- * General purpose bucket permissions - For information about permissions required to use the multipart upload API, see Multipart Upload - * and Permissions in the Amazon S3 - * User Guide.
+ * General purpose bucket permissions - For + * information about permissions required to use the multipart upload API, see + * Multipart Upload and + * Permissions in the Amazon S3 User Guide. *
@@ -94,6 +95,13 @@ export interface CompleteMultipartUploadCommandOutput extends CompleteMultipartU
* CreateSession
* .
If you provide an additional checksum
+ * value in your MultipartUpload requests and the
+ * object is encrypted with Key Management Service, you must have permission to use the
+ * kms:Decrypt action for the
+ * CompleteMultipartUpload request to succeed.
- * General purpose bucket permissions - For information about the permissions required to use the multipart upload API, see - * Multipart - * upload and permissions in the Amazon S3 User Guide.
- *To perform a multipart upload with encryption by using an Amazon Web Services KMS key, the requester
- * must have permission to the kms:Decrypt and kms:GenerateDataKey*
- * actions on the key. These permissions are required because Amazon S3 must decrypt and read data
- * from the encrypted file parts before it completes the multipart upload. For more
- * information, see Multipart upload API
- * and permissions and Protecting data using
- * server-side encryption with Amazon Web Services KMS in the
- * Amazon S3 User Guide.
kms:Decrypt and kms:GenerateDataKey actions on
+ * the key. The requester must also have permissions for the
+ * kms:GenerateDataKey action for the
+ * CreateMultipartUpload API. Then, the requester needs
+ * permissions for the kms:Decrypt action on the
+ * UploadPart and UploadPartCopy APIs. These
+ * permissions are required because Amazon S3 must decrypt and read data from the
+ * encrypted file parts before it completes the multipart upload. For more
+ * information, see Multipart upload API and permissions and Protecting data
+ * using server-side encryption with Amazon Web Services KMS in the
+ * Amazon S3 User Guide.
*
diff --git a/clients/client-s3/src/commands/PutObjectCommand.ts b/clients/client-s3/src/commands/PutObjectCommand.ts
index bf0d5153681c3..17dede643bee6 100644
--- a/clients/client-s3/src/commands/PutObjectCommand.ts
+++ b/clients/client-s3/src/commands/PutObjectCommand.ts
@@ -190,6 +190,7 @@ export interface PutObjectCommandOutput extends PutObjectOutput, __MetadataBeare
* ChecksumSHA1: "STRING_VALUE",
* ChecksumSHA256: "STRING_VALUE",
* Expires: new Date("TIMESTAMP"),
+ * IfNoneMatch: "STRING_VALUE",
* GrantFullControl: "STRING_VALUE",
* GrantRead: "STRING_VALUE",
* GrantReadACP: "STRING_VALUE",
diff --git a/clients/client-s3/src/commands/RestoreObjectCommand.ts b/clients/client-s3/src/commands/RestoreObjectCommand.ts
index 950162dc65233..63ceea6b442cd 100644
--- a/clients/client-s3/src/commands/RestoreObjectCommand.ts
+++ b/clients/client-s3/src/commands/RestoreObjectCommand.ts
@@ -33,6 +33,10 @@ export interface RestoreObjectCommandOutput extends RestoreObjectOutput, __Metad
* This operation is not supported by directory buckets. The SELECT job type for the RestoreObject operation is no longer available to new customers. Existing customers of Amazon S3 Select can continue to use the feature as usual. Learn more
+ *
Restores an archived copy of an object back into Amazon S3
*This functionality is not supported for Amazon S3 on Outposts.
*This action performs the following types of requests:
diff --git a/clients/client-s3/src/commands/SelectObjectContentCommand.ts b/clients/client-s3/src/commands/SelectObjectContentCommand.ts index 4f3f738fb48f7..95787c6cde3db 100644 --- a/clients/client-s3/src/commands/SelectObjectContentCommand.ts +++ b/clients/client-s3/src/commands/SelectObjectContentCommand.ts @@ -38,6 +38,10 @@ export interface SelectObjectContentCommandOutput extends SelectObjectContentOut *This operation is not supported by directory buckets.
*The SelectObjectContent operation is no longer available to new customers. Existing customers of Amazon S3 Select can continue to use the operation as usual. Learn more + *
+ *This action filters the contents of an Amazon S3 object based on a simple structured query * language (SQL) statement. In the request, along with the SQL expression, you must also * specify a data serialization format (JSON, CSV, or Apache Parquet) of the object. Amazon S3 uses diff --git a/clients/client-s3/src/commands/UploadPartCommand.ts b/clients/client-s3/src/commands/UploadPartCommand.ts index 3e76903ec47f2..18c49d3f800c1 100644 --- a/clients/client-s3/src/commands/UploadPartCommand.ts +++ b/clients/client-s3/src/commands/UploadPartCommand.ts @@ -76,9 +76,21 @@ export interface UploadPartCommandOutput extends UploadPartOutput, __MetadataBea *
- * General purpose bucket permissions - For information on the permissions required to use the multipart upload API, see - * Multipart - * Upload and Permissions in the Amazon S3 User Guide.
+ * General purpose bucket permissions - To + * perform a multipart upload with encryption using an Key Management Service key, the + * requester must have permission to thekms:Decrypt and
+ * kms:GenerateDataKey actions on the key. The requester must
+ * also have permissions for the kms:GenerateDataKey action for
+ * the CreateMultipartUpload API. Then, the requester needs
+ * permissions for the kms:Decrypt action on the
+ * UploadPart and UploadPartCopy APIs.
+ * These permissions are required because Amazon S3 must decrypt and read data + * from the encrypted file parts before it completes the multipart upload. For + * more information about KMS permissions, see Protecting data + * using server-side encryption with KMS in the + * Amazon S3 User Guide. For information about the + * permissions required to use the multipart upload API, see Multipart upload and permissions and Multipart upload API and permissions in the + * Amazon S3 User Guide.
*diff --git a/clients/client-s3/src/commands/UploadPartCopyCommand.ts b/clients/client-s3/src/commands/UploadPartCopyCommand.ts index 14ac6817dd436..54ed1745004ba 100644 --- a/clients/client-s3/src/commands/UploadPartCopyCommand.ts +++ b/clients/client-s3/src/commands/UploadPartCopyCommand.ts @@ -76,23 +76,44 @@ export interface UploadPartCopyCommandOutput extends UploadPartCopyOutput, __Met *
- * General purpose bucket permissions - You must have the permissions in a policy based on the bucket types of your source bucket and destination bucket in an UploadPartCopy operation.
UploadPartCopy
+ * operation.
* If the source object is in a general purpose bucket, you must have the + *
If the source object is in a general purpose bucket, you must have the
+ *
* s3:GetObject
- * permission to read the source object that is being copied.
If the destination bucket is a general purpose bucket, you must have the + *
If the destination bucket is a general purpose bucket, you must have the
+ *
* s3:PutObject
- * permission to write the object copy to the destination bucket.
- *
To perform a multipart upload with encryption using an Key Management Service
+ * key, the requester must have permission to the
+ * kms:Decrypt and kms:GenerateDataKey
+ * actions on the key. The requester must also have permissions for the
+ * kms:GenerateDataKey action for the
+ * CreateMultipartUpload API. Then, the requester needs
+ * permissions for the kms:Decrypt action on the
+ * UploadPart and UploadPartCopy APIs. These
+ * permissions are required because Amazon S3 must decrypt and read data from
+ * the encrypted file parts before it completes the multipart upload. For
+ * more information about KMS permissions, see Protecting
+ * data using server-side encryption with KMS in the
+ * Amazon S3 User Guide. For information about the
+ * permissions required to use the multipart upload API, see Multipart upload
+ * and permissions and Multipart upload API and permissions in the
+ * Amazon S3 User Guide.
For information about permissions required to use the multipart upload API, see - * Multipart upload API and permissions in the - * Amazon S3 User Guide.
*diff --git a/clients/client-s3/src/models/models_0.ts b/clients/client-s3/src/models/models_0.ts index d4fc5558251be..a62fb4947cf09 100644 --- a/clients/client-s3/src/models/models_0.ts +++ b/clients/client-s3/src/models/models_0.ts @@ -714,6 +714,15 @@ export interface CompleteMultipartUploadRequest { */ ExpectedBucketOwner?: string; + /** + *
Uploads the object only if the object key name does not already exist in the bucket specified. Otherwise, Amazon S3 returns a 412 Precondition Failed error.
If a conflicting operation occurs during the upload S3 returns a 409 ConditionalRequestConflict response. On a 409 failure you should re-initiate the multipart upload with CreateMultipartUpload and re-upload each part.
Expects the '*' (asterisk) character.
+ *For more information about conditional requests, see RFC 7232, or Conditional requests in the Amazon S3 User Guide.
+ * @public + */ + IfNoneMatch?: string; + /** *The server-side encryption (SSE) algorithm used to encrypt the object. This parameter is * required only when the object was created using a checksum algorithm or if @@ -9513,6 +9522,10 @@ export interface GetObjectRequest { /** *
To retrieve the checksum, this mode must be enabled.
+ *In addition, if you enable checksum mode and the object is uploaded with a
+ * checksum
+ * and encrypted with an Key Management Service (KMS) key, you must have permission to use the
+ * kms:Decrypt action to retrieve the checksum.
To retrieve the checksum, this parameter must be enabled.
- *In addition, if you enable ChecksumMode and the object is encrypted with
- * Amazon Web Services Key Management Service (Amazon Web Services KMS), you must have permission to use the
- * kms:Decrypt action for the request to succeed.
