Class: Aws::S3::Object

Inherits:

Object

• Object
• Aws::S3::Object

Extended by:

Deprecations

Defined in:

lib/aws-sdk-s3/customizations/object.rb,
lib/aws-sdk-s3/object.rb

Defined Under Namespace

Classes: Collection

Read-Only Attributes

• #accept_ranges ⇒ String

  Indicates that a range of bytes was specified.

• #archive_status ⇒ String

  The archive state of the head object.

• #bucket_key_enabled ⇒ Boolean

  Indicates whether the object uses an S3 Bucket Key for server-side encryption with Key Management Service (KMS) keys (SSE-KMS).

• #bucket_name ⇒ String
• #cache_control ⇒ String

  Specifies caching behavior along the request/reply chain.

• #checksum_crc32 ⇒ String

  The base64-encoded, 32-bit CRC-32 checksum of the object.

• #checksum_crc32c ⇒ String

  The base64-encoded, 32-bit CRC-32C checksum of the object.

• #checksum_sha1 ⇒ String

  The base64-encoded, 160-bit SHA-1 digest of the object.

• #checksum_sha256 ⇒ String

  The base64-encoded, 256-bit SHA-256 digest of the object.

• #content_disposition ⇒ String

  Specifies presentational information for the object.

• #content_encoding ⇒ String

  Indicates what content encodings have been applied to the object and thus what decoding mechanisms must be applied to obtain the media-type referenced by the Content-Type header field.

• #content_language ⇒ String

  The language the content is in.

• #content_length ⇒ Integer

  Size of the body in bytes.

• #content_type ⇒ String

  A standard MIME type describing the format of the object data.

• #delete_marker ⇒ Boolean

  Specifies whether the object retrieved was (true) or was not (false) a Delete Marker.

• #etag ⇒ String

  An entity tag (ETag) is an opaque identifier assigned by a web server to a specific version of a resource found at a URL.

• #expiration ⇒ String

  If the object expiration is configured (see [ ‘PutBucketLifecycleConfiguration` ][1]), the response includes this header.

• #expires ⇒ Time

  The date and time at which the object is no longer cacheable.

• #expires_string ⇒ String
• #key ⇒ String
• #last_modified ⇒ Time

  Date and time when the object was last modified.

• #metadata ⇒ Hash<String,String>

  A map of metadata to store with the object in S3.

• #missing_meta ⇒ Integer

  This is set to the number of metadata entries not returned in ‘x-amz-meta` headers.

• #object_lock_legal_hold_status ⇒ String

  Specifies whether a legal hold is in effect for this object.

• #object_lock_mode ⇒ String

  The Object Lock mode, if any, that’s in effect for this object.

• #object_lock_retain_until_date ⇒ Time

  The date and time when the Object Lock retention period expires.

• #parts_count ⇒ Integer

  The count of parts this object has.

• #replication_status ⇒ String

  Amazon S3 can return this header if your request involves a bucket that is either a source or a destination in a replication rule.

• #request_charged ⇒ String

  If present, indicates that the requester was successfully charged for the request.

• #restore ⇒ String

  If the object is an archived object (an object whose storage class is GLACIER), the response includes this header if either the archive restoration is in progress (see [RestoreObject] or an archive copy is already restored.

• #server_side_encryption ⇒ String

  The server-side encryption algorithm used when you store this object in Amazon S3 (for example, ‘AES256`, `aws:kms`, `aws:kms:dsse`).

• #sse_customer_algorithm ⇒ String

  If server-side encryption with a customer-provided encryption key was requested, the response will include this header to confirm the encryption algorithm that’s used.

• #sse_customer_key_md5 ⇒ String

  If server-side encryption with a customer-provided encryption key was requested, the response will include this header to provide the round-trip message integrity verification of the customer-provided encryption key.

• #ssekms_key_id ⇒ String

  If present, indicates the ID of the KMS key that was used for object encryption.

• #storage_class ⇒ String

  Provides storage class information of the object.

