
Date Tue 13 Nov 2012 002838 GMT
LastModified Mon 15 Oct 2012 215807 GMT
xamzrestore ongoingrequestfalse expirydateWed 07 Nov 2012
000000 GMT
ETag 1accb31fcf202eba0c0f41fa2f09b4d7
AcceptRanges bytes
ContentType binaryoctetstream
ContentLength 300
Server AmazonS3
If the restoration is in progress then the xamzrestore header returns a message accordingly
HTTP11 200 OK
xamzid2 b+V2mDiMHTdy1myoUBpctvmJl95H9UOSUmjRtHxjh0+pCk5SvByL4xu2TDv4GM
xamzrequestid E2E7B6AEE4E9BD2B
Date Tue 13 Nov 2012 004332 GMT
LastModified Sat 20 Oct 2012 212827 GMT
xamzrestore ongoingrequesttrue
ETag 1accb31fcf202eba0c0f41fa2f09b4d7
AcceptRanges bytes
ContentType binaryoctetstream
ContentLength 300
Server AmazonS3
Related Resources
• GET Object (p 251)
API Version 20060301
275Amazon Simple Storage Service API Reference
OPTIONS object
OPTIONS object
Description
A browser can send this preflight request to Amazon S3 to determine if it can send an actual request
with the specific origin HTTP method and headers
Amazon S3 supports crossorigin resource sharing (CORS) by enabling you to add a cors
subresource on a bucket When a browser sends this preflight request Amazon S3 responds by
evaluating the rules that are defined in the cors configuration
If cors is not enabled on the bucket then Amazon S3 returns a 403 Forbidden response
For more information about CORS go to Enabling CrossOrigin Resource Sharing in the Amazon
Simple Storage Service Developer Guide
Requests
Syntax
OPTIONS ObjectName HTTP11
Host BucketNames3amazonawscom
Origin Origin
AccessControlRequestMethod HTTPMethod
AccessControlRequestHeaders RequestHeader
Request Parameters
This operation does not introduce any specific request parameters but it may contain any request
parameters that are required by the actual request
Request Headers
Name Description Required
Origin Identifies the origin of the crossorigin request to Amazon S3
For example httpwwwexamplecom
Type String
Default None
Yes
AccessControl
RequestMethod
Identifies what HTTP method will be used in the actual
request
Type String
Default None
Yes
AccessControl
RequestHeaders
A commadelimited list of HTTP headers that will be sent in
the actual request
For example to put an object with serverside encryption this
preflight request will determine if it can include the xamz
serversideencryption header with the request
No
API Version 20060301
276Amazon Simple Storage Service API Reference
Responses
Name Description Required
Type String
Default None
Request Elements
This implementation of the operation does not use request elements
Responses
Response Headers
Header Description
AccessControlAllow
Origin
The origin you sent in your request If the origin in your request is not
allowed Amazon S3 will not include this header in the response
Type String
AccessControlMaxAge How long in seconds the results of the preflight request can be
cached
Type String
AccessControlAllow
Methods
The HTTP method that was sent in the original request If the
method in the request is not allowed Amazon S3 will not include this
header in the response
Type String
AccessControlAllow
Headers
A commadelimited list of HTTP headers that the browser can send
in the actual request If any of the requested headers is not allowed
Amazon S3 will not include that header in the response nor will the
response contain any of the headers with the AccessControl
prefix
Type String
AccessControlExpose
Headers
A commadelimited list of HTTP headers This header provides the
JavaScript client with access to these headers in the response to the
actual request
Type String
Response Elements
This implementation of the operation does not return response elements
API Version 20060301
277Amazon Simple Storage Service API Reference
Examples
Examples
Example Send a preflight OPTIONS request to a cors enabled
bucket
A browser can send this preflight request to Amazon S3 to determine if it can send the actual PUT
request from httpwwwexamplecom origin to the Amazon S3 bucket named examplebucket
Sample Request
OPTIONS exampleobject HTTP11
Host examplebuckets3amazonawscom
Origin httpwwwexamplecom
AccessControlRequestMethod PUT
Sample Response
HTTP11 200 OK
xamzid2 6SvaESv3VULYPLik5LLl7lSPPtSnBvDdGmnklX1HfUl7uS2m1DF6td6KWKNjYMXZ
xamzrequestid BDC4B83DF5096BBE
Date Wed 21 Aug 2012 230955 GMT
Etag 1f1a1af1f1111111111111c11aed1da1
AccessControlAllowOrigin httpwwwexamplecom
AccessControlAllowMethods PUT
AccessControlExposeHeaders xamzrequestid
ContentLength 0
Server AmazonS3
Related Resources
• GET Bucket cors (p 110)
• DELETE Bucket cors (p 74)
• PUT Bucket cors (p 184)
API Version 20060301
278Amazon Simple Storage Service API Reference
POST Object
POST Object
Description
The POST operation adds an object to a specified bucket using HTML forms POST is an alternate form
of PUT that enables browserbased uploads as a way of putting objects in buckets Parameters that
are passed to PUT via HTTP Headers are instead passed as form fields to POST in the multipartform
data encoded message body You must have WRITE access on a bucket to add an object to it Amazon
S3 never stores partial objects if you receive a successful response you can be confident the entire
object was stored
Amazon S3 is a distributed system If Amazon S3 receives multiple write requests for the same object
simultaneously all but the last object written will be overwritten
To ensure that data is not corrupted traversing the network use the ContentMD5 form field When you
use this form field Amazon S3 checks the object against the provided MD5 value If they do not match
Amazon S3 returns an error Additionally you can calculate the MD5 value while posting an object
to Amazon S3 and compare the returned ETag to the calculated MD5 value The ETag only reflects
changes to the contents of an object not its metadata
Note
To configure your application to send the Request Headers prior to sending the request body
use the 100continue HTTP status code For POST operations this helps you avoid sending
the message body if the message is rejected based on the headers (eg authentication
failure or redirect) For more information on the 100continue HTTP status code go to Section
823 of httpwwwietforgrfcrfc2616txt
You can optionally request serverside encryption where Amazon S3 encrypts your data as it writes
it to disks in its data centers and decrypts it for you when you access it You have option of providing
your own encryption key or you can use the AWSmanaged encryption keys For more information go
to Using ServerSide Encryption in the Amazon Simple Storage Service Developer Guide
Versioning
If you enable versioning for a bucket POST automatically generates a unique version ID for the object
being added Amazon S3 returns this ID in the response using the xamzversionid response
header
If you suspend versioning for a bucket Amazon S3 always uses null as the version ID of the object
stored in a bucket
For more information about returning the versioning state of a bucket see GET Bucket (Versioning
Status) (p 153)
Amazon S3 is a distributed system If you enable versioning for a bucket and Amazon S3 receives
multiple write requests for the same object simultaneously all of the objects will be stored
To see sample requests that use versioning see Sample Request (p 287)
Requests
Syntax
POST HTTP11
Host destinationBuckets3amazonawscom
API Version 20060301
279Amazon Simple Storage Service API Reference
Requests
UserAgent browser_data
Accept file_types
AcceptLanguage Regions
AcceptEncoding encoding
AcceptCharset character_set
KeepAlive 300
Connection keepalive
ContentType multipartformdata boundary9431149156168
ContentLength length
9431149156168
ContentDisposition formdata namekey
acl
9431149156168
ContentDisposition formdata namesuccess_action_redirect
success_redirect
9431149156168
ContentDisposition formdata nameContentType
content_type
9431149156168
ContentDisposition formdata namexamzmetauuid
uuid
9431149156168
ContentDisposition formdata namexamzmetatag
metadata
9431149156168
ContentDisposition formdata nameAWSAccessKeyId
accesskeyid
9431149156168
ContentDisposition formdata namePolicy
encoded_policy
9431149156168
ContentDisposition formdata nameSignature
signature
9431149156168
ContentDisposition formdata namefile filenameMyFilenamejpg
ContentType imagejpeg
file_content
9431149156168
ContentDisposition formdata namesubmit
Upload to Amazon S3
9431149156168
Request Parameters
This implementation of the operation does not use request parameters
API Version 20060301
280Amazon Simple Storage Service API Reference
Requests
Form Fields
This operation can use the following form fields
Name Description Required
AWSAccessKeyId The AWS access key ID of the owner of the bucket
who grants an Anonymous user access for a request
that satisfies the set of constraints in the policy
Type String
Default None
Constraints Required if a policy document is included
with the request
Conditional
acl Specifies an Amazon S3 access control list If an
invalid access control list is specified an error is
generated For more information on ACLs go to
Access Control List (ACL) Overview in the Amazon
Simple Storage Service Developer Guide
Type String
Default private
Valid Values private | publicread |
publicreadwrite | awsexecread |
authenticatedread | bucketownerread |
bucketownerfullcontrol
No
CacheControl
ContentType Content
Disposition Content
Encoding Expires
RESTspecific headers For more information see
PUT Object (p 291)
Type String
Default None
No
file File or text content
The file or text content must be the last field in the
form
You cannot upload more than one file at a time
Type File or text content
Default None
Yes
key The name of the uploaded key
To use the file name provided by the user use the
{filename} variable For example if the user Betty
uploads the file lolcatzjpg and you specify
userbetty{filename} the key name will be
userbettylolcatzjpg
For more information go to Object Key and Metadata
in the Amazon Simple Storage Service Developer
Guide
Type String
Default None
Yes
policy Security Policy describing what is permitted in the
request Requests without a security policy are
considered anonymous and work only on publicly
writable buckets For more information go to HTML
Forms and Upload Examples
Conditional
API Version 20060301
281Amazon Simple Storage Service API Reference
Requests
Name Description Required
Type String
Default None
Constraints Policy is required if the bucket is not
publicly writable
success_action_redirect
redirect
The URL to which the client is redirected upon
successful upload
If success_action_redirect is not specified
Amazon S3 returns the empty document type
specified in the success_action_status field
If Amazon S3 cannot interpret the URL it acts as if the
field is not present
If the upload fails Amazon S3 displays an error and
does not redirect the user to a URL
Type String
Default None
Note
The redirect field name is deprecated and
support for the redirect field name will be
removed in the future
No
success_action_status The status code returned to the client upon successful
upload if success_action_redirect is not
specified
Accepts the values 200 201 or 204 (default)
If the value is set to 200 or 204 Amazon S3 returns an
empty document with a 200 or 204 status code
If the value is set to 201 Amazon S3 returns an XML
document with a 201 status code
If the value is not set or if it is set to an invalid value
Amazon S3 returns an empty document with a 204
status code
Type String
Default None
Note
Some versions of the Adobe Flash player
do not properly handle HTTP responses
with an empty body To support uploads
through Adobe Flash we recommend setting
success_action_status to 201
No
xamzstorageclass Storage class to use for storing the object
Type String
Default STANDARD
Valid Values STANDARD | STANDARD_IA |
REDUCED_REDUNDANCY
Constraints You cannot specify GLACIER as the
storage class To transition objects to the GLACIER
storage class you can use lifecycle configuration
For more information about storage classes go to
Using DevPay
No
API Version 20060301
282Amazon Simple Storage Service API Reference
Requests
Name Description Required
xamzmeta* Headers starting with this prefix are userdefined
metadata Each one is stored and returned as a set
of keyvalue pairs Amazon S3 doesn't validate or
interpret userdefined metadata For more information
see PUT Object (p 291)
Type String
Default None
No
xamzsecuritytoken Amazon DevPay security token
Each request that uses Amazon DevPay requires two
xamzsecuritytoken form fields one for the
product token and one for the user token
For more information go to Using DevPay
Type String
Default None
No
xamzwebsiteredirect
location
If the bucket is configured as a website redirects
requests for this object to another object in the same
bucket or to an external URL Amazon S3 stores
the value of this header in the object metadata For
information about object metadata go to Object Key
and Metadata
In the following example the request header sets the
redirect to an object (anotherPagehtml) in the
same bucket
xamzwebsiteredirectlocation
anotherPagehtml
In the following example the request header sets the
object redirect to another website
xamzwebsiteredirectlocation http
wwwexamplecom
For more information about website hosting in
Amazon S3 go to sections Hosting Websites on
Amazon S3 and How to Configure Website Page
Redirects in the Amazon Simple Storage Service
Developer Guide
Type String
Default None
Constraints The value must be prefixed by
http or https The length of the value is limited
to 2 K
No
ServerSide Encryption Specific Request Form Fields
You can optionally request Amazon S3 to encrypt data at rest using serverside encryption Serverside
encryption is about data encryption at rest that is Amazon S3 encrypts your data as it writes it to disks
in its data centers and decrypts it for you when you access it
For more information go to Protecting Data Using ServerSide Encryption in the Amazon Simple
Storage Service Developer Guide
API Version 20060301
283Amazon Simple Storage Service API Reference
Requests
Depending on whether you want to use AWSmanaged encryption keys or provide your own encryption
keys you use the following form fields
• Use AWSmanaged encryption keys — If you want Amazon S3 to manage keys used to encrypt
data you specify the following form fields in the request
Name Description Required
xamzserver
sideencryption
Specifies a serverside encryption algorithm to use when
Amazon S3 creates an object
Type String
Valid Value awskms AES256
Yes
xamzserver
sideencryption
awskmskeyid
If the xamzserversideencryption is present and
has the value of awskms this header specifies the ID of the
AWS Key Management Service (KMS) master encryption key
that was used for the object
Type String
Yes if the
value of
xamz
server
side
encryption
is
awskms
xamzserver
sideencryption
context
If xamzserversideencryption is present and if
its value is awskms this header specifies the encryption
context for the object The value of this header is a base64
encoded UTF8 string holding JSON with the encryption
context keyvalue pairs
Type String
No
Note
If you specify xamzserversideencryptionawskms but do not provide xamz
serverside encryptionawskmskeyid the default AWS KMS key will be used
to protected the data
• Use customerprovided encryption keys — If you want to manage your own encryption keys you
must provide all the following form fields in the request
Note
If you use this feature the ETag value that Amazon S3 returns in the response will not be
the MD5 of the object
Name Description Required
xamzserver
sideencryption
customer
algorithm
Specifies the algorithm to use to when encrypting the object
Type String
Default None
Valid Value AES256
Constraints Must be accompanied by valid xamzserver
sideencryptioncustomerkey and xamzserver
sideencryptioncustomerkeyMD5 fields
Yes
xamzserver
sideencryption
customerkey
Specifies the customerprovided base64encoded encryption
key for Amazon S3 to use in encrypting data This value is
used to store the object and then it is discarded Amazon
does not store the encryption key The key must be
Yes
API Version 20060301
284Amazon Simple Storage Service API Reference
Requests
Name Description Required
appropriate for use with the algorithm specified in the x
amzserversideencryptioncustomeralgorithm
header
Type String
Default None
Constraints Must be accompanied by valid xamzserver
sideencryptioncustomeralgorithm and xamz
serversideencryptioncustomerkeyMD5 fields
xamzserver
sideencryption
customerkeyMD5
Specifies the base64encoded 128bit MD5 digest of the
encryption key according to RFC 1321 Amazon S3 uses
this header for a message integrity check to ensure the
encryption key was transmitted without error
Type String
Default None
Constraints Must be accompanied by valid xamzserver
sideencryptioncustomeralgorithm and xamz
serversideencryptioncustomerkey fields
Yes
Responses
Response Headers
This implementation of the operation can include the following response headers in addition to
the response headers common to all responses For more information see Common Response
Headers (p 5)
Name Description
xamzexpiration Amazon S3 will return this header if an Expiration
action is configured for the object as part of the bucket's
lifecycle configuration The header value includes an
expirydate component and a URL encoded ruleid
component Note that for versionenabled buckets this
header only applies to current versions Amazon S3
does not provide a header to infer when a noncurrent
version will be eligible for permanent deletion For more
information see PUT Bucket lifecycle (p 190)
Type String
success_action_redirect
redirect
The URL to which the client is redirected on successful
upload
Type String
Ancestor PostResponse
xamzserversideencryption If you specified serverside encryption either with AWS
KMS encryption or AWSManaged encryption in your
POST request the response includes this header It
confirms the encryption algorithm that Amazon S3 used
to encrypt the object
API Version 20060301
285Amazon Simple Storage Service API Reference
Requests
Name Description
Type String
xamzserversideencryption
awskmskeyid
If the xamzserversideencryption is present
and has the value of awskms this header specifies the
ID of the AWS Key Management Service (KMS) master
encryption key that was used for the object
Type String
xamzserversideencryption
customeralgorithm
If serverside encryption with customerprovided
encryption keys (SSEC) encryption was requested
the response will include this header confirming the
encryption algorithm used
Type String
Valid Values AES256
xamzserversideencryption
customerkeyMD5
If SSEC encryption was requested the response
includes this header to provide roundtrip message
integrity verification of the customerprovided encryption
key
Type String
xamzversionid Version of the object
Type String
Response Elements
Name Description
Bucket Name of the bucket the object was stored in
Type String
Ancestor PostResponse
ETag The entity tag is an MD5 hash of the object that you can use to
do conditional GET operations using the IfModified request tag
with the GET request operation The ETag reflects changes to
only the contents of an object not its metadata
Type String
Ancestor PostResponse
Key The object key name
Type String
Ancestor PostResponse
Location URI of the object
Type String
Ancestor PostResponse
Special Errors
This implementation of the operation does not return special errors For general information about
Amazon S3 errors and a list of error codes see Error Responses (p 7)
API Version 20060301
286Amazon Simple Storage Service API Reference
Examples
Examples
Sample Request
POST Neo HTTP11
ContentLength 4
Host quotess3amazonawscom
Date Wed 01 Mar 2006 120000 GMT
Authorization authorization string
ContentType textplain
Expect the 100continue HTTP status code
ObjectContent
Sample Response with Versioning Suspended
The following shows a sample response when bucket versioning is suspended
HTTP11 100 Continue
HTTP11 200 OK
xamzid2 LriYPLdmOdAiIfgSmF1YsViT1LW94xUQxMsF7xiEb1a0wiIOIxl+zbwZ163pt7
xamzrequestid 0A49CE4060975EAC
xamzversionid default
Date Wed 12 Oct 2009 175000 GMT
ETag 1b2cf535f27731c974343645a3985328
ContentLength 0
Connection close
Server AmazonS3
Notice in this response the version ID is null
Sample Response with Versioning Enabled
The following shows a sample response when bucket versioning is enabled
HTTP11 100 Continue
HTTP11 200 OK
xamzid2 LriYPLdmOdAiIfgSmF1YsViT1LW94xUQxMsF7xiEb1a0wiIOIxl+zbwZ163pt7
xamzrequestid 0A49CE4060975EAC
xamzversionid 43jfkodU8493jnFJD9fjj3HHNVfdsQUIFDNsidf038jfdsjGFDSIRp
Date Wed 01 Mar 2006 120000 GMT
ETag 828ef3fdfa96f00ad9f27c383fc9ac7f
ContentLength 0
Connection close
Server AmazonS3
Related Resources
• PUT Object Copy (p 310)
• POST Object (p 279)
• GET Object (p 251)
API Version 20060301
287Amazon Simple Storage Service API Reference
POST Object restore
POST Object restore
Description
Restores a temporary copy of an archived object You can optionally provide version ID to restore
specific object version If version ID is not provided it will restore the current version
In the request you specify the number of days that you want the restored copy to exist After the
specified period Amazon S3 deletes the temporary copy Note that the object remains archived
Amazon S3 deletes only the restored copy
An object in the Glacier storage class is an archived object To access the object you must first initiate
a restore request which restores a copy of the archived object Restore jobs typically complete in three
to five hours
For more information about archiving objects go to Object Lifecycle Management in Amazon Simple
Storage Service Developer Guide
You can obtain restoration status by sending a HEAD request In the response these operations return
the xamzrestore header with restoration status information
After restoring an object copy you can update the restoration period by reissuing this request with the
new period Amazon S3 updates the restoration period relative to the current time and charges only for
the request and there are no data transfer charges
You cannot issue another restore request when Amazon S3 is actively processing your first restore
request for the same object however after Amazon S3 restores a copy of the object you can send
restore requests to update the expiration period of the restored object copy
If your bucket has a lifecycle configuration with a rule that includes an expiration action the object
expiration overrides the life span that you specify in a restore request For example if you restore an
object copy for 10 days but the object is scheduled to expire in 3 days Amazon S3 deletes the object
in 3 days For more information about lifecycle configuration see PUT Bucket lifecycle (p 190)
To use this action you must have s3RestoreObject permissions on the specified object For more
information go to Access Control section in the Amazon S3 Developer Guide
Requests
Syntax
POST ObjectNamerestore&versionIdVersionID HTTP11
Host BucketNames3amazonawscom
Date date
Authorization authorization string (see Authenticating Requests (AWS
Signature Version
4) (p 15))
ContentMD5 MD5

NumberOfDays

Note
The syntax shows some of the request headers For a complete list see the Request Headers
section
API Version 20060301
288Amazon Simple Storage Service API Reference
Responses
Request Parameters
This implementation of the operation does not use request parameters
Request Headers
Name Description Required
ContentMD5 The base64encoded 128bit MD5 digest of the data This header
must be used as a message integrity check to verify that the
request body was not corrupted in transit For more information go
to RFC 1864
Type String
Default None
Yes
Request Elements
Name Description
RestoreRequest Container for restore information
Type Container
Ancestors AccessControlPolicy
Days Lifetime of the restored (active) copy The minimum number of days that you
can restore an object from Amazon Glacier is 1 After the object copy reaches
the specified lifetime Amazon S3 removes the copy from the bucket
Type Positive integer
Ancestors RestoreRequest
Responses
A successful operation returns either 200 OK or 202 Accepted status code
• If the object copy is not previously restored then Amazon S3 returns 202 Accepted in the
response
• If the object copy is previously restored Amazon S3 returns 200 OK in the response
Response Headers
This implementation of the operation uses only response headers that are common to most responses
For more information see Common Response Headers (p 5)
Response Elements
This operation does not return response elements
API Version 20060301
289Amazon Simple Storage Service API Reference
Examples
Special Errors
Error Code Description HTTP
Status Code
SOAP Fault
Code Prefix
RestoreAlreadyInProgress Object restore is already in
progress
409 Conflict Client
Examples
Restore an object for 2 days
The following restore request restores a copy of the photo1jpg object from Amazon Glacier for a
period of 2 days
POST photo1jpgrestore HTTP11
Host buckets3amazonawscom
Date Mon 22 Oct 2012 014952 GMT
Authorization authorization string
ContentLength 53

