class Aws::S3::Types::PutObjectRequest

@see docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutObjectRequest AWS API Documentation
@return [String]
denied).
request fails with the HTTP status code ‘403 Forbidden` (access
you provide does not match the actual owner of the bucket, the
The account ID of the expected bucket owner. If the account ID that
@!attribute [rw] expected_bucket_owner
@return [String] : docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html </note>
<note markdown=“1”> This functionality is not supported for directory buckets.
*Amazon S3 User Guide*.
more information about S3 Object Lock, see [Object Lock] in the
Specifies whether a legal hold will be applied to this object. For
@!attribute [rw] object_lock_legal_hold_status
@return [Time]
</note>
<note markdown=“1”> This functionality is not supported for directory buckets.
expire. Must be formatted as a timestamp parameter.
The date and time when you want this object’s Object Lock to
@!attribute [rw] object_lock_retain_until_date
@return [String]
</note>
<note markdown=“1”> This functionality is not supported for directory buckets.
The Object Lock mode that you want to apply to this object.
@!attribute [rw] object_lock_mode
@return [String]
</note>
<note markdown=“1”> This functionality is not supported for directory buckets.
parameters. (For example, “Key1=Value1”)
The tag-set for the object. The tag-set must be encoded as URL Query
@!attribute [rw] tagging
@return [String] : docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html </note>
<note markdown=“1”> This functionality is not supported for directory buckets.
Requester Pays Buckets] in the *Amazon S3 User Guide*.
objects from Requester Pays buckets, see [Downloading Objects in
charges to copy the object. For information about downloading
Requester Pays enabled, the requester will pay for corresponding
requests. If either the source or destination S3 bucket has
request. Bucket owners need not specify this parameter in their
Confirms that the requester knows that they will be charged for the
@!attribute [rw] request_payer
@return [Boolean] : docs.aws.amazon.com/AmazonS3/latest/userguide/create-import-job [3]: docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-objects-Batch-Ops [2]: docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html [1]: docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html made for a KMS-encrypted object.
case, Amazon S3 makes a call to KMS every time a copy request is
operation in Batch Operations], or [the import jobs]. In this
buckets, through [CopyObject], [UploadPartCopy], [the Copy
directory buckets to general purpose buckets, or between directory
objects from general purpose buckets to directory buckets, from
Bucket Keys aren’t supported, when you copy SSE-KMS encrypted
and ‘PUT` operations in a directory bucket and can’t be disabled. S3
**Directory buckets** - S3 Bucket Keys are always enabled for `GET`
affect bucket-level settings for S3 Bucket Key.
SSE-KMS. Also, specifying this header with a PUT action doesn’t
Amazon S3 to use an S3 Bucket Key for object encryption with
**General purpose buckets** - Setting this header to ‘true` causes
(KMS) keys (SSE-KMS).
encryption with server-side encryption using Key Management Service
Specifies whether Amazon S3 should use an S3 Bucket Key for object
@!attribute [rw] bucket_key_enabled
@return [String] : docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html#encryption-context additional encryption context value is not supported.
encryption context - the bucket Amazon Resource Name (ARN). An
encryption context value. The value must match the default
**Directory buckets** - You can optionally provide an explicit context] in the *Amazon S3 User Guide*.
context for your object. For more information, see [Encryption
during `CopyObject` operations if you want an additional encryption
**General purpose buckets** - This value must be explicitly added
object.
to Amazon Web Services KMS for future `GetObject` operations on this
value is stored as object metadata and automatically gets passed on
JSON, which contains the encryption context as key-value pairs. This
value of this header is a Base64 encoded string of a UTF-8 encoded
additional encryption context to use for object encryption. The
Specifies the Amazon Web Services KMS Encryption Context as an
@!attribute [rw] ssekms_encryption_context
@return [String] : docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk [1]: docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk specification results in an HTTP `400 Bad Request` error.
Services managed key] (`aws/s3`) isn’t supported. Incorrect key
managed key] per directory bucket’s lifetime. The [Amazon Web
alias). Your SSE-KMS configuration can only support 1 [customer
the bucket’s default customer managed key (using key ID or ARN, not
x-amz-server-side-encryption-aws-kms-key-id` header, it must match
key ID. If you want to explicitly set the ‘
header implicitly uses the bucket’s default KMS customer managed
`aws:kms`. Then, the ‘x-amz-server-side-encryption-aws-kms-key-id`
recommended to specify the `x-amz-server-side-encryption` header to
**Directory buckets** - To encrypt data using SSE-KMS, it’s
Amazon Web Services managed key (‘aws/s3`) to protect the data.