• #version_id ⇒ String

  Version ID of the object.

• #website_redirect_location ⇒ String

  If the bucket is configured as a website, redirects requests for this object to another object in the same bucket or to an external URL.

Actions

• #copy_from(options = {}) ⇒ Types::CopyObjectOutput
• #delete(options = {}) ⇒ Types::DeleteObjectOutput
• #get(options = {}, &block) ⇒ Types::GetObjectOutput
• #head(options = {}) ⇒ Types::HeadObjectOutput
• #initiate_multipart_upload(options = {}) ⇒ MultipartUpload
• #put(options = {}) ⇒ Types::PutObjectOutput
• #restore_object(options = {}) ⇒ Types::RestoreObjectOutput

Associations

• #acl ⇒ ObjectAcl
• #bucket ⇒ Bucket
• #identifiers ⇒ Object deprecated private Deprecated.
• #multipart_upload(id) ⇒ MultipartUpload
• #version(id) ⇒ ObjectVersion

Instance Method Summary

• #client ⇒ Client
• #copy_to(target, options = {}) ⇒ Object

  Copies this object to another object.

• #data ⇒ Types::HeadObjectOutput

  Returns the data for this Object.

• #data_loaded? ⇒ Boolean

  Returns ‘true` if this resource is loaded.

• #download_file(destination, options = {}) ⇒ Boolean

  Downloads a file in S3 to a path on disk.

• #exists?(options = {}) ⇒ Boolean

  Returns ‘true` if the Object exists.

• #initialize(*args) ⇒ Object constructor

  A new instance of Object.

• #load ⇒ self (also: #reload)

  Loads, or reloads #data for the current Object.

• #move_to(target, options = {}) ⇒ void

  Copies and deletes the current object.

• #presigned_post(options = {}) ⇒ PresignedPost

  Creates a PresignedPost that makes it easy to upload a file from a web browser direct to Amazon S3 using an HTML post form with a file field.

• #presigned_request(method, params = {}) ⇒ String, Hash

  Allows you to create presigned URL requests for S3 operations.

• #presigned_url(method, params = {}) ⇒ String

  Generates a pre-signed URL for this object.

• #public_url(options = {}) ⇒ String

  Returns the public (un-signed) URL for this object.

• #size ⇒ Object
• #upload_file(source, options = {}) {|response| ... } ⇒ Boolean

  Uploads a file from disk to the current object in S3.

• #upload_stream(options = {}, &block) ⇒ Boolean

  Uploads a stream in a streaming fashion to the current object in S3.

• #wait_until(options = {}) {|resource| ... } ⇒ Resource deprecated Deprecated.

  Use [Aws::S3::Client] #wait_until instead

• #wait_until_exists(options = {}, &block) ⇒ Object
• #wait_until_not_exists(options = {}, &block) ⇒ Object

Constructor Details

#initialize(bucket_name, key, options = {}) ⇒ Object #initialize(options = {}) ⇒ Object

Returns a new instance of Object.

Overloads:

• #initialize(bucket_name, key, options = {}) ⇒ Object

  Parameters:

  • bucket_name (String)
  • key (String)

  Options Hash (options):

  • :client (Client)
• #initialize(options = {}) ⇒ Object

  Options Hash (options):

  • :bucket_name (required, String)
  • :key (required, String)
  • :client (Client)

# File 'lib/aws-sdk-s3/object.rb', line 24

def initialize(*args)
  options = Hash === args.last ? args.pop.dup : {}
  @bucket_name = extract_bucket_name(args, options)
  @key = extract_key(args, options)
  @data = options.delete(:data)
  @client = options.delete(:client) || Client.new(options)
  @waiter_block_warned = false
end

Instance Method Details

#accept_ranges ⇒ String

Indicates that a range of bytes was specified.