2

If the examplebucket does not have a restored copy of the object Amazon S3 returns the following
202 Accepted response
HTTP11 202 Accepted
xamzid2 GFihv3y6+kE7KG11GEkQhU72cHR3Yb2fCb2S04nxI423Dqwg2XiQ0B
UZlzYQvPiBlZNRcovw
xamzrequestid 9F341CD3C4BA79E0
Date Sat 20 Oct 2012 235405 GMT
ContentLength 0
Server AmazonS3
If a copy of the object is already restored Amazon S3 returns a 200 OK response only updating the
restored copy's expiry time
Related Resources
• GET Bucket lifecycle (p 113)
• PUT Bucket lifecycle (p 190)
API Version 20060301
290Amazon Simple Storage Service API Reference
PUT Object
PUT Object
Description
This implementation of the PUT operation adds an object to a bucket You must have WRITE
permissions on a bucket to add an object to it
Amazon S3 never adds partial objects if you receive a success response Amazon S3 added the entire
object to the bucket
Amazon S3 is a distributed system If it receives multiple write requests for the same object
simultaneously it overwrites all but the last object written Amazon S3 does not provide object locking
if you need this make sure to build it into your application layer or use versioning instead
To ensure that data is not corrupted traversing the network use the ContentMD5 header When you
use this header Amazon S3 checks the object against the provided MD5 value and if they do not
match returns an error Additionally you can calculate the MD5 while putting an object to Amazon S3
and compare the returned ETag to the calculated MD5 value
Note
To configure your application to send the Request Headers prior to sending the request
body use the 100continue HTTP status code For PUT operations this helps you avoid
sending the message body if the message is rejected based on the headers (eg because of
authentication failure or redirect) For more information on the 100continue HTTP status
code go to Section 823 of httpwwwietforgrfcrfc2616txt
You can optionally request serverside encryption where Amazon S3 encrypts your data as it writes it
to disks in its data centers and decrypts it for you when you access it You have the option to provide
your own encryption key or use AWSmanaged encryption keys For more information go to Using
ServerSide Encryption in the Amazon Simple Storage Service Developer Guide
Versioning
If you enable versioning for a bucket Amazon S3 automatically generates a unique version ID for
the object being stored Amazon S3 returns this ID in the response using the xamzversionid
response header If versioning is suspended Amazon S3 always uses null as the version ID for the
object stored For more information about returning the versioning state of a bucket see GET Bucket
versioning (p 153)
If you enable versioning for a bucket when Amazon S3 receives multiple write requests for the same
object simultaneously it stores all of the objects
To see sample requests that use versioning see Sample Request (p 300)
Storage Class Options
Amazon S3 uses the Standard storage class by default to store newly created objects The Standard
storage class provides high durability and high availability Depending on the performance needs in
your use case scenario you can optionally specify other storage classes For more information go to
Storage Classes in the Amazon Simple Storage Service Developer Guide
Access Permissions
When uploading an object you can optionally specify the accounts or groups that should be granted
specific permissions on your object There are two ways to grant the appropriate permissions using the
request headers
API Version 20060301
291Amazon Simple Storage Service API Reference
Requests
• Specify a canned (predefined) ACL using the xamzacl request header For more information see
Canned ACL in the Amazon Simple Storage Service Developer Guide
• Specify access permissions explicitly using the xamzgrantread xamzgrantreadacp
and xamzgrantwriteacp xamzgrantfullcontrol headers These headers map to
the set of permissions Amazon S3 supports in an ACL For more information go to Access Control
List (ACL) Overview in the Amazon Simple Storage Service Developer Guide
Note
You can either use a canned ACL or specify access permissions explicitly You cannot do
both
Requests
Syntax
PUT ObjectName HTTP11
Host BucketNames3amazonawscom
Date date
Authorization authorization string (see Authenticating Requests (AWS
Signature Version
4) (p 15))
Note
The syntax shows some of the request headers For a complete list see the Request Headers
section
Request Parameters
This implementation of the operation does not use request parameters
Request Headers
This implementation of the operation can use the following request headers in addition to the request
headers common to all operations Request headers are limited to 8 KB in size For more information
see Common Request Headers (p 3)
Name Description Required
CacheControl Can be used to specify caching behavior along the request
reply chain For more information go to httpwwww3org
Protocolsrfc2616rfc2616sec14html#sec149
Type String
Default None
Constraints None
No
Content
Disposition
Specifies presentational information for the object For more
information go to httpwwww3orgProtocolsrfc2616
rfc2616sec19html#sec1951
Type String
Default None
Constraints None
No
ContentEncoding Specifies what content encodings have been applied to the
object and thus what decoding mechanisms must be applied
No
API Version 20060301
292Amazon Simple Storage Service API Reference
Requests
Name Description Required
to obtain the mediatype referenced by the ContentType
header field For more information go to httpwwww3org
Protocolsrfc2616rfc2616sec14html#sec1411
Type String
Default None
Constraints None
ContentLength The size of the object in bytes For more information
go to httpwwww3orgProtocolsrfc2616rfc2616
sec14html#sec1413
Type String
Default None
Constraints None
Yes
ContentMD5 The base64encoded 128bit MD5 digest of the message
(without the headers) according to RFC 1864 This header
can be used as a message integrity check to verify that the
data is the same data that was originally sent Although it is
optional we recommend using the ContentMD5 mechanism
as an endtoend integrity check For more information about
REST request authentication see REST Authentication in the
Amazon Simple Storage Service Developer Guide
Type String
Default None
Constraints None
No
ContentType A standard MIME type describing the format of the contents
For more information go to httpwwww3orgProtocols
rfc2616rfc2616sec14html#sec1417
Type String
Default binaryoctetstream
Valid Values MIME types
Constraints None
No
Expect When your application uses 100continue it does not send
the request body until it receives an acknowledgment If the
message is rejected based on the headers the body of the
message is not sent
Type String
Default None
Valid Values 100continue
Constraints None
No
Expires The date and time at which the object is no longer cacheable
For more information go to httpwwww3orgProtocols
rfc2616rfc2616sec14html#sec1421
Type String
Default None
Constraints None
No
API Version 20060301
293Amazon Simple Storage Service API Reference
Requests
Name Description Required
xamzmeta Headers starting with this prefix are userdefined metadata
Within the PUT request header the userdefined metadata is
limited to 2 KB in size Userdefined metadata is a set of key
value pairs The size of userdefined metadata is measured by
taking the sum of the number of bytes in the UTF8 encoding
of each key and value Amazon S3 doesn't validate or interpret
userdefined metadata
Type String
Default None
Constraints None
No
xamzstorage
class
If you don't specify Standard is the default storage class
Amazon S3 supports other storage classes For more
information go to Storage Classes in the Amazon Simple
Storage Service Developer Guide
Type Enum
Default STANDARD
Valid Values STANDARD | STANDARD_IA |
REDUCED_REDUNDANCY
Constraints You cannot specify GLACIER as the storage
class To transition objects to the GLACIER storage class you
can use lifecycle configuration For more information go to
Object Lifecycle Management in the Amazon Simple Storage
Service Developer Guide
No
xamzwebsite
redirectlocation
If the bucket is configured as a website redirects requests
for this object to another object in the same bucket or to an
external URL Amazon S3 stores the value of this header in
the object metadata For information about object metadata
go to Object Key and Metadata
In the following example the request header sets the redirect
to an object (anotherPagehtml) in the same bucket
xamzwebsiteredirectlocation
anotherPagehtml
In the following example the request header sets the object
redirect to another website
xamzwebsiteredirectlocation http
wwwexamplecom
For more information about website hosting in Amazon S3
go to sections Hosting Websites on Amazon S3 and How to
Configure Website Page Redirects in the Amazon Simple
Storage Service Developer Guide
Type String
Default None
Constraints The value must be prefixed by http or
https The length of the value is limited to 2 KB
No
API Version 20060301
294Amazon Simple Storage Service API Reference
Requests
Access Control List (ACL) Specific Request Headers
Additionally you can use the following access control–related headers with this operation By default
all objects are private only the owner has full control When adding a new object you can grant
permissions to individual AWS accounts or predefined Amazon S3 groups These permissions are then
used to create the Access Control List (ACL) on the object For more information go to Using ACLs
You can use one of the following two ways to grant these permissions
• Specify a canned ACL — Amazon S3 supports a set of predefined ACLs known as canned ACLs
Each canned ACL has a predefined set of grantees and permissions For more information go to
Canned ACL
Name Description Required
xamzacl The canned ACL to apply to the object For more information
see Canned ACL in the Amazon Simple Storage Service
Developer Guide
Type String
Default private
Valid Values private | publicread | publicread
write | awsexecread | authenticatedread |
bucketownerread | bucketownerfullcontrol
Constraints None
No
• Specify access permissions explicitly — If you want to explicitly grant access permissions to
specific AWS accounts or a group you use the following headers Each of the following headers
maps to specific permissions Amazon S3 supports in an ACL For more information go to Access
Control List (ACL) Overview In the header value you specify a list of grantees who get the specific
permission
Name Description Required
xamzgrant
read
Allows grantee to read the object data and its metadata
Type String
Default None
Constraints None
No
xamzgrant
write
Not applicable This applies only when granting permission on a
bucket
Type String
Default None
Constraints None
No
xamzgrant
readacp
Allows grantee to read the object ACL
Type String
Default None
Constraints None
No
xamzgrant
writeacp
Allows grantee to write the ACL for the applicable object
Type String
Default None
Constraints None
No
API Version 20060301
295Amazon Simple Storage Service API Reference
Requests
Name Description Required
xamzgrant
fullcontrol
Allows grantee the READ READ_ACP and WRITE_ACP
permissions on the object
Type String
Default None
Constraints None
No
You specify each grantee as a typevalue pair where the type can be one of the following
• emailAddress – if value specified is the email address of an AWS account
Important
You cannot use an email address to specify a grantee for any AWS region that was created
after 1282014 The following regions were created after 1282014 Asia Pacific (Mumbai)
Asia Pacific (Seoul) EU (Frankfurt) China (Beijing) and AWS GovCloud (US) regions
• id – if value specified is the canonical user ID of an AWS account
• uri – if granting permission to a predefined group
For example the following xamzgrantread header grants read object data and its metadata
permission to the AWS accounts identified by their email addresses
xamzgrantread emailAddressxyz@amazoncom
emailAddressabc@amazoncom
ServerSide Encryption Specific Request Headers
You can optionally request Amazon S3 to encrypt data at rest using serverside encryption Serverside
encryption is about data encryption at rest that is Amazon S3 encrypts your data as it writes it to disks
in its data centers and decrypts it for you when you access it Depending on whether you want to use
AWSmanaged encryption keys or provide your own encryption keys you use the following headers
• Use AWSmanaged encryption keys — If you want Amazon S3 to manage keys used to encrypt
data you specify the following header in the request
Name Description Required
xamzserver
sideencryption
Specifies a serverside encryption algorithm to use when
Amazon S3 creates an object
Type String
Valid Value awskms AES256
Yes
xamzserver
sideencryption
awskmskeyid
If the xamzserversideencryption is present and
has the value of awskms this header specifies the ID of the
AWS Key Management Service (KMS) master encryption key
that was used for the object
Type String
Yes if the
value of
xamz
server
side
encryption
is
awskms
xamzserver
sideencryption
context
If xamzserversideencryption is present and if
its value is awskms this header specifies the encryption
context for the object The value of this header is a base64
No
API Version 20060301
296Amazon Simple Storage Service API Reference
Requests
Name Description Required
encoded UTF8 string holding JSON with the encryption
context keyvalue pairs
Type String
Note
If you specify xamzserversideencryptionawskms but do not provide xamz
serverside encryptionawskmskeyid the default AWS KMS key will be used
to protected the data
Important
All GET and PUT requests for an object protected by AWS KMS will fail if not made via SSL
or by using SigV4
For more information on ServerSide Encryption with Amazon KMSManaged Keys (SSEKMS) go
to Protecting Data Using ServerSide Encryption with AWS KMSManaged Keys in the Amazon
Simple Storage Service Developer Guide
• Use customerprovided encryption keys— If you want to manage your own encryption keys you
must provide all the following headers in the request
Note
If you use this feature the ETag value that Amazon S3 returns in the response will not be
the MD5 of the object
Name Description Required
xamzserver
sideencryption
customer
algorithm
Specifies the algorithm to use to when encrypting the object
Type String
Default None
Valid Value AES256
Constraints Must be accompanied by valid xamzserver
sideencryptioncustomerkey and xamzserver
sideencryptioncustomerkeyMD5 headers
Yes
xamzserver
sideencryption
customerkey
Specifies the customerprovided base64encoded encryption
key for Amazon S3 to use in encrypting data This value is
used to store the object and then is discarded Amazon does
not store the encryption key The key must be appropriate for
use with the algorithm specified in the xamzserverside
encryptioncustomeralgorithm header
Type String
Default None
Constraints Must be accompanied by valid xamzserver
sideencryptioncustomeralgorithm and xamz
serversideencryptioncustomerkeyMD5 headers
Yes
xamzserver
sideencryption
customerkeyMD5
Specifies the base64encoded 128bit MD5 digest of the
encryption key according to RFC 1321 Amazon S3 uses
this header for a message integrity check to ensure the
encryption key was transmitted without error
Yes
API Version 20060301
297Amazon Simple Storage Service API Reference
Responses
Name Description Required
Type String
Default None
Constraints Must be accompanied by valid xamzserver
sideencryptioncustomeralgorithm and xamz
serversideencryptioncustomerkey headers
For more information on ServerSide Encryption with CustomerProvided Encryption Keys (SSEC)
go to Protecting Data Using ServerSide Encryption with CustomerProvided Encryption Keys (SSE
C) in the Amazon Simple Storage Service Developer Guide
Responses
Response Headers
This implementation of the operation can include the following response headers in addition to
the response headers common to all responses For more information see Common Response
Headers (p 5)
Name Description
xamz
expiration
If the object expiration is configured (see PUT Bucket lifecycle (p 190)) the
response includes this header It includes the expirydate and ruleid key
value pairs providing object expiration information The value of the ruleid is
URL encoded
Type String
xamz
serverside
encryption
If you specified serverside encryption either with an AWS KMS or Amazon S3
managed encryption key in your PUT request the response includes this header
It confirms the encryption algorithm that Amazon S3 used to encrypt the object
Type String
xamz
serverside
encryption
awskmskey
id
If the xamzserversideencryption is present and has the value of
awskms this header specifies the ID of the AWS Key Management Service
(KMS) master encryption key that was used for the object
Type String
xamz
serverside
encryption
customer
algorithm
If serverside encryption with customerprovided encryption keys encryption
was requested the response will include this header confirming the encryption
algorithm used
Type String
Valid Values AES256
xamz
serverside
encryption
customerkey
MD5
If serverside encryption using customerprovided encryption keys was
requested the response returns this header to provide roundtrip message
integrity verification of the customerprovided encryption key
Type String
xamz
versionid
Version of the object
API Version 20060301
298Amazon Simple Storage Service API Reference
Examples
Name Description
Type String
Response Elements
This implementation of the operation does not return response elements
Special Errors
This implementation of the operation does not return special errors For general information about
Amazon S3 errors and a list of error codes see Error Responses (p 7)
Examples
Example 1 Upload an Object
Sample Request
The following request stores the image myimagejpg in the bucket myBucket
PUT myimagejpg HTTP11
Host myBuckets3amazonawscom
Date Wed 12 Oct 2009 175000 GMT
Authorization authorization string
ContentType textplain
ContentLength 11434
xamzmetaauthor Janet
Expect 100continue
[11434 bytes of object data]
Sample Response with Versioning Suspended
HTTP11 100 Continue
HTTP11 200 OK
xamzid2 LriYPLdmOdAiIfgSmF1YsViT1LW94xUQxMsF7xiEb1a0wiIOIxl+zbwZ163pt7
xamzrequestid 0A49CE4060975EAC
Date Wed 12 Oct 2009 175000 GMT
ETag 1b2cf535f27731c974343645a3985328
ContentLength 0
Connection close
Server AmazonS3
If an expiration rule created on the bucket using lifecycle configuration applies to the object you
get a response with an xamzexpiration header as shown in the following response For more
information see Transitioning Objects General Considerations in the Amazon Simple Storage Service
Developer Guide
HTTP11 100 Continue
HTTP11 200 OK
API Version 20060301
299Amazon Simple Storage Service API Reference
Examples
xamzid2 LriYPLdmOdAiIfgSmF1YsViT1LW94xUQxMsF7xiEb1a0wiIOIxl+zbwZ163pt7
xamzrequestid 0A49CE4060975EAC
Date Wed 12 Oct 2009 175000 GMT
xamzexpiration expirydateFri 23 Dec 2012 000000 GMT ruleid1
ETag 1b2cf535f27731c974343645a3985328
ContentLength 0
Connection close
Server AmazonS3
Sample Response with Versioning Enabled
If the bucket has versioning enabled the response includes the xamzversionid header
HTTP11 100 Continue
HTTP11 200 OK
xamzid2 LriYPLdmOdAiIfgSmF1YsViT1LW94xUQxMsF7xiEb1a0wiIOIxl+zbwZ163pt7
xamzrequestid 0A49CE4060975EAC
xamzversionid 43jfkodU8493jnFJD9fjj3HHNVfdsQUIFDNsidf038jfdsjGFDSIRp
Date Wed 12 Oct 2009 175000 GMT
ETag fbacf535f27731c9771645a39863328
ContentLength 0
Connection close
Server AmazonS3
Example 2 Upload an Object (Specify Storage Class)
Sample Request Specifying reduced redundancy storage class
The following request stores the image myimagejpg in the bucket myBucket The
request specifies xamzstorageclass header to request object be stored using the
REDUCED_REDUNDANCY storage class
PUT myimagejpg HTTP11
Host myBuckets3amazonawscom
Date Wed 12 Oct 2009 175000 GMT
Authorization authorization string
ContentType imagejpeg
ContentLength 11434
Expect 100continue
xamzstorageclass REDUCED_REDUNDANCY
Sample Response
HTTP11 100 Continue
HTTP11 200 OK
xamzid2 LriYPLdmOdAiIfgSmF1YsViT1LW94xUQxMsF7xiEb1a0wiIOIxl+zbwZ163pt7
xamzrequestid 0A49CE4060975EAC
Date Wed 12 Oct 2009 175000 GMT
ETag 1b2cf535f27731c974343645a3985328
ContentLength 0
Connection close
Server AmazonS3
API Version 20060301
300Amazon Simple Storage Service API Reference
Examples
Example 3Upload an Object (Specify Access Permission
Explicitly)
Sample Request Uploading an object and specifying access permissions
explicitly
The following request stores the file TestObjecttxt in the bucket myBucket The request specifies
various ACL headers to grant permission to AWS accounts specified using canonical user ID and email
address
PUT TestObjecttxt HTTP11
Host myBuckets3amazonawscom
xamzdate Fri 13 Apr 2012 054014 GMT
Authorization authorization string
xamzgrantwriteacp
id8a6925ce4adf588a4532142d3f74dd8c71fa124ExampleCanonicalUserID
xamzgrantfullcontrol emailAddressExampleUser@amazoncom
xamzgrantwrite emailAddressExampleUser1@amazoncom
emailAddressExampleUser2@amazoncom
ContentLength 300
Expect 100continue
Connection KeepAlive
Object data in the body
Sample Response
HTTP11 200 OK
xamzid2 RUxG2sZJUfS+ezeAS2i0Xj6wST6xqF8pFNHjTjTrECW56SCAUWGg+7QLVoj1GH
xamzrequestid 8D017A90827290BA
Date Fri 13 Apr 2012 054025 GMT
ETag dd038b344cf9553547f8b395a814b274
ContentLength 0
Server AmazonS3
Example 4 Upload an Object (Specify Access Permission
Using Canned ACL)
Sample Request Using a canned ACL to set access permissions
The following request stores the file TestObjecttxt in the bucket myBucket The request uses an
xamzacl header to specify a canned ACL to grant READ permission to the public
Object data in the body
PUT TestObjecttxt HTTP11
Host myBuckets3amazonawscom
xamzdate Fri 13 Apr 2012 055457 GMT
xamzacl publicread
Authorization authorization string
ContentLength 300
Expect 100continue
Connection KeepAlive
API Version 20060301
301Amazon Simple Storage Service API Reference
Related Resources
Object data in the body
Sample Response
HTTP11 200 OK
xamzid2 Yd6PSJxJFQeTYJ3dDO7miqJfVMXXW0S2Hijo3WFs4bz6oe2QCVXasxXLZdMfASd
xamzrequestid 80DF413BB3D28A25
Date Fri 13 Apr 2012 055459 GMT
ETag dd038b344cf9553547f8b395a814b274
ContentLength 0
Server AmazonS3
Example 5 Upload an Object (Request ServerSide Encryption
Using CustomerProvided Encryption Key)
In this upload object example you request serverside encryption and provide an encryption key
PUT exampleobject HTTP11
Host examplebuckets3amazonawscom
Accept **
Authorizationauthorization string
Date Wed 28 May 2014 193111 +0000
xamzserversideencryptioncustomer
keyg0lCfA3Dv40jZz5SQJ1ZukLRFqtI5WorC8SEEXAMPLE
xamzserversideencryptioncustomerkeyMD5ZjQrne1XiTcskbY2example
xamzserversideencryptioncustomeralgorithmAES256
In the response Amazon S3 returns the encryption algorithm and MD5 of the encryption key you
specified when uploading the object Note that the ETag returned is not the MD5 of the object
HTTP11 200 OK
xamzid2 7qoYGN7uMuFuYS6m7a4lszH6in+hccE+4DXPmDZ7C9KqucjnZC1gI5mshai6fbMG

xamzrequestid 06437EDD40C407C7
Date Wed 28 May 2014 193112 GMT
xamzserversideencryptioncustomeralgorithm AES256
xamzserversideencryptioncustomerkeyMD5 ZjQrne1XiTcskbY2example
ETag ae89237c20e759c5f479ece02c642f59
Related Resources
• PUT Object Copy (p 310)
• POST Object (p 279)
• GET Object (p 251)
API Version 20060301
302Amazon Simple Storage Service API Reference
PUT Object acl
PUT Object acl
Description
This implementation of the PUT operation uses the acl subresource to set the access control list (ACL)
permissions for an object that already exists in a bucket You must have WRITE_ACP permission to
set the ACL of an object
You can use one of the following two ways to set an object's permissions
• Specify the ACL in the request body or
• Specify permissions using request headers
Depending on your application needs you may choose to set the ACL on an object using either the
request body or the headers For example if you have an existing application that updates an object
ACL using the request body then you can continue to use that approach
Versioning
The ACL of an object is set at the object version level By default PUT sets the ACL of the current
version of an object To set the ACL of a different version use the versionId subresource
To see sample requests that use versioning see Sample Request Setting the ACL of a specified
object version (p 308)
Requests
Syntax
The following request shows the syntax for sending the ACL in the request body If you want to use
headers to specify the permissions for the object you cannot send the ACL in the request body
Instead see the Request Headers section for a list of headers you can use
PUT ObjectNameacl HTTP11
Host BucketNames3amazonawscom
Date date
Authorization authorization string (see Authenticating Requests (AWS
Signature Version
4) (p 15))


ID
EmailAddress



xsitypeCanonicalUser>
ID
EmailAddress

Permission


API Version 20060301
303Amazon Simple Storage Service API Reference
Requests


Note
The syntax shows some of the request headers For a complete list see the Request Headers
section
Request Parameters
This implementation of the operation does not use request parameters
Request Headers
You can use the following request headers in addition to the Common Request Headers (p 3)
Access Control List (ACL) Specific Request Headers
These headers enable you to set access permissions using one of the following methods
• Specify canned ACL or
• Specify the permission for each grantee explicitly
Amazon S3 supports a set of predefined ACLs known as canned ACLs Each canned ACL has a
predefined a set of grantees and permissions For more information see Canned ACL To grant
access permissions by specifying canned ACLs you use the following header and specify the canned
ACL name as its value If you use this header you cannot use other access controlspecific headers in
your request
Name Description Required
xamzacl Sets the ACL of the object using the specified canned ACL For
more information go to Canned ACL in the Amazon Simple
Storage Service Developer Guide
Type String
Valid Values private | publicread | publicread
write | awsexecread | authenticatedread |
bucketownerread | bucketownerfullcontrol
Default private
No
If you need to grant individualized access permissions on an object you can use the following xamz
grantpermission headers When using these headers you specify explicit access permissions and
grantees (AWS accounts or Amazon S3 groups) who will receive the permission If you use these ACL
specific headers you cannot use xamzacl header to set a canned ACL
Note
Each of the following request headers maps to specific permissions Amazon S3 supports in
an ACL For more information go to Access Control List (ACL) Overview
Name Description Required
xamzgrant
read
Allows the specified grantee to list the objects in the bucket
Type String
Default None
Constraints None
No
API Version 20060301
304Amazon Simple Storage Service API Reference
Requests
Name Description Required
xamzgrant
write
Not applicable when granting access permissions on objects You
can use this when granting access permissions on buckets
Type String
Default None
Constraints None
No
xamzgrant
readacp
Allows the specified grantee to read the bucket ACL
Type String
Default None
Constraints None
No
xamzgrant
writeacp
Allows the specified grantee to write the ACL for the applicable
bucket
Type String
Default None
Constraints None
No
xamzgrant
fullcontrol
Allows the specified grantee the READ WRITE READ_ACP and
WRITE_ACP permissions on the bucket
Type String
Default None
Constraints None
No
For each of these headers the value is a commaseparated list of one or more grantees You specify
each grantee as a typevalue pair where the type can be one of the following
• emailAddress — if value specified is the email address of an AWS account
• id — if value specified is the canonical user ID of an AWS account
• uri — if granting permission to a predefined group
For example the following xamzgrantread header grants list objects permission to the two AWS
accounts identified by their email addresses
xamzgrantread emailAddressxyz@amazoncom
emailAddressabc@amazoncom
For more information go to Access Control List (ACL) Overview
Request Elements
If you decide to use the request body to specify an ACL you must use the following elements
Note
If you use the request body you cannot use the request headers to set an ACL
Name Description
AccessControlListContainer for ACL information
Type Container
Ancestors AccessControlPolicy
API Version 20060301
305Amazon Simple Storage Service API Reference
Requests
Name Description
AccessControlPolicyContains the elements that set the ACL permissions for an object per grantee
Type Container
Ancestors None
DisplayName Screen name of the bucket owner
Type String
Ancestors AccessControlPolicyOwner
Grant Container for the grantee and his or her permissions
Type Container
Ancestors AccessControlPolicyAccessControlList
Grantee The subject whose permissions are being set
Type String
Valid Values DisplayName | EmailAddress | AuthenticatedUser For
more information see Grantee Values (p 306)
Ancestors AccessControlPolicyAccessControlListGrant
ID ID of the bucket owner or the ID of the grantee
Type String
Ancestors AccessControlPolicyOwner or
AccessControlPolicyAccessControlListGrant
Owner Container for the bucket owner's display name and ID
Type Container
Ancestors AccessControlPolicy
Permission Specifies the permission given to the grantee
Type String
Valid Values FULL_CONTROL | WRITE | WRITE_ACP | READ | READ_ACP
Ancestors AccessControlPolicyAccessControlListGrant
Grantee Values
You can specify the person (grantee) to whom you're assigning access rights (using request elements)
in the following ways
• By the person's ID
xsitypeCanonicalUser>IDGranteesEmail<
DisplayName>