In addition, if you enable checksum mode and the object is uploaded with a
+ * checksum
+ * and encrypted with an Key Management Service (KMS) key, you must have permission to use the
+ * kms:Decrypt action to retrieve the checksum.
Uploads the object only if the object key name does not already exist in the bucket specified. Otherwise, Amazon S3 returns a 412 Precondition Failed error.
If a conflicting operation occurs during the upload S3 returns a 409 ConditionalRequestConflict response. On a 409 failure you should retry the upload.
Expects the '*' (asterisk) character.
+ *For more information about conditional requests, see RFC 7232, or Conditional requests in the Amazon S3 User Guide.
+ * @public + */ + IfNoneMatch?: string; + /** *Gives the grantee READ, READ_ACP, and WRITE_ACP permissions on the object.
*Describes the parameters for Select job types.
+ *Amazon S3 Select is no longer available to new customers. Existing customers of Amazon S3 Select can continue to use the feature as usual. Learn more + *
+ *Describes the parameters for Select job types.
+ *Learn How to optimize querying your data in Amazon S3 using + * Amazon Athena, S3 Object Lambda, or client-side filtering.
* @public */ export interface SelectParameters { @@ -2123,7 +2138,11 @@ export interface SelectParameters { ExpressionType: ExpressionType | undefined; /** - *The expression that is used to query the object.
+ *Amazon S3 Select is no longer available to new customers. Existing customers of Amazon S3 Select can continue to use the feature as usual. Learn more + *
+ *The expression that is used to query the object.
* @public */ Expression: string | undefined; @@ -2170,7 +2189,11 @@ export interface RestoreRequest { GlacierJobParameters?: GlacierJobParameters; /** - *Type of restore request.
+ *Amazon S3 Select is no longer available to new customers. Existing customers of Amazon S3 Select can continue to use the feature as usual. Learn more + *
+ *Type of restore request.
* @public */ Type?: RestoreRequestType; @@ -2188,7 +2211,11 @@ export interface RestoreRequest { Description?: string; /** - *Describes the parameters for Select job types.
+ *Amazon S3 Select is no longer available to new customers. Existing customers of Amazon S3 Select can continue to use the feature as usual. Learn more + *
+ *Describes the parameters for Select job types.
* @public */ SelectParameters?: SelectParameters; @@ -2539,7 +2566,11 @@ export interface ScanRange { } /** - *Request to filter the contents of an Amazon S3 object based on a simple Structured Query
+ * Learn Amazon S3 Select is no longer available to new customers. Existing customers of Amazon S3 Select can continue to use the feature as usual. Learn more
+ *
Request to filter the contents of an Amazon S3 object based on a simple Structured Query * Language (SQL) statement. In the request, along with the SQL expression, you must specify a * data serialization format (JSON or CSV) of the object. Amazon S3 uses this to parse object data * into records. It returns only records that match the specified SQL expression. You must diff --git a/clients/client-s3/src/protocols/Aws_restXml.ts b/clients/client-s3/src/protocols/Aws_restXml.ts index 31e26dee14710..582989c7537da 100644 --- a/clients/client-s3/src/protocols/Aws_restXml.ts +++ b/clients/client-s3/src/protocols/Aws_restXml.ts @@ -485,6 +485,7 @@ export const se_CompleteMultipartUploadCommand = async ( [_xacs_]: input[_CSHAh]!, [_xarp]: input[_RP]!, [_xaebo]: input[_EBO]!, + [_inm]: input[_INM]!, [_xasseca]: input[_SSECA]!, [_xasseck]: input[_SSECK]!, [_xasseckm]: input[_SSECKMD]!, @@ -2634,6 +2635,7 @@ export const se_PutObjectCommand = async ( [_xacs]: input[_CSHA]!, [_xacs_]: input[_CSHAh]!, [_e]: [() => isSerializableHeaderValue(input[_E]), () => __dateToUtcString(input[_E]!).toString()], + [_inm]: input[_INM]!, [_xagfc]: input[_GFC]!, [_xagr]: input[_GR]!, [_xagra]: input[_GRACP]!, diff --git a/codegen/sdk-codegen/aws-models/s3.json b/codegen/sdk-codegen/aws-models/s3.json index 5bec54e76ad7b..d359f959b9e1c 100644 --- a/codegen/sdk-codegen/aws-models/s3.json +++ b/codegen/sdk-codegen/aws-models/s3.json @@ -18284,7 +18284,7 @@ "target": "com.amazonaws.s3#CompleteMultipartUploadOutput" }, "traits": { - "smithy.api#documentation": "
Completes a multipart upload by assembling previously uploaded parts.
\nYou first initiate the multipart upload and then upload all parts using the UploadPart\n operation or the UploadPartCopy\n operation. After successfully uploading all relevant parts of an upload, you call this\n CompleteMultipartUpload operation to complete the upload. Upon receiving this request, Amazon S3 concatenates all the parts\n in ascending order by part number to create a new object. In the CompleteMultipartUpload \n request, you must provide the parts list and ensure that the parts list is complete.\n The CompleteMultipartUpload API operation concatenates the parts that you provide in the list. For each part in the list,\n you must provide the PartNumber value and the ETag value that are returned after that part\n was uploaded.
The processing of a CompleteMultipartUpload request could take several minutes to\n finalize. After Amazon S3 begins processing the request, it sends an HTTP response header that\n specifies a 200 OK response. While processing is in progress, Amazon S3 periodically sends white\n space characters to keep the connection from timing out. A request could fail after the\n initial 200 OK response has been sent. This means that a 200 OK response can\n contain either a success or an error. The error response might be embedded in the 200 OK response. \n If you call this API operation directly, make sure to design\n your application to parse the contents of the response and handle it appropriately. If you\n use Amazon Web Services SDKs, SDKs handle this condition. The SDKs detect the embedded error and apply\n error handling per your configuration settings (including automatically retrying the\n request as appropriate). If the condition persists, the SDKs throw an exception (or, for\n the SDKs that don't use exceptions, they return an error).
Note that if CompleteMultipartUpload fails, applications should be prepared\n to retry any failed requests (including 500 error responses). For more information, see Amazon S3 Error Best\n Practices.
You can't use Content-Type: application/x-www-form-urlencoded for the \n CompleteMultipartUpload requests. Also, if you don't provide a\n Content-Type header, CompleteMultipartUpload can still return a 200\n OK response.
For more information about multipart uploads, see Uploading Objects Using Multipart\n Upload in the Amazon S3\n User Guide.
\n\n Directory buckets - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name\n . Path-style requests are not supported. For more information, see Regional and Zonal endpoints in the\n Amazon S3 User Guide.
\n General purpose bucket permissions - For information about permissions required to use the multipart upload API, see Multipart Upload\n and Permissions in the Amazon S3\n User Guide.
\n\n Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the \n CreateSession\n API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. \nAmazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see \n CreateSession\n .
Error Code: EntityTooSmall\n
Description: Your proposed upload is smaller than the minimum allowed object\n size. Each part must be at least 5 MB in size, except the last part.
\nHTTP Status Code: 400 Bad Request
\nError Code: InvalidPart\n
Description: One or more of the specified parts could not be found. The part\n might not have been uploaded, or the specified ETag might not have\n matched the uploaded part's ETag.
\nHTTP Status Code: 400 Bad Request
\nError Code: InvalidPartOrder\n
Description: The list of parts was not in ascending order. The parts list\n must be specified in order by part number.
\nHTTP Status Code: 400 Bad Request
\nError Code: NoSuchUpload\n
Description: The specified multipart upload does not exist. The upload ID\n might be invalid, or the multipart upload might have been aborted or\n completed.
\nHTTP Status Code: 404 Not Found
\n\n Directory buckets - The HTTP Host header syntax is \n Bucket_name.s3express-az_id.region.amazonaws.com.
The following operations are related to CompleteMultipartUpload:
\n UploadPart\n
\n\n AbortMultipartUpload\n
\n\n ListParts\n
\n\n ListMultipartUploads\n
\nCompletes a multipart upload by assembling previously uploaded parts.
\nYou first initiate the multipart upload and then upload all parts using the UploadPart\n operation or the UploadPartCopy\n operation. After successfully uploading all relevant parts of an upload, you call this\n CompleteMultipartUpload operation to complete the upload. Upon receiving this request, Amazon S3 concatenates all the parts\n in ascending order by part number to create a new object. In the CompleteMultipartUpload \n request, you must provide the parts list and ensure that the parts list is complete.\n The CompleteMultipartUpload API operation concatenates the parts that you provide in the list. For each part in the list,\n you must provide the PartNumber value and the ETag value that are returned after that part\n was uploaded.
The processing of a CompleteMultipartUpload request could take several minutes to\n finalize. After Amazon S3 begins processing the request, it sends an HTTP response header that\n specifies a 200 OK response. While processing is in progress, Amazon S3 periodically sends white\n space characters to keep the connection from timing out. A request could fail after the\n initial 200 OK response has been sent. This means that a 200 OK response can\n contain either a success or an error. The error response might be embedded in the 200 OK response. \n If you call this API operation directly, make sure to design\n your application to parse the contents of the response and handle it appropriately. If you\n use Amazon Web Services SDKs, SDKs handle this condition. The SDKs detect the embedded error and apply\n error handling per your configuration settings (including automatically retrying the\n request as appropriate). If the condition persists, the SDKs throw an exception (or, for\n the SDKs that don't use exceptions, they return an error).
Note that if CompleteMultipartUpload fails, applications should be prepared\n to retry any failed requests (including 500 error responses). For more information, see Amazon S3 Error Best\n Practices.