Returns:

• (String)

# File 'lib/aws-sdk-s3/object.rb', line 59

def accept_ranges
  data[:accept_ranges]
end

#acl ⇒ ObjectAcl

Returns:

• (ObjectAcl)

# File 'lib/aws-sdk-s3/object.rb', line 3228

def acl
  ObjectAcl.new(
    bucket_name: @bucket_name,
    object_key: @key,
    client: @client
  )
end

#archive_status ⇒ String

The archive state of the head object.

<note markdown=“1”> This functionality is not supported for directory buckets.

</note>

Returns:

• (String)

# File 'lib/aws-sdk-s3/object.rb', line 119

def archive_status
  data[:archive_status]
end

#bucket ⇒ Bucket

Returns:

• (Bucket)

# File 'lib/aws-sdk-s3/object.rb', line 3237

def bucket
  Bucket.new(
    name: @bucket_name,
    client: @client
  )
end

#bucket_key_enabled ⇒ Boolean

Indicates whether the object uses an S3 Bucket Key for server-side encryption with Key Management Service (KMS) keys (SSE-KMS).

Returns:

• (Boolean)

# File 'lib/aws-sdk-s3/object.rb', line 337

def bucket_key_enabled
  data[:bucket_key_enabled]
end

#bucket_name ⇒ String

Returns:

• (String)

# File 'lib/aws-sdk-s3/object.rb', line 36

def bucket_name
  @bucket_name
end

#cache_control ⇒ String

Specifies caching behavior along the request/reply chain.

Returns:

• (String)

# File 'lib/aws-sdk-s3/object.rb', line 236

def cache_control
  data[:cache_control]
end

#checksum_crc32 ⇒ String

The base64-encoded, 32-bit CRC-32 checksum of the object. This will only be present if it was uploaded with the object. When you use an API operation on an object that was uploaded using multipart uploads, this value may not be a direct checksum value of the full object. Instead, it’s a calculation based on the checksum values of each individual part. For more information about how checksums are calculated with multipart uploads, see [ Checking object integrity] in the *Amazon S3 User Guide*.

[1]: docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums

Returns:

• (String)

# File 'lib/aws-sdk-s3/object.rb', line 148

def checksum_crc32
  data[:checksum_crc32]
end

#checksum_crc32c ⇒ String

The base64-encoded, 32-bit CRC-32C checksum of the object. This will only be present if it was uploaded with the object. When you use an API operation on an object that was uploaded using multipart uploads, this value may not be a direct checksum value of the full object. Instead, it’s a calculation based on the checksum values of each individual part. For more information about how checksums are calculated with multipart uploads, see [ Checking object integrity] in the *Amazon S3 User Guide*.

[1]: docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums

Returns:

• (String)

# File 'lib/aws-sdk-s3/object.rb', line 165

def checksum_crc32c
  data[:checksum_crc32c]
end

#checksum_sha1 ⇒ String

The base64-encoded, 160-bit SHA-1 digest of the object. This will only be present if it was uploaded with the object. When you use the API operation on an object that was uploaded using multipart uploads, this value may not be a direct checksum value of the full object. Instead, it’s a calculation based on the checksum values of each individual part. For more information about how checksums are calculated with multipart uploads, see [ Checking object integrity] in the *Amazon S3 User Guide*.

[1]: docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums

Returns:

• (String)

# File 'lib/aws-sdk-s3/object.rb', line 182

def checksum_sha1
  data[:checksum_sha1]
end

#checksum_sha256 ⇒ String

The base64-encoded, 256-bit SHA-256 digest of the object. This will only be present if it was uploaded with the object. When you use an API operation on an object that was uploaded using multipart uploads, this value may not be a direct checksum value of the full object. Instead, it’s a calculation based on the checksum values of each individual part. For more information about how checksums are calculated with multipart uploads, see [ Checking object integrity] in the *Amazon S3 User Guide*.

[1]: docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums

Returns:

• (String)

# File 'lib/aws-sdk-s3/object.rb', line 199

def checksum_sha256
  data[:checksum_sha256]
end

#client ⇒ Client

Returns:

• (Client)

# File 'lib/aws-sdk-s3/object.rb', line 478

def client
  @client
end

#content_disposition ⇒ String

Specifies presentational information for the object.

