Amazon Simple Storage Service

2019/07/03 - Amazon Simple Storage Service - 3 updated api methods

Changes  Add S3 x-amz-server-side-encryption-context support.

CopyObject (updated) Link ¶
Changes (both) 
{'SSEKMSEncryptionContext': 'string'}

Creates a copy of an object that is already stored in Amazon S3.

See also: AWS API Documentation

Request Syntax

client.copy_object(
    ACL='private'|'public-read'|'public-read-write'|'authenticated-read'|'aws-exec-read'|'bucket-owner-read'|'bucket-owner-full-control',
    Bucket='string',
    CacheControl='string',
    ContentDisposition='string',
    ContentEncoding='string',
    ContentLanguage='string',
    ContentType='string',
    CopySource='string',
    CopySourceIfMatch='string',
    CopySourceIfModifiedSince=datetime(2015, 1, 1),
    CopySourceIfNoneMatch='string',
    CopySourceIfUnmodifiedSince=datetime(2015, 1, 1),
    Expires=datetime(2015, 1, 1),
    GrantFullControl='string',
    GrantRead='string',
    GrantReadACP='string',
    GrantWriteACP='string',
    Key='string',
    Metadata={
        'string': 'string'
    },
    MetadataDirective='COPY'|'REPLACE',
    TaggingDirective='COPY'|'REPLACE',
    ServerSideEncryption='AES256'|'aws:kms',
    StorageClass='STANDARD'|'REDUCED_REDUNDANCY'|'STANDARD_IA'|'ONEZONE_IA'|'INTELLIGENT_TIERING'|'GLACIER'|'DEEP_ARCHIVE',
    WebsiteRedirectLocation='string',
    SSECustomerAlgorithm='string',
    SSECustomerKey=b'bytes',
    SSECustomerKeyMD5='string',
    SSEKMSKeyId='string',
    SSEKMSEncryptionContext='string',
    CopySourceSSECustomerAlgorithm='string',
    CopySourceSSECustomerKey=b'bytes',
    CopySourceSSECustomerKeyMD5='string',
    RequestPayer='requester',
    Tagging='string',
    ObjectLockMode='GOVERNANCE'|'COMPLIANCE',
    ObjectLockRetainUntilDate=datetime(2015, 1, 1),
    ObjectLockLegalHoldStatus='ON'|'OFF'
)
type ACL

string

param ACL

The canned ACL to apply to the object.

type Bucket

string

param Bucket

[REQUIRED]

type CacheControl

string

param CacheControl

Specifies caching behavior along the request/reply chain.

type ContentDisposition

string

param ContentDisposition

Specifies presentational information for the object.

type ContentEncoding

string

param ContentEncoding

Specifies what content encodings have been applied to the object and thus what decoding mechanisms must be applied to obtain the media-type referenced by the Content-Type header field.

type ContentLanguage

string

param ContentLanguage

The language the content is in.

type ContentType

string

param ContentType

A standard MIME type describing the format of the object data.

type CopySource

string

param CopySource

[REQUIRED]

The name of the source bucket and key name of the source object, separated by a slash (/). Must be URL-encoded.

type CopySourceIfMatch

string

param CopySourceIfMatch

Copies the object if its entity tag (ETag) matches the specified tag.

type CopySourceIfModifiedSince

datetime

param CopySourceIfModifiedSince

Copies the object if it has been modified since the specified time.

type CopySourceIfNoneMatch

string

param CopySourceIfNoneMatch

Copies the object if its entity tag (ETag) is different than the specified ETag.

type CopySourceIfUnmodifiedSince

datetime

param CopySourceIfUnmodifiedSince

Copies the object if it hasn't been modified since the specified time.

type Expires

datetime

param Expires

The date and time at which the object is no longer cacheable.

type GrantFullControl

string

param GrantFullControl

Gives the grantee READ, READ_ACP, and WRITE_ACP permissions on the object.

type GrantRead

string

param GrantRead

Allows grantee to read the object data and its metadata.

type GrantReadACP

string

param GrantReadACP

Allows grantee to read the object ACL.

type GrantWriteACP

string

param GrantWriteACP

Allows grantee to write the ACL for the applicable object.

type Key

string

param Key

[REQUIRED]

type Metadata

dict

param Metadata

A map of metadata to store with the object in S3.