DisplayName is optional and ignored in the request
• By Email address
xsitypeAmazonCustomerByEmail>Grantees@emailcom<
EmailAddress>ltGrantee>
API Version 20060301
306Amazon Simple Storage Service API Reference
Responses
The grantee is resolved to the CanonicalUser and in a response to a GET Object acl request
appears as the CanonicalUser
• By URI
xsitypeGroup>httpacsamazonawscomgroupsglobal
AuthenticatedUsers
Responses
Response Headers
This implementation of the operation can include the following response headers in addition to
the response headers common to all responses For more information see Common Response
Headers (p 5)
Name Description
xamz
versionid
Version of the object whose ACL is being set
Type String
Default None
Response Elements
This operation does not return response elements
Special Errors
This operation does not return special errors For general information about Amazon S3 errors and a
list of error codes see Error Responses (p 7)
Examples
Sample Request
The following request grants access permission to an existing object The request specifies the ACL
in the body In addition to granting full control to the object owner the XML specifies full control to an
AWS account identified by its canonical user ID
PUT myimagejpgacl HTTP11
Host buckets3amazonawscom
Date Wed 28 Oct 2009 223200 GMT
Authorization authorization string
ContentLength 124


75aa57f09aa0c8caeab4f8c24e99d10f8e7faeebf76c078efc7c6caea54ba06a
CustomersName@amazoncom

API Version 20060301
307Amazon Simple Storage Service API Reference
Examples


xsitypeCanonicalUser>
75aa57f09aa0c8caeab4f8c24e99d10f8e7faeeExampleCanonicalUserID<
ID>
CustomerName@amazoncom

FULL_CONTROL



Sample Response
The following shows a sample response when versioning on the bucket is enabled
HTTP11 200 OK
xamzid2 eftixk72aD6Ap51T9AS1ed4OpIszj7UDNEHGran
xamzrequestid 318BC8BC148832E5
xamzversionid 3L4kqtJlcpXrof3vjVBH40Nr8X8gdRQBpUMLUo
Date Wed 28 Oct 2009 223200 GMT
LastModified Sun 1 Jan 2006 120000 GMT
ContentLength 0
Connection close
Server AmazonS3
Sample Request Setting the ACL of a specified object version
The following request sets the ACL on the specified version of the object
PUT myimagejpgacl&versionId3HL4kqtJlcpXroDTDmJ+rmSpXd3dIbrHY
+MTRCxf3vjVBH40Nrjfkd HTTP11
Host buckets3amazonawscom
Date Wed 28 Oct 2009 223200 GMT
Authorization authorization string
ContentLength 124



75aa57f09aa0c8caeab4f8c24e99d10f8e7faeebf76c078efc7c6caea54ba06a
mtd@amazoncom



xsitypeCanonicalUser>

75aa57f09aa0c8caeab4f8c24e99d10f8e7faeebf76c078efc7c6caea54ba06a
mtd@amazoncom

FULL_CONTROL



API Version 20060301
308Amazon Simple Storage Service API Reference
Related Resources
Sample Response
HTTP11 200 OK
xamzid2 eftixk72aD6Ap51u8yU9AS1ed4OpIszj7UDNEHGran
xamzrequestid 318BC8BC148832E5
xamzversionid 3L4kqtJlcpXro3vjVBH40Nr8X8gdRQBpUMLUo
Date Wed 28 Oct 2009 223200 GMT
LastModified Sun 1 Jan 2006 120000 GMT
ContentLength 0
Connection close
Server AmazonS3
Sample Request Access permissions specified using headers
The following request uses ACLspecific request headers xamzacl and specifies a canned ACL
(public_read) to grant object read access to everyone
PUT ExampleObjecttxtacl HTTP11
Host examplebuckets3amazonawscom
xamzacl publicread
Accept **
Authorization authorization string
Host s3amazonawscom
Connection KeepAlive
Sample Response
HTTP11 200 OK
xamzid2 w5YegkbG6ZDsje4WK56RWPxNQHIQ0CjrjyRVFZhEJI9E3kbabXnBO9w5G7Dmxsgk
xamzrequestid C13B2827BD8455B1
Date Sun 29 Apr 2012 232412 GMT
ContentLength 0
Server AmazonS3
Related Resources
• PUT Object Copy (p 310)
• POST Object (p 279)
• GET Object (p 251)
API Version 20060301
309Amazon Simple Storage Service API Reference
PUT Object Copy
PUT Object Copy
Description
This implementation of the PUT operation creates a copy of an object that is already stored in Amazon
S3 A PUT copy operation is the same as performing a GET and then a PUT Adding the request header
xamzcopysource makes the PUT operation copy the source object into the destination bucket
Note
You can store individual objects of up to 5 TB in Amazon S3 You create a copy of your object
up to 5 GB in size in a single atomic operation using this API However for copying an object
greater than 5 GB you must use the multipart upload Upload Part Copy (p 338) API
For conceptual information see Copy Object Using the REST Multipart Upload API in the
Amazon Simple Storage Service Developer Guide
When copying an object you can preserve most of the metadata (default) or specify new metadata
However the ACL is not preserved and is set to private for the user making the request
Important
Amazon S3 Transfer Acceleration does not support cross region copies You will get a
400 Bad Request error if you request a cross region copy using a Transfer Acceleration
endpoint For more information about transfer acceleration see Transfer Acceleration in the
Amazon Simple Storage Service Developer Guide
All copy requests must be authenticated and cannot contain a message body Additionally you must
have READ access to the source object and WRITE access to the destination bucket For more
information see REST Authentication
To copy an object only under certain conditions such as whether the ETag matches or whether the
object was modified before or after a specified date use the request headers xamzcopysource
ifmatch xamzcopysourceifnonematch xamzcopysourceifunmodified
since or xamzcopysourceifmodifiedsince
Note
All headers prefixed with xamz must be signed including xamzcopysource
You can use this operation to change the storage class of an object that is already stored in Amazon
S3 using the xamzstorageclass request header For more information go to Storage Classes in
the Amazon Simple Storage Service Developer Guide
The source object that you are copying can be encrypted or unencrypted If the source object is
encrypted it can be encrypted by serverside encryption using AWSmanaged encryption keys or by
using a customerprovided encryption key When copying an object you can request that Amazon
S3 encrypt the target object by using either the AWSmanaged encryption keys or by using your own
encryption key regardless of what form of serverside encryption was used to encrypt the source or if
the source object was not encrypted For more information about serverside encryption go to Using
ServerSide Encryption in the Amazon Simple Storage Service Developer Guide
There are two opportunities for a copy request to return an error One can occur when Amazon S3
receives the copy request and the other can occur while Amazon S3 is copying the files If the error
occurs before the copy operation starts you receive a standard Amazon S3 error If the error occurs
during the copy operation the error response is embedded in the 200 OK response This means that
a 200 OK response can contain either a success or an error Make sure to design your application to
parse the contents of the response and handle it appropriately
If the copy is successful you receive a response that contains the information about the copied object
Note
If the request is an HTTP 11 request the response is chunk encoded Otherwise it will not
contain the contentlength and you will need to read the entire body
API Version 20060301
310Amazon Simple Storage Service API Reference
Versioning
Versioning
By default xamzcopysource identifies the current version of an object to copy (If the current
version is a delete marker Amazon S3 behaves as if the object was deleted) To copy a different
version use the versionId subresource
If you enable versioning on the target bucket Amazon S3 generates a unique version ID for the object
being copied This version ID is different from the version ID of the source object Amazon S3 returns
the version ID of the copied object in the xamzversionid response header in the response
If you do not enable versioning or suspend it on the target bucket the version ID Amazon S3 generates
is always null
If the source object's storage class is GLACIER then you must first restore a copy of this object before
you can use it as a source object for the copy operation For more information see POST Object
restore (p 288)
To see sample requests that use versioning see Sample Request Copying a specified version of an
object (p 321)
Access Permissions
When copying an object you can optionally specify the accounts or groups that should be granted
specific permissions on the new object There are two ways to grant the permissions using the request
headers
• Specify a canned ACL using the xamzacl request header For more information see Canned
ACL in the Amazon Simple Storage Service Developer Guide
• Specify access permissions explicitly using the xamzgrantread xamzgrantreadacp x
amzgrantwriteacp and xamzgrantfullcontrol headers These headers map to the
set of permissions Amazon S3 supports in an ACL For more information go to Access Control List
(ACL) Overview in the Amazon Simple Storage Service Developer Guide
Note
You can use either a canned ACL or specify access permissions explicitly You cannot do
both
Requests
Syntax
PUT destinationObject HTTP11
Host destinationBuckets3amazonawscom
xamzcopysource source_bucketsourceObject
xamzmetadatadirective metadata_directive
xamzcopysourceifmatch etag
xamzcopysourceifnonematch etag
xamzcopysourceifunmodifiedsince time_stamp
xamzcopysourceifmodifiedsince time_stamp

Authorization authorization string (see Authenticating Requests (AWS
Signature Version
4) (p 15))
Date date
API Version 20060301
311Amazon Simple Storage Service API Reference
Requests
Note
The syntax shows only some of the request headers For a complete list see the Request
Headers section
Request Parameters
This implementation of the operation does not use request parameters
Request Headers
This implementation of the operation can use the following request headers in addition to the request
headers common to all operations Request headers are limited to 8 KB in size For more information
see Common Request Headers (p 3)
Name Description Required
xamzcopysource The name of the source bucket and key name
of the source object separated by a slash ()
Type String
Default None
Constraints
This string must be URLencoded Additionally
the source bucket must be valid and you must
have READ access to the valid source object
If the source object is archived in Amazon
Glacier (storage class of the object is GLACIER)
you must first restore a temporary copy
using the POST Object restore (p 288)
Otherwise Amazon S3 returns the 403
ObjectNotInActiveTierError error
response
Yes
xamzmetadatadirective Specifies whether the metadata is copied from
the source object or replaced with metadata
provided in the request
• If copied the metadata except for the version
ID remains unchanged In addition the
serversideencryption storage
class and websiteredirectlocation
metadata from the source is not copied If you
specify this metadata explicitly in the copy
request Amazon S3 adds this metadata to
the resulting object If you specify headers
in the request specifying any userdefined
metadata Amazon S3 ignores these headers
• If replaced all original metadata is replaced
by the metadata you specify
Type String
Default COPY
Valid values COPY | REPLACE
Constraints Values other than COPY or
REPLACE result in an immediate 400based
error response You cannot copy an object to
No
API Version 20060301
312Amazon Simple Storage Service API Reference
Requests
Name Description Required
itself unless the MetadataDirective header
is specified and its value set to REPLACE
For information on supported metadata see
Common Request Headers (p 3)
xamzcopysourceifmatch Copies the object if its entity tag (ETag)
matches the specified tag otherwise the
request returns a 412 HTTP status code error
(failed precondition)
See Consideration 1 (p 314)
Type String
Default None
Constraints This header can be used with x
amzcopysourceifunmodifiedsince
but cannot be used with other conditional copy
headers
No
xamzcopysourceifnone
match
Copies the object if its entity tag (ETag) is
different than the specified ETag otherwise the
request returns a 412 HTTP status code error
(failed precondition)
See Consideration 2 (p 315)
Type String
Default None
Constraints This header can be used with x
amzcopysourceifmodifiedsince
but cannot be used with other conditional copy
headers
No
xamzcopysourceif
unmodifiedsince
Copies the object if it hasn't been modified
since the specified time otherwise the request
returns a 412 HTTP status code error (failed
precondition)
See Consideration 1 (p 314)
Type String
Default None
Constraints This must be a valid HTTP date
This header can be used with xamzcopy
sourceifmatch but cannot be used with
other conditional copy headers
No
xamzcopysourceif
modifiedsince
Copies the object if it has been modified since
the specified time otherwise the request
returns a 412 HTTP status code error (failed
condition)
See Consideration 2 (p 315)
Type String
Default None
Constraints This must be a valid HTTP date
This header can be used with xamzcopy
sourceifnonematch but cannot be used
with other conditional copy headers
No
API Version 20060301
313Amazon Simple Storage Service API Reference
Requests
Name Description Required
xamzstorageclass If you don't specify Standard is the default
storage class Amazon S3 supports other
storage classes For more information go to
Storage Classes in the Amazon Simple Storage
Service Developer Guide
Type Enum
Default STANDARD
Valid Values STANDARD | STANDARD_IA |
REDUCED_REDUNDANCY
Constraints You cannot specify GLACIER as
the storage class To transition objects to the
GLACIER storage class you can use lifecycle
configuration For more information go to
Object Lifecycle Management in the Amazon
Simple Storage Service Developer Guide
No
xamzwebsiteredirect
location
If the bucket is configured as a website
redirects requests for this object to another
object in the same bucket or to an external
URL Amazon S3 stores the value of this
header in the object metadata For information
about object metadata go to Object Key and
Metadata
In the following example the request header
sets the redirect to an object (anotherPagehtml)
in the same bucket
xamzwebsiteredirectlocation
anotherPagehtml
In the following example the request header
sets the object redirect to another website
xamzwebsiteredirectlocation
httpwwwexamplecom
For more information about website hosting in
Amazon S3 go to sections Hosting Websites
on Amazon S3 and How to Configure Website
Page Redirects in the Amazon Simple Storage
Service Developer Guide
Type String
Default None
Constraints The value must be prefixed by
http or https The length of the value is
limited to 2 K
No
Note the following additional considerations about the preceding request headers
• Consideration 1 – If both of the xamzcopysourceifmatch and xamzcopysourceif
unmodifiedsince headers are present in the request as follows
API Version 20060301
314Amazon Simple Storage Service API Reference
Requests
xamzcopysourceifmatch condition evaluates to true and
xamzcopysourceifunmodifiedsince condition evaluates to false
then S3 returns 200 OK and copies the data

• Consideration 2 – If both of the xamzcopysourceifnonematch and xamzcopy
sourceifmodifiedsince headers are present in the request as follows
xamzcopysourceifnonematch condition evaluates to false and
xamzcopysourceifmodifiedsince condition evaluates to true
then S3 returns 412 Precondition Failed response code
ServerSide Encryption Specific Request Headers
If you want your target object encrypted you will need to provide appropriate encryption related
request headers depending on whether you want to use AWSmanaged encryption keys or provide
your own encryption key
• If you want the target object encrypted using serverside encryption with an AWSmanaged
encryption key you provide the following request header
Name Description Required
xamzserver
sideencryption
Specifies a serverside encryption algorithm to use when
Amazon S3 creates an object
Type String
Valid Value awskms AES256
Yes
xamzserver
sideencryption
awskmskeyid
If the xamzserversideencryption is present and
has the value of awskms this header specifies the ID of the
AWS Key Management Service (KMS) master encryption key
that was used for the object
Type String
Yes if the
value of
xamz
server
side
encryption
is
awskms
xamzserver
sideencryption
context
If xamzserversideencryption is present and if
its value is awskms this header specifies the encryption
context for the object The value of this header is a base64
encoded UTF8 string holding JSON with the encryption
context keyvalue pairs
Type String
No
Note
If you specify xamzserversideencryptionawskms but do not provide xamz
serverside encryptionawskmskeyid the default AWS KMS key will be used
to protected the data
Important
All GET and PUT requests for an object protected by AWS KMS will fail if not made via SSL
or by using SigV4
API Version 20060301
315Amazon Simple Storage Service API Reference
Requests
For more information on ServerSide Encryption with Amazon KMSManaged Keys (SSEKMS) go
to Protecting Data Using ServerSide Encryption with AWS KMSManaged Keys in the Amazon
Simple Storage Service Developer Guide
• If you want the target object encrypted using serverside encryption with an encryption key you
provide you must provide encryption information using the following headers
Name Description Required
xamzserver
sideencryption
customer
algorithm
Specifies the algorithm to use to when encrypting the object
Type String
Default None
Valid Value AES256
Constraints Must be accompanied by valid xamzserver
sideencryptioncustomerkey and xamzserver
sideencryptioncustomerkeyMD5 headers
Yes
xamzserver
sideencryption
customerkey
Specifies the customerprovided base64encoded encryption
key for Amazon S3 to use in encrypting data This value is
used to store the object and then is discarded Amazon does
not store the encryption key The key must be appropriate for
use with the algorithm specified in the xamzserverside
encryptioncustomeralgorithm header
Type String
Default None
Constraints Must be accompanied by valid xamzserver
sideencryptioncustomeralgorithm and xamz
serversideencryptioncustomerkeyMD5 headers
Yes
xamzserver
sideencryption
customerkeyMD5
Specifies the base64encoded 128bit MD5 digest of the
encryption key according to RFC 1321 Amazon S3 uses
this header as a message integrity check to ensure the
encryption key was transmitted without error
Type String
Default None
Constraints Must be accompanied by valid xamzserver
sideencryptioncustomeralgorithm and xamz
serversideencryptioncustomerkey headers
Yes
• If the source object is encrypted using serverside encryption with customerprovided encryption
keys you must use the following headers providing encryption information so that Amazon S3 can
decrypt the object for copying
Name Description Required
xamzcopy
sourceserver
sideencryption
customer
algorithm
Specifies the algorithm to use when decrypting the source
object
Type String
Yes
API Version 20060301
316Amazon Simple Storage Service API Reference
Requests
Name Description Required
Default None
Valid Value AES256
Constraints Must be accompanied by valid xamzcopy
sourceserversideencryptioncustomerkey
and xamzcopysourceserversideencryption
customerkeyMD5 headers
xamzcopy
sourceserver
sideencryption
customerkey
Specifies the customerprovided base64encoded encryption
key for Amazon S3 to use to decrypt the source object After
the copy operation Amazon S3 will discard this key The
encryption key provided in this header must be one that was
used when the source object was created
Type String
Default None
Constraints Must be accompanied by valid xamzcopy
sourceserversideencryptioncustomer
algorithm and xamzcopysourceserverside
encryptioncustomerkeyMD5 headers
Yes
xamzcopy
sourceserver
sideencryption
customerkeyMD5
Specifies the base64encoded 128bit MD5 digest of the
encryption key according to RFC 1321 Amazon S3 uses
this header for a message integrity check to ensure the
encryption key was transmitted without error
Type String
Default None
Constraints Must be accompanied by valid xamzcopy
sourceserversideencryptioncustomer
algorithm and xamzcopysourceserverside
encryptioncustomerkey headers
Yes
For more information on ServerSide Encryption with CustomerProvided Encryption Keys (SSEC)
go to Protecting Data Using ServerSide Encryption with CustomerProvided Encryption Keys (SSE
C) in the Amazon Simple Storage Service Developer Guide
Access Control List (ACL) Specific Request Headers
Additionally you can use the following access control–related headers with this operation By default
all objects are private only the owner has full access control When adding a new object you can
grant permissions to individual AWS accounts or predefined groups defined by Amazon S3 These
permissions are then added to the Access Control List (ACL) on the object For more information go
to Using ACLs This operation enables you to grant access permissions using one of the following two
methods
• Specify a canned ACL — Amazon S3 supports a set of predefined ACLs known as canned ACLs
Each canned ACL has a predefined set of grantees and permissions For more information go to
Canned ACL
API Version 20060301
317Amazon Simple Storage Service API Reference
Requests
Name Description Required
xamzacl The canned ACL to apply to the object
Type String
Default private
Valid Values private | publicread | publicread
write | awsexecread | authenticatedread |
bucketownerread | bucketownerfullcontrol
Constraints None
No
• Specify access permissions explicitly — If you want to explicitly grant access permissions to
specific AWS accounts or groups you can use the following headers Each of these headers maps
to specific permissions Amazon S3 supports in an ACL For more information go to Access Control
List (ACL) Overview In the header you specify a list of grantees who get the specific permission
Name Description Required
xamzgrant
read
Allows grantee to read the object data and its metadata
Type String
Default None
Constraints None
No
xamzgrant
write
Not applicable This applies only when granting access
permissions on a bucket
Type String
Default None
Constraints None
No
xamzgrant
readacp
Allows grantee to read the object ACL
Type String
Default None
Constraints None
No
xamzgrant
writeacp
Allows grantee to write the ACL for the applicable object
Type String
Default None
Constraints None
No
xamzgrant
fullcontrol
Allows grantee the READ READ_ACP and WRITE_ACP
permissions on the object
Type String
Default None
Constraints None
No
You specify each grantee as a typevalue pair where the type can be one of the following
• emailAddress – if value specified is the email address of an AWS account
• id – if value specified is the canonical user ID of an AWS account
• uri – if granting permission to a predefined group
API Version 20060301
318Amazon Simple Storage Service API Reference
Responses
For example the following xamzgrantread header grants read object data and its metadata
permission to the AWS accounts identified by their email addresses
xamzgrantread emailAddressxyz@amazoncom
emailAddressabc@amazoncom
Request Elements
This implementation of the operation does not use request elements
Responses
Response Headers
This implementation of the operation can include the following response headers in addition to
the response headers common to all responses For more information see Common Response
Headers (p 5)
Name Description
xamzexpiration Amazon S3 will return this header if an Expiration action
is configured for the object as part of the bucket's lifecycle
configuration The header value includes an expirydate
component and a URLencoded ruleid component Note that
for versionenabled buckets this header applies only to current
versions Amazon S3 does not provide a header to infer when
a noncurrent version will be eligible for permanent deletion For
more information see PUT Bucket lifecycle (p 190)
Type String
xamzcopysourceversion
id
Version of the source object that was copied
Type String
xamzserverside
encryption
If you specified serverside encryption either with an AWS KMS
or Amazon S3managed encryption key in your copy request
the response includes this header It confirms the encryption
algorithm that Amazon S3 used to encrypt the object
Type String
xamzserverside
encryptionawskmskeyid
If the xamzserversideencryption is present and has
the value of awskms this header specifies the ID of the AWS
Key Management Service (KMS) master encryption key that
was used for the object
Type String
xamzserverside
encryptioncustomer
algorithm
If serverside encryption with customerprovided encryption
keys (SSEC) encryption was requested the response will
include this header confirming the encryption algorithm used for
the destination object
Type String
Valid Values AES256
xamzserverside
encryptioncustomerkey
MD5
If SSEC encryption was requested the response includes
this header to provide roundtrip message integrity verification
of the customerprovided encryption key used to encrypt the
destination object
API Version 20060301
319Amazon Simple Storage Service API Reference
Examples
Name Description
Type String
xamzversionid Version of the copied object in the destination bucket
Type String
Response Elements
Name Description
CopyObjectResult Container for all response elements
Type Container
Ancestor None
ETag Returns the ETag of the new object The ETag reflects changes
only to the contents of an object not its metadata The source and
destination ETag will be identical for a successfully copied object
Type String
Ancestor CopyObjectResult
LastModified Returns the date the object was last modified
Type String
Ancestor CopyObjectResult
Special Errors
This implementation of the operation does not return special errors For general information about
Amazon S3 errors and a list of error codes see Error Responses (p 7)
Examples
Sample Request
This example copies myimagejpg into the bucket bucket with the key name mysecond
imagejpg
PUT mysecondimagejpg HTTP11
Host buckets3amazonawscom
Date Wed 28 Oct 2009 223200 GMT
xamzcopysource bucketmyimagejpg
Authorization authorization string
Sample Response
HTTP11 200 OK
xamzid2 eftixk72aD6Ap51TnqcoF8eFidJG9Z2mkiDFu8yU9AS1ed4OpIszj7UDNEHGran
xamzrequestid 318BC8BC148832E5
xamzcopysourceversionid 3L4kqtJlcpXroDTDmJ+rmSpXd3dIbrHY
+MTRCxf3vjVBH40Nr8X8gdRQBpUMLUo
xamzversionid QUpfdndhfd8438MNFDN93jdnJFkdmqnh893
Date Wed 28 Oct 2009 223200 GMT
API Version 20060301
320Amazon Simple Storage Service API Reference
Examples
Connection close
Server AmazonS3

20091028T223200
9b2cf535f27731c974343645a3985328

xamzversionid returns the version ID of the object in the destination bucket and xamzcopy
sourceversionid returns the version ID of the source object
Sample Request Copying a specified version of an object
The following request copies the key myimagejpg with the specified version ID and copies it into
the bucket bucket and gives it the key mysecondimagejpg
PUT mysecondimagejpg HTTP11
Host buckets3amazonawscom
Date Wed 28 Oct 2009 223200 GMT
xamzcopysource bucketmyimagejpgversionId3L4kqtJlcpXroDTDmJ
+rmSpXd3dIbrHY+MTRCxf3vjVBH40Nr8X8gdRQBpUMLUo
Authorization authorization string
Success Response Copying a versioned object into a version
enabled bucket
The following response shows that an object was copied into a target bucket where Versioning is
enabled
HTTP11 200 OK
xamzid2 eftixk72aD6Ap51TnqcoF8eFidJG9Z2mkiDFu8yU9AS1ed4OpIszj7UDNEHGran
xamzrequestid 318BC8BC148832E5
xamzversionid QUpfdndhfd8438MNFDN93jdnJFkdmqnh893
xamzcopysourceversionid 09df8234529fjs0dfi0w52935029wefdj
Date Wed 28 Oct 2009 223200 GMT
Connection close
Server AmazonS3