`x-amz-server-side-encryption-aws-kms-key-id`, Amazon S3 uses the
`x-amz-server-side-encryption:aws:kms:dsse`, but do not provide
`x-amz-server-side-encryption:aws:kms` or
KMS key to use. If you specify
this header specifies the ID (Key ID, Key ARN, or Key Alias) of the
`x-amz-server-side-encryption` with `aws:kms` or `aws:kms:dsse`,
**General purpose buckets** - If you specify
Key ID.
that’s issuing the command, you must use the full Key ARN not the
object encryption. If the KMS key doesn’t exist in the same account
Specifies the KMS key ID (Key ID, Key ARN, or Key Alias) to use for
@!attribute [rw] ssekms_key_id
@return [String]
</note>
<note markdown=“1”> This functionality is not supported for directory buckets.
to ensure that the encryption key was transmitted without error.
RFC 1321. Amazon S3 uses this header for a message integrity check
Specifies the 128-bit MD5 digest of the encryption key according to
@!attribute [rw] sse_customer_key_md5
@return [String]
</note>
<note markdown=“1”> This functionality is not supported for directory buckets.
‘x-amz-server-side-encryption-customer-algorithm` header.
key must be appropriate for use with the algorithm specified in the
it is discarded; Amazon S3 does not store the encryption key. The
in encrypting data. This value is used to store the object and then
Specifies the customer-provided encryption key for Amazon S3 to use
@!attribute [rw] sse_customer_key
@return [String]
</note>
<note markdown=“1”> This functionality is not supported for directory buckets.
example, `AES256`).
Specifies the algorithm to use when encrypting the object (for
@!attribute [rw] sse_customer_algorithm
@return [String] : docs.aws.amazon.com/AmazonS3/latest/dev/how-to-page-redirect.html [2]: docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html [1]: docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html </note>
<note markdown=“1”> This functionality is not supported for directory buckets.
Page Redirects] in the *Amazon S3 User Guide*.
[Hosting Websites on Amazon S3] and [How to Configure Website
For more information about website hosting in Amazon S3, see
`x-amz-website-redirect-location: www.example.com/`
redirect to another website:
In the following example, the request header sets the object
`x-amz-website-redirect-location: /anotherPage.html`
object (anotherPage.html) in the same bucket:
In the following example, the request header sets the redirect to an Metadata] in the *Amazon S3 User Guide*.
metadata. For information about object metadata, see [Object Key and
URL. Amazon S3 stores the value of this header in the object
this object to another object in the same bucket or to an external
If the bucket is configured as a website, redirects requests for
@!attribute [rw] website_redirect_location
@return [String] : docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html </note>
* Amazon S3 on Outposts only uses the OUTPOSTS Storage Class.
Local Zones.
(the S3 One Zone-Infrequent Access storage class) in Dedicated
One Zone storage class) in Availability Zones and `ONEZONE_IA`
<note markdown=“1”> * Directory buckets only support `EXPRESS_ONEZONE` (the S3 Express
[Storage Classes] in the *Amazon S3 User Guide*.
specify a different Storage Class. For more information, see
and high availability. Depending on performance needs, you can
created objects. The STANDARD storage class provides high durability
By default, Amazon S3 uses the STANDARD Storage Class to store newly
@!attribute [rw] storage_class
@return [String] : docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html [4]: docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html [3]: docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-specifying-kms-encryption.html [2]: docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-serv-side-encryption.html [1]: docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html read. These processes are handled transparently by Amazon FSx.
written to the file system, and automatically decrypted as it is
encrypted at rest. Data is automatically encrypted before being
file systems have encryption configured by default and are
valid server side encryption option is `aws:fsx`. All Amazon FSx
stored in Amazon FSx file systems using S3 access points, the only
* S3 access points for Amazon FSx - When accessing data
</note>
directory bucket.
headers must match the default encryption configuration of the [4] and [UploadPartCopy]), the encryption request
request. So in the Zonal endpoint API calls (except
to override the encryption settings values in the `CreateSession`
configuration for the `CreateSession` request. It’s not supported
Amazon Web Services SDKs use the bucket’s default encryption
avoid service interruptions when a session expires. The CLI or the
`CreateSession`, the session token refreshes automatically to
<note markdown=“1”> When you use the CLI or the Amazon Web Services SDKs, for
the directory bucket.