  • (string) --

    • (string) --

type MetadataDirective

string

param MetadataDirective

Specifies whether the metadata is copied from the source object or replaced with metadata provided in the request.

type TaggingDirective

string

param TaggingDirective

Specifies whether the object tag-set are copied from the source object or replaced with tag-set provided in the request.

type ServerSideEncryption

string

param ServerSideEncryption

The Server-side encryption algorithm used when storing this object in S3 (e.g., AES256, aws:kms).

type StorageClass

string

param StorageClass

The type of storage to use for the object. Defaults to 'STANDARD'.

type WebsiteRedirectLocation

string

param WebsiteRedirectLocation

If the bucket is configured as a website, redirects requests for this object to another object in the same bucket or to an external URL. Amazon S3 stores the value of this header in the object metadata.

type SSECustomerAlgorithm

string

param SSECustomerAlgorithm

Specifies the algorithm to use to when encrypting the object (e.g., AES256).

type SSECustomerKey

bytes

param SSECustomerKey

Specifies the customer-provided encryption key for Amazon S3 to use in encrypting data. This value is used to store the object and then it is discarded; Amazon does not store the encryption key. The key must be appropriate for use with the algorithm specified in the x-amz-server-side​-encryption​-customer-algorithm header.

type SSECustomerKeyMD5

string

param SSECustomerKeyMD5

Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. Amazon S3 uses this header for a message integrity check to ensure the encryption key was transmitted without error.

type SSEKMSKeyId

string

param SSEKMSKeyId

Specifies the AWS KMS key ID to use for object encryption. All GET and PUT requests for an object protected by AWS KMS will fail if not made via SSL or using SigV4. Documentation on configuring any of the officially supported AWS SDKs and CLI can be found at http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version

type SSEKMSEncryptionContext

string

param SSEKMSEncryptionContext

Specifies the AWS KMS Encryption Context to use for object encryption. The value of this header is a base64-encoded UTF-8 string holding JSON with the encryption context key-value pairs.

type CopySourceSSECustomerAlgorithm

string

param CopySourceSSECustomerAlgorithm

Specifies the algorithm to use when decrypting the source object (e.g., AES256).

type CopySourceSSECustomerKey

bytes

param CopySourceSSECustomerKey

Specifies the customer-provided encryption key for Amazon S3 to use to decrypt the source object. The encryption key provided in this header must be one that was used when the source object was created.

type CopySourceSSECustomerKeyMD5

string

param CopySourceSSECustomerKeyMD5

Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. Amazon S3 uses this header for a message integrity check to ensure the encryption key was transmitted without error.

type RequestPayer

string

param RequestPayer

Confirms that the requester knows that she or he will be charged for the request. Bucket owners need not specify this parameter in their requests. Documentation on downloading objects from requester pays buckets can be found at http://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html

type Tagging

string

param Tagging

The tag-set for the object destination object this value must be used in conjunction with the TaggingDirective. The tag-set must be encoded as URL Query parameters

type ObjectLockMode

string

param ObjectLockMode

The object lock mode that you want to apply to the copied object.

type ObjectLockRetainUntilDate

datetime

param ObjectLockRetainUntilDate

The date and time when you want the copied object's object lock to expire.

type ObjectLockLegalHoldStatus

string

param ObjectLockLegalHoldStatus

Specifies whether you want to apply a Legal Hold to the copied object.

rtype

dict

returns

Response Syntax

{
    'CopyObjectResult': {
        'ETag': 'string',
        'LastModified': datetime(2015, 1, 1)
    },
    'Expiration': 'string',
    'CopySourceVersionId': 'string',
    'VersionId': 'string',
    'ServerSideEncryption': 'AES256'|'aws:kms',
    'SSECustomerAlgorithm': 'string',
    'SSECustomerKeyMD5': 'string',
    'SSEKMSKeyId': 'string',
    'SSEKMSEncryptionContext': 'string',
    'RequestCharged': 'requester'
}

Response Structure

  • (dict) --

    • CopyObjectResult (dict) --

      • ETag (string) --

      • LastModified (datetime) --

    • Expiration (string) --

      If the object expiration is configured, the response includes this header.