20091028T223200
9b2cf535f27731c974343645a3985328

Success Response Copying a versioned object into a version
suspended bucket
The following response shows that an object was copied into a target bucket where versioning is
suspended Note that the parameter does not appear
HTTP11 200 OK
xamzid2 eftixk72aD6Ap51TnqcoF8eFidJG9Z2mkiDFu8yU9AS1ed4OpIszj7UDNEHGran
xamzrequestid 318BC8BC148832E5
API Version 20060301
321Amazon Simple Storage Service API Reference
Examples
xamzcopysourceversionid 3L4kqtJlcpXroDTDmJ+rmSpXd3dIbrHY
+MTRCxf3vjVBH40Nr8X8gdRQBpUMLUo
Date Wed 28 Oct 2009 223200 GMT
Connection close
Server AmazonS3


20091028T223200
9b2cf535f27731c974343645a3985328

Sample Copy from unencrypted object to an object encrypted
with serverside encryption with customerprovided encryption
keys
The following example specifies the HTTP PUT header to copy an unencrypted object to an object
encrypted with serverside encryption with customerprovided encryption keys (SSEC)
PUT exampleDestinationObject HTTP11
Host exampledestinationbuckets3amazonawscom
xamzserversideencryptioncustomeralgorithm AES256
xamzserversideencryptioncustomerkey Base64(YourKey)
xamzserversideencryptioncustomerkeyMD5 Base64(MD5(YourKey))
xamzmetadatadirective metadata_directive
xamzcopysource example_source_bucketexampleSourceObject
xamzcopysourceifmatch etag
xamzcopysourceifnonematch etag
xamzcopysourceifunmodifiedsince time_stamp
xamzcopysourceifmodifiedsince time_stamp

Authorization authorization string (see Authenticating Requests (AWS
Signature Version
4) (p 15))
Date date
Sample Copy from an object encrypted with SSEC to an
object encrypted with SSEC
The following example specifies the HTTP PUT header to copy an object encrypted with serverside
encryption with customerprovided encryption keys to an object encrypted with serverside encryption
with customerprovided encryption keys for key rotation
PUT exampleDestinationObject HTTP11
Host exampledestinationbuckets3amazonawscom
xamzserversideencryptioncustomeralgorithm AES256
xamzserversideencryptioncustomerkey Base64(NewKey)
xamzserversideencryptioncustomerkeyMD5 Base64(MD5(NewKey))
xamzmetadatadirective metadata_directive
xamzcopysource source_bucketsourceObject
xamzcopysourceifmatch etag
xamzcopysourceifnonematch etag
xamzcopysourceifunmodifiedsince time_stamp
xamzcopysourceifmodifiedsince time_stamp
API Version 20060301
322Amazon Simple Storage Service API Reference
Related Resources
xamzcopysourceserversideencryptioncustomeralgorithm AES256
xamzcopysourceserversideencryptioncustomerkey Base64(OldKey)
xamzcopysourceserversideencryptioncustomerkeyMD5
Base64(MD5(OldKey))

Authorization authorization string (see Authenticating Requests (AWS
Signature Version
4) (p 15))
Date date
Related Resources
• Copying Objects
• PUT Object (p 291)
• GET Object (p 251)
API Version 20060301
323Amazon Simple Storage Service API Reference
Initiate Multipart Upload
Initiate Multipart Upload
Description
This operation initiates a multipart upload and returns an upload ID This upload ID is used to associate
all of the parts in the specific multipart upload You specify this upload ID in each of your subsequent
upload part requests (see Upload Part (p 333)) You also include this upload ID in the final request to
either complete or abort the multipart upload request
For more information about multipart uploads see Multipart Upload Overview in the Amazon Simple
Storage Service Developer Guide
If you have configured a lifecycle rule to abort incomplete multipart uploads the upload must complete
within the number of days specified in the bucket lifecycle configuration Otherwise the incomplete
multipart upload becomes eligible for an abort operation and Amazon S3 aborts the multipart upload
For more information see Aborting Incomplete Multipart Uploads Using a Bucket Lifecycle Policy in the
Amazon Simple Storage Service Developer Guide
For information about the permissions required to use the multipart upload API see Multipart Upload
API and Permissions in the Amazon Simple Storage Service Developer Guide
For request signing multipart upload is just a series of regular requests—you initiate a multipart
upload you send one or more requests to upload parts and then you complete the multipart upload
You sign each request individually There is nothing special about signing multipart upload requests
For more information about signing see Authenticating Requests (AWS Signature Version 4) (p 15)
Note
After you initiate a multipart upload and upload one or more parts you must either complete
or abort the multipart upload in order to stop getting charged for storage of the uploaded parts
Only after you either complete or abort a multipart upload will Amazon S3 free up the parts
storage and stop charging you for the parts storage
You can optionally request serverside encryption where Amazon S3 encrypts your data as it writes
it to disks in its data centers and decrypts it for you when you access it You have the options of
providing your own encryption key using AWS Key Management Service (KMS) encryption keys
or the Amazon S3managed encryption keys If you choose to provide your own encryption key the
request headers you provide in Upload Part (p 333) and Upload Part Copy (p 338) requests
must match the headers you used in the request to initiate the upload by using Initiate Multipart
Upload (p 324) For more information see Protecting Data Using ServerSide Encryption in the
Amazon Simple Storage Service Developer Guide
Requests
Syntax
POST ObjectNameuploads HTTP11
Host BucketNames3amazonawscom
Date date
Authorization authorization string (see Authenticating Requests (AWS
Signature Version
4) (p 15))
Request Parameters
This operation does not use request parameters
API Version 20060301
324Amazon Simple Storage Service API Reference
Requests
Request Headers
Name Description Required
CacheControl Can be used to specify caching behavior along the requestreply
chain For more information see httpwwww3orgProtocols
rfc2616rfc2616sec14html#sec149
Type String
Default None
No
Content
Disposition
Specifies presentational information for the object For more
information see httpwwww3orgProtocolsrfc2616rfc2616
sec19html#sec1951
Type String
Default None
No
Content
Encoding
Specifies what content encodings have been applied to the
object and thus what decoding mechanisms must be applied to
obtain the mediatype referenced by the ContentType header
field For more information go to httpwwww3orgProtocols
rfc2616rfc2616sec14html#sec1411
Type String
Default None
No
ContentType A standard MIME type describing the format of the object data
For more information see httpwwww3orgProtocolsrfc2616
rfc2616sec14html#sec1417
Type String
Default binaryoctelstream
Constraints MIME types only
No
Expires The date and time at which the object is no longer cacheable
For more information see httpwwww3orgProtocolsrfc2616
rfc2616sec14html#sec1421
Type String
Default None
No
xamzmeta Headers starting with this prefix are userdefined metadata
Each one is stored and returned as a set of keyvalue pairs
Amazon S3 doesn't validate or interpret userdefined metadata
For more information see PUT Object (p 291)
Type String
Default None
No
API Version 20060301
325Amazon Simple Storage Service API Reference
Requests
Name Description Required
xamzstorage
class
The type of storage to use for the object that is created after
successful multipart upload If you don't specify Standard is
the default storage class Amazon S3 supports other storage
classes For more information see Storage Classes in the
Amazon Simple Storage Service Developer Guide
Type Enum
Default STANDARD
Valid Values STANDARD | STANDARD_IA |
REDUCED_REDUNDANCY
Constraints You cannot specify GLACIER as the storage class
To transition objects to the GLACIER storage class you can
use lifecycle configuration For more information see Object
Lifecycle Management in the Amazon Simple Storage Service
Developer Guide
No
xamzwebsite
redirect
location
If the bucket is configured as a website redirect requests for
this object to another object in the same bucket or to an external
URL Amazon S3 stores the value of this header in the object
metadata For information about object metadata see Object
Key and Metadata
In the following example the request header sets the redirect to
an object (anotherPagehtml) in the same bucket
xamzwebsiteredirectlocation
anotherPagehtml
In the following example the request header sets the object
redirect to another website
xamzwebsiteredirectlocation http
wwwexamplecom
For more information about website hosting in Amazon S3
see Hosting Websites on Amazon S3 and How to Configure
Website Page Redirects in the Amazon Simple Storage Service
Developer Guide
Type String
Default None
Constraints The value must be prefixed by http or
https The length of the value is limited to 2 K
No
Access Control List (ACL) Specific Request Headers
Additionally you can use the following access controlrelated headers with this operation By default
all objects are private and only the owner has full access control When adding a new object you can
grant permissions to individual AWS accounts or predefined groups defined by Amazon S3 These
permissions are then added to the Access Control List (ACL) on the object For more information see
Access Control List (ACL) Overview in the Amazon Simple Storage Service Developer Guide This
operation enables you to grant access permissions using one of the following methods
API Version 20060301
326Amazon Simple Storage Service API Reference
Requests
• Specify canned ACL – Amazon S3 supports a set of predefined ACLs known as canned ACLs
Each canned ACL has a predefined set of grantees and permissions For more information see
Canned ACL
Name Description Required
xamzacl The canned ACL to apply to the object
Type String
Default private
Valid Values private | publicread | publicread
write | awsexecread | authenticatedread |
bucketownerread | bucketownerfullcontrol
Constraints None
No
• Specify access permissions explicitly – If you want to explicitly grant access permissions to
specific AWS accounts or groups you can use the following headers Each of these headers maps
to specific permissions Amazon S3 supports in an ACL For more information see Access Control
List (ACL) Overview In the header you specify a list of grantees who get the specific permission
Name Description Required
xamzgrantread Allows grantee to read the object data and its metadata
Type String
Default None
Constraints None
No
xamzgrantwrite Not applicable
Type String
Default None
Constraints None
No
xamzgrantread
acp
Allows grantee to read the object ACL
Type String
Default None
Constraints None
No
xamzgrant
writeacp
Allows grantee to write the ACL for the applicable object
Type String
Default None
Constraints None
No
xamzgrantfull
control
Allows grantee the READ READ_ACP and WRITE_ACP
permissions on the object
Type String
Default None
Constraints None
No
You specify each grantee as a typevalue pair where the type can be one of the following
• emailAddress – If the specified value is the email address of an AWS account
• id – If the specified value is the canonical user ID of an AWS account
• uri – If you are granting permission to a predefined group
API Version 20060301
327Amazon Simple Storage Service API Reference
Requests
For example the following xamzgrantread header grants read object data and its metadata
permissions to the AWS accounts identified by their email addresses
xamzgrantread emailAddressxyz@amazoncom
emailAddressabc@amazoncom
ServerSide Encryption–Specific Request Headers
You can optionally request Amazon S3 to encrypt data at rest using serverside encryption Serverside
encryption is about data encryption at rest that is Amazon S3 encrypts your data as it writes it to disks
in its data centers and decrypts it for you when you access it Depending on whether you want to use
AWSmanaged encryption keys or provide your own encryption keys you use the following headers
• Use encryption keys managed by AWS KMS or Amazon S3 – If you want AWS to manage keys
used to encrypt data you specify the following headers in the request
Name Description Required
xamzserver
sideencryption
Specifies a serverside encryption algorithm to use when
Amazon S3 creates an object
Type String
Valid Value awskms AES256
Yes
xamzserver
sideencryption
awskmskeyid
If the xamzserversideencryption is present and
has the value of awskms this header specifies the ID of the
AWS Key Management Service (KMS) master encryption key
that was used for the object
Type String
Yes if the
value of
xamz
server
side
encryption
is
awskms
xamzserver
sideencryption
context
If xamzserversideencryption is present and if
its value is awskms this header specifies the encryption
context for the object The value of this header is a base64
encoded UTF8 string holding JSON with the encryption
context keyvalue pairs
Type String
No
Note
If you specify xamzserversideencryptionawskms but do not provide xamz
serverside encryptionawskmskeyid the default AWS KMS key will be used
to protected the data
For more information on ServerSide Encryption with Amazon KMSManaged Keys (SSEKMS) see
Protecting Data Using ServerSide Encryption with AWS KMSManaged Keys in the Amazon Simple
Storage Service Developer Guide
• Use customerprovided encryption keys – If you want to manage your own encryption keys you
must provide all the following headers in the request
Name Description Required
xamzserver
sideencryption
customer
algorithm
Specifies the algorithm to use to when encrypting the object
Type String
Yes
API Version 20060301
328Amazon Simple Storage Service API Reference
Responses
Name Description Required
Default None
Valid Value AES256
Constraints Must be accompanied by valid xamzserver
sideencryptioncustomerkey and xamzserver
sideencryptioncustomerkeyMD5 headers
xamzserver
sideencryption
customerkey
Specifies the customerprovided base64encoded encryption
key for Amazon S3 to use in encrypting data This value is
used to store the object and then is discarded Amazon does
not store the encryption key The key must be appropriate for
use with the algorithm specified in the xamzserverside
encryptioncustomeralgorithm header
Type String
Default None
Constraints Must be accompanied by valid xamzserver
sideencryptioncustomeralgorithm and xamz
serversideencryptioncustomerkeyMD5 headers
Yes
xamzserver
sideencryption
customerkeyMD5
Specifies the base64encoded 128bit MD5 digest of the
encryption key according to RFC 1321 Amazon S3 uses this
header for message integrity check to ensure the encryption
key was transmitted without error
Type String
Default None
Constraints Must be accompanied by valid xamzserver
sideencryptioncustomeralgorithm and xamz
serversideencryptioncustomerkey headers
Yes
For more information on ServerSide Encryption with CustomerProvided Encryption Keys (SSEC)
see Protecting Data Using ServerSide Encryption with CustomerProvided Encryption Keys (SSE
C) in the Amazon Simple Storage Service Developer Guide
Request Elements
This operation does not use request elements
Responses
Response Headers
This implementation of the operation can include the following response headers in addition to
the response headers common to all responses For more information see Common Response
Headers (p 5)
API Version 20060301
329Amazon Simple Storage Service API Reference
Responses
Name Description
xamzabort
date
If the bucket has a lifecycle rule configured with an action to abort incomplete
multipart uploads and the prefix in the lifecycle rule matches the object name in
the request the response includes this header that indicates when the initiated
multipart upload will become eligible for abort operation For more information
see Aborting Incomplete Multipart Uploads Using a Bucket Lifecycle Policy in the
Amazon Simple Storage Service Developer Guide
The response also includes the xamzabortruleid header that provides
the ID of the lifecycle configuration rule that defines this action
Type String
xamzabort
ruleid
This header is returned along with the xamzabortdate header It identifies
the applicable lifecycle configuration rule that defines the action to abort
incomplete multipart uploads
Type String
xamz
serverside
encryption
If you specified serverside encryption either with an AWS KMS or Amazon S3
managed encryption key in your initiate multipart upload request the response
includes this header It confirms the encryption algorithm that Amazon S3 used to
encrypt the part you uploaded
Type String
xamz
serverside
encryption
awskmskey
id
If the xamzserversideencryption is present and has the value of
awskms this header specifies the ID of the AWS Key Management Service
(KMS) master encryption key that was used for the object
Type String
xamz
serverside
encryption
customer
algorithm
If serverside encryption with customerprovided encryption keys encryption
was requested the response will include this header confirming the encryption
algorithm used
Type String
Valid Values AES256
xamz
serverside
encryption
customerkey
MD5
If serverside encryption using customerprovided encryption key was requested
the response returns this header to provide roundtrip message integrity
verification of the customerprovided encryption key
Type String
Response Elements
Name Description
InitiateMultipartUploadResult Container for response
Type Container
Children Bucket Key UploadId
Ancestors None
Bucket Name of the bucket to which the multipart upload was
initiated
Type string
Ancestors InitiateMultipartUploadResult
API Version 20060301
330Amazon Simple Storage Service API Reference
Examples
Name Description
Key Object key for which the multipart upload was initiated
Type String
Ancestors InitiateMultipartUploadResult
UploadId ID for the initiated multipart upload
Type String
Ancestors InitiateMultipartUploadResult
Special Errors
This implementation of the operation does not return special errors For general information about
Amazon S3 errors and a list of error codes see Error Responses (p 7)
Examples
Sample Request
This operation initiates a multipart upload for the exampleobject object
POST exampleobjectuploads HTTP11
Host examplebuckets3amazonawscom
Date Mon 1 Nov 2010 203456 GMT
Authorization authorization string
Sample Response
HTTP11 200 OK
xamzid2 Uuag1LuByRx9e6j5Onimru9pO4ZVKnJ2Qz7C1NPcfTWAtRPfTaOFg
xamzrequestid 656c76696e6727732072657175657374
Date Mon 1 Nov 2010 203456 GMT
ContentLength 197
Connection keepalive
Server AmazonS3

doc20060301>
examplebucket
exampleobject
VXBsb2FkIElEIGZvciA2aWWpbmcncyBteS1tb3ZpZS5tMnRzIHVwbG9hZA<
UploadId>

Sample Initiate multipart upload using serverside encryption
with customerprovided encryption keys
This example initiate multipart upload request specifies serverside encryption with customerprovided
encryption keys by adding relevant headers
POST exampleobjectuploads HTTP11
API Version 20060301
331Amazon Simple Storage Service API Reference
Related Actions
Host examplebuckets3amazonawscom
Authorizationauthorization string
Date Wed 28 May 2014 193457 +0000
xamzserversideencryptioncustomerkey
g0lCfA3Dv40jZz5SQJ1ZukLRFqtI5WorC8SEEXAMPLE
xamzserversideencryptioncustomerkeyMD5 ZjQrne1XiTcskbY2example
xamzserversideencryptioncustomeralgorithm AES256
In the response Amazon S3 returns an UploadId In addition Amazon S3 returns the encryption
algorithm and the MD5 digest of the encryption key you provided in the request
HTTP11 200 OK
xamzid2 36HRCaIGp57F1FvWvVRrvd3hNn9WoBGfEaCVHTCt8QWf00qxdHazQUgfoXAbhFWD

xamzrequestid 50FA1D691B62CA43
Date Wed 28 May 2014 193458 GMT
xamzserversideencryptioncustomeralgorithm AES256
xamzserversideencryptioncustomerkeyMD5 ZjQrne1XiTcskbY2m3tFg
TransferEncoding chunked


xmlnshttps3amazonawscomdoc20060301>
examplebucket
exampleobject

EXAMPLEJZ6e0YupT2h66iePQCc9IEbYbDUy4RTpMeoSMLPRp8Z5o1u8feSRonpvnWsKKG35tI2LB9VDPiCgTyGq2VxQLYjrue4NqNBdqI


Related Actions
• Upload Part (p 333)
• Complete Multipart Upload (p 346)
• Abort Multipart Upload (p 352)
• List Parts (p 354)
• List Multipart Uploads (p 160)
API Version 20060301
332Amazon Simple Storage Service API Reference
Upload Part
Upload Part
Description
This operation uploads a part in a multipart upload
Note
In this operation you provide part data in your request However you have an option to
specify your existing Amazon S3 object as a data source for the part you are uploading To
upload a part from an existing object you use the Upload Part (Copy) operation For more
information see Upload Part Copy (p 338)
You must initiate a multipart upload (see Initiate Multipart Upload (p 324)) before you can upload any
part In response to your initiate request Amazon S3 returns an upload ID a unique identifier that you
must include in your upload part request
Part numbers can be any number from 1 to 10000 inclusive A part number uniquely identifies a part
and also defines its position within the object being created If you upload a new part using the same
part number that was used with a previous part the previously uploaded part is overwritten Each
part must be at least 5 MB in size except the last part There is no size limit on the last part of your
multipart upload
To ensure that data is not corrupted when traversing the network specify the ContentMD5 header in
the upload part request Amazon S3 checks the part data against the provided MD5 value If they do
not match Amazon S3 returns an error
Note
After you initiate multipart upload and upload one or more parts you must either complete or
abort multipart upload in order to stop getting charged for storage of the uploaded parts Only
after you either complete or abort the multipart upload Amazon S3 frees up the parts storage
and stops charging you for it
For more information on multipart uploads go to Multipart Upload Overview in the Amazon Simple
Storage Service Developer Guide
For information on the permissions required to use the multipart upload API go to Multipart Upload API
and Permissions in the Amazon Simple Storage Service Developer Guide
You can optionally request serverside encryption where Amazon S3 encrypts your data as it writes it
to disks in its data centers and decrypts it for you when you access it You have the option of providing
your own encryption key or you can use the AWSmanaged encryption keys If you choose to provide
your own encryption key the request headers you provide in the request must match the headers
you used in the request to initiate the upload by using Initiate Multipart Upload (p 324) For more
information go to Using ServerSide Encryption in the Amazon Simple Storage Service Developer
Guide
Requests
Syntax
PUT ObjectNamepartNumberPartNumber&uploadIdUploadId HTTP11
Host BucketNames3amazonawscom
Date date
ContentLength Size
Authorization authorization string
API Version 20060301
333Amazon Simple Storage Service API Reference
Requests
Request Parameters
This operation does not use request parameters
Request Headers
This implementation of the operation can use the following request headers in addition to the request
headers common to all operations Request headers are limited to 8 KB in size For more information
see Common Request Headers (p 3)
Name Description Required
ContentLength The size of the part in bytes For more information go to http
wwww3orgProtocolsrfc2616rfc2616sec14html#sec1413
Type Integer
Default None
Yes
ContentMD5 The base64encoded 128bit MD5 digest of the part data This
header can be used as a message integrity check to verify that
the part data is the same data that was originally sent Although
it is optional we recommend using the ContentMD5 mechanism
as an endtoend integrity check For more information see RFC
1864
Type String
Default None
No
Expect When your application uses 100continue it does not send
the request body until it receives an acknowledgment If the
message is rejected based on the headers the body of the
message is not sent For more information go to RFC 2616
Type String
Default None
Valid Values 100continue
No
ServerSide Encryption Specific Request Headers
If you requested serverside encryption using a customerprovided encryption key in your initiate
multipart upload request you must provide identical encryption information in each part upload using
the following headers
Name Description Required
xamzserver
sideencryption
customer
algorithm
Specifies the algorithm to use to when encrypting the object
Type String
Default None
Valid Value AES256
Constraints Must be accompanied by valid xamzserver
sideencryptioncustomerkey and xamzserver
sideencryptioncustomerkeyMD5 headers
Yes
xamzserver
sideencryption
customerkey
Specifies the customerprovided base64encoded encryption
key for Amazon S3 to use in encrypting data This value is
used to store the object and then is discarded Amazon does
Yes
API Version 20060301
334Amazon Simple Storage Service API Reference
Responses
Name Description Required
not store the encryption key The key must be appropriate for
use with the algorithm specified in the xamzserverside
encryptioncustomeralgorithm header
Type String
Default None
Constraints Must be accompanied by valid xamzserver
sideencryptioncustomeralgorithm and xamz
serversideencryptioncustomerkeyMD5 headers
xamzserver
sideencryption
customerkeyMD5
Specifies the base64encoded 128bit MD5 digest of the
encryption key according to RFC 1321 Amazon S3 uses this
header for a message integrity check to ensure the encryption
key was transmitted without error
Type String
Default None
Constraints Must be accompanied by valid xamzserver
sideencryptioncustomeralgorithm and xamz
serversideencryptioncustomerkey headers
Yes
Request Elements
This operation does not use request elements
Responses
Response Headers
This implementation of the operation can include the following response headers in addition to
the response headers common to all responses For more information see Common Response
Headers (p 5)
Name Description
xamz
serverside
encryption
If you specified serverside encryption either with an AWS KMS or Amazon S3
managed encryption key in your initiate multipart upload request the response
includes this header It confirms the encryption algorithm that Amazon S3 used to
encrypt the object
Type String
xamz
serverside
encryption
awskmskey
id
If the xamzserversideencryption is present and has the value of
awskms this header specifies the ID of the AWS Key Management Service
(KMS) master encryption key that was used for the object
Type String
xamz
serverside
encryption
If serverside encryption with customerprovided encryption keys(SSEC)
encryption was requested the response will include this header confirming the
encryption algorithm used
Type String
API Version 20060301
335Amazon Simple Storage Service API Reference
Examples
Name Description
customer
algorithm
Valid Values AES256
xamz
serverside
encryption
customerkey
MD5
If SSEC encryption was requested the response includes this header to provide
roundtrip message integrity verification of the customerprovided encryption key
Type String
Response Elements
This operation does not use response elements
Special Errors
Error Code Description HTTP
Status Code
SOAP Fault
Code Prefix
NoSuchUpload The specified multipart upload does not exist
The upload ID might be invalid or the multipart
upload might have been aborted or completed
404 Not
Found
Client
For general information about Amazon S3 errors and a list of error codes see Error Responses (p 7)
Examples
Sample Request
The following PUT request uploads a part (part number 1) in a multipart upload The request includes
the upload ID that you get in response to your Initiate Multipart Upload request
PUT mymoviem2ts
partNumber1&uploadIdVCVsb2FkIElEIGZvciBlbZZpbmcncyBteS1tb3ZpZS5tMnRzIHVwbG9hZR
HTTP11
Host examplebuckets3amazonawscom
Date Mon 1 Nov 2010 203456 GMT
ContentLength 10485760
ContentMD5 pUNXrBjKK5G2UKvaRRrOA
Authorization authorization string
***part data omitted***
Sample Response
The response includes the ETag header You need to retain this value for use when you send the
Complete Multipart Upload request
HTTP11 200 OK
xamzid2 Vvag1LuByRx9e6j5Onimru9pO4ZVKnJ2Qz7C1NPcfTWAtRPfTaOFg
xamzrequestid 656c76696e6727732072657175657374
Date Mon 1 Nov 2010 203456 GMT
API Version 20060301
336Amazon Simple Storage Service API Reference
Related Actions
ETag b54357faf0632cce46e942fa68356b38
ContentLength 0
Connection keepalive
Server AmazonS3
Sample Upload a part with an encryption key in the request for
serverside encryption
If you initiated a multipart upload see Sample Initiate multipart upload using serverside encryption
with customerprovided encryption keys (p 331) with a request to save an object using serverside
encryption with a customerprovided encryption key each part upload must also include the same set
of encryptionspecific headers as shown in the following example request
PUT exampleobject
partNumber1&uploadIdEXAMPLEJZ6e0YupT2h66iePQCc9IEbYbDUy4RTpMeoSMLPRp8Z5o1u8feSRonpvnWsKKG35tI2LB9VDPiCgTyGq2VxQLYjrue4NqNBdqI
HTTP11
Host examplebuckets3amazonawscom
Authorization authorization string
Date Wed 28 May 2014 194011 +0000
xamzserversideencryptioncustomerkey
g0lCfA3Dv40jZz5SQJ1ZukLRFqtI5WorC8SEEXAMPLE
xamzserversideencryptioncustomerkeyMD5 ZjQrne1XiTcskbY2example
xamzserversideencryptioncustomeralgorithm AES256
In the response Amazon S3 returns encryptionspecific headers providing the encryption algorithm
used and MD5 digest of the encryption key you provided in the request
HTTP11 100 Continue HTTP11 200 OK
xamzid2 Zn8bf8aEFQ+kBnGPBcJaAf9SoWM68QDPS9+SyFwkIZOHUG2BiRLZi5oXw4cOCEt
xamzrequestid 5A37448A37622243
Date Wed 28 May 2014 194012 GMT
ETag 7e10e7d25dc4581d89b9285be5f384fd
xamzserversideencryptioncustomeralgorithm AES256
xamzserversideencryptioncustomerkeyMD5 ZjQrne1XiTcskbY2example
Related Actions
• Initiate Multipart Upload (p 324)
• Complete Multipart Upload (p 346)
• Abort Multipart Upload (p 352)
• List Parts (p 354)
• List Multipart Uploads (p 160)
API Version 20060301
337Amazon Simple Storage Service API Reference
Upload Part Copy
Upload Part Copy
Description
Uploads a part by copying data from an existing object as data source You specify the data source
by adding the request header xamzcopysource in your request and a byte range by adding the
request header xamzcopysourcerange in your request
The minimum allowable part size for a multipart upload is 5 MB For more information about multipart
upload limits go to Quick Facts in the Amazon Simple Storage Service Developer Guide
Note
Instead of using an existing object as part data you might use the Upload Part operation
and provide data in your request For more information see Upload Part (p 333)
You must initiate a multipart upload before you can upload any part In response to your initiate
request Amazon S3 returns a unique identifier the upload ID that you must include in your upload
part request
For more information on using the upload part copy operation see the following
topics
• For conceptual information on multipart uploads go to Uploading Objects Using Multipart Upload in
the Amazon Simple Storage Service Developer Guide
• For information on permissions required to use the multipart upload API go to Multipart Upload API
and Permissions in the Amazon Simple Storage Service Developer Guide
• For information about copying objects using a single atomic operation vs the multipart upload go to
Operations on Objects in the Amazon Simple Storage Service Developer Guide
• For information about using serverside encryption with customerprovided encryption keys with the
upload part copy operation see PUT Object Copy (p 310) and Upload Part (p 333)
Requests
Syntax
PUT ObjectNamepartNumberPartNumber&uploadIdUploadId HTTP11
Host BucketNames3amazonawscom
xamzcopysource source_bucketsourceObject
xamzcopysourcerangebytesfirstlast
xamzcopysourceifmatch etag
xamzcopysourceifnonematch etag
xamzcopysourceifunmodifiedsince time_stamp
xamzcopysourceifmodifiedsince time_stamp
Date date
Authorization authorization string
Request Parameters
This operation does not use request parameters
API Version 20060301
338Amazon Simple Storage Service API Reference
Requests
Request Headers
This implementation of the operation can use the following request headers in addition to the request
headers common to all operations Request headers are limited to 8 KB in size For more information
see Common Request Headers (p 3)
Name Description Required
xamzcopysource The name of the source bucket and the source object key
name separated by a slash ('')
Type String
Default None
Yes
xamzcopysource
range
The range of bytes to copy from the source object The
range value must use the form bytesfirstlast
where the first and last are the zerobased byte offsets to
copy For example bytes09 indicates that you want
to copy the first ten bytes of the source
This request header is not required when copying an
entire source object
Type Integer
Default None
No
The following conditional headers are based on the object that the xamzcopysource header
specifies
Name Description Required
xamzcopysourceifmatch Perform a copy if the source object entity tag
(ETag) matches the specified value If the value
does not match Amazon S3 returns an HTTP
status code 412 precondition failed error
See Consideration 1 (p 340)
Type String
Default None
No
xamzcopysourceifnone
match
Perform a copy if the source object entity tag
(ETag) is different than the value specified using
this header If the values match Amazon S3
returns an HTTP status code 412 precondition
failed error
See Consideration 2 (p 340)
Type String
Default None
No
xamzcopysourceif
unmodifiedsince
Perform a copy if the source object is not modified
after the time specified using this header If the
source object is modified Amazon S3 returns an
HTTP status code 412 precondition failed error
See Consideration 1 (p 340)
Type String
Default None
No
xamzcopysourceif
modifiedsince
Perform a copy if the source object is modified
after the time specified using this header If the
No
API Version 20060301
339Amazon Simple Storage Service API Reference
Requests
Name Description Required
source object is not modified Amazon S3 returns
an HTTP status code 412 precondition failed
error
See Consideration 2 (p 340)
Type String
Default None
Note the following additional considerations about the preceding request headers
• Consideration 1 – If both of the xamzcopysourceifmatch and xamzcopysourceif
unmodifiedsince headers are present in the request as follows
xamzcopysourceifmatch condition evaluates to true and
xamzcopysourceifunmodifiedsince condition evaluates to false
then S3 returns 200 OK and copies the data