You can't use Content-Type: application/x-www-form-urlencoded for the \n CompleteMultipartUpload requests. Also, if you don't provide a\n Content-Type header, CompleteMultipartUpload can still return a 200\n OK response.
For more information about multipart uploads, see Uploading Objects Using Multipart\n Upload in the Amazon S3\n User Guide.
\n\n Directory buckets - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name\n . Path-style requests are not supported. For more information, see Regional and Zonal endpoints in the\n Amazon S3 User Guide.
\n General purpose bucket permissions - For\n information about permissions required to use the multipart upload API, see\n Multipart Upload and\n Permissions in the Amazon S3 User Guide.
\n\n Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the \n CreateSession\n API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. \nAmazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see \n CreateSession\n .
If you provide an additional checksum\n value in your MultipartUpload requests and the\n object is encrypted with Key Management Service, you must have permission to use the\n kms:Decrypt action for the\n CompleteMultipartUpload request to succeed.
Error Code: EntityTooSmall\n
Description: Your proposed upload is smaller than the minimum allowed object\n size. Each part must be at least 5 MB in size, except the last part.
\nHTTP Status Code: 400 Bad Request
\nError Code: InvalidPart\n
Description: One or more of the specified parts could not be found. The part\n might not have been uploaded, or the specified ETag might not have\n matched the uploaded part's ETag.
\nHTTP Status Code: 400 Bad Request
\nError Code: InvalidPartOrder\n
Description: The list of parts was not in ascending order. The parts list\n must be specified in order by part number.
\nHTTP Status Code: 400 Bad Request
\nError Code: NoSuchUpload\n
Description: The specified multipart upload does not exist. The upload ID\n might be invalid, or the multipart upload might have been aborted or\n completed.
\nHTTP Status Code: 404 Not Found
\n\n Directory buckets - The HTTP Host header syntax is \n Bucket_name.s3express-az_id.region.amazonaws.com.
The following operations are related to CompleteMultipartUpload:
\n UploadPart\n
\n\n AbortMultipartUpload\n
\n\n ListParts\n
\n\n ListMultipartUploads\n
\nUploads the object only if the object key name does not already exist in the bucket specified. Otherwise, Amazon S3 returns a 412 Precondition Failed error.
If a conflicting operation occurs during the upload S3 returns a 409 ConditionalRequestConflict response. On a 409 failure you should re-initiate the multipart upload with CreateMultipartUpload and re-upload each part.
Expects the '*' (asterisk) character.
\nFor more information about conditional requests, see RFC 7232, or Conditional requests in the Amazon S3 User Guide.
", + "smithy.api#httpHeader": "If-None-Match" + } + }, "SSECustomerAlgorithm": { "target": "com.amazonaws.s3#SSECustomerAlgorithm", "traits": { @@ -19386,7 +19393,7 @@ "target": "com.amazonaws.s3#CreateMultipartUploadOutput" }, "traits": { - "smithy.api#documentation": "This action initiates a multipart upload and returns an upload ID. This upload ID is\n used to associate all of the parts in the specific multipart upload. You specify this\n upload ID in each of your subsequent upload part requests (see UploadPart). You also include this\n upload ID in the final request to either complete or abort the multipart upload\n request. For more information about multipart uploads, see Multipart Upload Overview in the Amazon S3 User Guide.
\nAfter you initiate a multipart upload and upload one or more parts, to stop being\n charged for storing the uploaded parts, you must either complete or abort the multipart\n upload. Amazon S3 frees up the space used to store the parts and stops charging you for\n storing them only after you either complete or abort a multipart upload.
\nIf you have configured a lifecycle rule to abort incomplete multipart uploads, the created multipart \n upload must be completed within the number of days specified in the bucket lifecycle\n configuration. Otherwise, the incomplete multipart upload becomes eligible for an abort\n action and Amazon S3 aborts the multipart upload. For more information, see Aborting Incomplete Multipart Uploads Using a Bucket Lifecycle\n Configuration.
\n\n Directory buckets - S3 Lifecycle is not supported by directory buckets.
\n\n Directory buckets - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name\n . Path-style requests are not supported. For more information, see Regional and Zonal endpoints in the\n Amazon S3 User Guide.
For request signing, multipart upload is just a series of regular requests. You initiate\n a multipart upload, send one or more requests to upload parts, and then complete the\n multipart upload process. You sign each request individually. There is nothing special\n about signing multipart upload requests. For more information about signing, see Authenticating Requests (Amazon Web Services Signature Version 4) in the Amazon S3 User Guide.
\n\n General purpose bucket permissions - For information about the permissions required to use the multipart upload API, see\n Multipart\n upload and permissions in the Amazon S3 User Guide.
\nTo perform a multipart upload with encryption by using an Amazon Web Services KMS key, the requester\n must have permission to the kms:Decrypt and kms:GenerateDataKey*\n actions on the key. These permissions are required because Amazon S3 must decrypt and read data\n from the encrypted file parts before it completes the multipart upload. For more\n information, see Multipart upload API\n and permissions and Protecting data using\n server-side encryption with Amazon Web Services KMS in the\n Amazon S3 User Guide.
\n Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the \n CreateSession\n API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. \nAmazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see \n CreateSession\n .
\n General purpose buckets - Server-side encryption is for data encryption at rest. Amazon S3 encrypts your data as it\n writes it to disks in its data centers and decrypts it when you access it. Amazon S3\n automatically encrypts all new objects that are uploaded to an S3 bucket. When doing a\n multipart upload, if you don't specify encryption information in your request, the\n encryption setting of the uploaded parts is set to the default encryption configuration of\n the destination bucket. By default, all buckets have a base level of encryption\n configuration that uses server-side encryption with Amazon S3 managed keys (SSE-S3). If the\n destination bucket has a default encryption configuration that uses server-side encryption\n with an Key Management Service (KMS) key (SSE-KMS), or a customer-provided encryption key (SSE-C),\n Amazon S3 uses the corresponding KMS key, or a customer-provided key to encrypt the uploaded\n parts. When you perform a CreateMultipartUpload operation, if you want to use a different\n type of encryption setting for the uploaded parts, you can request that Amazon S3 encrypts the\n object with a different encryption key (such as an Amazon S3 managed key, a KMS key, or a customer-provided key). When the encryption\n setting in your request is different from the default encryption configuration of the\n destination bucket, the encryption setting in your request takes precedence. If you choose\n to provide your own encryption key, the request headers you provide in UploadPart\n and UploadPartCopy requests must match the headers you used in the CreateMultipartUpload request.
Use KMS keys (SSE-KMS) that include the Amazon Web Services managed key\n (aws/s3) and KMS customer managed keys stored in Key Management Service (KMS) –\n If you want Amazon Web Services to manage the keys used to encrypt data, specify the\n following headers in the request.
\n x-amz-server-side-encryption\n
\n x-amz-server-side-encryption-aws-kms-key-id\n
\n x-amz-server-side-encryption-context\n
If you specify x-amz-server-side-encryption:aws:kms, but\n don't provide x-amz-server-side-encryption-aws-kms-key-id,\n Amazon S3 uses the Amazon Web Services managed key (aws/s3 key) in KMS to\n protect the data.
To perform a multipart upload with encryption by using an Amazon Web Services KMS key, the requester\n must have permission to the kms:Decrypt and kms:GenerateDataKey*\n actions on the key. These permissions are required because Amazon S3 must decrypt and read data\n from the encrypted file parts before it completes the multipart upload. For more\n information, see Multipart upload API\n and permissions and Protecting data using\n server-side encryption with Amazon Web Services KMS in the\n Amazon S3 User Guide.
If your Identity and Access Management (IAM) user or role is in the same Amazon Web Services account as the KMS key,\n then you must have these permissions on the key policy. If your IAM user or role is in a different account from the key, then you must have the permissions on both the key\n policy and your IAM user or role.
\nAll GET and PUT requests for an object\n protected by KMS fail if you don't make them by using Secure Sockets\n Layer (SSL), Transport Layer Security (TLS), or Signature Version\n 4. For information about configuring any of the officially supported Amazon Web Services\n SDKs and Amazon Web Services CLI, see Specifying the Signature Version in Request Authentication\n in the Amazon S3 User Guide.
For more information about server-side encryption with KMS keys\n (SSE-KMS), see Protecting Data\n Using Server-Side Encryption with KMS keys in the Amazon S3 User Guide.
\nUse customer-provided encryption keys (SSE-C) – If you want to manage\n your own encryption keys, provide all the following headers in the\n request.
\n\n x-amz-server-side-encryption-customer-algorithm\n
\n x-amz-server-side-encryption-customer-key\n
\n x-amz-server-side-encryption-customer-key-MD5\n
For more information about server-side encryption with customer-provided\n encryption keys (SSE-C), see \n Protecting data using server-side encryption with customer-provided\n encryption keys (SSE-C) in the Amazon S3 User Guide.
\n\n Directory buckets -For directory buckets, only server-side encryption with Amazon S3 managed keys (SSE-S3) (AES256) is supported.
\n Directory buckets - The HTTP Host header syntax is \n Bucket_name.s3express-az_id.region.amazonaws.com.
The following operations are related to CreateMultipartUpload:
\n UploadPart\n
\n\n AbortMultipartUpload\n
\n\n ListParts\n
\n\n ListMultipartUploads\n
\nThis action initiates a multipart upload and returns an upload ID. This upload ID is\n used to associate all of the parts in the specific multipart upload. You specify this\n upload ID in each of your subsequent upload part requests (see UploadPart). You also include this\n upload ID in the final request to either complete or abort the multipart upload\n request. For more information about multipart uploads, see Multipart Upload Overview in the Amazon S3 User Guide.