values from the ‘CreateSession` request to protect new objects in
endpoint API calls, and Amazon S3 will use the encryption settings
explicitly specify these encryption settings values in Zonal
specified in the `CreateSession` request. You don’t need to
`x-amz-server-side-encryption-bucket-key-enabled`) that are
`x-amz-server-side-encryption-context`, and
`x-amz-server-side-encryption-aws-kms-key-id`,
encryption settings (‘x-amz-server-side-encryption`,
the `CreateSession` request. You can’t override the values of the
headers must match the encryption settings that are specified in [5]) using the REST API, the encryption request
In the Zonal endpoint API calls (except [CopyObject] and
encryption with KMS for new object uploads].
behaviors in directory buckets, see [Specifying server-side
User Guide*. For more information about the encryption overriding
[Protecting data with server-side encryption] in the *Amazon S3
with the desired encryption settings. For more information, see
object requests. Then, new objects are automatically encrypted
default encryption in your ‘CreateSession` requests or `PUT`
encryption configuration and you don’t override the bucket
recommend that the bucket’s default encryption uses the desired
server-side encryption with KMS keys (SSE-KMS) (‘aws:kms`). We
encryption with Amazon S3 managed keys (SSE-S3) (`AES256`) and
two supported options for server-side encryption: server-side
* Directory buckets - For directory buckets, there are only
S3 User Guide*.
information, see [Using Server-Side Encryption] in the *Amazon
by using server-side encryption with other key options. For more
default. You can optionally tell Amazon S3 to encrypt data at rest
server-side encryption by using Amazon S3 managed keys (SSE-S3) by
and customer-provided keys (SSE-C). Amazon S3 encrypts data with
keys (SSE-S3), Amazon Web Services KMS keys (SSE-KMS or DSSE-KMS),
Specifically, the encryption key options are Amazon S3 managed
depending on how you choose to manage the encryption keys.
options to protect data using server-side encryption in Amazon S3,
* General purpose buckets - You have four mutually exclusive
this object in Amazon S3 or Amazon FSx.
The server-side encryption algorithm that was used when you store
@!attribute [rw] server_side_encryption
@return [Hash<String,String>]
A map of metadata to store with the object in S3.
@!attribute [rw] metadata
@return [Integer]
</note>
Express One Zone storage class in directory buckets.
<note markdown=“1”> This functionality is only supported for objects in the Amazon S3
will create a new object.
being appended to. If no object exists, setting this header to 0
bytes. The offset must be equal to the size of the existing object
Specifies the offset for appending data to existing objects in
@!attribute [rw] write_offset_bytes
@return [String]
Object key for which the PUT action was initiated.
@!attribute [rw] key
@return [String]
</note>
* This functionality is not supported for Amazon S3 on Outposts.
<note markdown=“1”> * This functionality is not supported for directory buckets.
Allows grantee to write the ACL for the applicable object.
@!attribute [rw] grant_write_acp
@return [String]
</note>
* This functionality is not supported for Amazon S3 on Outposts.
<note markdown=“1”> * This functionality is not supported for directory buckets.
Allows grantee to read the object ACL.
@!attribute [rw] grant_read_acp
@return [String]
</note>
* This functionality is not supported for Amazon S3 on Outposts.
<note markdown=“1”> * This functionality is not supported for directory buckets.
Allows grantee to read the object data and its metadata.
@!attribute [rw] grant_read
@return [String]
</note>
* This functionality is not supported for Amazon S3 on Outposts.
<note markdown=“1”> * This functionality is not supported for directory buckets.
object.
Gives the grantee READ, READ_ACP, and WRITE_ACP permissions on the
@!attribute [rw] grant_full_control
@return [String] : docs.aws.amazon.com/AmazonS3/latest/userguide/conditional-requests.html [1]: tools.ietf.org/html/rfc7232 or [Conditional requests] in the *Amazon S3 User Guide*.
For more information about conditional requests, see [RFC 7232],
Expects the ’*‘ (asterisk) character.
should retry the upload.
`409 ConditionalRequestConflict` response. On a 409 failure you
If a conflicting operation occurs during the upload S3 returns a
Precondition Failed` error.
exist in the bucket specified. Otherwise, Amazon S3 returns a `412
Uploads the object only if the object key name does not already
@!attribute [rw] if_none_match
@return [String] : docs.aws.amazon.com/AmazonS3/latest/userguide/conditional-requests.html [1]: tools.ietf.org/html/rfc7232 or [Conditional requests] in the *Amazon S3 User Guide*.
For more information about conditional requests, see [RFC 7232],
Expects the ETag value as a string.
should fetch the object’s ETag and retry the upload.