Returns:

• (String)

# File 'lib/aws-sdk-s3/object.rb', line 242

def content_disposition
  data[:content_disposition]
end

#content_encoding ⇒ String

Indicates what content encodings have been applied to the object and thus what decoding mechanisms must be applied to obtain the media-type referenced by the Content-Type header field.

Returns:

• (String)

# File 'lib/aws-sdk-s3/object.rb', line 250

def content_encoding
  data[:content_encoding]
end

#content_language ⇒ String

The language the content is in.

Returns:

• (String)

# File 'lib/aws-sdk-s3/object.rb', line 256

def content_language
  data[:content_language]
end

#content_length ⇒ Integer

Size of the body in bytes.

Returns:

• (Integer)

# File 'lib/aws-sdk-s3/object.rb', line 131

def content_length
  data[:content_length]
end

#content_type ⇒ String

A standard MIME type describing the format of the object data.

Returns:

• (String)

# File 'lib/aws-sdk-s3/object.rb', line 262

def content_type
  data[:content_type]
end

#copy_from(options = {}) ⇒ Types::CopyObjectOutput

Examples:

Request syntax with placeholder values

object.copy_from({
  acl: "private", # accepts private, public-read, public-read-write, authenticated-read, aws-exec-read, bucket-owner-read, bucket-owner-full-control
  cache_control: "CacheControl",
  checksum_algorithm: "CRC32", # accepts CRC32, CRC32C, SHA1, SHA256
  content_disposition: "ContentDisposition",
  content_encoding: "ContentEncoding",
  content_language: "ContentLanguage",
  content_type: "ContentType",
  copy_source: "CopySource", # required
  copy_source_if_match: "CopySourceIfMatch",
  copy_source_if_modified_since: Time.now,
  copy_source_if_none_match: "CopySourceIfNoneMatch",
  copy_source_if_unmodified_since: Time.now,
  expires: Time.now,
  grant_full_control: "GrantFullControl",
  grant_read: "GrantRead",
  grant_read_acp: "GrantReadACP",
  grant_write_acp: "GrantWriteACP",
  metadata: {
    "MetadataKey" => "MetadataValue",
  },
  metadata_directive: "COPY", # accepts COPY, REPLACE
  tagging_directive: "COPY", # accepts COPY, REPLACE
  server_side_encryption: "AES256", # accepts AES256, aws:kms, aws:kms:dsse
  storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS, GLACIER_IR, SNOW, EXPRESS_ONEZONE
  website_redirect_location: "WebsiteRedirectLocation",
  sse_customer_algorithm: "SSECustomerAlgorithm",
  sse_customer_key: "SSECustomerKey",
  sse_customer_key_md5: "SSECustomerKeyMD5",
  ssekms_key_id: "SSEKMSKeyId",
  ssekms_encryption_context: "SSEKMSEncryptionContext",
  bucket_key_enabled: false,
  copy_source_sse_customer_algorithm: "CopySourceSSECustomerAlgorithm",
  copy_source_sse_customer_key: "CopySourceSSECustomerKey",
  copy_source_sse_customer_key_md5: "CopySourceSSECustomerKeyMD5",
  request_payer: "requester", # accepts requester
  tagging: "TaggingHeader",
  object_lock_mode: "GOVERNANCE", # accepts GOVERNANCE, COMPLIANCE
  object_lock_retain_until_date: Time.now,
  object_lock_legal_hold_status: "ON", # accepts ON, OFF
  expected_bucket_owner: "AccountId",
  expected_source_bucket_owner: "AccountId",
})

Parameters:

• options (Hash) (defaults to: {}) —

  ({})

Options Hash (options):

• :acl (String) —

  The canned access control list (ACL) to apply to the object.

  When you copy an object, the ACL metadata is not preserved and is set to ‘private` by default. Only the owner has full access control. To override the default ACL setting, specify a new ACL when you generate a copy request. For more information, see [Using ACLs].