\nAfter you initiate a multipart upload and upload one or more parts, to stop being\n charged for storing the uploaded parts, you must either complete or abort the multipart\n upload. Amazon S3 frees up the space used to store the parts and stops charging you for\n storing them only after you either complete or abort a multipart upload.
\nIf you have configured a lifecycle rule to abort incomplete multipart uploads, the created multipart \n upload must be completed within the number of days specified in the bucket lifecycle\n configuration. Otherwise, the incomplete multipart upload becomes eligible for an abort\n action and Amazon S3 aborts the multipart upload. For more information, see Aborting Incomplete Multipart Uploads Using a Bucket Lifecycle\n Configuration.
\n\n Directory buckets - S3 Lifecycle is not supported by directory buckets.
\n\n Directory buckets - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name\n . Path-style requests are not supported. For more information, see Regional and Zonal endpoints in the\n Amazon S3 User Guide.
For request signing, multipart upload is just a series of regular requests. You initiate\n a multipart upload, send one or more requests to upload parts, and then complete the\n multipart upload process. You sign each request individually. There is nothing special\n about signing multipart upload requests. For more information about signing, see Authenticating Requests (Amazon Web Services Signature Version 4) in the Amazon S3 User Guide.
\n\n General purpose bucket permissions - To\n perform a multipart upload with encryption using an Key Management Service (KMS)\n KMS key, the requester must have permission to the\n kms:Decrypt and kms:GenerateDataKey actions on\n the key. The requester must also have permissions for the\n kms:GenerateDataKey action for the\n CreateMultipartUpload API. Then, the requester needs\n permissions for the kms:Decrypt action on the\n UploadPart and UploadPartCopy APIs. These\n permissions are required because Amazon S3 must decrypt and read data from the\n encrypted file parts before it completes the multipart upload. For more\n information, see Multipart upload API and permissions and Protecting data\n using server-side encryption with Amazon Web Services KMS in the\n Amazon S3 User Guide.
\n Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the \n CreateSession\n API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. \nAmazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see \n CreateSession\n .
\n General purpose buckets - Server-side encryption is for data encryption at rest. Amazon S3 encrypts your data as it\n writes it to disks in its data centers and decrypts it when you access it. Amazon S3\n automatically encrypts all new objects that are uploaded to an S3 bucket. When doing a\n multipart upload, if you don't specify encryption information in your request, the\n encryption setting of the uploaded parts is set to the default encryption configuration of\n the destination bucket. By default, all buckets have a base level of encryption\n configuration that uses server-side encryption with Amazon S3 managed keys (SSE-S3). If the\n destination bucket has a default encryption configuration that uses server-side encryption\n with an Key Management Service (KMS) key (SSE-KMS), or a customer-provided encryption key (SSE-C),\n Amazon S3 uses the corresponding KMS key, or a customer-provided key to encrypt the uploaded\n parts. When you perform a CreateMultipartUpload operation, if you want to use a different\n type of encryption setting for the uploaded parts, you can request that Amazon S3 encrypts the\n object with a different encryption key (such as an Amazon S3 managed key, a KMS key, or a customer-provided key). When the encryption\n setting in your request is different from the default encryption configuration of the\n destination bucket, the encryption setting in your request takes precedence. If you choose\n to provide your own encryption key, the request headers you provide in UploadPart\n and UploadPartCopy requests must match the headers you used in the CreateMultipartUpload request.
Use KMS keys (SSE-KMS) that include the Amazon Web Services managed key\n (aws/s3) and KMS customer managed keys stored in Key Management Service (KMS) –\n If you want Amazon Web Services to manage the keys used to encrypt data, specify the\n following headers in the request.
\n x-amz-server-side-encryption\n
\n x-amz-server-side-encryption-aws-kms-key-id\n
\n x-amz-server-side-encryption-context\n
If you specify x-amz-server-side-encryption:aws:kms, but\n don't provide x-amz-server-side-encryption-aws-kms-key-id,\n Amazon S3 uses the Amazon Web Services managed key (aws/s3 key) in KMS to\n protect the data.
To perform a multipart upload with encryption by using an Amazon Web Services KMS key, the requester\n must have permission to the kms:Decrypt and kms:GenerateDataKey*\n actions on the key. These permissions are required because Amazon S3 must decrypt and read data\n from the encrypted file parts before it completes the multipart upload. For more\n information, see Multipart upload API\n and permissions and Protecting data using\n server-side encryption with Amazon Web Services KMS in the\n Amazon S3 User Guide.
If your Identity and Access Management (IAM) user or role is in the same Amazon Web Services account as the KMS key,\n then you must have these permissions on the key policy. If your IAM user or role is in a different account from the key, then you must have the permissions on both the key\n policy and your IAM user or role.
\nAll GET and PUT requests for an object\n protected by KMS fail if you don't make them by using Secure Sockets\n Layer (SSL), Transport Layer Security (TLS), or Signature Version\n 4. For information about configuring any of the officially supported Amazon Web Services\n SDKs and Amazon Web Services CLI, see Specifying the Signature Version in Request Authentication\n in the Amazon S3 User Guide.
For more information about server-side encryption with KMS keys\n (SSE-KMS), see Protecting Data\n Using Server-Side Encryption with KMS keys in the Amazon S3 User Guide.
\nUse customer-provided encryption keys (SSE-C) – If you want to manage\n your own encryption keys, provide all the following headers in the\n request.
\n\n x-amz-server-side-encryption-customer-algorithm\n
\n x-amz-server-side-encryption-customer-key\n
\n x-amz-server-side-encryption-customer-key-MD5\n
For more information about server-side encryption with customer-provided\n encryption keys (SSE-C), see \n Protecting data using server-side encryption with customer-provided\n encryption keys (SSE-C) in the Amazon S3 User Guide.
\n\n Directory buckets -For directory buckets, only server-side encryption with Amazon S3 managed keys (SSE-S3) (AES256) is supported.
\n Directory buckets - The HTTP Host header syntax is \n Bucket_name.s3express-az_id.region.amazonaws.com.
The following operations are related to CreateMultipartUpload:
\n UploadPart\n
\n\n AbortMultipartUpload\n
\n\n ListParts\n
\n\n ListMultipartUploads\n
\nTo retrieve the checksum, this mode must be enabled.
", + "smithy.api#documentation": "To retrieve the checksum, this mode must be enabled.
\nIn addition, if you enable checksum mode and the object is uploaded with a \n checksum \n and encrypted with an Key Management Service (KMS) key, you must have permission to use the \n kms:Decrypt action to retrieve the checksum.
To retrieve the checksum, this parameter must be enabled.
\nIn addition, if you enable ChecksumMode and the object is encrypted with\n Amazon Web Services Key Management Service (Amazon Web Services KMS), you must have permission to use the\n kms:Decrypt action for the request to succeed.
To retrieve the checksum, this parameter must be enabled.
\nIn addition, if you enable checksum mode and the object is uploaded with a \n checksum \n and encrypted with an Key Management Service (KMS) key, you must have permission to use the \n kms:Decrypt action to retrieve the checksum.
Uploads the object only if the object key name does not already exist in the bucket specified. Otherwise, Amazon S3 returns a 412 Precondition Failed error.
If a conflicting operation occurs during the upload S3 returns a 409 ConditionalRequestConflict response. On a 409 failure you should retry the upload.
Expects the '*' (asterisk) character.
\nFor more information about conditional requests, see RFC 7232, or Conditional requests in the Amazon S3 User Guide.
", + "smithy.api#httpHeader": "If-None-Match" + } + }, "GrantFullControl": { "target": "com.amazonaws.s3#GrantFullControl", "traits": { @@ -32384,7 +32398,7 @@ "aws.protocols#httpChecksum": { "requestAlgorithmMember": "ChecksumAlgorithm" }, - "smithy.api#documentation": "This operation is not supported by directory buckets.
\nRestores an archived copy of an object back into Amazon S3
\nThis functionality is not supported for Amazon S3 on Outposts.
\nThis action performs the following types of requests:
\n\n restore an archive - Restore an archived object
For more information about the S3 structure in the request body, see the\n following:
\n PutObject\n
\n\n Managing Access with ACLs in the\n Amazon S3 User Guide\n
\n\n Protecting Data Using Server-Side Encryption in the\n Amazon S3 User Guide\n
\nTo use this operation, you must have permissions to perform the\n s3:RestoreObject action. The bucket owner has this permission by\n default and can grant this permission to others. For more information about\n permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources in the\n Amazon S3 User Guide.
Objects that you archive to the S3 Glacier Flexible Retrieval Flexible Retrieval\n or S3 Glacier Deep Archive storage class, and S3 Intelligent-Tiering Archive or\n S3 Intelligent-Tiering Deep Archive tiers, are not accessible in real time. For objects in the\n S3 Glacier Flexible Retrieval Flexible Retrieval or S3 Glacier Deep Archive\n storage classes, you must first initiate a restore request, and then wait until a\n temporary copy of the object is available. If you want a permanent copy of the\n object, create a copy of it in the Amazon S3 Standard storage class in your S3 bucket.\n To access an archived object, you must restore the object for the duration (number\n of days) that you specify. For objects in the Archive Access or Deep Archive\n Access tiers of S3 Intelligent-Tiering, you must first initiate a restore request,\n and then wait until the object is moved into the Frequent Access tier.
\nTo restore a specific object version, you can provide a version ID. If you\n don't provide a version ID, Amazon S3 restores the current version.