‘409 ConditionalRequestConflict` response. On a 409 failure you
If a conflicting operation occurs during the upload S3 returns a
Precondition Failed` error.
the ETag values do not match, the operation returns a `412
during the WRITE operation matches the ETag of the object in S3. If
Uploads the object only if the ETag (entity tag) value provided
@!attribute [rw] if_match
@return [Time] : www.rfc-editor.org/rfc/rfc7234#section-5.3 [https://www.rfc-editor.org/rfc/rfc7234#section-5.3][1].
more information, see
The date and time at which the object is no longer cacheable. For
@!attribute [rw] expires
@return [String] : docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html *Amazon S3 User Guide*.
For more information, see [Checking object integrity] in the
specifies the Base64 encoded, 256-bit `SHA256` digest of the object.
data received is the same data that was originally sent. This header
This header can be used as a data integrity check to verify that the
@!attribute [rw] checksum_sha256
@return [String] : docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html *Amazon S3 User Guide*.
For more information, see [Checking object integrity] in the
specifies the Base64 encoded, 160-bit `SHA1` digest of the object.
data received is the same data that was originally sent. This header
This header can be used as a data integrity check to verify that the
@!attribute [rw] checksum_sha1
@return [String] : docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html S3 User Guide].
For more information, see [Checking object integrity in the Amazon
object. The `CRC64NVME` checksum is always a full object checksum.
specifies the Base64 encoded, 64-bit `CRC64NVME` checksum of the
data received is the same data that was originally sent. This header
This header can be used as a data integrity check to verify that the
@!attribute [rw] checksum_crc64nvme
@return [String] : docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html the *Amazon S3 User Guide*.
object. For more information, see [Checking object integrity] in
specifies the Base64 encoded, 32-bit `CRC32C` checksum of the
data received is the same data that was originally sent. This header
This header can be used as a data integrity check to verify that the
@!attribute [rw] checksum_crc32c
@return [String] : docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html *Amazon S3 User Guide*.
For more information, see [Checking object integrity] in the
specifies the Base64 encoded, 32-bit `CRC32` checksum of the object.
data received is the same data that was originally sent. This header
This header can be used as a data integrity check to verify that the
@!attribute [rw] checksum_crc32
@return [String] : docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-managing.html#object-lock-put-object [1]: docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html performance.
`CRC32` is the default checksum algorithm that’s used for
For directory buckets, when you use Amazon Web Services SDKs,
</note>
*Amazon S3 User Guide*.
[Uploading objects to an Object Lock enabled bucket ][2] in the
configured using Amazon S3 Object Lock. For more information, see
required for any request to upload an object with a retention period
<note markdown=“1”> The ‘Content-MD5` or `x-amz-sdk-checksum-algorithm` header is
request with a `BadDigest` error.
you set through `x-amz-sdk-checksum-algorithm`, Amazon S3 fails the
`x-amz-checksum-algorithm ` doesn’t match the checksum algorithm
If the individual checksum value you provide through
*Amazon S3 User Guide*.
For more information, see [Checking object integrity] in the
* ‘SHA256`
* `SHA1`
* `CRC64NVME`
* `CRC32C`
* `CRC32`
with the supported algorithm from the following list:
For the `x-amz-checksum-algorithm ` header, replace ` algorithm `
with the HTTP status code `400 Bad Request`.
`x-amz-trailer` header sent. Otherwise, Amazon S3 fails the request
there must be a corresponding `x-amz-checksum-algorithm ` or
functionality if you don’t use the SDK. When you send this header,
when you use the SDK. This header will not provide any additional
Indicates the algorithm used to create the checksum for the object
@!attribute [rw] checksum_algorithm
@return [String] : www.rfc-editor.org/rfc/rfc9110.html#name-content-type [https://www.rfc-editor.org/rfc/rfc9110.html#name-content-type][1].
information, see
A standard MIME type describing the format of the contents. For more
@!attribute [rw] content_type
@return [String] : docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-managing.html#object-lock-put-object [1]: docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html </note>
<note markdown=“1”> This functionality is not supported for directory buckets.
</note>
*Amazon S3 User Guide*.
[Uploading objects to an Object Lock enabled bucket ][2] in the
configured using Amazon S3 Object Lock. For more information, see
required for any request to upload an object with a retention period
<note markdown=“1”> The ‘Content-MD5` or `x-amz-sdk-checksum-algorithm` header is Authentication].
information about REST request authentication, see [REST
Content-MD5 mechanism as an end-to-end integrity check. For more
originally sent. Although it is optional, we recommend using the
integrity check to verify that the data is the same data that was
headers) according to RFC 1864. This header can be used as a message
The Base64 encoded 128-bit `MD5` digest of the message (without the
@!attribute [rw] content_md5
@return [Integer] : www.rfc-editor.org/rfc/rfc9110.html#name-content-length [https://www.rfc-editor.org/rfc/rfc9110.html#name-content-length][1].
see
the body cannot be determined automatically. For more information,
Size of the body in bytes. This parameter is useful when the size of
@!attribute [rw] content_length
@return [String]
The language the content is in.