  If the destination bucket that you’re copying objects to uses the bucket owner enforced setting for S3 Object Ownership, ACLs are disabled and no longer affect permissions. Buckets that use this setting only accept ‘PUT` requests that don’t specify an ACL or ‘PUT` requests that specify bucket owner full control ACLs, such as the `bucket-owner-full-control` canned ACL or an equivalent form of this ACL expressed in the XML format. For more information, see

  Controlling ownership of objects and disabling ACLs][2

  in the

  *Amazon S3 User Guide*.

  <note markdown=“1”> * If your destination bucket uses the bucket owner enforced setting

  for Object Ownership, all objects written to the bucket by any
  account will be owned by the bucket owner.
  

  • This functionality is not supported for directory buckets.

  • This functionality is not supported for Amazon S3 on Outposts.

  </note>
  

  [1]: docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html [2]: docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html

• :cache_control (String) —

  Specifies the caching behavior along the request/reply chain.

• :checksum_algorithm (String) —

  Indicates the algorithm that you want Amazon S3 to use to create the checksum for the object. For more information, see [Checking object integrity] in the *Amazon S3 User Guide*.

  When you copy an object, if the source object has a checksum, that checksum value will be copied to the new object by default. If the ‘CopyObject` request does not include this `x-amz-checksum-algorithm` header, the checksum algorithm will be copied from the source object to the destination object (if it’s present on the source object). You can optionally specify a different checksum algorithm to use with the ‘x-amz-checksum-algorithm` header. Unrecognized or unsupported values will respond with the HTTP status code `400 Bad Request`.

  <note markdown=“1”> For directory buckets, when you use Amazon Web Services SDKs, ‘CRC32` is the default checksum algorithm that’s used for performance.

  </note>
  

  [1]: docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html

• :content_disposition (String) —

  Specifies presentational information for the object. Indicates whether an object should be displayed in a web browser or downloaded as a file. It allows specifying the desired filename for the downloaded file.

• :content_encoding (String) —

  Specifies what content encodings have been applied to the object and thus what decoding mechanisms must be applied to obtain the media-type referenced by the Content-Type header field.

  <note markdown=“1”> For directory buckets, only the ‘aws-chunked` value is supported in this header field.

  </note>
  

• :content_language (String) —

  The language the content is in.

• :content_type (String) —

  A standard MIME type that describes the format of the object data.

• :copy_source (required, String) —

  Specifies the source object for the copy operation. The source object can be up to 5 GB. If the source object is an object that was uploaded by using a multipart upload, the object copy will be a single part object after the source object is copied to the destination bucket.

  You specify the value of the copy source in one of two formats, depending on whether you want to access the source object through an [access point]:

  • For objects not accessed through an access point, specify the name of the source bucket and the key of the source object, separated by a slash (/). For example, to copy the object ‘reports/january.pdf` from the general purpose bucket `awsexamplebucket`, use `awsexamplebucket/reports/january.pdf`. The value must be URL-encoded. To copy the object `reports/january.pdf` from the directory bucket `awsexamplebucket–use1-az5–x-s3`, use `awsexamplebucket–use1-az5–x-s3/reports/january.pdf`. The value must be URL-encoded.

  • For objects accessed through access points, specify the Amazon Resource Name (ARN) of the object as accessed through the access point, in the format ‘arn:aws:s3:<Region>:<account-id>:accesspoint/<access-point-name>/object/<key>`. For example, to copy the object `reports/january.pdf` through access point `my-access-point` owned by account `123456789012` in Region `us-west-2`, use the URL encoding of `arn:aws:s3:us-west-2:123456789012:accesspoint/my-access-point/object/reports/january.pdf`. The value must be URL encoded.

    <note markdown=“1”> * Amazon S3 supports copy operations using Access points only when

    the source and destination buckets are in the same Amazon Web
    Services Region.
    

    • Access points are not supported by directory buckets.