\nWhen restoring an archived object, you can specify one of the following data\n access tier options in the Tier element of the request body:
\n Expedited - Expedited retrievals allow you to quickly access\n your data stored in the S3 Glacier Flexible Retrieval Flexible Retrieval\n storage class or S3 Intelligent-Tiering Archive tier when occasional urgent requests\n for restoring archives are required. For all but the largest archived\n objects (250 MB+), data accessed using Expedited retrievals is typically\n made available within 1–5 minutes. Provisioned capacity ensures that\n retrieval capacity for Expedited retrievals is available when you need it.\n Expedited retrievals and provisioned capacity are not available for objects\n stored in the S3 Glacier Deep Archive storage class or\n S3 Intelligent-Tiering Deep Archive tier.
\n Standard - Standard retrievals allow you to access any of\n your archived objects within several hours. This is the default option for\n retrieval requests that do not specify the retrieval option. Standard\n retrievals typically finish within 3–5 hours for objects stored in the\n S3 Glacier Flexible Retrieval Flexible Retrieval storage class or\n S3 Intelligent-Tiering Archive tier. They typically finish within 12 hours for\n objects stored in the S3 Glacier Deep Archive storage class or\n S3 Intelligent-Tiering Deep Archive tier. Standard retrievals are free for objects stored\n in S3 Intelligent-Tiering.
\n Bulk - Bulk retrievals free for objects stored in the\n S3 Glacier Flexible Retrieval and S3 Intelligent-Tiering storage classes,\n enabling you to retrieve large amounts, even petabytes, of data at no cost.\n Bulk retrievals typically finish within 5–12 hours for objects stored in the\n S3 Glacier Flexible Retrieval Flexible Retrieval storage class or\n S3 Intelligent-Tiering Archive tier. Bulk retrievals are also the lowest-cost\n retrieval option when restoring objects from\n S3 Glacier Deep Archive. They typically finish within 48 hours for\n objects stored in the S3 Glacier Deep Archive storage class or\n S3 Intelligent-Tiering Deep Archive tier.
For more information about archive retrieval options and provisioned capacity\n for Expedited data access, see Restoring Archived\n Objects in the Amazon S3 User Guide.
You can use Amazon S3 restore speed upgrade to change the restore speed to a faster\n speed while it is in progress. For more information, see Upgrading the speed of an in-progress restore in the\n Amazon S3 User Guide.
\nTo get the status of object restoration, you can send a HEAD\n request. Operations return the x-amz-restore header, which provides\n information about the restoration status, in the response. You can use Amazon S3 event\n notifications to notify you when a restore is initiated or completed. For more\n information, see Configuring Amazon S3 Event\n Notifications in the Amazon S3 User Guide.
After restoring an archived object, you can update the restoration period by\n reissuing the request with a new period. Amazon S3 updates the restoration period\n relative to the current time and charges only for the request-there are no\n data transfer charges. You cannot update the restoration period when Amazon S3 is\n actively processing your current restore request for the object.
\nIf your bucket has a lifecycle configuration with a rule that includes an\n expiration action, the object expiration overrides the life span that you specify\n in a restore request. For example, if you restore an object copy for 10 days, but\n the object is scheduled to expire in 3 days, Amazon S3 deletes the object in 3 days.\n For more information about lifecycle configuration, see PutBucketLifecycleConfiguration and Object Lifecycle\n Management in Amazon S3 User Guide.
\nA successful action returns either the 200 OK or 202\n Accepted status code.
If the object is not previously restored, then Amazon S3 returns 202\n Accepted in the response.
If the object is previously restored, Amazon S3 returns 200 OK in\n the response.
Special errors:
\n\n Code: RestoreAlreadyInProgress\n
\n\n Cause: Object restore is already in progress.\n
\n\n HTTP Status Code: 409 Conflict\n
\n\n SOAP Fault Code Prefix: Client\n
\n\n Code: GlacierExpeditedRetrievalNotAvailable\n
\n\n Cause: expedited retrievals are currently not available.\n Try again later. (Returned if there is insufficient capacity to\n process the Expedited request. This error applies only to Expedited\n retrievals and not to S3 Standard or Bulk retrievals.)\n
\n\n HTTP Status Code: 503\n
\n\n SOAP Fault Code Prefix: N/A\n
\nThe following operations are related to RestoreObject:
This operation is not supported by directory buckets.
\nThe SELECT job type for the RestoreObject operation is no longer available to new customers. Existing customers of Amazon S3 Select can continue to use the feature as usual. Learn more\n
Restores an archived copy of an object back into Amazon S3
\nThis functionality is not supported for Amazon S3 on Outposts.
\nThis action performs the following types of requests:
\n\n restore an archive - Restore an archived object
For more information about the S3 structure in the request body, see the\n following:
\n PutObject\n
\n\n Managing Access with ACLs in the\n Amazon S3 User Guide\n
\n\n Protecting Data Using Server-Side Encryption in the\n Amazon S3 User Guide\n
\nTo use this operation, you must have permissions to perform the\n s3:RestoreObject action. The bucket owner has this permission by\n default and can grant this permission to others. For more information about\n permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources in the\n Amazon S3 User Guide.
Objects that you archive to the S3 Glacier Flexible Retrieval Flexible Retrieval\n or S3 Glacier Deep Archive storage class, and S3 Intelligent-Tiering Archive or\n S3 Intelligent-Tiering Deep Archive tiers, are not accessible in real time. For objects in the\n S3 Glacier Flexible Retrieval Flexible Retrieval or S3 Glacier Deep Archive\n storage classes, you must first initiate a restore request, and then wait until a\n temporary copy of the object is available. If you want a permanent copy of the\n object, create a copy of it in the Amazon S3 Standard storage class in your S3 bucket.\n To access an archived object, you must restore the object for the duration (number\n of days) that you specify. For objects in the Archive Access or Deep Archive\n Access tiers of S3 Intelligent-Tiering, you must first initiate a restore request,\n and then wait until the object is moved into the Frequent Access tier.
\nTo restore a specific object version, you can provide a version ID. If you\n don't provide a version ID, Amazon S3 restores the current version.
\nWhen restoring an archived object, you can specify one of the following data\n access tier options in the Tier element of the request body:
\n Expedited - Expedited retrievals allow you to quickly access\n your data stored in the S3 Glacier Flexible Retrieval Flexible Retrieval\n storage class or S3 Intelligent-Tiering Archive tier when occasional urgent requests\n for restoring archives are required. For all but the largest archived\n objects (250 MB+), data accessed using Expedited retrievals is typically\n made available within 1–5 minutes. Provisioned capacity ensures that\n retrieval capacity for Expedited retrievals is available when you need it.\n Expedited retrievals and provisioned capacity are not available for objects\n stored in the S3 Glacier Deep Archive storage class or\n S3 Intelligent-Tiering Deep Archive tier.
\n Standard - Standard retrievals allow you to access any of\n your archived objects within several hours. This is the default option for\n retrieval requests that do not specify the retrieval option. Standard\n retrievals typically finish within 3–5 hours for objects stored in the\n S3 Glacier Flexible Retrieval Flexible Retrieval storage class or\n S3 Intelligent-Tiering Archive tier. They typically finish within 12 hours for\n objects stored in the S3 Glacier Deep Archive storage class or\n S3 Intelligent-Tiering Deep Archive tier. Standard retrievals are free for objects stored\n in S3 Intelligent-Tiering.
\n Bulk - Bulk retrievals free for objects stored in the\n S3 Glacier Flexible Retrieval and S3 Intelligent-Tiering storage classes,\n enabling you to retrieve large amounts, even petabytes, of data at no cost.\n Bulk retrievals typically finish within 5–12 hours for objects stored in the\n S3 Glacier Flexible Retrieval Flexible Retrieval storage class or\n S3 Intelligent-Tiering Archive tier. Bulk retrievals are also the lowest-cost\n retrieval option when restoring objects from\n S3 Glacier Deep Archive. They typically finish within 48 hours for\n objects stored in the S3 Glacier Deep Archive storage class or\n S3 Intelligent-Tiering Deep Archive tier.
For more information about archive retrieval options and provisioned capacity\n for Expedited data access, see Restoring Archived\n Objects in the Amazon S3 User Guide.
You can use Amazon S3 restore speed upgrade to change the restore speed to a faster\n speed while it is in progress. For more information, see Upgrading the speed of an in-progress restore in the\n Amazon S3 User Guide.
\nTo get the status of object restoration, you can send a HEAD\n request. Operations return the x-amz-restore header, which provides\n information about the restoration status, in the response. You can use Amazon S3 event\n notifications to notify you when a restore is initiated or completed. For more\n information, see Configuring Amazon S3 Event\n Notifications in the Amazon S3 User Guide.
After restoring an archived object, you can update the restoration period by\n reissuing the request with a new period. Amazon S3 updates the restoration period\n relative to the current time and charges only for the request-there are no\n data transfer charges. You cannot update the restoration period when Amazon S3 is\n actively processing your current restore request for the object.
\nIf your bucket has a lifecycle configuration with a rule that includes an\n expiration action, the object expiration overrides the life span that you specify\n in a restore request. For example, if you restore an object copy for 10 days, but\n the object is scheduled to expire in 3 days, Amazon S3 deletes the object in 3 days.\n For more information about lifecycle configuration, see PutBucketLifecycleConfiguration and Object Lifecycle\n Management in Amazon S3 User Guide.
\nA successful action returns either the 200 OK or 202\n Accepted status code.
If the object is not previously restored, then Amazon S3 returns 202\n Accepted in the response.
