2019/07/03 - Amazon Simple Storage Service - 3 updated api methods
Changes Add S3 x-amz-server-side-encryption-context support.
{'SSEKMSEncryptionContext': 'string'}
Creates a copy of an object that is already stored in Amazon S3.
See also: AWS API Documentation
Request Syntax
client.copy_object( ACL='private'|'public-read'|'public-read-write'|'authenticated-read'|'aws-exec-read'|'bucket-owner-read'|'bucket-owner-full-control', Bucket='string', CacheControl='string', ContentDisposition='string', ContentEncoding='string', ContentLanguage='string', ContentType='string', CopySource='string', CopySourceIfMatch='string', CopySourceIfModifiedSince=datetime(2015, 1, 1), CopySourceIfNoneMatch='string', CopySourceIfUnmodifiedSince=datetime(2015, 1, 1), Expires=datetime(2015, 1, 1), GrantFullControl='string', GrantRead='string', GrantReadACP='string', GrantWriteACP='string', Key='string', Metadata={ 'string': 'string' }, MetadataDirective='COPY'|'REPLACE', TaggingDirective='COPY'|'REPLACE', ServerSideEncryption='AES256'|'aws:kms', StorageClass='STANDARD'|'REDUCED_REDUNDANCY'|'STANDARD_IA'|'ONEZONE_IA'|'INTELLIGENT_TIERING'|'GLACIER'|'DEEP_ARCHIVE', WebsiteRedirectLocation='string', SSECustomerAlgorithm='string', SSECustomerKey=b'bytes', SSECustomerKeyMD5='string', SSEKMSKeyId='string', SSEKMSEncryptionContext='string', CopySourceSSECustomerAlgorithm='string', CopySourceSSECustomerKey=b'bytes', CopySourceSSECustomerKeyMD5='string', RequestPayer='requester', Tagging='string', ObjectLockMode='GOVERNANCE'|'COMPLIANCE', ObjectLockRetainUntilDate=datetime(2015, 1, 1), ObjectLockLegalHoldStatus='ON'|'OFF' )
string
The canned ACL to apply to the object.
string
[REQUIRED]
string
Specifies caching behavior along the request/reply chain.
string
Specifies presentational information for the object.
string
Specifies what content encodings have been applied to the object and thus what decoding mechanisms must be applied to obtain the media-type referenced by the Content-Type header field.
string
The language the content is in.
string
A standard MIME type describing the format of the object data.
string
[REQUIRED]
The name of the source bucket and key name of the source object, separated by a slash (/). Must be URL-encoded.
string
Copies the object if its entity tag (ETag) matches the specified tag.
datetime
Copies the object if it has been modified since the specified time.
string
Copies the object if its entity tag (ETag) is different than the specified ETag.
datetime
Copies the object if it hasn't been modified since the specified time.
datetime
The date and time at which the object is no longer cacheable.
string
Gives the grantee READ, READ_ACP, and WRITE_ACP permissions on the object.
string
Allows grantee to read the object data and its metadata.
string
Allows grantee to read the object ACL.
string
Allows grantee to write the ACL for the applicable object.
string
[REQUIRED]
dict
A map of metadata to store with the object in S3.
(string) --
(string) --
string
Specifies whether the metadata is copied from the source object or replaced with metadata provided in the request.
string
Specifies whether the object tag-set are copied from the source object or replaced with tag-set provided in the request.
string
The Server-side encryption algorithm used when storing this object in S3 (e.g., AES256, aws:kms).
string
The type of storage to use for the object. Defaults to 'STANDARD'.
string
If the bucket is configured as a website, redirects requests for this object to another object in the same bucket or to an external URL. Amazon S3 stores the value of this header in the object metadata.
string
Specifies the algorithm to use to when encrypting the object (e.g., AES256).
bytes
Specifies the customer-provided encryption key for Amazon S3 to use in encrypting data. This value is used to store the object and then it is discarded; Amazon does not store the encryption key. The key must be appropriate for use with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm header.
string
Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. Amazon S3 uses this header for a message integrity check to ensure the encryption key was transmitted without error.
string
Specifies the AWS KMS key ID to use for object encryption. All GET and PUT requests for an object protected by AWS KMS will fail if not made via SSL or using SigV4. Documentation on configuring any of the officially supported AWS SDKs and CLI can be found at http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version
string
Specifies the AWS KMS Encryption Context to use for object encryption. The value of this header is a base64-encoded UTF-8 string holding JSON with the encryption context key-value pairs.
string
Specifies the algorithm to use when decrypting the source object (e.g., AES256).