• Consideration 2 – If both of the xamzcopysourceifnonematch and xamzcopy
sourceifmodifiedsince headers are present in the request as follows
xamzcopysourceifnonematch condition evaluates to false and
xamzcopysourceifmodifiedsince condition evaluates to true
then S3 returns 412 Precondition Failed response code
ServerSide Encryption Specific Request Headers
If you requested serverside encryption using a customerprovided encryption key in your initiate
multipart upload request you must provide identical encryption information in each part upload using
the following headers
Name Description Required
xamzserver
sideencryption
customer
algorithm
Specifies the algorithm to use to when encrypting the object
Type String
Default None
Valid Value AES256
Constraints Must be accompanied by a valid xamzserver
sideencryptioncustomerkey and xamzserver
sideencryptioncustomerkeyMD5 headers
Yes
xamzserver
sideencryption
customerkey
Specifies the customer provided base64encoded encryption
key for Amazon S3 to use in encrypting data This must be the
same encryption key specified in the initiate multipart upload
request
Type String
Default None
Yes
API Version 20060301
340Amazon Simple Storage Service API Reference
Requests
Name Description Required
Constraints Must be accompanied by a valid xamzserver
sideencryptioncustomeralgorithm and xamz
serversideencryptioncustomerkeyMD5 headers
xamzserver
sideencryption
customerkeyMD5
Specifies the base64encoded 128bit MD5 digest of the
encryption key according to RFC 1321 Amazon S3 uses this
header as a message integrity check to ensure the encryption
key was transmitted without error
Type String
Default None
Constraints Must be accompanied by a valid xamzserver
sideencryptioncustomeralgorithm and xamz
serversideencryptioncustomerkey headers
Yes
If the source object is encrypted using serverside encryption with a customerprovided encryption key
you must use the following headers providing encryption information so that Amazon S3 can decrypt
the object for copying
Name Description Required
xamzcopy
sourceserver
sideencryption
customer
algorithm
Specifies algorithm to use when decrypting the source object
Type String
Default None
Valid Value AES256
Constraints Must be accompanied by a valid xamzcopy
sourceserversideencryptioncustomerkey
and xamzcopysourceserversideencryption
customerkeyMD5 headers
Yes
xamzcopysource
serverside
encryption
customerkey
Specifies the customer provided base64 encoded encryption
key for Amazon S3 to use to decrypt the source object The
encryption key provided in this header must be one that was
used when the source object was created
Type String
Default None
Constraints Must be accompanied by a valid xamz
copysourceserversideencryptioncustomer
algorithm and xamzcopysourceserverside
encryptioncustomerkeyMD5 headers
Yes
xamzcopy
sourceserver
sideencryption
customerkeyMD5
Specifies the base64encoded 128bit MD5 digest of the
encryption key according to RFC 1321 Amazon S3 uses this
header for a message integrity check to ensure the encryption
key was transmitted without error
Type String
Default None
Yes
API Version 20060301
341Amazon Simple Storage Service API Reference
Versioning
Name Description Required
Constraints Must be accompanied by a valid xamz
copysourceserversideencryptioncustomer
algorithm and xamzcopysourceserverside
encryptioncustomerkey headers
Request Elements
This operation does not use request elements
Versioning
If your bucket has versioning enabled you could have multiple versions of the same object By default
xamzcopysource identifies the current version of the object to copy If the current version is a
delete marker and you don't specify a versionId in the xamzcopysource Amazon S3 returns a
404 error because the object does not exist If you specify versionId in the xamzcopysource and
the versionId is a delete marker Amazon S3 returns an HTTP 400 error because you are not allowed
to specify a delete marker as a version for the xamzcopysource
You can optionally specify a specific version of the source object to copy by adding the versionId
subresource as shown in the following example
xamzcopysource bucketobjectversionIdversion id
Responses
Response Headers
This implementation of the operation can include the following headers in addition to the response
headers common to all responses For more information see Common Response Headers (p 5)
Name Description
xamzcopysource
versionid
The version of the source object that was copied if you have
enabled versioning on the source bucket
Type String
xamzserverside
encryption
If you specified serverside encryption either with an AWS KMS
or Amazon S3managed encryption key in your initiate multipart
upload request the response includes this header It confirms the
encryption algorithm that Amazon S3 used to encrypt the object
Type String
xamzserverside
encryptionawskmskey
id
If the xamzserversideencryption is present and has the
value of awskms this header specifies the ID of the AWS Key
Management Service (KMS) master encryption key that was used
for the object
Type String
xamzserverside
encryptioncustomer
algorithm
If serverside encryption with customerprovided encryption keys
encryption was requested the response will include this header
confirming the encryption algorithm used
API Version 20060301
342Amazon Simple Storage Service API Reference
Examples
Name Description
Type String
Valid Values AES256
xamzserverside
encryptioncustomerkey
MD5
If serverside encryption with customerprovided encryption keys
encryption was requested the response includes this header to
provide roundtrip message integrity verification of the customer
provided encryption key
Type String
Response Elements
Name Description
CopyPartResult Container for all response elements
Type Container
Ancestor None
ETag Returns the ETag of the new part
Type String
Ancestor CopyPartResult
LastModified Returns the date the part was last modified
Type String
Ancestor CopyPartResult
Important
Part boundaries are factored into ETag calculations so if the part boundary on the source is
different than on the destination then the ETag data will not match between the two However
data integrity checks are performed with each copy to ensure that the data written to the
destination matches the data at the source
Special Errors
Error Code Description HTTP Status
Code
NoSuchUpload The specified multipart upload does not exist The upload
ID might be invalid or the multipart upload might have
been aborted or completed
404 Not Found
InvalidRequest The specified copy source is not supported as a byte
range copy source
400 Bad Request
For general information about Amazon S3 errors and a list of error codes see Error Responses (p 7)
Examples
As the following examples illustrate when a request succeeds Amazon S3 returns
in the body If you included versionId in the request Amazon S3 returns the
version ID in the xamzcopysourceversionid response header
API Version 20060301
343Amazon Simple Storage Service API Reference
Examples
Sample Request
The following PUT request uploads a part (part number 2) in a multipart upload The request specifies a
byte range from an existing object as the source of this upload The request includes the upload ID that
you get in response to your Initiate Multipart Upload request
PUT newobject
partNumber2&uploadIdVCVsb2FkIElEIGZvciBlbZZpbmcncyBteS1tb3ZpZS5tMnRzIHVwbG9hZR
HTTP11
Host targetbuckets3amazonawscom
Date Mon 11 Apr 2011 203456 GMT
xamzcopysource sourcebucketsourceobject
xamzcopysourcerangebytes5006291456
Authorization authorization string
Sample Response
The response includes the ETag value You need to retain this value to use when you send the
Complete Multipart Upload request
HTTP11 200 OK
xamzid2 Vvag1LuByRx9e6j5Onimru9pO4ZVKnJ2Qz7C1NPcfTWAtRPfTaOFg
xamzrequestid 656c76696e6727732072657175657374
Date Mon 11 Apr 2011 203456 GMT
Server AmazonS3

20091028T223200
9b2cf535f27731c974343645a3985328

Sample Request
The following PUT request uploads a part (part number 2) in a multipart upload The request does
not specify the optional byte range header but requests the entire source object copy as part 2 The
request includes the upload ID that you got in response to your Initiate Multipart Upload
request
PUT newobject
partNumber2&uploadIdVCVsb2FkIElEIGZvciBlbZZpbmcncyBteS1tb3ZpZS5tMnRzIHVwbG9hZR
HTTP11
Host targetbuckets3amazonawscom
Date Mon 11 Apr 2011 203456 GMT
xamzcopysource sourcebucketsourceobject
Authorization authorization string
Sample Response
The response structure is similar to the one specified in the preceding example
Sample Request
The following PUT request uploads a part (part number 2) in a multipart upload The request specifies
a specific version of the source object to copy by adding the versionId subresource The byte range
requests 6 MB of data starting with byte 500 as the part to be uploaded
API Version 20060301
344Amazon Simple Storage Service API Reference
Related Actions
PUT newobject
partNumber2&uploadIdVCVsb2FkIElEIGZvciBlbZZpbmcncyBteS1tb3ZpZS5tMnRzIHVwbG9hZR
HTTP11
Host targetbuckets3amazonawscom
Date Mon 11 Apr 2011 203456 GMT
xamzcopysource sourcebucketsourceobjectversionId3L4kqtJlcpXroDTDmJ
+rmSpXd3dIbrHY+MTRCxf3vjVBH40Nr8X8gdRQBpUMLUo
xamzcopysourcerangebytes5006291456
Authorization authorization string
Sample Response
The response includes the ETag value You need to retain this value to use when you send the
Complete Multipart Upload request
HTTP11 200 OK
xamzid2 Vvag1LuByRx9e6j5Onimru9pO4ZVKnJ2Qz7C1NPcfTWAtRPfTaOFg
xamzrequestid 656c76696e6727732072657175657374
xamzcopysourceversionid 3L4kqtJlcpXroDTDmJ+rmSpXd3dIbrHY
+MTRCxf3vjVBH40Nr8X8gdRQBpUMLUo
Date Mon 11 Apr 2011 203456 GMT
Server AmazonS3

20091028T223200
9b2cf535f27731c974343645a3985328

Related Actions
• Initiate Multipart Upload (p 324)
• Upload Part (p 333)
• Complete Multipart Upload (p 346)
• Abort Multipart Upload (p 352)
• List Parts (p 354)
• List Multipart Uploads (p 160)
API Version 20060301
345Amazon Simple Storage Service API Reference
Complete Multipart Upload
Complete Multipart Upload
Description
This operation completes a multipart upload by assembling previously uploaded parts
You first initiate the multipart upload and then upload all parts using the Upload Parts operation
(see Upload Part (p 333)) After successfully uploading all relevant parts of an upload you call this
operation to complete the upload Upon receiving this request Amazon S3 concatenates all the parts
in ascending order by part number to create a new object In the Complete Multipart Upload request
you must provide the parts list You must ensure the parts list is complete this operation concatenates
the parts you provide in the list For each part in the list you must provide the part number and the
ETag header value returned after that part was uploaded
Processing of a Complete Multipart Upload request could take several minutes to complete After
Amazon S3 begins processing the request it sends an HTTP response header that specifies a 200
OK response While processing is in progress Amazon S3 periodically sends whitespace characters
to keep the connection from timing out Because a request could fail after the initial 200 OK response
has been sent it is important that you check the response body to determine whether the request
succeeded
Note that if Complete Multipart Upload fails applications should be prepared to retry the failed
requests For more information go to Amazon S3 Error Best Practices section of the Amazon Simple
Storage Service Developer Guide
For more information on multipart uploads go to Uploading Objects Using Multipart Upload in the
Amazon Simple Storage Service Developer Guide
For information on permissions required to use the multipart upload API go to Multipart Upload API
and Permissions in the Amazon Simple Storage Service Developer Guide
Requests
Syntax
POST ObjectNameuploadIdUploadId HTTP11
Host BucketNames3amazonawscom
Date Date
ContentLength Size
Authorization authorization string


PartNumber
ETag



Request Parameters
This operation does not use request parameters
API Version 20060301
346Amazon Simple Storage Service API Reference
Responses
Request Headers
This operation uses only Request Headers common to most requests For more information see
Common Request Headers (p 3)
Request Elements
Name Description Required
CompleteMultipartUpload Container for the request
Ancestor None
Type Container
Children One or more Part elements
Yes
Part Container for elements related to a particular previously
uploaded part
Ancestor CompleteMultipartUpload
Type Container
Children PartNumber ETag
Yes
PartNumber Part number that identifies the part
Ancestor Part
Type Integer
Yes
ETag Entity tag returned when the part was uploaded
Ancestor Part
Type String
Yes
Responses
Response Headers
The operation uses the following response header in addition to the response headers common to
most requests For more information see Common Response Headers (p 5)
Header Description
xamz
expiration
Amazon S3 returns this header if an Expiration action is configured for
the object as part of the bucket's lifecycle configuration The header value
includes an expirydate component and a URLencoded ruleid component
Note that for versioningenabled buckets this header applies only to current
versions Amazon S3 does not provide a header to infer when a noncurrent
version will be eligible for permanent deletion For more information see PUT
Bucket lifecycle (p 190)
Type String
xamz
serverside
encryption
If you specified serverside encryption either with an AWS KMS or Amazon S3
managed encryption key in your initiate multipart upload request the response
includes this header It confirms the encryption algorithm that Amazon S3 used
to encrypt the object
Type String
API Version 20060301
347Amazon Simple Storage Service API Reference
Responses
Header Description
xamz
serverside
encryption
awskmskeyid
If the xamzserversideencryption is present and has the value of
awskms this header specifies the ID of the AWS Key Management Service
(KMS) master encryption key that was used for the object
Type String
xamz
serverside
encryption
customer
algorithm
If encryption by using serverside encryption with customerprovided encryption
keys was requested the response will include this header confirming the
encryption algorithm used
Type String
Valid Value AES256
xamzversion
id
Version ID of the newly created object in case the bucket has versioning
turned on
Type String
Response Elements
Name Description
CompleteMultipartUploadResult Container for the response
Type Container
Children Location Bucket Key ETag
Ancestors None
Location The URI that identifies the newly created object
Type URI
Ancestors CompleteMultipartUploadResult
Bucket The name of the bucket that contains the newly created
object
Type String
Ancestors CompleteMultipartUploadResult
Key The object key of the newly created object
Type String
Ancestors CompleteMultipartUploadResult
ETag Entity tag that identifies the newly created object's data
Objects with different object data will have different entity
tags The entity tag is an opaque string The entity tag may
or may not be an MD5 digest of the object data If the entity
tag is not an MD5 digest of the object data it will contain
one or more nonhexadecimal characters andor will consist
of less than 32 or more than 32 hexadecimal digits
Type String
Ancestors CompleteMultipartUploadResult
API Version 20060301
348Amazon Simple Storage Service API Reference
Examples
Special Errors
Error Code Description HTTP Status
Code
EntityTooSmall Your proposed upload is smaller than the minimum
allowed object size Each part must be at least 5 MB in
size except the last part
400 Bad Request
InvalidPart One or more of the specified parts could not be found
The part might not have been uploaded or the specified
entity tag might not have matched the part's entity tag
400 Bad Request
InvalidPartOrder The list of parts was not in ascending order The parts list
must be specified in order by part number
400 Bad Request
NoSuchUpload The specified multipart upload does not exist The upload
ID might be invalid or the multipart upload might have
been aborted or completed
404 Not Found
For general information about Amazon S3 errors and a list of error codes see Error Responses (p 7)
Examples
Sample Request
The following Complete Multipart Upload request specifies three parts in the
CompleteMultipartUpload element
POST exampleobject
uploadIdAAAsb2FkIElEIGZvciBlbHZpbmcncyWeeS1tb3ZpZS5tMnRzIRRwbG9hZA HTTP11
Host examplebuckets3amazonawscom
Date Mon 1 Nov 2010 203456 GMT
ContentLength 391
Authorization authorization string


1
a54357aff0632cce46d942af68356b38


2
0c78aef83f66abc1fa1e8477f296d394


3
acbd18db4cc2f85cedef654fccc4a4d8


Sample Response
The following response indicates that an object was successfully assembled
HTTP11 200 OK
API Version 20060301
349Amazon Simple Storage Service API Reference
Examples
xamzid2 Uuag1LuByRx9e6j5Onimru9pO4ZVKnJ2Qz7C1NPcfTWAtRPfTaOFg
xamzrequestid 656c76696e6727732072657175657374
Date Mon 1 Nov 2010 203456 GMT
Connection close
Server AmazonS3

doc20060301>
httpExampleBuckets3amazonawscomExampleObject
ExampleBucket
ExampleObject
3858f62230ac3c915f300c664312c11f9

Sample Response with Error Specified in Header
The following response indicates that an error occurred before the HTTP response header was sent
HTTP11 403 Forbidden
xamzid2 Uuag1LuByRx9e6j5Onimru9pO4ZVKnJ2Qz7C1NPcfTWAtRPfTaOFg
xamzrequestid 656c76696e6727732072657175657374
Date Mon 1 Nov 2010 203456 GMT
ContentLength 237
Connection keepalive
Server AmazonS3


AccessDenied
Access Denied
656c76696e6727732072657175657374
Uuag1LuByRx9e6j5Onimru9pO4ZVKnJ2Qz7C1NPcfTWAtRPfTaOFg

Sample Response with Error Specified in Body
The following response indicates that an error occurred after the HTTP response header was sent
Note that while the HTTP status code is 200 OK the request actually failed as described in the Error
element
HTTP11 200 OK
xamzid2 Uuag1LuByRx9e6j5Onimru9pO4ZVKnJ2Qz7C1NPcfTWAtRPfTaOFg
xamzrequestid 656c76696e6727732072657175657374
Date Mon 1 Nov 2010 203456 GMT
Connection close
Server AmazonS3


InternalError
We encountered an internal error Please try again
656c76696e6727732072657175657374
Uuag1LuByRx9e6j5Onimru9pO4ZVKnJ2Qz7C1NPcfTWAtRPfTaOFg