If the object is previously restored, Amazon S3 returns 200 OK in\n the response.
Special errors:
\n\n Code: RestoreAlreadyInProgress\n
\n\n Cause: Object restore is already in progress.\n
\n\n HTTP Status Code: 409 Conflict\n
\n\n SOAP Fault Code Prefix: Client\n
\n\n Code: GlacierExpeditedRetrievalNotAvailable\n
\n\n Cause: expedited retrievals are currently not available.\n Try again later. (Returned if there is insufficient capacity to\n process the Expedited request. This error applies only to Expedited\n retrievals and not to S3 Standard or Bulk retrievals.)\n
\n\n HTTP Status Code: 503\n
\n\n SOAP Fault Code Prefix: N/A\n
\nThe following operations are related to RestoreObject:
Type of restore request.
" + "smithy.api#documentation": "Amazon S3 Select is no longer available to new customers. Existing customers of Amazon S3 Select can continue to use the feature as usual. Learn more\n
\nType of restore request.
" } }, "Tier": { @@ -32530,7 +32544,7 @@ "SelectParameters": { "target": "com.amazonaws.s3#SelectParameters", "traits": { - "smithy.api#documentation": "Describes the parameters for Select job types.
" + "smithy.api#documentation": "Amazon S3 Select is no longer available to new customers. Existing customers of Amazon S3 Select can continue to use the feature as usual. Learn more\n
\nDescribes the parameters for Select job types.
" } }, "OutputLocation": { @@ -32755,7 +32769,7 @@ "target": "com.amazonaws.s3#SelectObjectContentOutput" }, "traits": { - "smithy.api#documentation": "This operation is not supported by directory buckets.
\nThis action filters the contents of an Amazon S3 object based on a simple structured query\n language (SQL) statement. In the request, along with the SQL expression, you must also\n specify a data serialization format (JSON, CSV, or Apache Parquet) of the object. Amazon S3 uses\n this format to parse object data into records, and returns only records that match the\n specified SQL expression. You must also specify the data serialization format for the\n response.
\nThis functionality is not supported for Amazon S3 on Outposts.
\nFor more information about Amazon S3 Select, see Selecting Content from\n Objects and SELECT\n Command in the Amazon S3 User Guide.
\n \nYou must have the s3:GetObject permission for this operation. Amazon S3\n Select does not support anonymous access. For more information about permissions,\n see Specifying Permissions in\n a Policy in the Amazon S3 User Guide.
You can use Amazon S3 Select to query objects that have the following format\n properties:
\n\n CSV, JSON, and Parquet - Objects must be in CSV,\n JSON, or Parquet format.
\n\n UTF-8 - UTF-8 is the only encoding type Amazon S3 Select\n supports.
\n\n GZIP or BZIP2 - CSV and JSON files can be compressed\n using GZIP or BZIP2. GZIP and BZIP2 are the only compression formats that\n Amazon S3 Select supports for CSV and JSON files. Amazon S3 Select supports columnar\n compression for Parquet using GZIP or Snappy. Amazon S3 Select does not support\n whole-object compression for Parquet objects.
\n\n Server-side encryption - Amazon S3 Select supports\n querying objects that are protected with server-side encryption.
\nFor objects that are encrypted with customer-provided encryption keys\n (SSE-C), you must use HTTPS, and you must use the headers that are\n documented in the GetObject. For more\n information about SSE-C, see Server-Side Encryption (Using Customer-Provided Encryption Keys)\n in the Amazon S3 User Guide.
\nFor objects that are encrypted with Amazon S3 managed keys (SSE-S3) and\n Amazon Web Services KMS keys (SSE-KMS), server-side encryption is handled transparently,\n so you don't need to specify anything. For more information about\n server-side encryption, including SSE-S3 and SSE-KMS, see Protecting Data Using Server-Side Encryption in the\n Amazon S3 User Guide.
\nGiven the response size is unknown, Amazon S3 Select streams the response as a\n series of messages and includes a Transfer-Encoding header with\n chunked as its value in the response. For more information, see\n Appendix:\n SelectObjectContent\n Response.
The SelectObjectContent action does not support the following\n GetObject functionality. For more information, see GetObject.
\n Range: Although you can specify a scan range for an Amazon S3 Select\n request (see SelectObjectContentRequest - ScanRange in the request\n parameters), you cannot specify the range of bytes of an object to return.\n
The GLACIER, DEEP_ARCHIVE, and\n REDUCED_REDUNDANCY storage classes, or the\n ARCHIVE_ACCESS and DEEP_ARCHIVE_ACCESS access\n tiers of the INTELLIGENT_TIERING storage class: You cannot\n query objects in the GLACIER, DEEP_ARCHIVE, or\n REDUCED_REDUNDANCY storage classes, nor objects in the\n ARCHIVE_ACCESS or DEEP_ARCHIVE_ACCESS access\n tiers of the INTELLIGENT_TIERING storage class. For more\n information about storage classes, see Using Amazon S3\n storage classes in the\n Amazon S3 User Guide.
For a list of special errors for this operation, see List of SELECT Object Content Error Codes\n
\nThe following operations are related to SelectObjectContent:
\n GetObject\n
\nThis operation is not supported by directory buckets.
\nThe SelectObjectContent operation is no longer available to new customers. Existing customers of Amazon S3 Select can continue to use the operation as usual. Learn more\n
\nThis action filters the contents of an Amazon S3 object based on a simple structured query\n language (SQL) statement. In the request, along with the SQL expression, you must also\n specify a data serialization format (JSON, CSV, or Apache Parquet) of the object. Amazon S3 uses\n this format to parse object data into records, and returns only records that match the\n specified SQL expression. You must also specify the data serialization format for the\n response.
\nThis functionality is not supported for Amazon S3 on Outposts.
\nFor more information about Amazon S3 Select, see Selecting Content from\n Objects and SELECT\n Command in the Amazon S3 User Guide.
\n \nYou must have the s3:GetObject permission for this operation. Amazon S3\n Select does not support anonymous access. For more information about permissions,\n see Specifying Permissions in\n a Policy in the Amazon S3 User Guide.
You can use Amazon S3 Select to query objects that have the following format\n properties:
\n\n CSV, JSON, and Parquet - Objects must be in CSV,\n JSON, or Parquet format.
\n\n UTF-8 - UTF-8 is the only encoding type Amazon S3 Select\n supports.
\n\n GZIP or BZIP2 - CSV and JSON files can be compressed\n using GZIP or BZIP2. GZIP and BZIP2 are the only compression formats that\n Amazon S3 Select supports for CSV and JSON files. Amazon S3 Select supports columnar\n compression for Parquet using GZIP or Snappy. Amazon S3 Select does not support\n whole-object compression for Parquet objects.
\n\n Server-side encryption - Amazon S3 Select supports\n querying objects that are protected with server-side encryption.
\nFor objects that are encrypted with customer-provided encryption keys\n (SSE-C), you must use HTTPS, and you must use the headers that are\n documented in the GetObject. For more\n information about SSE-C, see Server-Side Encryption (Using Customer-Provided Encryption Keys)\n in the Amazon S3 User Guide.
\nFor objects that are encrypted with Amazon S3 managed keys (SSE-S3) and\n Amazon Web Services KMS keys (SSE-KMS), server-side encryption is handled transparently,\n so you don't need to specify anything. For more information about\n server-side encryption, including SSE-S3 and SSE-KMS, see Protecting Data Using Server-Side Encryption in the\n Amazon S3 User Guide.
\nGiven the response size is unknown, Amazon S3 Select streams the response as a\n series of messages and includes a Transfer-Encoding header with\n chunked as its value in the response. For more information, see\n Appendix:\n SelectObjectContent\n Response.
The SelectObjectContent action does not support the following\n GetObject functionality. For more information, see GetObject.
\n Range: Although you can specify a scan range for an Amazon S3 Select\n request (see SelectObjectContentRequest - ScanRange in the request\n parameters), you cannot specify the range of bytes of an object to return.\n
The GLACIER, DEEP_ARCHIVE, and\n REDUCED_REDUNDANCY storage classes, or the\n ARCHIVE_ACCESS and DEEP_ARCHIVE_ACCESS access\n tiers of the INTELLIGENT_TIERING storage class: You cannot\n query objects in the GLACIER, DEEP_ARCHIVE, or\n REDUCED_REDUNDANCY storage classes, nor objects in the\n ARCHIVE_ACCESS or DEEP_ARCHIVE_ACCESS access\n tiers of the INTELLIGENT_TIERING storage class. For more\n information about storage classes, see Using Amazon S3\n storage classes in the\n Amazon S3 User Guide.
For a list of special errors for this operation, see List of SELECT Object Content Error Codes\n
\nThe following operations are related to SelectObjectContent:
\n GetObject\n
\nRequest to filter the contents of an Amazon S3 object based on a simple Structured Query\n Language (SQL) statement. In the request, along with the SQL expression, you must specify a\n data serialization format (JSON or CSV) of the object. Amazon S3 uses this to parse object data\n into records. It returns only records that match the specified SQL expression. You must\n also specify the data serialization format for the response. For more information, see\n S3Select API Documentation.
", + "smithy.api#documentation": "Learn Amazon S3 Select is no longer available to new customers. Existing customers of Amazon S3 Select can continue to use the feature as usual. Learn more\n
\nRequest to filter the contents of an Amazon S3 object based on a simple Structured Query\n Language (SQL) statement. In the request, along with the SQL expression, you must specify a\n data serialization format (JSON or CSV) of the object. Amazon S3 uses this to parse object data\n into records. It returns only records that match the specified SQL expression. You must\n also specify the data serialization format for the response. For more information, see\n S3Select API Documentation.