    </note>
    

    Alternatively, for objects accessed through Amazon S3 on Outposts, specify the ARN of the object as accessed in the format ‘arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/object/<key>`. For example, to copy the object `reports/january.pdf` through outpost `my-outpost` owned by account `123456789012` in Region `us-west-2`, use the URL encoding of `arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/object/reports/january.pdf`. The value must be URL-encoded.

  If your source bucket versioning is enabled, the ‘x-amz-copy-source` header by default identifies the current version of an object to copy. If the current version is a delete marker, Amazon S3 behaves as if the object was deleted. To copy a different version, use the `versionId` query parameter. Specifically, append `?versionId=<version-id>` to the value (for example, `awsexamplebucket/reports/january.pdf?versionId=QUpfdndhfd8438MNFDN93jdnJFkdmqnh893`). If you don’t specify a version ID, Amazon S3 copies the latest version of the source object.

  If you enable versioning on the destination bucket, Amazon S3 generates a unique version ID for the copied object. This version ID is different from the version ID of the source object. Amazon S3 returns the version ID of the copied object in the ‘x-amz-version-id` response header in the response.

  If you do not enable versioning or suspend it on the destination bucket, the version ID that Amazon S3 generates in the ‘x-amz-version-id` response header is always null.

  <note markdown=“1”> **Directory buckets** - S3 Versioning isn’t enabled and supported for directory buckets.

  </note>
  

  [1]: docs.aws.amazon.com/AmazonS3/latest/userguide/access-points.html

• :copy_source_if_match (String) —

  Copies the object if its entity tag (ETag) matches the specified tag.

  If both the ‘x-amz-copy-source-if-match` and `x-amz-copy-source-if-unmodified-since` headers are present in the request and evaluate as follows, Amazon S3 returns `200 OK` and copies the data:

  • ‘x-amz-copy-source-if-match` condition evaluates to true

  • ‘x-amz-copy-source-if-unmodified-since` condition evaluates to false

• :copy_source_if_modified_since (Time, DateTime, Date, Integer, String) —

  Copies the object if it has been modified since the specified time.

  If both the ‘x-amz-copy-source-if-none-match` and `x-amz-copy-source-if-modified-since` headers are present in the request and evaluate as follows, Amazon S3 returns the `412 Precondition Failed` response code:

  • ‘x-amz-copy-source-if-none-match` condition evaluates to false

  • ‘x-amz-copy-source-if-modified-since` condition evaluates to true

• :copy_source_if_none_match (String) —

  Copies the object if its entity tag (ETag) is different than the specified ETag.

  If both the ‘x-amz-copy-source-if-none-match` and `x-amz-copy-source-if-modified-since` headers are present in the request and evaluate as follows, Amazon S3 returns the `412 Precondition Failed` response code:

  • ‘x-amz-copy-source-if-none-match` condition evaluates to false

  • ‘x-amz-copy-source-if-modified-since` condition evaluates to true

• :copy_source_if_unmodified_since (Time, DateTime, Date, Integer, String) —

  Copies the object if it hasn’t been modified since the specified time.

  If both the ‘x-amz-copy-source-if-match` and `x-amz-copy-source-if-unmodified-since` headers are present in the request and evaluate as follows, Amazon S3 returns `200 OK` and copies the data:

  • ‘x-amz-copy-source-if-match` condition evaluates to true

  • ‘x-amz-copy-source-if-unmodified-since` condition evaluates to false

• :expires (Time, DateTime, Date, Integer, String) —

  The date and time at which the object is no longer cacheable.

• :grant_full_control (String) —

  Gives the grantee READ, READ_ACP, and WRITE_ACP permissions on the object.

  <note markdown=“1”> * This functionality is not supported for directory buckets.

  • This functionality is not supported for Amazon S3 on Outposts.

  </note>
  

• :grant_read (String) —

  Allows grantee to read the object data and its metadata.

  <note markdown=“1”> * This functionality is not supported for directory buckets.