API Version 20060301
350Amazon Simple Storage Service API Reference
Related Actions
Related Actions
• Initiate Multipart Upload (p 324)
• Upload Part (p 333)
• Abort Multipart Upload (p 352)
• List Parts (p 354)
• List Multipart Uploads (p 160)
API Version 20060301
351Amazon Simple Storage Service API Reference
Abort Multipart Upload
Abort Multipart Upload
Description
This operation aborts a multipart upload After a multipart upload is aborted no additional parts can be
uploaded using that upload ID The storage consumed by any previously uploaded parts will be freed
However if any part uploads are currently in progress those part uploads might or might not succeed
As a result it might be necessary to abort a given multipart upload multiple times in order to completely
free all storage consumed by all parts To verify that all parts have been removed so you don't get
charged for the part storage you should call the List Parts (p 354) operation and ensure the parts list
is empty
For information on permissions required to use the multipart upload API go to Multipart Upload API
and Permissions in the Amazon Simple Storage Service Developer Guide
Requests
Syntax
DELETE ObjectNameuploadIdUploadId HTTP11
Host BucketNames3amazonawscom
Date Date
Authorization authorization string
Request Parameters
This operation does not use request parameters
Request Headers
This operation uses only Request Headers common to most requests For more information see
Common Request Headers (p 3)
Request Elements
This operation does not use request elements
Responses
Response Headers
This operation uses only response headers that are common to most responses For more information
see Common Response Headers (p 5)
Response Elements
This operation does not use response elements
API Version 20060301
352Amazon Simple Storage Service API Reference
Examples
Special Errors
Error Code Description HTTP Status
Code
SOAP
Fault
Code
Prefix
NoSuchUpload The specified multipart upload does not exist The
upload ID might be invalid or the multipart upload
might have been aborted or completed
404 Not Found Client
For general information about Amazon S3 errors and a list of error codes see Error Responses (p 7)
Examples
Sample Request
The following request aborts a multipart upload identified by its upload ID
DELETE exampleobject
uploadIdVXBsb2FkIElEIGZvciBlbHZpbmcncyBteS1tb3ZpZS5tMnRzIHVwbG9hZ HTTP11
Host examplebuckets3amazonawscom
Date Mon 1 Nov 2010 203456 GMT
Authorization authorization string
Sample Response
HTTP11 204 OK
xamzid2 Weag1LuByRx9e6j5Onimru9pO4ZVKnJ2Qz7C1NPcfTWAtRPfTaOFg
xamzrequestid 996c76696e6727732072657175657374
Date Mon 1 Nov 2010 203456 GMT
ContentLength 0
Connection keepalive
Server AmazonS3
Related Actions
• Initiate Multipart Upload (p 324)
• Upload Part (p 333)
• Complete Multipart Upload (p 346)
• List Parts (p 354)
• List Multipart Uploads (p 160)
API Version 20060301
353Amazon Simple Storage Service API Reference
List Parts
List Parts
Description
This operation lists the parts that have been uploaded for a specific multipart upload
This operation must include the upload ID which you obtain by sending the initiate multipart upload
request (see Initiate Multipart Upload (p 324)) This request returns a maximum of 1000 uploaded
parts The default number of parts returned is 1000 parts You can restrict the number of parts
returned by specifying the maxparts request parameter If your multipart upload consists of
more than 1000 parts the response returns an IsTruncated field with the value of true and a
NextPartNumberMarker element In subsequent List Parts requests you can include the part
numbermarker query string parameter and set its value to the NextPartNumberMarker field value
from the previous response
For more information on multipart uploads see Uploading Objects Using Multipart Upload in the
Amazon Simple Storage Service Developer Guide
For information on permissions required to use the multipart upload API see Multipart Upload API and
Permissions in the Amazon Simple Storage Service Developer Guide
Requests
Syntax
GET ObjectNameuploadIdUploadId HTTP11
Host BucketNames3amazonawscom
Date Date
Authorization authorization string
Request Parameters
This implementation of GET uses the parameters in the following table to return a subset of the objects
in a bucket
Parameter Description Required
encoding
type
Requests Amazon S3 to encode the response and specifies the
encoding method to use
An object key can contain any Unicode character however XML
10 parser cannot parse some characters such as characters with
an ASCII value from 0 to 10 For characters that are not supported
in XML 10 you can add this parameter to request that Amazon S3
encode the keys in the response
Type String
Default None
Valid value url
No
uploadId Upload ID identifying the multipart upload whose parts are being
listed
Type String
Default None
Yes
API Version 20060301
354Amazon Simple Storage Service API Reference
Responses
Parameter Description Required
maxparts Sets the maximum number of parts to return in the response body
Type String
Default 1000
No
partnumber
marker
Specifies the part after which listing should begin Only parts with
higher part numbers will be listed
Type String
Default None
No
Request Headers
This operation uses only Request Headers common to most requests For more information see
Common Request Headers (p 3)
Request Elements
This operation does not use request elements
Responses
Response Headers
This operation uses only response headers that are common to most responses For more information
see Common Response Headers (p 5)
Response Elements
Name Description
xamzabortdate If the bucket has a lifecycle rule configured with an action to abort
incomplete multipart uploads and the prefix in the lifecycle rule
matches the object name in the request then the response includes
this header indicating when the initiated multipart upload will become
eligible for abort operation For more information see Aborting
Incomplete Multipart Uploads Using a Bucket Lifecycle Policy in the
Amazon Simple Storage Service Developer Guide
The response will also include the xamzabortruleid header
that will provide the ID of the lifecycle configuration rule that defines
this action
Type String
xamzabortruleid This header is returned along with the xamzabortdate header It
identifies applicable lifecycle configuration rule that defines the action
to abort incomplete multipart uploads
Type String
ListPartsResult Container for the response
Children Bucket Key UploadId Initiator Owner
StorageClass PartNumberMarker NextPartNumberMarker
MaxParts IsTruncated Part
Type Container
API Version 20060301
355Amazon Simple Storage Service API Reference
Responses
Name Description
Bucket Name of the bucket to which the multipart upload was initiated
Type String
Ancestor ListPartsResult
EncodingType Encoding type used by Amazon S3 to encode object key names in the
XML response
If you specify encodingtype request parameter Amazon S3
includes this element in the response and returns encoded key name
values in the Key element
Type String
Ancestor ListBucketResult
Key Object key for which the multipart upload was initiated
Type String
Ancestor ListPartsResult
UploadId Upload ID identifying the multipart upload whose parts are being
listed
Type String
Ancestor ListPartsResult
Initiator Container element that identifies who initiated the multipart upload
If the initiator is an AWS account this element provides the same
information as the Owner element If the initiator is an IAM User then
this element provides the user ARN and display name
Children ID DisplayName
Type Container
Ancestor ListPartsResult
ID If the principal is an AWS account it provides the Canonical User ID
If the principal is an IAM User it provides a user ARN value
Type String
Ancestor Initiator
DisplayName Principal's name
Type String
Ancestor Initiator
Owner Container element that identifies the object owner after the object is
created If multipart upload is initiated by an IAM user this element
provides the parent account ID and display name
Children ID DisplayName
Type Container
Ancestor ListPartsResult
StorageClass Class of storage (STANDARD or REDUCED_REDUNDANCY) used to store
the uploaded object
Type String
Ancestor ListPartsResult
API Version 20060301
356Amazon Simple Storage Service API Reference
Examples
Name Description
PartNumberMarker Part number after which listing begins
Type Integer
Ancestor ListPartsResult
NextPartNumberMarker When a list is truncated this element specifies the last part in the list
as well as the value to use for the partnumbermarker request
parameter in a subsequent request
Type Integer
Ancestor ListPartsResult
MaxParts Maximum number of parts that were allowed in the response
Type Integer
Ancestor ListPartsResult
IsTruncated Indicates whether the returned list of parts is truncated A true value
indicates that the list was truncated A list can be truncated if the
number of parts exceeds the limit returned in the MaxParts element
Type Boolean
Ancestor ListPartsResult
Part Container for elements related to a particular part A response can
contain zero or more Part elements
Children PartNumber LastModified ETag Size
Type String
Ancestor ListPartsResult
PartNumber Part number identifying the part
Type Integer
Ancestor Part
LastModified Date and time at which the part was uploaded
Type Date
Ancestor Part
ETag Entity tag returned when the part was uploaded
Type String
Ancestor Part
Size Size of the uploaded part data
Type Integer
Ancestor Part
Examples
Sample Request
Assume you have uploaded parts with sequential part numbers starting with 1 The following List Parts
request specifies maxparts and partnumbermarker query parameters The request lists the
first two parts that follow part number 1 that is you will get parts 2 and 3 in the response If more
parts exist the result is a truncated result and therefore the response will return an IsTruncated
element with the value true The response will also return the NextPartNumberMarker element with
API Version 20060301
357Amazon Simple Storage Service API Reference
Examples
the value 3 which should be used for the value of the partnumbermarker request query string
parameter in the next List Parts request
GET exampleobject
uploadIdXXBsb2FkIElEIGZvciBlbHZpbmcncyVcdS1tb3ZpZS5tMnRzEEEwbG9hZA&max
parts2&partnumbermarker1 HTTP11
Host examplebuckets3amazonawscom
Date Mon 1 Nov 2010 203456 GMT
Authorization authorization string
Sample Response
The following is a sample response
HTTP11 200 OK
xamzid2 Uuag1LuByRx9e6j5Onimru9pO4ZVKnJ2Qz7C1NPcfTWAtRPfTaOFg
xamzrequestid 656c76696e6727732072657175657374
Date Mon 1 Nov 2010 203456 GMT
ContentLength 985
Connection keepalive
Server AmazonS3


examplebucket
exampleobject
XXBsb2FkIElEIGZvciBlbHZpbmcncyVcdS1tb3ZpZS5tMnRzEEEwbG9hZA<
UploadId>

arnawsiam111122223333usersomeuser11116a3117b54fb79df5
b288870f11xx
umatuser11116a3117b54fb79df5b288870f11xx<
DisplayName>


75aa57f09aa0c8caeab4f8c24e99d10f8e7faeebf76c078efc7c6caea54ba06a
someName

STANDARD
1
3
2
true

2
20101110T204834000Z
7778aef83f66abc1fa1e8477f296d394
10485760


3
20101110T204833000Z
aaaa18db4cc2f85cedef654fccc4a4x8
10485760


API Version 20060301
358Amazon Simple Storage Service API Reference
Related Actions
Related Actions
• Initiate Multipart Upload (p 324)
• Upload Part (p 333)
• Complete Multipart Upload (p 346)
• Abort Multipart Upload (p 352)
• List Multipart Uploads (p 160)
API Version 20060301
359Amazon Simple Storage Service API Reference
Amazon S3 Resources
Following is a table that lists related resources that you'll find useful as you work with this service
Resource Description
Amazon Simple Storage Service
Getting Started Guide
The getting started guide provides a quick tutorial of
the service based on a simple use case Examples and
instructions for Java Perl PHP C# Python and Ruby are
included
Amazon Simple Storage Service
Developer Guide
The developer guide describes how to accomplish tasks
using Amazon S3 operations
Amazon S3 Technical FAQ The FAQ covers the top 20 questions developers have
asked about this product
Amazon S3 Release Notes The Release Notes give a highlevel overview of the
current release They specifically note any new features
corrections and known issues
Tools for Amazon Web Services A central starting point to find documentation code samples
release notes and other information to help you build
innovative applications with AWS SDKs and tools
AWS Management Console The console allows you to perform most of the functions of
Amazon S3 without programming
Discussion Forums A communitybased forum for developers to discuss
technical questions related to Amazon Web Services
AWS Support Center The home page for AWS Technical Support including
access to our Developer Forums Technical FAQs Service
Status page and Premium Support
AWS Premium Support The primary web page for information about AWS Premium
Support a oneonone fastresponse support channel to
help you build and run applications on AWS Infrastructure
Services
Amazon S3 product information The primary web page for information about Amazon S3
API Version 20060301
360Amazon Simple Storage Service API Reference
Resource Description
Contact Us A central contact point for inquiries concerning AWS billing
account events abuse etc
Conditions of Use Detailed information about the copyright and trademark
usage at Amazoncom and other topics
API Version 20060301
361Amazon Simple Storage Service API Reference
Document History
The following table describes the important changes to the documentation since the last release of the
Amazon Simple Storage Service API Reference
• API version 20060301
• Latest documentation update June 27 2016
Change Description Release
Date
Asia Pacific (Mumbai)
region
Amazon S3 is now available in the Asia Pacific (Mumbai)
region For more information about Amazon S3 regions and
endpoints see Regions and Endpoints in the AWS General
Reference
In this
release
GET Bucket (List
Objects) API revised
The GET Bucket (List Objects) API has been revised We
recommend that you use the new version GET Bucket (List
Objects) version 2 For more information see GET Bucket
(List Objects) Version 2 (p 86)
May 4
2016
Amazon S3 Transfer
Acceleration
Amazon S3 Transfer Acceleration enables fast easy
and secure transfers of files over long distances between
your client and an S3 bucket Transfer Acceleration takes
advantage of Amazon CloudFront’s globally distributed edge
locations
For more information see Transfer Acceleration in the
Amazon Simple Storage Service Developer Guide
The following new APIs support Transfer Acceleration
GET Bucket accelerate (p 104) and PUT Bucket
accelerate (p 174)
April 19
2016
Lifecycle support to
remove expired object
delete marker
Lifecycle configuration expiration action now allows you to
direct Amazon S3 to remove expired object delete markers
in versioned bucket For more information see Elements to
Describe Lifecycle Actions in the Amazon Simple Storage
Service Developer Guide
March 16
2016
API Version 20060301
362Amazon Simple Storage Service API Reference
Change Description Release
Date
Bucket lifecycle
configuration now
supports the action
to abort incomplete
multipart uploads
Bucket lifecycle configuration now supports the
AbortIncompleteMultipartUpload action that you can
use to direct Amazon S3 to abort multipart uploads that
don't complete within a specified number of days after being
initiated When a multipart upload becomes eligible for an
abort operation Amazon S3 deletes any uploaded parts and
aborts the multipart upload
The following APIs have been updated to support the new
action
• PUT Bucket lifecycle (p 190) – The XML
configuration now allows you to specify the
AbortIncompleteMultipartUpload action in a
lifecycle configuration rule
• List Parts (p 354) and Initiate Multipart Upload (p 324)
– Both of these APIs now return two additional response
headers (xamzabortdate and xamzabort
ruleid) if the bucket has a lifecycle rule that specifies
the AbortIncompleteMultipartUpload action These
headers in the response indicate when the initiated
multipart upload will become eligible for an abort operation
and which lifecycle rule is applicable
For conceptual information see the following topics in the
Amazon Simple Storage Service Developer Guide
• Aborting Incomplete Multipart Uploads Using a Bucket
Lifecycle Policy
• Elements to Describe Lifecycle Actions
March 16
2016
Amazon S3 Signature
Version 4 now supports
unsigned payloads
Amazon S3 Signature Version 4 now supports unsigned
payloads when authenticating requests using the
Authorization header Because you don't sign the
payload it does not provide the same security that comes
with payload signing but it provides similar performance
characteristics as signature version 2 For more information
see Signature Calculations for the Authorization Header
Transferring Payload in a Single Chunk (AWS Signature
Version 4) (p 20)
January 15
2016
Asia Pacific (Seoul)
region
Amazon S3 is now available in the Asia Pacific (Seoul)
region For more information about Amazon S3 regions and
endpoints see Regions and Endpoints in the AWS General
Reference
January 6
2016
Renamed the US
Standard region
Changed the region name string from US Standard to US
East (N Virginia) This is only a region name update there
is no change in the functionality
December
11 2015
API Version 20060301
363Amazon Simple Storage Service API Reference
Change Description Release
Date
New storage class Amazon S3 now offers a new storage class STANDARD_IA
(IA for infrequent access) for storing objects This storage
class is optimized for longlived and less frequently
accessed data For more information see Storage Classes
in the Amazon Simple Storage Service Developer Guide
Lifecycle configuration feature updates now allow you to
transition objects to the STANDARD_IA storage class For
more information see Object Lifecycle Management in the
Amazon Simple Storage Service Developer Guide
Previously the crossregion replication feature used the
storage class of the source object for object replicas
Now when you configure crossregion replication you can
specify a storage class for the object replica created in
the destination bucket For more information see Cross
Region Replication in the Amazon Simple Storage Service
Developer Guide
September
16 2015
Event notifications Amazon S3 event notifications have been updated to add
notifications when objects are deleted and to add filtering
on object names with prefix and suffix matching For the
relevant APIs see PUT Bucket notification (p 207) and
GET Bucket notification (p 127) For more information see
Configuring Amazon S3 Event Notifications in the Amazon
Simple Storage Service Developer Guide
July 28
2015
Crossregion
replication
Amazon S3 now supports crossregion replication Cross
region replication is the automatic asynchronous copying
of objects across buckets in different AWS regions For
the relevant APIs see PUT Bucket replication (p 215)
GET Bucket replication (p 132) and DELETE Bucket
replication (p 80) For more information see Enabling
CrossRegion Replication in the Amazon Simple Storage
Service Developer Guide
March 24
2015
Event notifications Amazon S3 now supports new event types and
destinations in a bucket notification configuration
Prior to this release Amazon S3 supported only the
s3ReducedRedundancyLostObject event type and an
Amazon SNS topic as the destination For more information
about the new event types go to Setting Up Notification
of Bucket Events in the Amazon Simple Storage Service
Developer Guide For the relevant APIs see PUT Bucket
notification (p 207) and GET Bucket notification (p 127)
November
13 2014
API Version 20060301
364Amazon Simple Storage Service API Reference
Change Description Release
Date
Serverside encryption
with AWS Key
Management Service
(KMS)
Amazon S3 now supports serverside encryption using
AWS Key Management Service (KMS) With serverside
encryption with KMS you manage the envelope key through
KMS and Amazon S3 calls KMS to access the envelope key
within the permissions you set
For more information about serverside encryption with
KMS see Protecting Data Using ServerSide Encryption
with AWS Key Management Service in the Amazon Simple
Storage Service Developer Guide
The following Amazon S3 REST APIs support headers
related to KMS
• PUT Object (p 291)
• PUT Object Copy (p 310)
• POST Object (p 279)
• Initiate Multipart Upload (p 324)
• Upload Part (p 333)
November
12 2014
EU (Frankfurt) region Amazon S3 is now available in the EU (Frankfurt) region October 23
2014
Serverside encryption
with customerprovided
encryption keys
Amazon S3 now supports serverside encryption using
customerprovided encryption keys (SSEC) Serverside
encryption enables you to request Amazon S3 to encrypt
your data at rest When using SSEC Amazon S3 encrypts
your objects with the custom encryption keys that you
provide Since Amazon S3 performs the encryption for you
you get the benefits of using your own encryption keys
without the cost of writing or executing your own encryption
code
For more information about SSEC go to ServerSide
Encryption (Using CustomerProvided Encryption Keys) in
the Amazon Simple Storage Service Developer Guide
The following Amazon S3 REST APIs support headers
related to SSEC
• GET Object (p 251)
• HEAD Object (p 268)
• PUT Object (p 291)
• PUT Object Copy (p 310)
• POST Object (p 279)
• Initiate Multipart Upload (p 324)
• Upload Part (p 333)
• Upload Part Copy (p 338)
June 12
2014
API Version 20060301
365Amazon Simple Storage Service API Reference
Change Description Release
Date
Lifecycle support for
versioning
Prior to this release lifecycle configuration was supported
only on nonversioned buckets Now you can configure
lifecycle on both the nonversioned and versioningenabled
buckets
For more information go to Object Lifecycle Management in
the Amazon Simple Storage Service Developer Guide
The related APIs see PUT Bucket lifecycle (p 190)
GET Bucket lifecycle (p 113) and DELETE Bucket
lifecycle (p 76)
May 20
2014
Amazon S3 now
supports Signature
Version 4
Amazon S3 now supports Signature Version 4 (SigV4)
in all regions the latest specification for how to sign and
authenticate AWS requests
For more information see Authenticating Requests (AWS
Signature Version 4) (p 15)
January 30
2014
Amazon S3 list
actions now support
encodingtype
request parameter
The following Amazon S3 list actions now support
encodingtype optional request parameter
GET Bucket (List Objects) Version 1 (p 96)
GET Bucket Object versions (p 139)
List Multipart Uploads (p 160)
List Parts (p 354)
An object key can contain any Unicode character however
the XML 10 parser cannot parse some characters such as
characters with an ASCII value from 0 to 10 For characters
that are not supported in XML 10 you can add this
parameter to request that Amazon S3 encode the keys in
the response
November
1 2013
SOAP Support Over
HTTP Deprecated
SOAP support over HTTP is deprecated but it is still
available over HTTPS New Amazon S3 features will not be
supported for SOAP We recommend that you use either the
REST API or the AWS SDKs
September
19 2013
API Version 20060301
366Amazon Simple Storage Service API Reference
Change Description Release
Date
Root domain support
for website hosting
Amazon S3 now supports hosting static websites at the
root domain Visitors to your website can access your site
from their browser without specifying www in the web
address (eg examplecom) Many customers already
host static websites on Amazon S3 that are accessible from
a www subdomain (eg wwwexamplecom) Previously
to support root domain access you needed to run your own
web server to proxy root domain requests from browsers to
your website on Amazon S3 Running a web server to proxy
requests introduces additional costs operational burden
and another potential point of failure Now you can take
advantage of the high availability and durability of Amazon
S3 for both www and root domain addresses
For an example walkthrough go to Example Setting Up
a Static Website Using a Custom Domain in the Amazon
Simple Storage Service Developer Guide For conceptual
information go to Hosting Static Websites on Amazon S3 in
the Amazon Simple Storage Service Developer Guide
December
27 2012
Support for Archiving
Data to Amazon
Glacier
Amazon S3 now support a storage option that enables you
to utilize Amazon Glacier's lowcost storage service for
data archival To archive objects you define archival rules
identifying objects and a timeline when you want Amazon S3
to archive these objects to Amazon Glacier You can easily
set the rules on a bucket using the Amazon S3 console or
programmatically using the Amazon S3 API or AWS SDKs
To support data archival rules Amazon S3 lifecycle
management API has been updated For more information
see PUT Bucket lifecycle (p 190)
After you archive objects you must first restore a copy
before you can access the data Amazon S3 offers an new
API for you to initiate a restore For more information see
POST Object restore (p 288)
For conceptual information go to Object Lifecycle
Management in the Amazon Simple Storage Service
Developer Guide
November
13 2012
Support for Website
Page Redirects
For a bucket that is configured as a website Amazon S3
now supports redirecting a request for an object to another
object in the same bucket or to an external URL You
can configure redirect by adding the xamzwebsite
redirectlocation metadata to the object
The object upload APIs PUT Object (p 291) Initiate
Multipart Upload (p 324) and POST Object (p 279)
allow you to configure the xamzwebsiteredirect
location object metadata
For conceptual information go to How to Configure Website
Page Redirects in the Amazon Simple Storage Service
Developer Guide
October 4
2012
API Version 20060301
367Amazon Simple Storage Service API Reference
Change Description Release
Date
CrossOrigin Resource
Sharing (CORS)
support
Amazon S3 now supports CrossOrigin Resource Sharing
(CORS) CORS defines a way in which client web
applications that are loaded in one domain can interact
with or access resources in a different domain With CORS
support in Amazon S3 you can build rich clientside web
applications on top of Amazon S3 and selectively allow
crossdomain access to your Amazon S3 resources For
more information see Enabling CrossOrigin Resource
Sharing in the Amazon Simple Storage Service Developer
Guide
August 31
2012
Cost Allocation
Tagging support
Amazon S3 now supports cost allocation tagging which
allows you to label S3 buckets so you can more easily
track their cost against projects or other criteria For more
information see Cost Allocation Tagging in the Amazon
Simple Storage Service Developer Guide
August 21
2012
Object Expiration
support
You can use Object Expiration to schedule automatic
removal of data after a configured time period You set
object expiration by adding lifecycle configuration to a
bucket For more information see Transitioning Objects
General Considerations in the Amazon Simple Storage
Service Developer Guide
December
27 2011
New Region supported Amazon S3 now supports the South America (São Paulo)
region For more information see Buckets and Regions in
the Amazon Simple Storage Service Developer Guide
December
14 2011
MultiObject Delete Amazon S3 now supports MultiObject Delete API that
enables you to delete multiple objects in a single request
With this feature you can remove large numbers of objects
from Amazon S3 more quickly than using multiple individual
DELETE requests
For more information about the API see see Delete Multiple
Objects (p 242)
For conceptual information about the delete operation see
Deleting Objects in the Amazon Simple Storage Service
Developer Guide
December
7 2011
New region supported Amazon S3 now supports the US West (Oregon) region For
more information see Buckets and Regions in the Amazon
Simple Storage Service Developer Guide
November
8 2011
Serverside encryption
support
Amazon S3 now supports serverside encryption It enables
you to request Amazon S3 to encrypt your data at rest
that is encrypt your object data when Amazon S3 writes
your data to disks in its data centers To request server
side encryption you must add the xamzserverside
encryption header to your request To learn more about
data encryption go to Using Data Encryption in the Amazon
Simple Storage Service Developer Guide
October 17
2011
API Version 20060301
368Amazon Simple Storage Service API Reference
Change Description Release
Date
Multipart Upload API
extended to enable
copying objects up to 5
TB
Prior to this release Amazon S3 API supported copying
objects (see PUT Object Copy (p 310)) of up to 5 GB in
size To enable copying objects larger than 5 GB Amazon
S3 extends the multipart upload API with a new operation
Upload Part (Copy) You can use this multipart upload
operation to copy objects up to 5 TB in size For conceptual
information about multipart upload go to Uploading Objects
Using Multipart Upload in the Amazon Simple Storage
Service Developer Guide To learn more about the new API
see Upload Part Copy (p 338)
June 21
2011
SOAP API calls over
HTTP disabled
To increase security SOAP API calls over HTTP are
disabled Authenticated and anonymous SOAP requests
must be sent to Amazon S3 using SSL
June 6
2011
Support for hosting
static websites in
Amazon S3
Amazon S3 introduces enhanced support for hosting static
websites This includes support for index documents and
custom error documents When using these features
requests to the root of your bucket or a subfolder (eg
httpmywebsitecomsubfolder) returns your index
document instead of the list of objects in your bucket If an
error is encountered Amazon S3 returns your custom error
message instead of an Amazon S3 error message For API
information to configure your bucket as a website see the
following sections
• PUT Bucket website (p 230)
• GET Bucket website (p 156)
• DELETE Bucket website (p 84)
For conceptual overview go to Hosting Websites on
Amazon S3 in the Amazon Simple Storage Service
Developer Guide
February
17 2011
Response Header API
Support
The GET Object REST API now allows you to change the
response headers of the REST GET Object request for
each request That is you can alter object metadata in
the response without altering the object itself For more
information see GET Object (p 251)
January 14
2011
Large Object Support Amazon S3 has increased the maximum size of an object
you can store in an S3 bucket from 5 GB to 5 TB If you
are using the REST API you can upload objects of up to
5 GB size in a single PUT operation For larger objects
you must use the Multipart Upload REST API to upload
objects in parts For conceptual information go to Uploading
Objects Using Multipart Upload in the Amazon Simple
Storage Service Developer Guide For multipart upload API
information see Initiate Multipart Upload (p 324) Upload
Part (p 333) Complete Multipart Upload (p 346) List
Parts (p 354) and List Multipart Uploads (p 160)
December
9 2010
API Version 20060301
369Amazon Simple Storage Service API Reference
Change Description Release
Date
Multipart upload Multipart upload enables faster more flexible uploads into
Amazon S3 It allows you to upload a single object as a
set of parts For conceptual information go to Uploading
Objects Using Multipart Upload in the Amazon Simple
Storage Service Developer Guide For multipart upload API
information see Initiate Multipart Upload (p 324) Upload
Part (p 333) Complete Multipart Upload (p 346) List
Parts (p 354) and List Multipart Uploads (p 160)
November
10 2010
Notifications The Amazon S3 notifications feature enables you to
configure a bucket so that Amazon S3 publishes a message
to an Amazon Simple Notification Service (SNS) topic when
Amazon S3 detects a key event on a bucket For more
information see GET Bucket notification (p 127) and PUT
Bucket notification (p 127)
July 14
2010
Bucket policies Bucket policies is an access management system you use
to set access permissions on buckets objects and sets of
objects This functionality supplements and in many cases
replaces access control lists
July 6 2010
Reduced Redundancy Amazon S3 now enables you to reduce your storage costs
by storing objects in Amazon S3 with reduced redundancy
For more information see PUT Object (p 291)
May 12
2010
New region supported Amazon S3 now supports the Asia Pacific (Singapore)
region and therefore new location constraints For more
information see GET Bucket location (p 122) and PUT
Bucket (p 169)
April 28
2010
Object Versioning This release introduces object Versioning All objects now
have a key and a version If you enable versioning for a
bucket Amazon S3 gives all objects added to a bucket a
unique version ID This feature enables you to recover from
unintended overwrites and deletions For more information
see GET Object (p 251) DELETE Object (p 239) PUT
Object (p 291) PUT Object Copy (p 310) or POST
Object (p 279) The SOAP API does not support versioned
objects
February 8
2010
New region supported Amazon S3 now supports the USWest (Northern
California) region The new endpoint is s3us
west1amazonawscom For more information see How
to Select a Region for Your Buckets in the Amazon Simple
Storage Service Developer Guide
December
2 2009
C# Library Support AWS now provides Amazon S3 C# libraries sample code
tutorials and other resources for software developers who
prefer to build applications using languagespecific APIs
instead of REST or SOAP These libraries provide basic
functions (not included in the REST or SOAP APIs) such as
request authentication request retries and error handling so
that it's easier to get started
November
11 2009
API Version 20060301
370Amazon Simple Storage Service API Reference
Change Description Release
Date
Technical documents
reorganized
The API reference has been split out of the Amazon S3
Developer Guide Now on the documentation landing page
Amazon Simple Storage Service Documentation you can
select the document you want to view When viewing the
documents online the links in one document will take you
when appropriate to one of the other guides
September
16 2009
API Version 20060301
371Amazon Simple Storage Service API Reference
Operations on the Service (SOAP API)
Appendix SOAP API
Note
SOAP support over HTTP is deprecated but it is still available over HTTPS New Amazon S3
features will not be supported for SOAP We recommend that you use either the REST API or
the AWS SDKs
This section describes the SOAP API with respect to service bucket and object operations Note that
SOAP requests both authenticated and anonymous must be sent to Amazon S3 using SSL Amazon
S3 returns an error when you send a SOAP request over HTTP
The latest Amazon S3 WSDL is available at httpdocs3amazonawscom20060301
AmazonS3wsdl
Topics
• Operations on the Service (SOAP API) (p 372)
• Operations on Buckets (SOAP API) (p 373)
• Operations on Objects (SOAP API) (p 382)
• SOAP Error Responses (p 399)
Operations on the Service (SOAP API)
Note
SOAP support over HTTP is deprecated but it is still available over HTTPS New Amazon S3
features will not be supported for SOAP We recommend that you use either the REST API or
the AWS SDKs
This section describes operations you can perform on the Amazon S3 service
Topics
• ListAllMyBuckets (SOAP API) (p 372)
ListAllMyBuckets (SOAP API)
Note
SOAP support over HTTP is deprecated but it is still available over HTTPS New Amazon S3
features will not be supported for SOAP We recommend that you use either the REST API or
the AWS SDKs
API Version 20060301
372Amazon Simple Storage Service API Reference
Operations on Buckets (SOAP API)
The ListAllMyBuckets operation returns a list of all buckets owned by the sender of the request
Example
Sample Request