", "smithy.api#input": {} } }, @@ -32933,7 +32947,7 @@ "Expression": { "target": "com.amazonaws.s3#Expression", "traits": { - "smithy.api#documentation": "The expression that is used to query the object.
", + "smithy.api#documentation": "Amazon S3 Select is no longer available to new customers. Existing customers of Amazon S3 Select can continue to use the feature as usual. Learn more\n
\nThe expression that is used to query the object.
", "smithy.api#required": {} } }, @@ -32946,7 +32960,7 @@ } }, "traits": { - "smithy.api#documentation": "Describes the parameters for Select job types.
" + "smithy.api#documentation": "Amazon S3 Select is no longer available to new customers. Existing customers of Amazon S3 Select can continue to use the feature as usual. Learn more\n
\nDescribes the parameters for Select job types.
\nLearn How to optimize querying your data in Amazon S3 using\n Amazon Athena, S3 Object Lambda, or client-side filtering.
" } }, "com.amazonaws.s3#ServerSideEncryption": { @@ -33683,7 +33697,7 @@ "aws.protocols#httpChecksum": { "requestAlgorithmMember": "ChecksumAlgorithm" }, - "smithy.api#documentation": "Uploads a part in a multipart upload.
\nIn this operation, you provide new data as a part of an object in your request. However, you have an option\n to specify your existing Amazon S3 object as a data source for the part you are uploading. To\n upload a part from an existing object, you use the UploadPartCopy operation.\n
\nYou must initiate a multipart upload (see CreateMultipartUpload)\n before you can upload any part. In response to your initiate request, Amazon S3 returns an\n upload ID, a unique identifier that you must include in your upload part request.
\nPart numbers can be any number from 1 to 10,000, inclusive. A part number uniquely\n identifies a part and also defines its position within the object being created. If you\n upload a new part using the same part number that was used with a previous part, the\n previously uploaded part is overwritten.
\nFor information about maximum and minimum part sizes and other multipart upload\n specifications, see Multipart upload limits in the Amazon S3 User Guide.
\nAfter you initiate multipart upload and upload\n one or more parts, you must either complete or abort multipart upload in order to stop\n getting charged for storage of the uploaded parts. Only after you either complete or abort\n multipart upload, Amazon S3 frees up the parts storage and stops charging you for the parts\n storage.
\nFor more information on multipart uploads, go to Multipart Upload Overview in the\n Amazon S3 User Guide .
\n\n Directory buckets - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name\n . Path-style requests are not supported. For more information, see Regional and Zonal endpoints in the\n Amazon S3 User Guide.
\n General purpose bucket permissions - For information on the permissions required to use the multipart upload API, see \n Multipart\n Upload and Permissions in the Amazon S3 User Guide.
\n\n Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the \n CreateSession\n API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. \nAmazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see \n CreateSession\n .
\n General purpose bucket - To ensure that data is not corrupted traversing the network, specify the\n Content-MD5 header in the upload part request. Amazon S3 checks the part data against the provided MD5 value. If they do not match, Amazon S3 returns an error. If the upload request is signed with Signature Version 4, then Amazon Web Services S3 uses the\n x-amz-content-sha256 header as a checksum instead of\n Content-MD5. For more information see Authenticating\n Requests: Using the Authorization Header (Amazon Web Services Signature Version 4).
\n Directory buckets - MD5 is not supported by directory buckets. You can use checksum algorithms to check object integrity.
\n\n General purpose bucket - Server-side encryption is for data encryption at rest. Amazon S3 encrypts your data as it\n writes it to disks in its data centers and decrypts it when you access it. You have \n mutually exclusive options to protect data using server-side encryption in Amazon S3, depending\n on how you choose to manage the encryption keys. Specifically, the encryption key options\n are Amazon S3 managed keys (SSE-S3), Amazon Web Services KMS keys (SSE-KMS), and Customer-Provided Keys\n (SSE-C). Amazon S3 encrypts data with server-side encryption using Amazon S3 managed keys (SSE-S3) by\n default. You can optionally tell Amazon S3 to encrypt data at rest using server-side encryption\n with other key options. The option you use depends on whether you want to use KMS keys\n (SSE-KMS) or provide your own encryption key (SSE-C).
\nServer-side encryption is supported by the S3 Multipart Upload operations. Unless you are\n using a customer-provided encryption key (SSE-C), you don't need to specify the encryption\n parameters in each UploadPart request. Instead, you only need to specify the server-side\n encryption parameters in the initial Initiate Multipart request. For more information, see\n CreateMultipartUpload.
\nIf you request server-side encryption using a customer-provided encryption key (SSE-C)\n in your initiate multipart upload request, you must provide identical encryption\n information in each part upload using the following request headers.
\nx-amz-server-side-encryption-customer-algorithm
\nx-amz-server-side-encryption-customer-key
\nx-amz-server-side-encryption-customer-key-MD5
\n\n Directory bucket - For directory buckets, only server-side encryption with Amazon S3 managed keys (SSE-S3) (AES256) is supported.
\n For more information, see Using Server-Side\n Encryption in the Amazon S3 User Guide.
\nError Code: NoSuchUpload\n
Description: The specified multipart upload does not exist. The upload ID might be invalid, or the multipart upload might have been aborted or completed.
\nHTTP Status Code: 404 Not Found
\nSOAP Fault Code Prefix: Client
\n\n Directory buckets - The HTTP Host header syntax is \n Bucket_name.s3express-az_id.region.amazonaws.com.
The following operations are related to UploadPart:
\n AbortMultipartUpload\n
\n\n ListParts\n
\n\n ListMultipartUploads\n
\nUploads a part in a multipart upload.
\nIn this operation, you provide new data as a part of an object in your request. However, you have an option\n to specify your existing Amazon S3 object as a data source for the part you are uploading. To\n upload a part from an existing object, you use the UploadPartCopy operation.\n
\nYou must initiate a multipart upload (see CreateMultipartUpload)\n before you can upload any part. In response to your initiate request, Amazon S3 returns an\n upload ID, a unique identifier that you must include in your upload part request.
\nPart numbers can be any number from 1 to 10,000, inclusive. A part number uniquely\n identifies a part and also defines its position within the object being created. If you\n upload a new part using the same part number that was used with a previous part, the\n previously uploaded part is overwritten.
\nFor information about maximum and minimum part sizes and other multipart upload\n specifications, see Multipart upload limits in the Amazon S3 User Guide.
\nAfter you initiate multipart upload and upload\n one or more parts, you must either complete or abort multipart upload in order to stop\n getting charged for storage of the uploaded parts. Only after you either complete or abort\n multipart upload, Amazon S3 frees up the parts storage and stops charging you for the parts\n storage.
\nFor more information on multipart uploads, go to Multipart Upload Overview in the\n Amazon S3 User Guide .
\n\n Directory buckets - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name\n . Path-style requests are not supported. For more information, see Regional and Zonal endpoints in the\n Amazon S3 User Guide.
\n General purpose bucket permissions - To\n perform a multipart upload with encryption using an Key Management Service key, the\n requester must have permission to the kms:Decrypt and\n kms:GenerateDataKey actions on the key. The requester must\n also have permissions for the kms:GenerateDataKey action for\n the CreateMultipartUpload API. Then, the requester needs\n permissions for the kms:Decrypt action on the\n UploadPart and UploadPartCopy APIs.
These permissions are required because Amazon S3 must decrypt and read data\n from the encrypted file parts before it completes the multipart upload. For\n more information about KMS permissions, see Protecting data\n using server-side encryption with KMS in the\n Amazon S3 User Guide. For information about the\n permissions required to use the multipart upload API, see Multipart upload and permissions and Multipart upload API and permissions in the\n Amazon S3 User Guide.
\n\n Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the \n CreateSession\n API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. \nAmazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see \n CreateSession\n .
\n General purpose bucket - To ensure that data is not corrupted traversing the network, specify the\n Content-MD5 header in the upload part request. Amazon S3 checks the part data against the provided MD5 value. If they do not match, Amazon S3 returns an error. If the upload request is signed with Signature Version 4, then Amazon Web Services S3 uses the\n x-amz-content-sha256 header as a checksum instead of\n Content-MD5. For more information see Authenticating\n Requests: Using the Authorization Header (Amazon Web Services Signature Version 4).
\n Directory buckets - MD5 is not supported by directory buckets. You can use checksum algorithms to check object integrity.
\n\n General purpose bucket - Server-side encryption is for data encryption at rest. Amazon S3 encrypts your data as it\n writes it to disks in its data centers and decrypts it when you access it. You have \n mutually exclusive options to protect data using server-side encryption in Amazon S3, depending\n on how you choose to manage the encryption keys. Specifically, the encryption key options\n are Amazon S3 managed keys (SSE-S3), Amazon Web Services KMS keys (SSE-KMS), and Customer-Provided Keys\n (SSE-C). Amazon S3 encrypts data with server-side encryption using Amazon S3 managed keys (SSE-S3) by\n default. You can optionally tell Amazon S3 to encrypt data at rest using server-side encryption\n with other key options. The option you use depends on whether you want to use KMS keys\n (SSE-KMS) or provide your own encryption key (SSE-C).
\nServer-side encryption is supported by the S3 Multipart Upload operations. Unless you are\n using a customer-provided encryption key (SSE-C), you don't need to specify the encryption\n parameters in each UploadPart request. Instead, you only need to specify the server-side\n encryption parameters in the initial Initiate Multipart request. For more information, see\n CreateMultipartUpload.