bytes
Specifies the customer-provided encryption key for Amazon S3 to use to decrypt the source object. The encryption key provided in this header must be one that was used when the source object was created.
string
Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. Amazon S3 uses this header for a message integrity check to ensure the encryption key was transmitted without error.
string
Confirms that the requester knows that she or he will be charged for the request. Bucket owners need not specify this parameter in their requests. Documentation on downloading objects from requester pays buckets can be found at http://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
string
The tag-set for the object destination object this value must be used in conjunction with the TaggingDirective. The tag-set must be encoded as URL Query parameters
string
The object lock mode that you want to apply to the copied object.
datetime
The date and time when you want the copied object's object lock to expire.
string
Specifies whether you want to apply a Legal Hold to the copied object.
dict
Response Syntax
{ 'CopyObjectResult': { 'ETag': 'string', 'LastModified': datetime(2015, 1, 1) }, 'Expiration': 'string', 'CopySourceVersionId': 'string', 'VersionId': 'string', 'ServerSideEncryption': 'AES256'|'aws:kms', 'SSECustomerAlgorithm': 'string', 'SSECustomerKeyMD5': 'string', 'SSEKMSKeyId': 'string', 'SSEKMSEncryptionContext': 'string', 'RequestCharged': 'requester' }
Response Structure
(dict) --
CopyObjectResult (dict) --
ETag (string) --
LastModified (datetime) --
Expiration (string) --
If the object expiration is configured, the response includes this header.
CopySourceVersionId (string) --
VersionId (string) --
Version ID of the newly created copy.
ServerSideEncryption (string) --
The Server-side encryption algorithm used when storing this object in S3 (e.g., AES256, aws:kms).
SSECustomerAlgorithm (string) --
If server-side encryption with a customer-provided encryption key was requested, the response will include this header confirming the encryption algorithm used.
SSECustomerKeyMD5 (string) --
If server-side encryption with a customer-provided encryption key was requested, the response will include this header to provide round trip message integrity verification of the customer-provided encryption key.
SSEKMSKeyId (string) --
If present, specifies the ID of the AWS Key Management Service (KMS) master encryption key that was used for the object.
SSEKMSEncryptionContext (string) --
If present, specifies the AWS KMS Encryption Context to use for object encryption. The value of this header is a base64-encoded UTF-8 string holding JSON with the encryption context key-value pairs.
RequestCharged (string) --
If present, indicates that the requester was successfully charged for the request.
{'SSEKMSEncryptionContext': 'string'}
Initiates a multipart upload and returns an upload ID.
Note: After you initiate multipart upload and upload one or more parts, you must either complete or abort multipart upload in order to stop getting charged for storage of the uploaded parts. Only after you either complete or abort multipart upload, Amazon S3 frees up the parts storage and stops charging you for the parts storage.
See also: AWS API Documentation
Request Syntax
client.create_multipart_upload( ACL='private'|'public-read'|'public-read-write'|'authenticated-read'|'aws-exec-read'|'bucket-owner-read'|'bucket-owner-full-control', Bucket='string', CacheControl='string', ContentDisposition='string', ContentEncoding='string', ContentLanguage='string', ContentType='string', Expires=datetime(2015, 1, 1), GrantFullControl='string', GrantRead='string', GrantReadACP='string', GrantWriteACP='string', Key='string', Metadata={ 'string': 'string' }, ServerSideEncryption='AES256'|'aws:kms', StorageClass='STANDARD'|'REDUCED_REDUNDANCY'|'STANDARD_IA'|'ONEZONE_IA'|'INTELLIGENT_TIERING'|'GLACIER'|'DEEP_ARCHIVE', WebsiteRedirectLocation='string', SSECustomerAlgorithm='string', SSECustomerKey=b'bytes', SSECustomerKeyMD5='string', SSEKMSKeyId='string', SSEKMSEncryptionContext='string', RequestPayer='requester', Tagging='string', ObjectLockMode='GOVERNANCE'|'COMPLIANCE', ObjectLockRetainUntilDate=datetime(2015, 1, 1), ObjectLockLegalHoldStatus='ON'|'OFF' )
string
The canned ACL to apply to the object.
string
[REQUIRED]
string
Specifies caching behavior along the request/reply chain.
string
Specifies presentational information for the object.
string
Specifies what content encodings have been applied to the object and thus what decoding mechanisms must be applied to obtain the media-type referenced by the Content-Type header field.
string
The language the content is in.
string
A standard MIME type describing the format of the object data.
datetime
The date and time at which the object is no longer cacheable.
string
Gives the grantee READ, READ_ACP, and WRITE_ACP permissions on the object.
string
Allows grantee to read the object data and its metadata.
string
Allows grantee to read the object ACL.
string
Allows grantee to write the ACL for the applicable object.
string
[REQUIRED]
dict
A map of metadata to store with the object in S3.