@!attribute [rw] content_language
@return [String] : www.rfc-editor.org/rfc/rfc9110.html#field.content-encoding [https://www.rfc-editor.org/rfc/rfc9110.html#field.content-encoding][1].
information, see
media-type referenced by the Content-Type header field. For more
thus what decoding mechanisms must be applied to obtain the
Specifies what content encodings have been applied to the object and
@!attribute [rw] content_encoding
@return [String] : www.rfc-editor.org/rfc/rfc6266#section-4 [https://www.rfc-editor.org/rfc/rfc6266#section-4][1].
information, see
Specifies presentational information for the object. For more
@!attribute [rw] content_disposition
@return [String] : www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9 [http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9][1].
chain. For more information, see
Can be used to specify caching behavior along the request/reply
@!attribute [rw] cache_control
@return [String] : docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html [2]: docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html [1]: docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html Outposts?][3] in the *Amazon S3 User Guide*.
more information about S3 on Outposts, see [What is S3 on
must be the Outposts access point ARN or the access point alias. For
When you use this action with S3 on Outposts, the destination bucket
AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com`.
Outposts hostname takes the form `
you must direct requests to the S3 on Outposts hostname. The S3 on
**S3 on Outposts** - When you use this action with S3 on Outposts,
</note>
<note markdown=“1”> Object Lambda access points are not supported by directory buckets.
[Using access points] in the *Amazon S3 User Guide*.
bucket name. For more information about access point ARNs, see
Services SDKs, you provide the access point ARN in place of the
When using this action with an access point through the Amazon Web
AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
takes the form
requests to the access point hostname. The access point hostname
bucket name. When using the access point ARN, you must direct
buckets, you must provide the access point name in place of the
ARN. When you use this action with an access point for directory
access point in place of the bucket name or specify the access point
for general purpose buckets, you must provide the alias of the
**Access points** - When you use this action with an access point
*Amazon S3 User Guide*.
naming restrictions, see [Directory bucket naming rules] in the
amzn-s3-demo-bucket–usw2-az1–x-s3`). For information about bucket
follow the format ` bucket-base-name–zone-id–x-s3` (for example, `
the chosen Zone (Availability Zone or Local Zone). Bucket names must
requests are not supported. Directory bucket names must be unique in
Bucket-name.s3express-zone-id.region-code.amazonaws.com`. Path-style
bucket, you must use virtual-hosted-style requests in the format `
**Directory buckets** - When you use this operation with a directory
The bucket name to which the PUT action was initiated.
@!attribute [rw] bucket
@return [IO]
Object data.
@!attribute [rw] body
@return [String] : docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html [3]: docs.aws.amazon.com/AmazonS3/latest/dev/acl-using-rest-api.html [2]: docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html [1]: docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL </note>
* This functionality is not supported for Amazon S3 on Outposts.
<note markdown=“1”> * This functionality is not supported for directory buckets.
*Amazon S3 User Guide*.
Controlling ownership of objects and disabling ACLs] in the
`AccessControlListNotSupported`. For more information, see [
accounts) fail and return a `400` error with the error code
ACLs (for example, custom grants to certain Amazon Web Services
ACL expressed in the XML format. PUT requests that contain other
`bucket-owner-full-control` canned ACL or an equivalent form of this
specify bucket owner full control ACLs, such as the
accept PUT requests that don’t specify an ACL or PUT requests that
and no longer affect permissions. Buckets that use this setting only
owner enforced setting for S3 Object Ownership, ACLs are disabled
If the bucket that you’re uploading objects to uses the bucket
REST API] in the *Amazon S3 User Guide*.
[Access Control List (ACL) Overview] and [Managing ACLs Using the
Only the owner has full access control. For more information, see
added to the ACL on the object. By default, all objects are private.
predefined groups defined by Amazon S3. These permissions are then
permissions to individual Amazon Web Services accounts or to
When adding a new object, you can use headers to grant ACL-based
[Canned ACL] in the *Amazon S3 User Guide*.
The canned ACL to apply to the object. For more information, see
@!attribute [rw] acl

class Aws::S3::Types::PutObjectRequest

Namespace

Included Modules

Defined in