    • CopySourceVersionId (string) --

    • VersionId (string) --

      Version ID of the newly created copy.

    • ServerSideEncryption (string) --

      The Server-side encryption algorithm used when storing this object in S3 (e.g., AES256, aws:kms).

    • SSECustomerAlgorithm (string) --

      If server-side encryption with a customer-provided encryption key was requested, the response will include this header confirming the encryption algorithm used.

    • SSECustomerKeyMD5 (string) --

      If server-side encryption with a customer-provided encryption key was requested, the response will include this header to provide round trip message integrity verification of the customer-provided encryption key.

    • SSEKMSKeyId (string) --

      If present, specifies the ID of the AWS Key Management Service (KMS) master encryption key that was used for the object.

    • SSEKMSEncryptionContext (string) --

      If present, specifies the AWS KMS Encryption Context to use for object encryption. The value of this header is a base64-encoded UTF-8 string holding JSON with the encryption context key-value pairs.

    • RequestCharged (string) --

      If present, indicates that the requester was successfully charged for the request.

CreateMultipartUpload (updated) Link ¶
Changes (both) 
{'SSEKMSEncryptionContext': 'string'}

Initiates a multipart upload and returns an upload ID.

Note: After you initiate multipart upload and upload one or more parts, you must either complete or abort multipart upload in order to stop getting charged for storage of the uploaded parts. Only after you either complete or abort multipart upload, Amazon S3 frees up the parts storage and stops charging you for the parts storage.

See also: AWS API Documentation

Request Syntax

client.create_multipart_upload(
    ACL='private'|'public-read'|'public-read-write'|'authenticated-read'|'aws-exec-read'|'bucket-owner-read'|'bucket-owner-full-control',
    Bucket='string',
    CacheControl='string',
    ContentDisposition='string',
    ContentEncoding='string',
    ContentLanguage='string',
    ContentType='string',
    Expires=datetime(2015, 1, 1),
    GrantFullControl='string',
    GrantRead='string',
    GrantReadACP='string',
    GrantWriteACP='string',
    Key='string',
    Metadata={
        'string': 'string'
    },
    ServerSideEncryption='AES256'|'aws:kms',
    StorageClass='STANDARD'|'REDUCED_REDUNDANCY'|'STANDARD_IA'|'ONEZONE_IA'|'INTELLIGENT_TIERING'|'GLACIER'|'DEEP_ARCHIVE',
    WebsiteRedirectLocation='string',
    SSECustomerAlgorithm='string',
    SSECustomerKey=b'bytes',
    SSECustomerKeyMD5='string',
    SSEKMSKeyId='string',
    SSEKMSEncryptionContext='string',
    RequestPayer='requester',
    Tagging='string',
    ObjectLockMode='GOVERNANCE'|'COMPLIANCE',
    ObjectLockRetainUntilDate=datetime(2015, 1, 1),
    ObjectLockLegalHoldStatus='ON'|'OFF'
)
type ACL

string

param ACL

The canned ACL to apply to the object.

type Bucket

string

param Bucket

[REQUIRED]

type CacheControl

string

param CacheControl

Specifies caching behavior along the request/reply chain.

type ContentDisposition

string

param ContentDisposition

Specifies presentational information for the object.

type ContentEncoding

string

param ContentEncoding

Specifies what content encodings have been applied to the object and thus what decoding mechanisms must be applied to obtain the media-type referenced by the Content-Type header field.

type ContentLanguage

string

param ContentLanguage

The language the content is in.

type ContentType

string

param ContentType

A standard MIME type describing the format of the object data.

type Expires

datetime

param Expires

The date and time at which the object is no longer cacheable.

type GrantFullControl

string

param GrantFullControl

Gives the grantee READ, READ_ACP, and WRITE_ACP permissions on the object.

type GrantRead

string

param GrantRead

Allows grantee to read the object data and its metadata.

type GrantReadACP

string

param GrantReadACP

Allows grantee to read the object ACL.

type GrantWriteACP

string

param GrantWriteACP

Allows grantee to write the ACL for the applicable object.

type Key

string

param Key

[REQUIRED]

type Metadata

dict

param Metadata

A map of metadata to store with the object in S3.