(string) --
(string) --
string
The Server-side encryption algorithm used when storing this object in S3 (e.g., AES256, aws:kms).
string
The type of storage to use for the object. Defaults to 'STANDARD'.
string
If the bucket is configured as a website, redirects requests for this object to another object in the same bucket or to an external URL. Amazon S3 stores the value of this header in the object metadata.
string
Specifies the algorithm to use to when encrypting the object (e.g., AES256).
bytes
Specifies the customer-provided encryption key for Amazon S3 to use in encrypting data. This value is used to store the object and then it is discarded; Amazon does not store the encryption key. The key must be appropriate for use with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm header.
string
Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. Amazon S3 uses this header for a message integrity check to ensure the encryption key was transmitted without error.
string
Specifies the AWS KMS key ID to use for object encryption. All GET and PUT requests for an object protected by AWS KMS will fail if not made via SSL or using SigV4. Documentation on configuring any of the officially supported AWS SDKs and CLI can be found at http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version
string
Specifies the AWS KMS Encryption Context to use for object encryption. The value of this header is a base64-encoded UTF-8 string holding JSON with the encryption context key-value pairs.
string
Confirms that the requester knows that she or he will be charged for the request. Bucket owners need not specify this parameter in their requests. Documentation on downloading objects from requester pays buckets can be found at http://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
string
The tag-set for the object. The tag-set must be encoded as URL Query parameters
string
Specifies the object lock mode that you want to apply to the uploaded object.
datetime
Specifies the date and time when you want the object lock to expire.
string
Specifies whether you want to apply a Legal Hold to the uploaded object.
dict
Response Syntax
{ 'AbortDate': datetime(2015, 1, 1), 'AbortRuleId': 'string', 'Bucket': 'string', 'Key': 'string', 'UploadId': 'string', 'ServerSideEncryption': 'AES256'|'aws:kms', 'SSECustomerAlgorithm': 'string', 'SSECustomerKeyMD5': 'string', 'SSEKMSKeyId': 'string', 'SSEKMSEncryptionContext': 'string', 'RequestCharged': 'requester' }
Response Structure
(dict) --
AbortDate (datetime) --
Date when multipart upload will become eligible for abort operation by lifecycle.
AbortRuleId (string) --
Id of the lifecycle rule that makes a multipart upload eligible for abort operation.
Bucket (string) --
Name of the bucket to which the multipart upload was initiated.
Key (string) --
Object key for which the multipart upload was initiated.
UploadId (string) --
ID for the initiated multipart upload.
ServerSideEncryption (string) --
The Server-side encryption algorithm used when storing this object in S3 (e.g., AES256, aws:kms).
SSECustomerAlgorithm (string) --
If server-side encryption with a customer-provided encryption key was requested, the response will include this header confirming the encryption algorithm used.
SSECustomerKeyMD5 (string) --
If server-side encryption with a customer-provided encryption key was requested, the response will include this header to provide round trip message integrity verification of the customer-provided encryption key.
SSEKMSKeyId (string) --
If present, specifies the ID of the AWS Key Management Service (KMS) master encryption key that was used for the object.
SSEKMSEncryptionContext (string) --
If present, specifies the AWS KMS Encryption Context to use for object encryption. The value of this header is a base64-encoded UTF-8 string holding JSON with the encryption context key-value pairs.
RequestCharged (string) --
If present, indicates that the requester was successfully charged for the request.
{'SSEKMSEncryptionContext': 'string'}
Adds an object to a bucket.
See also: AWS API Documentation
Request Syntax
client.put_object( ACL='private'|'public-read'|'public-read-write'|'authenticated-read'|'aws-exec-read'|'bucket-owner-read'|'bucket-owner-full-control', Body=b'bytes'|file, Bucket='string', CacheControl='string', ContentDisposition='string', ContentEncoding='string', ContentLanguage='string', ContentLength=123, ContentMD5='string', ContentType='string', Expires=datetime(2015, 1, 1), GrantFullControl='string', GrantRead='string', GrantReadACP='string', GrantWriteACP='string', Key='string', Metadata={ 'string': 'string' }, ServerSideEncryption='AES256'|'aws:kms', StorageClass='STANDARD'|'REDUCED_REDUNDANCY'|'STANDARD_IA'|'ONEZONE_IA'|'INTELLIGENT_TIERING'|'GLACIER'|'DEEP_ARCHIVE', WebsiteRedirectLocation='string', SSECustomerAlgorithm='string', SSECustomerKey=b'bytes', SSECustomerKeyMD5='string', SSEKMSKeyId='string', SSEKMSEncryptionContext='string', RequestPayer='requester', Tagging='string', ObjectLockMode='GOVERNANCE'|'COMPLIANCE', ObjectLockRetainUntilDate=datetime(2015, 1, 1), ObjectLockLegalHoldStatus='ON'|'OFF' )
string
The canned ACL to apply to the object.