AKIAIOSFODNN7EXAMPLE
20060301T120000183Z
Iuyz3d3P0aTou39dzbqaEXAMPLE

Sample Response


bcaf1ffd86f41161ca5fb16fd081034f
webfile



quotesName>
20060203T164509000Z


samples
20060203T164158000Z



Response Body
• Owner
This provides information that Amazon S3 uses to represent your identity for purposes of
authentication and access control ID is a unique and permanent identifier for the developer who
made the request DisplayName is a humanreadable name representing the developer who made
the request It is not unique and might change over timeWe recommend that you match your
DisplayName to your Forum name
• Name
The name of a bucket Note that if one of your buckets was recently deleted the name of the deleted
bucket might still be present in this list for a period of time
• CreationDate
The time that the bucket was created
Access Control
You must authenticate with a valid AWS Access Key ID Anonymous requests are never allowed to list
buckets and you can only list buckets for which you are the owner
Operations on Buckets (SOAP API)
API Version 20060301
373Amazon Simple Storage Service API Reference
CreateBucket (SOAP API)
Note
SOAP support over HTTP is deprecated but it is still available over HTTPS New Amazon S3
features will not be supported for SOAP We recommend that you use either the REST API or
the AWS SDKs
This section describes operations you can perform on Amazon S3 buckets
Topics
• CreateBucket (SOAP API) (p 374)
• DeleteBucket (SOAP API) (p 375)
• ListBucket (SOAP API) (p 376)
• GetBucketAccessControlPolicy (SOAP API) (p 378)
• SetBucketAccessControlPolicy (SOAP API) (p 379)
• GetBucketLoggingStatus (SOAP API) (p 380)
• SetBucketLoggingStatus (SOAP API) (p 381)
CreateBucket (SOAP API)
Note
SOAP support over HTTP is deprecated but it is still available over HTTPS New Amazon S3
features will not be supported for SOAP We recommend that you use either the REST API or
the AWS SDKs
The CreateBucket operation creates a bucket Not every string is an acceptable bucket name For
information on bucket naming restrictions see Working with Amazon S3 Buckets
Note
To determine whether a bucket name exists use ListBucket and set MaxKeys to 0 A
NoSuchBucket response indicates that the bucket is available an AccessDenied response
indicates that someone else owns the bucket and a Success response indicates that you own
the bucket or have permission to access it
Example Create a bucket named quotes
Sample Request

quotes
AKIAIOSFODNN7EXAMPLE
20060301T120000183Z
Iuyz3d3P0aTou39dzbqaEXAMPLE

Sample Response


quotes


Elements
• Bucket The name of the bucket you are trying to create
API Version 20060301
374Amazon Simple Storage Service API Reference
DeleteBucket (SOAP API)
• AccessControlList The access control list for the new bucket This element is optional If not
provided the bucket is created with an access policy that give the requester FULL_CONTROL
access
Access Control
You must authenticate with a valid AWS Access Key ID Anonymous requests are never allowed to
create buckets
Related Resources
• ListBucket (SOAP API) (p 376)
DeleteBucket (SOAP API)
Note
SOAP support over HTTP is deprecated but it is still available over HTTPS New Amazon S3
features will not be supported for SOAP We recommend that you use either the REST API or
the AWS SDKs
The DeleteBucket operation deletes a bucket All objects in the bucket must be deleted before the
bucket itself can be deleted
Example
This example deletes the quotes bucket
Sample Request

quotes
AKIAIOSFODNN7EXAMPLE
20060301T120000183Z
Iuyz3d3P0aTou39dzbqaEXAMPLE

Sample Response


204
No Content


Elements
• Bucket The name of the bucket you want to delete
Access Control
Only the owner of a bucket is allowed to delete it regardless the access control policy on the bucket
API Version 20060301
375Amazon Simple Storage Service API Reference
ListBucket (SOAP API)
ListBucket (SOAP API)
Note
SOAP support over HTTP is deprecated but it is still available over HTTPS New Amazon S3
features will not be supported for SOAP We recommend that you use either the REST API or
the AWS SDKs
The ListBucket operation returns information about some of the items in the bucket
For a general introduction to the list operation see the Listing Object Keys
Requests
This example lists up to 1000 keys in the quotes bucket that have the prefix notes
Syntax

quotes
notes

1000
AKIAIOSFODNN7EXAMPLE
20060301T120000183Z
Iuyz3d3P0aTou39dzbqaEXAMPLE


Parameters
Name Description Required
prefix Limits the response to keys which begin with the indicated prefix
You can use prefixes to separate a bucket into different sets of
keys in a way similar to how a file system uses folders
Type String
Default None
No
marker Indicates where in the bucket to begin listing The list will only
include keys that occur lexicographically after marker This is
convenient for pagination To get the next page of results use the
last key of the current page as the marker
Type String
Default None
No
maxkeys The maximum number of keys you'd like to see in the response
body The server might return fewer than this many keys but will
not return more
Type String
Default None
No
delimiter Causes keys that contain the same string between the prefix and
the first occurrence of the delimiter to be rolled up into a single
result element in the CommonPrefixes collection These rolledup
keys are not returned elsewhere in the response
No
API Version 20060301
376Amazon Simple Storage Service API Reference
ListBucket (SOAP API)
Name Description Required
Type String
Default None
Success Response
This response assumes the bucket contains the following keys
notestodostxt
notes20050523customer_mtg_notestxt
notes20050523phone_notestxt
notes20050528sales_notestxt
Syntax


backups
notes
1000

false

notestodostxt
20060101T120000000Z
"828ef3fdfa96f00ad9f27c383fc9ac7f"
5126
STANDARD

75aa57f09aa0c8caeab4f8c24e99d10f8e7faeebf76c078efc7c6caea54ba06a<
ID>
webfile

STANDARD


notes20050523


notes20050528


As you can see many of the fields in the response echo the request parameters IsTruncated
Contents and CommonPrefixes are the only response elements that can contain new information
Response Elements
Name Description
Contents Metadata about each object returned
Type XML metadata
Ancestor ListBucketResult
API Version 20060301
377Amazon Simple Storage Service API Reference
GetBucketAccessControlPolicy (SOAP API)
Name Description
CommonPrefixes A response can contain CommonPrefixes only if you specify a delimiter
When you do CommonPrefixes contains all (if there are any) keys between
Prefix and the next occurrence of the string specified by delimiter In effect
CommonPrefixes lists keys that act like subdirectories in the directory specified
by Prefix For example if prefix is notes and delimiter is a slash () in
notessummerjuly the common prefix is notessummer
Type String
Ancestor ListBucketResult
Delimiter Causes keys that contain the same string between the prefix and the first
occurrence of the delimiter to be rolled up into a single result element in the
CommonPrefixes collection These rolledup keys are not returned elsewhere in
the response
Type String
Ancestor ListBucketResult
IsTruncated Specifies whether (true) or not (false) all of the results were returned All of the
results may not be returned if the number of results exceeds that specified by
MaxKeys
Type String
Ancestor boolean
Marker Indicates where in the bucket to begin listing
Type String
Ancestor ListBucketResult
MaxKeys The maximum number of keys returned in the response body
Type String
Ancestor ListBucketResult
Name Name of the bucket
Type String
Ancestor ListBucketResult
Prefix Keys that begin with the indicated prefix
Type String
Ancestor ListBucketResult
Response Body
For information about the list response see Listing Keys Response
Access Control
To list the keys of a bucket you need to have been granted READ access on the bucket
GetBucketAccessControlPolicy (SOAP API)
Note
SOAP support over HTTP is deprecated but it is still available over HTTPS New Amazon S3
features will not be supported for SOAP We recommend that you use either the REST API or
the AWS SDKs
API Version 20060301
378Amazon Simple Storage Service API Reference
SetBucketAccessControlPolicy (SOAP API)
The GetBucketAccessControlPolicy operation fetches the access control policy for a bucket
Example
This example retrieves the access control policy for the quotes bucket
Sample Request

quotes
AKIAIOSFODNN7EXAMPLE
20060301T120000183Z
Iuyz3d3P0aTou39dzbqaEXAMPLE

Sample Response


a9a7b886d6fd2441bf9b1c61be666e9
chriscustomer




a9a7b886d6f41bf9b1c61be666e9
chriscustomer

FULL_CONTROL



httpacsamazonawscomgroupsglobalAllUsers

READ



Response Body
The response contains the access control policy for the bucket For an explanation of this response
see SOAP Access Policy
Access Control
You must have READ_ACP rights to the bucket in order to retrieve the access control policy for a
bucket
SetBucketAccessControlPolicy (SOAP API)
Note
SOAP support over HTTP is deprecated but it is still available over HTTPS New Amazon S3
features will not be supported for SOAP We recommend that you use either the REST API or
the AWS SDKs
API Version 20060301
379Amazon Simple Storage Service API Reference
GetBucketLoggingStatus (SOAP API)
The SetBucketAccessControlPolicy operation sets the Access Control Policy for an existing
bucket If successful the previous Access Control Policy for the bucket is entirely replaced with the
specified Access Control Policy
Example
Give the specified user (usually the owner) FULL_CONTROL access to the quotes bucket
Sample Request

quotes



a9a7b8863000e241bf9b1c61be666e9
chriscustomer

FULL_CONTROL


AKIAIOSFODNN7EXAMPLE
20060301T120000183Z
Iuyz3d3P0aTou39dzbqaEXAMPLE

Sample Response
doc20060301>

200
OK


Access Control
You must have WRITE_ACP rights to the bucket in order to set the access control policy for a bucket
GetBucketLoggingStatus (SOAP API)
Note
SOAP support over HTTP is deprecated but it is still available over HTTPS New Amazon S3
features will not be supported for SOAP We recommend that you use either the REST API or
the AWS SDKs
The GetBucketLoggingStatus retrieves the logging status for an existing bucket
For a general introduction to this feature see Server Logs
API Version 20060301
380Amazon Simple Storage Service API Reference
SetBucketLoggingStatus (SOAP API)
Example
Sample Request

xmlnsxsihttpwwww3org2001XMLSchemainstance xmlnsxsdhttp
wwww3org2001XMLSchema>

docs3amazonawscom20060301>
mybucket
YOUR_AWS_ACCESS_KEY_ID
20060301T120000183Z
YOUR_SIGNATURE_HERE




Sample Response

envelope xmlnsxsdhttpwwww3org2001XMLSchema xmlnsxsihttp
wwww3org2001XMLSchemainstance >



doc20060301>


mylogs
mybucketaccess_log






Access Control
Only the owner of a bucket is permitted to invoke this operation
SetBucketLoggingStatus (SOAP API)
Note
SOAP support over HTTP is deprecated but it is still available over HTTPS New Amazon S3
features will not be supported for SOAP We recommend that you use either the REST API or
the AWS SDKs
The SetBucketLoggingStatus operation updates the logging status for an existing bucket
For a general introduction to this feature see Server Logs
API Version 20060301
381Amazon Simple Storage Service API Reference
Operations on Objects (SOAP API)
Example
This sample request enables server access logging for the 'mybucket' bucket and configures the logs
to be delivered to 'mylogs' under prefix 'access_log'
Sample Request

xmlnsxsihttpwwww3org2001XMLSchemainstance xmlnsxsdhttp
wwww3org2001XMLSchema>


myBucket
YOUR_AWS_ACCESS_KEY_ID
20060301T120000183Z
YOUR_SIGNATURE_HERE


mylogs
mybucketaccess_log






Sample Response

envelope xmlnsxsdhttpwwww3org2001XMLSchema xmlnsxsihttp
wwww3org2001XMLSchemainstance >



doc20060301>



Access Control
Only the owner of a bucket is permitted to invoke this operation
Operations on Objects (SOAP API)
Note
SOAP support over HTTP is deprecated but it is still available over HTTPS New Amazon S3
features will not be supported for SOAP We recommend that you use either the REST API or
the AWS SDKs
API Version 20060301
382Amazon Simple Storage Service API Reference
PutObjectInline (SOAP API)
This section describes operations you can perform on Amazon S3 objects
Topics
• PutObjectInline (SOAP API) (p 383)
• PutObject (SOAP API) (p 385)
• CopyObject (SOAP API) (p 387)
• GetObject (SOAP API) (p 391)
• GetObjectExtended (SOAP API) (p 396)
• DeleteObject (SOAP API) (p 396)
• GetObjectAccessControlPolicy (SOAP API) (p 397)
• SetObjectAccessControlPolicy (SOAP API) (p 398)
PutObjectInline (SOAP API)
Note
SOAP support over HTTP is deprecated but it is still available over HTTPS New Amazon S3
features will not be supported for SOAP We recommend that you use either the REST API or
the AWS SDKs
The PutObjectInline operation adds an object to a bucket The data for the object is provided in the
body of the SOAP message
If an object already exists in a bucket the new object will overwrite it because Amazon S3 stores the
last write request However Amazon S3 is a distributed system If Amazon S3 receives multiple write
requests for the same object nearly simultaneously all of the objects might be stored even though only
one wins in the end Amazon S3 does not provide object locking if you need this make sure to build it
into your application layer
To ensure an object is not corrupted over the network you can calculate the MD5 of an object PUT it
to Amazon S3 and compare the returned Etag to the calculated MD5 value
PutObjectInline is not suitable for use with large objects The system limits this operation to working
with objects 1MB or smaller PutObjectInline will fail with the InlineDataTooLargeError status
code if the Data parameter encodes an object larger than 1MB To upload large objects consider using
the noninline PutObject API or the REST API instead
API Version 20060301
383Amazon Simple Storage Service API Reference
PutObjectInline (SOAP API)
Example
This example writes some text and metadata into the Nelson object in the quotes bucket give
a user (usually the owner) FULL_CONTROL access to the object and make the object readable by
anonymous parties
Sample Request

quotes
Nelson

ContentType
textplain


family
Muntz

aGEtaGE
5



a9a7b886d6fde241bf9b1c61be666e9
chriscustomer

FULL_CONTROL



httpacsamazonawscomgroupsglobalAllUsers

READ


AKIAIOSFODNN7EXAMPLE
20060301T120000183Z
Iuyz3d3P0aTou39dzbqaEXAMPLE

Sample Response


"828ef3fdfa96f00ad9f27c383fc9ac7f"
20060101T120000000Z


Elements
• Bucket The bucket in which to add the object
• Key The key to assign to the object
API Version 20060301
384Amazon Simple Storage Service API Reference
PutObject (SOAP API)
• Metadata You can provide namevalue metadata pairs in the metadata element These will be
stored with the object
• Data The base 64 encoded form of the data
• ContentLength The length of the data in bytes
• AccessControlList An Access Control List for the resource This element is optional If
omitted the requester is given FULL_CONTROL access to the object If the object already exists the
preexisting access control policy is replaced
Responses
• ETag The entity tag is an MD5 hash of the object that you can use to do conditional fetches of the
object using GetObjectExtended The ETag only reflects changes to the contents of an object not
its metadata
• LastModified The Amazon S3 timestamp for the saved object
Access Control
You must have WRITE access to the bucket in order to put objects into the bucket
Related Resources
• PutObject (SOAP API) (p 385)
• CopyObject (SOAP API) (p 387)
PutObject (SOAP API)
Note
SOAP support over HTTP is deprecated but it is still available over HTTPS New Amazon S3
features will not be supported for SOAP We recommend that you use either the REST API or
the AWS SDKs
The PutObject operation adds an object to a bucket The data for the object is attached as a DIME
attachment
To ensure an object is not corrupted over the network you can calculate the MD5 of an object PUT it
to Amazon S3 and compare the returned Etag to the calculated MD5 value
If an object already exists in a bucket the new object will overwrite it because Amazon S3 stores the
last write request However Amazon S3 is a distributed system If Amazon S3 receives multiple write
requests for the same object nearly simultaneously all of the objects might be stored even though only
one wins in the end Amazon S3 does not provide object locking if you need this make sure to build it
into your application layer
API Version 20060301
385Amazon Simple Storage Service API Reference
PutObject (SOAP API)
Example
This example puts some data and metadata in the Nelson object of the quotes bucket give a user
(usually the owner) FULL_CONTROL access to the object and make the object readable by anonymous
parties In this sample the actual attachment is not shown
Sample Request

quotes
Nelson

ContentType
textplain


family
Muntz

5



a9a7b886d6241bf9b1c61be666e9
chriscustomer

FULL_CONTROL



httpacsamazonawscomgroupsglobalAllUsers

READ


AKIAIOSFODNN7EXAMPLE
20070511T120000183Z
Iuyz3d3P0aTou39dzbqaEXAMPLE

Sample Response


"828ef3fdfa96f00ad9f27c383fc9ac7f"
20060301T120000183Z


Elements
• Bucket The bucket in which to add the object
• Key The key to assign to the object
• Metadata You can provide namevalue metadata pairs in the metadata element These will be
stored with the object
• ContentLength The length of the data in bytes
API Version 20060301
386Amazon Simple Storage Service API Reference
CopyObject (SOAP API)
• AccessControlList An Access Control List for the resource This element is optional If
omitted the requester is given FULL_CONTROL access to the object If the object already exists the
preexisting Access Control Policy is replaced
Responses
• ETag The entity tag is an MD5 hash of the object that you can use to do conditional fetches of the
object using GetObjectExtended The ETag only reflects changes to the contents of an object not
its metadata
• LastModified The Amazon S3 timestamp for the saved object
Access Control
To put objects into a bucket you must have WRITE access to the bucket
Related Resources
• CopyObject (SOAP API) (p 387)
CopyObject (SOAP API)
Note
SOAP support over HTTP is deprecated but it is still available over HTTPS New Amazon S3
features will not be supported for SOAP We recommend that you use either the REST API or
the AWS SDKs
Description
The CopyObject operation creates a copy of an object when you specify the key and bucket of a
source object and the key and bucket of a target destination
When copying an object you can preserve all metadata (default) or specify new metadata However
the ACL is not preserved and is set to private for the user making the request To override the
default ACL setting specify a new ACL when generating a copy request For more information see
Using ACLs
All copy requests must be authenticated Additionally you must have read access to the source object
and write access to the destination bucket For more information see Using Auth Access
To only copy an object under certain conditions such as whether the Etag matches or
whether the object was modified before or after a specified date use the request parameters
CopySourceIfUnmodifiedSince CopyIfUnmodifiedSince CopySourceIfMatch or
CopySourceIfNoneMatch
Note
You might need to configure the SOAP stack socket timeout for copying large objects
Request Syntax

source_bucket
source_object
destination_bucket
destination_object
API Version 20060301
387Amazon Simple Storage Service API Reference
CopyObject (SOAP API)
{REPLACE | COPY}

metadata_name
metadata_value





user_id
display_name

permission



etag
etag
date_time
date_time
AWSAccessKeyId
TimeStamp
Signature

Request Parameters
Name Description Required
SourceBucket The name of the source bucket
Type String
Default None
Constraints A valid source bucket
Yes
SourceKey The key name of the source object
Type String
Default None
Constraints The key for a valid source
object to which you have READ access
Yes
DestinationBucket The name of the destination bucket
Type String
Default None
Constraints You must have WRITE access
to the destination bucket
Yes
DestinationKey The key of the destination object
Type String
Default None
Constraints You must have WRITE access
to the destination bucket
Yes
MetadataDirective Specifies whether the metadata is copied
from the source object or replaced with
metadata provided in the request
Type String
No
API Version 20060301
388Amazon Simple Storage Service API Reference
CopyObject (SOAP API)
Name Description Required
Default COPY
Valid values COPY | REPLACE
Constraints Values other than COPY or
REPLACE will result in an immediate error
You cannot copy an object to itself unless
the MetadataDirective header is specified
and its value set to REPLACE
Metadata Specifies metadata namevalue pairs to set
for the objectIf MetadataDirective is set to
COPY all metadata is ignored
Type String
Default None
Constraints None
No
AccessControlList Grants access to users by email addresses
or canonical user ID
Type String
Default None
Constraints None
No
CopySourceIfMatch Copies the object if its entity tag (ETag)
matches the specified tag otherwise return
a PreconditionFailed
Type String
Default None
Constraints None If the Etag does not
match the object is not copied
No
CopySourceIfNoneMatch Copies the object if its entity tag (ETag) is
different than the specified Etag otherwise
returns an error
Type String
Default None
Constraints None
No
CopySourceIfUnmodifiedSince Copies the object if it hasn't been modified
since the specified time otherwise returns a
PreconditionFailed
Type dateTime
Default None
No
CopySourceIfModifiedSince Copies the object if it has been modified
since the specified time otherwise returns
an error
Type dateTime
Default None
No
Response Syntax