  • (string) --

    • (string) --

type ServerSideEncryption

string

param ServerSideEncryption

The Server-side encryption algorithm used when storing this object in S3 (e.g., AES256, aws:kms).

type StorageClass

string

param StorageClass

The type of storage to use for the object. Defaults to 'STANDARD'.

type WebsiteRedirectLocation

string

param WebsiteRedirectLocation

If the bucket is configured as a website, redirects requests for this object to another object in the same bucket or to an external URL. Amazon S3 stores the value of this header in the object metadata.

type SSECustomerAlgorithm

string

param SSECustomerAlgorithm

Specifies the algorithm to use to when encrypting the object (e.g., AES256).

type SSECustomerKey

bytes

param SSECustomerKey

Specifies the customer-provided encryption key for Amazon S3 to use in encrypting data. This value is used to store the object and then it is discarded; Amazon does not store the encryption key. The key must be appropriate for use with the algorithm specified in the x-amz-server-side​-encryption​-customer-algorithm header.

type SSECustomerKeyMD5

string

param SSECustomerKeyMD5

Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. Amazon S3 uses this header for a message integrity check to ensure the encryption key was transmitted without error.

type SSEKMSKeyId

string

param SSEKMSKeyId

Specifies the AWS KMS key ID to use for object encryption. All GET and PUT requests for an object protected by AWS KMS will fail if not made via SSL or using SigV4. Documentation on configuring any of the officially supported AWS SDKs and CLI can be found at http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version

type SSEKMSEncryptionContext

string

param SSEKMSEncryptionContext

Specifies the AWS KMS Encryption Context to use for object encryption. The value of this header is a base64-encoded UTF-8 string holding JSON with the encryption context key-value pairs.

type RequestPayer

string

param RequestPayer

Confirms that the requester knows that she or he will be charged for the request. Bucket owners need not specify this parameter in their requests. Documentation on downloading objects from requester pays buckets can be found at http://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html

type Tagging

string

param Tagging

The tag-set for the object. The tag-set must be encoded as URL Query parameters

type ObjectLockMode

string

param ObjectLockMode

Specifies the object lock mode that you want to apply to the uploaded object.

type ObjectLockRetainUntilDate

datetime

param ObjectLockRetainUntilDate

Specifies the date and time when you want the object lock to expire.

type ObjectLockLegalHoldStatus

string

param ObjectLockLegalHoldStatus

Specifies whether you want to apply a Legal Hold to the uploaded object.

rtype

dict

returns

Response Syntax

{
    'AbortDate': datetime(2015, 1, 1),
    'AbortRuleId': 'string',
    'Bucket': 'string',
    'Key': 'string',
    'UploadId': 'string',
    'ServerSideEncryption': 'AES256'|'aws:kms',
    'SSECustomerAlgorithm': 'string',
    'SSECustomerKeyMD5': 'string',
    'SSEKMSKeyId': 'string',
    'SSEKMSEncryptionContext': 'string',
    'RequestCharged': 'requester'
}

Response Structure

  • (dict) --

    • AbortDate (datetime) --

      Date when multipart upload will become eligible for abort operation by lifecycle.

    • AbortRuleId (string) --

      Id of the lifecycle rule that makes a multipart upload eligible for abort operation.

    • Bucket (string) --

      Name of the bucket to which the multipart upload was initiated.

    • Key (string) --

      Object key for which the multipart upload was initiated.

    • UploadId (string) --

      ID for the initiated multipart upload.

    • ServerSideEncryption (string) --

      The Server-side encryption algorithm used when storing this object in S3 (e.g., AES256, aws:kms).

    • SSECustomerAlgorithm (string) --

      If server-side encryption with a customer-provided encryption key was requested, the response will include this header confirming the encryption algorithm used.