  • This functionality is not supported for Amazon S3 on Outposts.

  </note>
  

• :grant_read_acp (String) —

  Allows grantee to read the object ACL.

  <note markdown=“1”> * This functionality is not supported for directory buckets.

  • This functionality is not supported for Amazon S3 on Outposts.

  </note>
  

• :grant_write_acp (String) —

  Allows grantee to write the ACL for the applicable object.

  <note markdown=“1”> * This functionality is not supported for directory buckets.

  • This functionality is not supported for Amazon S3 on Outposts.

  </note>
  

• :metadata (Hash<String,String>) —

  A map of metadata to store with the object in S3.

• :metadata_directive (String) —

  Specifies whether the metadata is copied from the source object or replaced with metadata that’s provided in the request. When copying an object, you can preserve all metadata (the default) or specify new metadata. If this header isn’t specified, ‘COPY` is the default behavior.

  **General purpose bucket** - For general purpose buckets, when you grant permissions, you can use the ‘s3:x-amz-metadata-directive` condition key to enforce certain metadata behavior when objects are uploaded. For more information, see [Amazon S3 condition key examples] in the *Amazon S3 User Guide*.

  <note markdown=“1”> ‘x-amz-website-redirect-location` is unique to each object and is not copied when using the `x-amz-metadata-directive` header. To copy the value, you must specify `x-amz-website-redirect-location` in the request header.

  </note>
  

  [1]: docs.aws.amazon.com/AmazonS3/latest/dev/amazon-s3-policy-keys.html

• :tagging_directive (String) —

  Specifies whether the object tag-set is copied from the source object or replaced with the tag-set that’s provided in the request.

  The default value is ‘COPY`.

  <note markdown=“1”> **Directory buckets** - For directory buckets in a ‘CopyObject` operation, only the empty tag-set is supported. Any requests that attempt to write non-empty tags into directory buckets will receive a `501 Not Implemented` status code. When the destination bucket is a directory bucket, you will receive a `501 Not Implemented` response in any of the following situations:

  * When you attempt to `COPY` the tag-set from an S3 source object that
   has non-empty tags.
  

  • When you attempt to ‘REPLACE` the tag-set of a source object and set a non-empty value to `x-amz-tagging`.

  • When you don’t set the ‘x-amz-tagging-directive` header and the source object has non-empty tags. This is because the default value of `x-amz-tagging-directive` is `COPY`.

  Because only the empty tag-set is supported for directory buckets in a
  

  ‘CopyObject` operation, the following situations are allowed:

  * When you attempt to `COPY` the tag-set from a directory bucket
   source object that has no tags to a general purpose bucket. It
   copies an empty tag-set to the destination object.
  

  • When you attempt to ‘REPLACE` the tag-set of a directory bucket source object and set the `x-amz-tagging` value of the directory bucket destination object to empty.

  • When you attempt to ‘REPLACE` the tag-set of a general purpose bucket source object that has non-empty tags and set the `x-amz-tagging` value of the directory bucket destination object to empty.

  • When you attempt to ‘REPLACE` the tag-set of a directory bucket source object and don’t set the ‘x-amz-tagging` value of the directory bucket destination object. This is because the default value of `x-amz-tagging` is the empty value.

  </note>
  

• :server_side_encryption (String) —

  The server-side encryption algorithm used when storing this object in Amazon S3. Unrecognized or unsupported values won’t write a destination object and will receive a ‘400 Bad Request` response.

  Amazon S3 automatically encrypts all new objects that are copied to an S3 bucket. When copying an object, if you don’t specify encryption information in your copy request, the encryption setting of the target object is set to the default encryption configuration of the destination bucket. By default, all buckets have a base level of encryption configuration that uses server-side encryption with Amazon S3 managed keys (SSE-S3). If the destination bucket has a different default encryption configuration, Amazon S3 uses the corresponding encryption key to encrypt the target object copy.