\nIf you request server-side encryption using a customer-provided encryption key (SSE-C)\n in your initiate multipart upload request, you must provide identical encryption\n information in each part upload using the following request headers.
\nx-amz-server-side-encryption-customer-algorithm
\nx-amz-server-side-encryption-customer-key
\nx-amz-server-side-encryption-customer-key-MD5
\n\n Directory bucket - For directory buckets, only server-side encryption with Amazon S3 managed keys (SSE-S3) (AES256) is supported.
\n For more information, see Using Server-Side\n Encryption in the Amazon S3 User Guide.
\nError Code: NoSuchUpload\n
Description: The specified multipart upload does not exist. The upload ID might be invalid, or the multipart upload might have been aborted or completed.
\nHTTP Status Code: 404 Not Found
\nSOAP Fault Code Prefix: Client
\n\n Directory buckets - The HTTP Host header syntax is \n Bucket_name.s3express-az_id.region.amazonaws.com.
The following operations are related to UploadPart:
\n AbortMultipartUpload\n
\n\n ListParts\n
\n\n ListMultipartUploads\n
\nUploads a part by copying data from an existing object as data source. To specify the\n data source, you add the request header x-amz-copy-source in your request. To specify \n a byte range, you add the request header x-amz-copy-source-range in your\n request.
For information about maximum and minimum part sizes and other multipart upload\n specifications, see Multipart upload limits in the Amazon S3 User Guide.
\nInstead of copying data from an existing object as part data, you might use the UploadPart\n action to upload new data as a part of an object in your request.
\nYou must initiate a multipart upload before you can upload any part. In response to your\n initiate request, Amazon S3 returns the upload ID, a unique identifier that you must include in\n your upload part request.
\nFor conceptual information about multipart uploads, see Uploading\n Objects Using Multipart Upload in the\n Amazon S3 User Guide. For information about copying objects using a single atomic action vs. a multipart\n upload, see Operations on Objects in\n the Amazon S3 User Guide.
\n\n Directory buckets - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name\n . Path-style requests are not supported. For more information, see Regional and Zonal endpoints in the\n Amazon S3 User Guide.
All UploadPartCopy requests must be authenticated and signed by using IAM credentials (access key ID and secret access key for the IAM identities). All headers with the x-amz- prefix, including\n x-amz-copy-source, must be signed. For more information, see REST Authentication.
\n Directory buckets - You must use IAM credentials to authenticate and authorize your access to the UploadPartCopy API operation, instead of using the \n temporary security credentials through the CreateSession API operation.
Amazon Web Services CLI or SDKs handles authentication and authorization on your behalf.
\nYou must have READ access to the source object and WRITE\n access to the destination bucket.
\n General purpose bucket permissions - You must have the permissions in a policy based on the bucket types of your source bucket and destination bucket in an UploadPartCopy operation.
If the source object is in a general purpose bucket, you must have the \n s3:GetObject\n permission to read the source object that is being copied.
If the destination bucket is a general purpose bucket, you must have the \n s3:PutObject\n permission to write the object copy to the destination bucket.\n
For information about permissions required to use the multipart upload API, see\n Multipart upload API and permissions in the\n Amazon S3 User Guide.
\n\n Directory bucket permissions -\n You must have permissions in a bucket policy or an IAM identity-based policy based on the source and destination\n bucket types in an UploadPartCopy operation.
If the source object that you want to copy is in a\n directory bucket, you must have the \n s3express:CreateSession\n permission in\n the Action element of a policy to read the object. By\n default, the session is in the ReadWrite mode. If you\n want to restrict the access, you can explicitly set the\n s3express:SessionMode condition key to\n ReadOnly on the copy source bucket.
If the copy destination is a directory bucket, you must have the \n \n s3express:CreateSession\n permission in the\n Action element of a policy to write the object\n to the destination. The s3express:SessionMode condition\n key cannot be set to ReadOnly on the copy destination.
For example policies, see Example bucket policies for S3 Express One Zone and Amazon Web Services Identity and Access Management (IAM) identity-based policies for S3 Express One Zone in the\n Amazon S3 User Guide.
\n\n General purpose buckets - \n \n For information about using server-side encryption with customer-provided\n encryption keys with the UploadPartCopy operation, see CopyObject and UploadPart.\n
\n Directory buckets - For directory buckets, only server-side encryption with Amazon S3 managed keys (SSE-S3) (AES256) is supported.
Error Code: NoSuchUpload\n
Description: The specified multipart upload does not exist. The\n upload ID might be invalid, or the multipart upload might have been\n aborted or completed.
\nHTTP Status Code: 404 Not Found
\nError Code: InvalidRequest\n
Description: The specified copy source is not supported as a\n byte-range copy source.
\nHTTP Status Code: 400 Bad Request
\n\n Directory buckets - The HTTP Host header syntax is \n Bucket_name.s3express-az_id.region.amazonaws.com.
The following operations are related to UploadPartCopy:
\n UploadPart\n
\n\n AbortMultipartUpload\n
\n\n ListParts\n
\n\n ListMultipartUploads\n
\nUploads a part by copying data from an existing object as data source. To specify the\n data source, you add the request header x-amz-copy-source in your request. To specify \n a byte range, you add the request header x-amz-copy-source-range in your\n request.
For information about maximum and minimum part sizes and other multipart upload\n specifications, see Multipart upload limits in the Amazon S3 User Guide.
\nInstead of copying data from an existing object as part data, you might use the UploadPart\n action to upload new data as a part of an object in your request.
\nYou must initiate a multipart upload before you can upload any part. In response to your\n initiate request, Amazon S3 returns the upload ID, a unique identifier that you must include in\n your upload part request.
\nFor conceptual information about multipart uploads, see Uploading\n Objects Using Multipart Upload in the\n Amazon S3 User Guide. For information about copying objects using a single atomic action vs. a multipart\n upload, see Operations on Objects in\n the Amazon S3 User Guide.
\n\n Directory buckets - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name\n . Path-style requests are not supported. For more information, see Regional and Zonal endpoints in the\n Amazon S3 User Guide.
All UploadPartCopy requests must be authenticated and signed by using IAM credentials (access key ID and secret access key for the IAM identities). All headers with the x-amz- prefix, including\n x-amz-copy-source, must be signed. For more information, see REST Authentication.
\n Directory buckets - You must use IAM credentials to authenticate and authorize your access to the UploadPartCopy API operation, instead of using the \n temporary security credentials through the CreateSession API operation.
Amazon Web Services CLI or SDKs handles authentication and authorization on your behalf.
\nYou must have READ access to the source object and WRITE\n access to the destination bucket.
\n General purpose bucket permissions - You\n must have the permissions in a policy based on the bucket types of your\n source bucket and destination bucket in an UploadPartCopy\n operation.
If the source object is in a general purpose bucket, you must have the\n \n s3:GetObject\n \n permission to read the source object that is being copied.
If the destination bucket is a general purpose bucket, you must have the\n \n s3:PutObject\n \n permission to write the object copy to the destination bucket.
To perform a multipart upload with encryption using an Key Management Service\n key, the requester must have permission to the\n kms:Decrypt and kms:GenerateDataKey\n actions on the key. The requester must also have permissions for the\n kms:GenerateDataKey action for the\n CreateMultipartUpload API. Then, the requester needs\n permissions for the kms:Decrypt action on the\n UploadPart and UploadPartCopy APIs. These\n permissions are required because Amazon S3 must decrypt and read data from\n the encrypted file parts before it completes the multipart upload. For\n more information about KMS permissions, see Protecting\n data using server-side encryption with KMS in the\n Amazon S3 User Guide. For information about the\n permissions required to use the multipart upload API, see Multipart upload\n and permissions and Multipart upload API and permissions in the\n Amazon S3 User Guide.
\n Directory bucket permissions -\n You must have permissions in a bucket policy or an IAM identity-based policy based on the source and destination\n bucket types in an UploadPartCopy operation.
If the source object that you want to copy is in a\n directory bucket, you must have the \n s3express:CreateSession\n permission in\n the Action element of a policy to read the object. By\n default, the session is in the ReadWrite mode. If you\n want to restrict the access, you can explicitly set the\n s3express:SessionMode condition key to\n ReadOnly on the copy source bucket.
If the copy destination is a directory bucket, you must have the \n \n s3express:CreateSession\n permission in the\n Action element of a policy to write the object\n to the destination. The s3express:SessionMode condition\n key cannot be set to ReadOnly on the copy destination.
For example policies, see Example bucket policies for S3 Express One Zone and Amazon Web Services Identity and Access Management (IAM) identity-based policies for S3 Express One Zone in the\n Amazon S3 User Guide.
\n\n General purpose buckets - \n \n For information about using server-side encryption with customer-provided\n encryption keys with the UploadPartCopy operation, see CopyObject and UploadPart.\n
\n Directory buckets - For directory buckets, only server-side encryption with Amazon S3 managed keys (SSE-S3) (AES256) is supported.
Error Code: NoSuchUpload\n
Description: The specified multipart upload does not exist. The\n upload ID might be invalid, or the multipart upload might have been\n aborted or completed.
\nHTTP Status Code: 404 Not Found
\nError Code: InvalidRequest\n
Description: The specified copy source is not supported as a\n byte-range copy source.
\nHTTP Status Code: 400 Bad Request
\n\n Directory buckets - The HTTP Host header syntax is \n Bucket_name.s3express-az_id.region.amazonaws.com.
The following operations are related to UploadPartCopy:
\n UploadPart\n
\n\n AbortMultipartUpload\n
\n\n ListParts\n
\n\n ListMultipartUploads\n
\n