    • SSECustomerKeyMD5 (string) --

      If server-side encryption with a customer-provided encryption key was requested, the response will include this header to provide round trip message integrity verification of the customer-provided encryption key.

    • SSEKMSKeyId (string) --

      If present, specifies the ID of the AWS Key Management Service (KMS) master encryption key that was used for the object.

    • SSEKMSEncryptionContext (string) --

      If present, specifies the AWS KMS Encryption Context to use for object encryption. The value of this header is a base64-encoded UTF-8 string holding JSON with the encryption context key-value pairs.

    • RequestCharged (string) --

      If present, indicates that the requester was successfully charged for the request.

PutObject (updated) Link ¶
Changes (both) 
{'SSEKMSEncryptionContext': 'string'}

Adds an object to a bucket.

See also: AWS API Documentation

Request Syntax

client.put_object(
    ACL='private'|'public-read'|'public-read-write'|'authenticated-read'|'aws-exec-read'|'bucket-owner-read'|'bucket-owner-full-control',
    Body=b'bytes'|file,
    Bucket='string',
    CacheControl='string',
    ContentDisposition='string',
    ContentEncoding='string',
    ContentLanguage='string',
    ContentLength=123,
    ContentMD5='string',
    ContentType='string',
    Expires=datetime(2015, 1, 1),
    GrantFullControl='string',
    GrantRead='string',
    GrantReadACP='string',
    GrantWriteACP='string',
    Key='string',
    Metadata={
        'string': 'string'
    },
    ServerSideEncryption='AES256'|'aws:kms',
    StorageClass='STANDARD'|'REDUCED_REDUNDANCY'|'STANDARD_IA'|'ONEZONE_IA'|'INTELLIGENT_TIERING'|'GLACIER'|'DEEP_ARCHIVE',
    WebsiteRedirectLocation='string',
    SSECustomerAlgorithm='string',
    SSECustomerKey=b'bytes',
    SSECustomerKeyMD5='string',
    SSEKMSKeyId='string',
    SSEKMSEncryptionContext='string',
    RequestPayer='requester',
    Tagging='string',
    ObjectLockMode='GOVERNANCE'|'COMPLIANCE',
    ObjectLockRetainUntilDate=datetime(2015, 1, 1),
    ObjectLockLegalHoldStatus='ON'|'OFF'
)
type ACL

string

param ACL

The canned ACL to apply to the object.

type Body

bytes or seekable file-like object

param Body

Object data.

type Bucket

string

param Bucket

[REQUIRED]

Name of the bucket to which the PUT operation was initiated.

type CacheControl

string

param CacheControl

Specifies caching behavior along the request/reply chain.

type ContentDisposition

string

param ContentDisposition

Specifies presentational information for the object.

type ContentEncoding

string

param ContentEncoding

Specifies what content encodings have been applied to the object and thus what decoding mechanisms must be applied to obtain the media-type referenced by the Content-Type header field.

type ContentLanguage

string

param ContentLanguage

The language the content is in.

type ContentLength

integer

param ContentLength

Size of the body in bytes. This parameter is useful when the size of the body cannot be determined automatically.

type ContentMD5

string

param ContentMD5

The base64-encoded 128-bit MD5 digest of the part data. This parameter is auto-populated when using the command from the CLI. This parameted is required if object lock parameters are specified.

type ContentType

string

param ContentType

A standard MIME type describing the format of the object data.

type Expires

datetime

param Expires

The date and time at which the object is no longer cacheable.

type GrantFullControl

string

param GrantFullControl

Gives the grantee READ, READ_ACP, and WRITE_ACP permissions on the object.

type GrantRead

string

param GrantRead

Allows grantee to read the object data and its metadata.

type GrantReadACP

string

param GrantReadACP

Allows grantee to read the object ACL.

type GrantWriteACP

string

param GrantWriteACP

Allows grantee to write the ACL for the applicable object.

type Key

string

param Key

[REQUIRED]

Object key for which the PUT operation was initiated.

type Metadata

dict

param Metadata

A map of metadata to store with the object in S3.