API Version 20060301
389Amazon Simple Storage Service API Reference
CopyObject (SOAP API)
etag
timestamp


Response Elements
Following is a list of response elements
Note
The SOAP API does not return extra whitespace Extra whitespace is only returned by the
REST API
Name Description
Etag Returns the etag of the new object The ETag only
reflects changes to the contents of an object not its
metadata
Type String
Ancestor CopyObjectResult
LastModified Returns the date the object was last modified
Type String
Ancestor CopyObjectResult
For information about general response elements see Using REST Error Response Headers
Special Errors
There are no special errors for this operation For information about general Amazon S3 errors see
List of Error Codes (p 8)
Examples
This example copies the flotsam object from the pacific bucket to the jetsam object of the
atlantic bucket preserving its metadata
Sample Request

pacific
flotsam
atlantic
jetsam
AKIAIOSFODNN7EXAMPLE
20080218T135410183Z
Iuyz3d3P0aTou39dzbq7RrtSFmw

Sample Response


API Version 20060301
390Amazon Simple Storage Service API Reference
GetObject (SOAP API)
828ef3fdfa96f00ad9f27c383fc9ac7f
20080218T135410183Z


This example copies the tweedledee object from the wonderland bucket to the tweedledum object
of the wonderland bucket replacing its metadata
Sample Request

wonderland
tweedledee
wonderland
tweedledum
REPLACE

ContentType
textplain


relationship
twins

AKIAIOSFODNN7EXAMPLE
20080218T135410183Z
Iuyz3d3P0aTou39dzbq7RrtSFmw

Sample Response


828ef3fdfa96f00ad9f27c383fc9ac7f
20080218T135410183Z


Related Resources
• PutObject (SOAP API) (p 385)
• PutObjectInline (SOAP API) (p 383)
GetObject (SOAP API)
Note
SOAP support over HTTP is deprecated but it is still available over HTTPS New Amazon S3
features will not be supported for SOAP We recommend that you use either the REST API or
the AWS SDKs
The GetObject operation returns the current version of an object If you try to GetObject an object
that has a delete marker as its current version S3 returns a 404 error You cannot use the SOAP API
to retrieve a specified version of an object To do that use the REST API For more information see
Versioning For more options use the GetObjectExtended (SOAP API) (p 396) operation
API Version 20060301
391Amazon Simple Storage Service API Reference
GetObject (SOAP API)
Example
This example gets the Nelson object from the quotes bucket
Sample Request

quotes
Nelson
true
true
true
AKIAIOSFODNN7EXAMPLE
20060301T120000183Z
Iuyz3d3P0aTou39dzbqaEXAMPLE

Sample Response



200
OK


ContentType
textplain


family
Muntz

aGEtaGE
20060101T120000000Z
"828ef3fdfa96f00ad9f27c383fc9ac7f"


Elements
• Bucket The bucket from which to retrieve the object
• Key The key that identifies the object
• GetMetadata The metadata is returned with the object if this is true
• GetData The object data is returned if this is true
• InlineData If this is true then the data is returned base 64encoded as part of the SOAP
body of the response If false then the data is returned as a SOAP attachment The InlineData
option is not suitable for use with large objects The system limits this operation to working
with 1MB of data or less A GetObject request with the InlineData flag set will fail with the
InlineDataTooLargeError status code if the resulting Data parameter would have encoded more
than 1MB To download large objects consider calling GetObject without setting the InlineData flag
or use the REST API instead
API Version 20060301
392Amazon Simple Storage Service API Reference
GetObject (SOAP API)
Returned Elements
• Metadata The namevalue paired metadata stored with the object
• Data If InlineData was true in the request this contains the base 64 encoded object data
• LastModified The time that the object was stored in Amazon S3
• ETag The object's entity tag This is a hash of the object that can be used to do conditional gets
The ETag only reflects changes to the contents of an object not its metadata
Access Control
You can read an object only if you have been granted READ access to the object
SOAP Chunked and Resumable Downloads
To provide GET flexibility Amazon S3 supports chunked and resumable downloads
Select from the following
• For large object downloads you might want to break them into smaller chunks For more information
see Range GETs (p 393)
• For GET operations that fail you can design your application to download the remainder instead of
the entire file For more information see REST GET Error Recovery (p 396)
Range GETs
For some clients you might want to break large downloads into smaller downloads To break a GET
into smaller units use Range
Before you can break a GET into smaller units you must determine its size For example the following
request gets the size of the bigfile object

bigbucket
bigfile
1
AKIAIOSFODNN7EXAMPLE
20060301T120000183Z
Iuyz3d3P0aTou39dzbqaEXAMPLE

Amazon S3 returns the following response

quotes
N
1
false

bigfile
20060101T120000000Z
"828ef3fdfa96f00ad9f27c383fc9ac7f"
2023276
STANDARD
API Version 20060301
393Amazon Simple Storage Service API Reference
GetObject (SOAP API)

bcaf1ffd86f41161ca5fb16fd081034f
bigfile



Following is a request that downloads the first megabyte from the bigfile object

bigbucket
bigfile
true
true
true
0
1048576
AKIAIOSFODNN7EXAMPLE
20060301T120000183Z
Iuyz3d3P0aTou39dzbqaEXAMPLE

Amazon S3 returns the first megabyte of the file and the Etag of the file



200
OK


ContentType
textplain


family
Muntz

first megabyte of bigfile
20060101T120000000Z
828ef3fdfa96f00ad9f27c383fc9ac7f


To ensure the file did not change since the previous portion was downloaded specify the IfMatch
element Although the IfMatch element is not required it is recommended for content that is likely to
change
The following is a request that gets the remainder of the file using the IfMatch request header

bigbucket
bigfile
true
true
true
10485761
API Version 20060301
394Amazon Simple Storage Service API Reference
GetObject (SOAP API)
2023276
828ef3fdfa96f00ad9f27c383fc9ac7f
AKIAIOSFODNN7EXAMPLE
20060301T120000183Z
Iuyz3d3P0aTou39dzbqaEXAMPLE

Amazon S3 returns the following response and the remainder of the file



200
OK


ContentType
textplain


family
>Muntz

remainder of bigfile
20060101T120000000Z
828ef3fdfa96f00ad9f27c383fc9ac7f


Versioned GetObject
The following request returns the specified version of the object in the bucket

quotes
Nelson
true
true
true
AKIAIOSFODNN7EXAMPLE
20060301T120000183Z
Iuyz3d3P0aTou39dzbqaEXAMPLE

Sample Response



200
OK


ContentType
textplain

API Version 20060301
395Amazon Simple Storage Service API Reference
GetObjectExtended (SOAP API)

family
Muntz

aGEtaGE
20060101T120000000Z
"828ef3fdfa96f00ad9f27c383fc9ac7f"


REST GET Error Recovery
If an object GET fails you can get the rest of the file by specifying the range to download To do so
you must get the size of the object using ListBucket and perform a range GET on the remainder of
the file For more information see GetObjectExtended (SOAP API) (p 396)
Related Resources
Operations on Objects (SOAP API) (p 382)
GetObjectExtended (SOAP API)
Note
SOAP support over HTTP is deprecated but it is still available over HTTPS New Amazon S3
features will not be supported for SOAP We recommend that you use either the REST API or
the AWS SDKs
GetObjectExtended is exactly like GetObject (SOAP API) (p 391) except that it supports the
following additional elements that can be used to accomplish much of the same functionality provided
by HTTP GET headers (go to httpwwww3orgProtocolsrfc2616rfc2616sec14html)
GetObjectExtended supports the following elements in addition to those supported by GetObject
• ByteRangeStart ByteRangeEnd These elements specify that only a portion of the object data
should be retrieved They follow the behavior of the HTTP byte ranges (go to httpwwww3org
Protocolsrfc2616rfc2616sec14html#sec1435)
• IfModifiedSince Return the object only if the object's timestamp is later than the specified
timestamp (httpwwww3orgProtocolsrfc2616rfc2616sec14html#sec1425)
• IfUnmodifiedSince Return the object only if the object's timestamp is earlier than or equal to the
specified timestamp (go to httpwwww3orgProtocolsrfc2616rfc2616sec14html#sec1428)
• IfMatch Return the object only if its ETag matches the supplied tag(s) (go to httpwwww3org
Protocolsrfc2616rfc2616sec14html#sec1424)
• IfNoneMatch Return the object only if its ETag does not match the supplied tag(s) (go to http
wwww3orgProtocolsrfc2616rfc2616sec14html#sec1426)
• ReturnCompleteObjectOnConditionFailureReturnCompleteObjectOnConditionFailure If
true then if the request includes a range element and one or both of IfUnmodifiedSinceIfMatch
elements and the condition fails return the entire object rather than a fault This enables the If
Range functionality (go to httpwwww3orgProtocolsrfc2616rfc2616sec14html#sec1427)
DeleteObject (SOAP API)
Note
SOAP support over HTTP is deprecated but it is still available over HTTPS New Amazon S3
features will not be supported for SOAP We recommend that you use either the REST API or
the AWS SDKs
API Version 20060301
396Amazon Simple Storage Service API Reference
GetObjectAccessControlPolicy (SOAP API)
The DeleteObject operation removes the specified object from Amazon S3 Once deleted there is
no method to restore or undelete an object
Note
If you delete an object that does not exist Amazon S3 will return a success (not an error
message)
Example
This example deletes the Nelson object from the quotes bucket
Sample Request

quotes
Nelson
AKIAIOSFODNN7EXAMPLE
20060301T120000183Z
Iuyz3d3P0aTou39dzbqaEXAMPLE

Sample Response


200
OK


Elements
• Bucket The bucket that holds the object
• Key The key that identifies the object
Access Control
You can delete an object only if you have WRITE access to the bucket regardless of who owns the
object or what rights are granted to it
GetObjectAccessControlPolicy (SOAP API)
Note
SOAP support over HTTP is deprecated but it is still available over HTTPS New Amazon S3
features will not be supported for SOAP We recommend that you use either the REST API or
the AWS SDKs
The GetObjectAccessControlPolicy operation fetches the access control policy for an object
API Version 20060301
397Amazon Simple Storage Service API Reference
SetObjectAccessControlPolicy (SOAP API)
Example
This example retrieves the access control policy for the Nelson object from the quotes bucket
Sample Request

quotes
Nelson
AKIAIOSFODNN7EXAMPLE
20060301T120000183Z
Iuyz3d3P0aTou39dzbqaEXAMPLE

Sample Response


a9a7b886d6fd24a541bf9b1c61be666e9
chriscustomer




a9a7b841bf9b1c61be666e9
chriscustomer

FULL_CONTROL



httpacsamazonawscomgroupsglobalAllUsers

READ



Response Body
The response contains the access control policy for the bucket For an explanation of this response
SOAP Access Policy
Access Control
You must have READ_ACP rights to the object in order to retrieve the access control policy for an
object
SetObjectAccessControlPolicy (SOAP API)
Note
SOAP support over HTTP is deprecated but it is still available over HTTPS New Amazon S3
features will not be supported for SOAP We recommend that you use either the REST API or
the AWS SDKs
The SetObjectAccessControlPolicy operation sets the access control policy for an existing
object If successful the previous access control policy for the object is entirely replaced with the
specified access control policy
API Version 20060301
398Amazon Simple Storage Service API Reference
SOAP Error Responses
Example
This example gives the specified user (usually the owner) FULL_CONTROL access to the Nelson
object from the quotes bucket
Sample Request

quotes
Nelson




a9a7b886d6fd24a52fe8ca5bef65f89a64e0193f23000e241bf9b1c61be666e9
chriscustomer

FULL_CONTROL


AKIAIOSFODNN7EXAMPLE
20060301T120000183Z
Iuyz3d3P0aTou39dzbqaEXAMPLE

Sample Response
doc20060301>

200
OK


Access Control
You must have WRITE_ACP rights to the object in order to set the access control policy for a bucket
SOAP Error Responses
Note
SOAP support over HTTP is deprecated but it is still available over HTTPS New Amazon S3
features will not be supported for SOAP We recommend that you use either the REST API or
the AWS SDKs
In SOAP an error result is returned to the client as a SOAP fault with the HTTP response code 500
If you do not receive a SOAP fault then your request was successful The Amazon S3 SOAP fault
code is comprised of a standard SOAP 11 fault code (either Server or Client) concatenated with
the Amazon S3specific error code For example ServerInternalError or ClientNoSuchBucket The
SOAP fault string element contains a generic human readable error message in English Finally the
SOAP fault detail element contains miscellaneous information relevant to the error
For example if you attempt to delete the object Fred which does not exist the body of the SOAP
response contains a NoSuchKey SOAP fault
API Version 20060301
399Amazon Simple Storage Service API Reference
SOAP Error Responses
The following example shows a sample SOAP error response


soapenvClientNoSuchKey
The specified key does not exist

Fred



The following table explains the SOAP error response elements
Name Description
Detail Container for the key involved in the error
Type Container
Ancestor BodyFault
Fault Container for error information
Type Container
Ancestor Body
Faultcode The fault code is a string that uniquely identifies an error condition It is meant to be
read and understood by programs that detect and handle errors by type For more
information see List of Error Codes (p 8)
Type String
Ancestor BodyFault
Faultstring The fault string contains a generic description of the error condition in English It is
intended for a human audience Simple programs display the message directly to
the end user if they encounter an error condition they don't know how or don't care
to handle Sophisticated programs with more exhaustive error handling and proper
internationalization are more likely to ignore the fault string
Type String
Ancestor BodyFault
Key Identifies the key involved in the error
Type String
Ancestor BodyFault
API Version 20060301
400Amazon Simple Storage Service API Reference
Glossary
100continue A method that enables a client to see if a server can accept a request before
actually sending it For large PUTs this can save both time and bandwidth
charges
account AWS account associated with a particular developer
authentication The process of proving your identity to the system
bucket A container for objects stored in Amazon S3 Every object is contained within
a bucket For example if the object named photospuppyjpg is stored
in the johnsmith bucket then it is addressable using the URL http
johnsmiths3amazonawscomphotospuppyjpg
canned access policy A standard access control policy that you can apply to a bucket or object
Valid Values private | publicread | publicreadwrite | aws
execread | authenticatedread | bucketownerread | bucket
ownerfullcontrol
canonicalization The process of converting data into a standard format that will be recognized
by a service such as Amazon S3
consistency model The method through which Amazon S3 achieves high availability which
involves replicating data across multiple servers within Amazon's data centers
After a success is returned your data is safely stored However information
about the changes might not immediately replicate across Amazon S3
key The unique identifier for an object within a bucket Every object in a bucket has
exactly one key Since a bucket and key together uniquely identify each object
Amazon S3 can be thought of as a basic data map between bucket + key
and the object itself Every object in Amazon S3 can be uniquely addressed
through the combination of the web service endpoint bucket name and key as
in httpdocs3amazonawscom20060301AmazonS3wsdl where doc is
the name of the bucket and 20060301AmazonS3wsdl is the key
metadata The metadata is a set of namevalue pairs that describe the object These
include default metadata such as the date last modified and standard HTTP
metadata such as ContentType The developer can also specify custom
metadata at the time the Object is stored
object The fundamental entities stored in Amazon S3 Objects consist of object data
and metadata The data portion is opaque to Amazon S3
part The fundamental entities stored in Amazon S3 Objects consist of object data
and metadata The data portion is opaque to Amazon S3
API Version 20060301
401Amazon Simple Storage Service API Reference
service endpoint The host and port with which you are trying to communicate within
the destination URL For virtual hostedstyle requests this is
mybuckets3amazonawscom For pathstyle requests this is
s3amazonawscom
API Version 20060301
402

《香当网》用户分享的内容,不代表《香当网》观点或立场,请自行判断内容的真实性和可靠性!
该内容是文档的文本内容,更好的格式请下载文档

下载文档,方便阅读与编辑

文档的实际排版效果,会与网站的显示效果略有不同!!

需要 3 香币 [ 分享文档获得香币 ]

下载文档

相关文档

食品专业英语 LESSON 8 Principles Of Refrigerated Gas Storage

There are clear benefits from the cool temperature storage of foods. As this.thesis evolved there was another development which paralleled it. While slow.in maturing, it also had significant potent

小***库 2年前 上传397   0

企业大数据基础平台搭建和实用开发代码

在现代的企业环境中,单机容量往往无法存储大量数据,需要跨机器存储。统一管理分布在集群上的文件系统称为分布式文件系统。而一旦在系统中,引入网络,就不可避免地引入了所有网络编程的复杂性,例如挑战之一是如果保证在节点不可用的时候数据不丢失。

章***明 3年前 上传2480   0

四川省德阳市 高三下学期2月第二次监测考试英语试题(Word版缺答案,无听力音频,无文字材料)

德阳市高中2019级质量监测考试(二)英语试卷注意事项:1.本试卷分第I卷(选择题)和第II卷(非选择题)两部分,全卷150分,考试时间120分钟。2.答题前,考生务必将自己的姓名、准考证号填写在答题卡上指定的位置。3.全部答案在答题卡上完成,答在本试卷上无效。考试结束后,将答题卡交回。第I卷(选择题 共100分)第一部分:听力(共两节,满分30分)做题时,先将答案标在试卷上。录

的***有 7个月前 上传284   0

IBM演示技巧教程

There are three steps to making an IBM presentation:   Plan It offers advice on organizing your message, sharpening your focus on what you want to say, and arranging it in a manne

y***u 10年前 上传668   0

人教版 必修第二册Unit3The Internet VideoTime同步检测练(有答案)

Unit 3 The Internet——Video Time一、完成句子1. His classmates always ___________ (取笑)Jill because of his skin color.  2. It is wrong of you to skip breakfast in order to stay __________(状况良好).  3. We m

还***法 7个月前 上传222   0

沈阳东东系统集成有限公司质量管理规范文件——编码标准

作业标准S-04006总页数8正文4附件4文件控制部门:项目管理部编码标准 批准人刘岩审核人崔戈拟制人刘慧丰批准日期1999.5.12生效日期1999.5.12关联文件沈阳东东系统集成

q***1 9年前 上传483   0

华为软件详细设计模板

产品名称Product name密级Confidentiality level产品版本Product versionTotal 12pages 共12页XX Low Level Design SpecificationXX 详细设计说明书Prepared by 拟制Name+ID姓名+工号Date日期yyyy-mm-ddReviewed by 评审人

文***享 3年前 上传549   0

江苏省东台中学-学年度高一下学期强化班英语午间练习8

What will the schools of the future look like? With the introduction of 5G technology, we’re starting to find out. The answer is smart campuses, with high-tech features to help students learn more effectively and safely. They also bring convenience to teachers and administrators (管理者).

3***猪 3年前 上传379   0

本科毕业生论文提纲英语版本

本科毕业生论文提纲英语版本  how should we revise the first or the second draft?  whether a beginner or a professional, every writer must revise, that is, go back over the first draft or the second draft of a

水***边 9年前 上传395   0

3935国开电大理工英语2历年期末考试(第三题阅读理解判断题)题库(排序考试版)

[试题]Almost everyone is familiar with video conferencing today, and for good reasons. Video conferencing is convenient. Video conferencing saves money. Video conferencing makes money. And it is so much easier than it used to be.[2020年9月试题、2020年7月试题、2020年1月试题、2019年7月试题、2018年7月试题]

h***s 3年前 上传961   0

1380国开电大本科《商务英语3》历年期末考试(第三大题阅读判断)题库(排序考试版)

1380国开电大本科《商务英语3》历年期末考试(第三大题阅读判断)题库[排序考试版]说明:可以根据试题首字母音序查找试题及答案。[短文]Accounting errors will happen from time to time,but many common accounting mistakes can be avoided with proper planning and prep

h***s 2年前 上传662   0

1380国开电大本科《商务英语3》期末纸质考试(第三大题阅读判断)题库(排序版)

说明:更新至2021年7月试题;可以根据试题首字母音序查找试题及答案。[短文]Accounting errors will happen from time to time,but many common accounting mistakes can be avoided with proper planning and preparation.Here are the top seven accounting mistakes that should be paid more attention to.[2018年1月试题](1)Not knowing your true cash balance:Due to th

h***s 2年前 上传418   0

北京市平谷中学高二下学期期中考试英语试卷

阅读下列短文,根据短文内容填空。在未给提示词的空白处仅填写1个适当的单词,在给出提示词的空白处用括号内所给词的正确形式填空。AHowever, not all advertising is about selling products and services for a profit. Someadvertisementsnowadaysaim1 (make) a contribution to society and welfare. Forexample,therearepublicadvertisements,2 encourage citizens to participate inimproving their neighborhood, protecting the environment, and helping other people. Over the lastdecade, thegovernment3 (sponsor)advertisementstoeducatethepublic4

郭***林 3年前 上传440   0

工廠評估及評分指引

Manufacturer Approval Procedure 供稱商認可程序(For SQE application ; 供應商品質工程師適用)Emerson Radio CorporationDoc No.: QD10CORPORATE OPERATION PROCEDURERev.: ASubject: Manufacturer Approval Proced

开***子 11年前 上传556   0

营销创业课件 Estimate Checklist009

Estimate ChecklistProducertoAccount ServicesThis checklist will help Producers prepare financial and technical materials in advance so that the Account Services can deliver a highly-accurate esti

小***库 3年前 上传570   0

1380国开电大本科《商务英语3》期末纸质考试(第三大题阅读判断)题库(分学期版)

26-30题:根据短文内容判断给出的语句是否正确,正确的写“T”,错误的写“F”,并将答案写在答题纸上。 Passage 2Logistics is the physical flow process of goods from the point of origin to the point of consumption concerning transportation,warehousing and storage,loading and unloading,goods handling,packing,distribution processing delivery

h***s 2年前 上传418   0

麦肯锡05年2月最新报告管理下一代的IT基础架构

Managing next-generation IT infrastructureThe days of building to order are over. The time is ripe for an industrial revolution.James M. Kaplan, Markus Löffler, and Roger P. RobertsThe McKinsey Qu

鬼***笑 2年前 上传373   0

51CTO下载-Oracle_DB常用经典sql查询

oracle常用经典SQL查询 常用SQL查询:   1、查看表空间的名称及大小   select t.tablespace_name, round(sum(bytes/(1024*1024)),0) ts_size from dba_tablespaces t, dba_data_files d where t.tablespace_name = d.tablespace_na

q***r 5年前 上传886   0

Netapp存储基本安装配置指导书

华 为 数 据 中 心N E T A P P 存 储 基 本 安 装 配 置 指 导 书©2023 Network Appliance All rights reserved本文档介绍 NetApp 公司存储在华为数据中心安装,配置,测试功能的相关步骤及方法。一、前 言Network Appliance 公司 1992 年成立于美

3***2 1年前 上传281   0

国开电大专科《理工英语2》一平台机考第四大题阅读判断题库

AAlmost everyone is familiar with video conferencing today,and for good reasons.Video conferencing is convenient.Video conferencing saves money.Video conferencing makes money.And it is so much easier than it used to be.Today,of course,video conferencing has become an important means for doing

h***s 1年前 上传246   0

国开电大专科《理工英语2》机考第四大题阅读判断题库

A01 Almost everyone is familiar with video conferencing today,and for good reasons.Video conferencing is convenient.Video conferencing saves money.Video conferencing makes money.And it is so much easier than it used to be.Today,of course,video conferencing

h***s 1年前 上传278   0

「2022秋期版」3936国开电大专科《商务英语2》期末一体化考试第四大题阅读理解判断题库

[2022秋期版]3936国开电大专科《商务英语2》期末一体化考试第四大题阅读理解判断题库说明:试题随机组合。[短文首字母音序B]Business EthicsNowadays,more and more attention is being paid to“Business Ethics”.But what does it mean?What is the importance of

h***s 2年前 上传387   0

3935国开电大专科《理工英语2》历年期末考试(第三题阅读理解判断题)题库(排序考试版)

3935国开电大专科《理工英语2》历年期末考试(第三题阅读理解判断题)题库(排序考试版)[试题]BENEFITS OF VIDEO CONFERENCING[内部资料]Almost everyone is familiar with video conferencing today, and for good reasons. Video conferencing is convenien

h***s 2年前 上传455   0

2019年6月六级第一套真题

2019年6月英语六级真题试卷(第一套)Directions: For this part, you are allowed 30 minutes to write an essay on the importance ofteam spirit and communication in the workplace. You can cite examples to illustrate

高***了 4年前 上传1120   0

「2022秋期版」3935国开电大专科《理工英语2》期末一体化考试第四大题阅读判断题库

[2022秋期版]3935国开电大专科《理工英语2》期末一体化考试第四大题阅读判断题库说明:试题随机组合。[短文首字母音序A]Almost everyone is familiar with video conferencing today,and for good reasons.Video conferencing is convenient.Video conferencing s

h***s 2年前 上传403   0

© 2006-2021 香当网   

  浙公网安备 33018302001162号
浙ICP备09019653号-34