bytes or seekable file-like object
Object data.
string
[REQUIRED]
Name of the bucket to which the PUT operation was initiated.
string
Specifies caching behavior along the request/reply chain.
string
Specifies presentational information for the object.
string
Specifies what content encodings have been applied to the object and thus what decoding mechanisms must be applied to obtain the media-type referenced by the Content-Type header field.
string
The language the content is in.
integer
Size of the body in bytes. This parameter is useful when the size of the body cannot be determined automatically.
string
The base64-encoded 128-bit MD5 digest of the part data. This parameter is auto-populated when using the command from the CLI. This parameted is required if object lock parameters are specified.
string
A standard MIME type describing the format of the object data.
datetime
The date and time at which the object is no longer cacheable.
string
Gives the grantee READ, READ_ACP, and WRITE_ACP permissions on the object.
string
Allows grantee to read the object data and its metadata.
string
Allows grantee to read the object ACL.
string
Allows grantee to write the ACL for the applicable object.
string
[REQUIRED]
Object key for which the PUT operation was initiated.
dict
A map of metadata to store with the object in S3.
(string) --
(string) --
string
The Server-side encryption algorithm used when storing this object in S3 (e.g., AES256, aws:kms).
string
The type of storage to use for the object. Defaults to 'STANDARD'.
string
If the bucket is configured as a website, redirects requests for this object to another object in the same bucket or to an external URL. Amazon S3 stores the value of this header in the object metadata.
string
Specifies the algorithm to use to when encrypting the object (e.g., AES256).
bytes
Specifies the customer-provided encryption key for Amazon S3 to use in encrypting data. This value is used to store the object and then it is discarded; Amazon does not store the encryption key. The key must be appropriate for use with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm header.
string
Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. Amazon S3 uses this header for a message integrity check to ensure the encryption key was transmitted without error.
string
Specifies the AWS KMS key ID to use for object encryption. All GET and PUT requests for an object protected by AWS KMS will fail if not made via SSL or using SigV4. Documentation on configuring any of the officially supported AWS SDKs and CLI can be found at http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version
string
Specifies the AWS KMS Encryption Context to use for object encryption. The value of this header is a base64-encoded UTF-8 string holding JSON with the encryption context key-value pairs.
string
Confirms that the requester knows that she or he will be charged for the request. Bucket owners need not specify this parameter in their requests. Documentation on downloading objects from requester pays buckets can be found at http://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
string
The tag-set for the object. The tag-set must be encoded as URL Query parameters. (For example, "Key1=Value1")
string
The object lock mode that you want to apply to this object.
datetime
The date and time when you want this object's object lock to expire.
string
The Legal Hold status that you want to apply to the specified object.
dict
Response Syntax
{ 'Expiration': 'string', 'ETag': 'string', 'ServerSideEncryption': 'AES256'|'aws:kms', 'VersionId': 'string', 'SSECustomerAlgorithm': 'string', 'SSECustomerKeyMD5': 'string', 'SSEKMSKeyId': 'string', 'SSEKMSEncryptionContext': 'string', 'RequestCharged': 'requester' }
Response Structure
(dict) --
Expiration (string) --
If the object expiration is configured, this will contain the expiration date (expiry-date) and rule ID (rule-id). The value of rule-id is URL encoded.
ETag (string) --
Entity tag for the uploaded object.
ServerSideEncryption (string) --
The Server-side encryption algorithm used when storing this object in S3 (e.g., AES256, aws:kms).
VersionId (string) --
Version of the object.
SSECustomerAlgorithm (string) --
If server-side encryption with a customer-provided encryption key was requested, the response will include this header confirming the encryption algorithm used.
SSECustomerKeyMD5 (string) --
If server-side encryption with a customer-provided encryption key was requested, the response will include this header to provide round trip message integrity verification of the customer-provided encryption key.
SSEKMSKeyId (string) --
If present, specifies the ID of the AWS Key Management Service (KMS) master encryption key that was used for the object.
SSEKMSEncryptionContext (string) --
If present, specifies the AWS KMS Encryption Context to use for object encryption. The value of this header is a base64-encoded UTF-8 string holding JSON with the encryption context key-value pairs.
RequestCharged (string) --
If present, indicates that the requester was successfully charged for the request.