  • (string) --

    • (string) --

type ServerSideEncryption

string

param ServerSideEncryption

The Server-side encryption algorithm used when storing this object in S3 (e.g., AES256, aws:kms).

type StorageClass

string

param StorageClass

The type of storage to use for the object. Defaults to 'STANDARD'.

type WebsiteRedirectLocation

string

param WebsiteRedirectLocation

If the bucket is configured as a website, redirects requests for this object to another object in the same bucket or to an external URL. Amazon S3 stores the value of this header in the object metadata.

type SSECustomerAlgorithm

string

param SSECustomerAlgorithm

Specifies the algorithm to use to when encrypting the object (e.g., AES256).

type SSECustomerKey

bytes

param SSECustomerKey

Specifies the customer-provided encryption key for Amazon S3 to use in encrypting data. This value is used to store the object and then it is discarded; Amazon does not store the encryption key. The key must be appropriate for use with the algorithm specified in the x-amz-server-side​-encryption​-customer-algorithm header.

type SSECustomerKeyMD5

string

param SSECustomerKeyMD5

Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. Amazon S3 uses this header for a message integrity check to ensure the encryption key was transmitted without error.

type SSEKMSKeyId

string

param SSEKMSKeyId

Specifies the AWS KMS key ID to use for object encryption. All GET and PUT requests for an object protected by AWS KMS will fail if not made via SSL or using SigV4. Documentation on configuring any of the officially supported AWS SDKs and CLI can be found at http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version

type SSEKMSEncryptionContext

string

param SSEKMSEncryptionContext

Specifies the AWS KMS Encryption Context to use for object encryption. The value of this header is a base64-encoded UTF-8 string holding JSON with the encryption context key-value pairs.

type RequestPayer

string

param RequestPayer

Confirms that the requester knows that she or he will be charged for the request. Bucket owners need not specify this parameter in their requests. Documentation on downloading objects from requester pays buckets can be found at http://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html

type Tagging

string

param Tagging

The tag-set for the object. The tag-set must be encoded as URL Query parameters. (For example, "Key1=Value1")

type ObjectLockMode

string

param ObjectLockMode

The object lock mode that you want to apply to this object.

type ObjectLockRetainUntilDate

datetime

param ObjectLockRetainUntilDate

The date and time when you want this object's object lock to expire.

type ObjectLockLegalHoldStatus

string

param ObjectLockLegalHoldStatus

The Legal Hold status that you want to apply to the specified object.

rtype

dict

returns

Response Syntax

{
    'Expiration': 'string',
    'ETag': 'string',
    'ServerSideEncryption': 'AES256'|'aws:kms',
    'VersionId': 'string',
    'SSECustomerAlgorithm': 'string',
    'SSECustomerKeyMD5': 'string',
    'SSEKMSKeyId': 'string',
    'SSEKMSEncryptionContext': 'string',
    'RequestCharged': 'requester'
}

Response Structure

  • (dict) --

    • Expiration (string) --

      If the object expiration is configured, this will contain the expiration date (expiry-date) and rule ID (rule-id). The value of rule-id is URL encoded.

    • ETag (string) --

      Entity tag for the uploaded object.

    • ServerSideEncryption (string) --

      The Server-side encryption algorithm used when storing this object in S3 (e.g., AES256, aws:kms).

    • VersionId (string) --

      Version of the object.

    • SSECustomerAlgorithm (string) --

      If server-side encryption with a customer-provided encryption key was requested, the response will include this header confirming the encryption algorithm used.

    • SSECustomerKeyMD5 (string) --

      If server-side encryption with a customer-provided encryption key was requested, the response will include this header to provide round trip message integrity verification of the customer-provided encryption key.

    • SSEKMSKeyId (string) --

      If present, specifies the ID of the AWS Key Management Service (KMS) master encryption key that was used for the object.

    • SSEKMSEncryptionContext (string) --

      If present, specifies the AWS KMS Encryption Context to use for object encryption. The value of this header is a base64-encoded UTF-8 string holding JSON with the encryption context key-value pairs.

    • RequestCharged (string) --

      If present, indicates that the requester was successfully charged for the request.