  With server-side encryption, Amazon S3 encrypts your data as it writes your data to disks in its data centers and decrypts the data when you access it. For more information about server-side encryption, see

  Using Server-Side Encryption][1

  in the *Amazon S3 User Guide*.

  General purpose buckets

  • For general purpose buckets, there are the following supported options for server-side encryption: server-side encryption with Key Management Service (KMS) keys (SSE-KMS), dual-layer server-side encryption with Amazon Web Services KMS keys (DSSE-KMS), and server-side encryption with customer-provided encryption keys (SSE-C). Amazon S3 uses the corresponding KMS key, or a customer-provided key to encrypt the target object copy.

  • When you perform a ‘CopyObject` operation, if you want to use a different type of encryption setting for the target object, you can specify appropriate encryption-related headers to encrypt the target object with an Amazon S3 managed key, a KMS key, or a customer-provided key. If the encryption setting in your request is different from the default encryption configuration of the destination bucket, the encryption setting in your request takes precedence.

  Directory buckets

  • For directory buckets, there are only two supported options for server-side encryption: server-side encryption with Amazon S3 managed keys (SSE-S3) (‘AES256`) and server-side encryption with KMS keys (SSE-KMS) (`aws:kms`). We recommend that the bucket’s default encryption uses the desired encryption configuration and you don’t override the bucket default encryption in your ‘CreateSession` requests or `PUT` object requests. Then, new objects are automatically encrypted with the desired encryption settings. For more information, see [Protecting data with server-side encryption] in the *Amazon S3 User Guide*. For more information about the encryption overriding behaviors in directory buckets, see [Specifying server-side encryption with KMS for new object uploads].

  • To encrypt new object copies to a directory bucket with SSE-KMS, we recommend you specify SSE-KMS as the directory bucket’s default encryption configuration with a KMS key (specifically, a [customer managed key]). The [Amazon Web Services managed key] (‘aws/s3`) isn’t supported. Your SSE-KMS configuration can only support 1 [customer managed key] per directory bucket for the lifetime of the bucket. After you specify a customer managed key for SSE-KMS, you can’t override the customer managed key for the bucket’s SSE-KMS configuration. Then, when you perform a ‘CopyObject` operation and want to specify server-side encryption settings for new object copies with SSE-KMS in the encryption-related request headers, you must ensure the encryption key is the same customer managed key that you specified for the directory bucket’s default encryption configuration.

  [1]: docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html [2]: docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-serv-side-encryption.html [3]: docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-specifying-kms-encryption.html [4]: docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk [5]: docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk

• :storage_class (String) —

  If the ‘x-amz-storage-class` header is not used, the copied object will be stored in the `STANDARD` Storage Class by default. The `STANDARD` storage class provides high durability and high availability. Depending on performance needs, you can specify a different Storage Class.

  <note markdown=“1”> * Directory buckets - For directory buckets, only the S3

  Express One Zone storage class is supported to store newly created
  objects. Unsupported storage class values won't write a destination
  object and will respond with the HTTP status code `400 Bad Request`.
  

  • Amazon S3 on Outposts - S3 on Outposts only uses the ‘OUTPOSTS` Storage Class.

  </note>
  

  You can use the ‘CopyObject` action to change the storage class of an object that is already stored in Amazon S3 by using the `x-amz-storage-class` header. For more information, see [Storage Classes] in the *Amazon S3 User Guide*.

  Before using an object as a source object for the copy operation, you must restore a copy of it if it meets any of the following conditions:

  • The storage class of the source object is ‘GLACIER` or `DEEP_ARCHIVE`.

  • The storage class of the source object is ‘INTELLIGENT_TIERING` and it’s [S3 Intelligent-Tiering access tier] is ‘Archive Access` or `Deep Archive Access`.

  For more information, see [RestoreObject] and [Copying Objects] in the *Amazon S3 User Guide*.

  [1]: docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html [2]: docs.aws.amazon.com/AmazonS3/latest/userguide/intelligent-tiering-overview.html#intel-tiering-tier-definition [3]: docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html [4]: docs.aws.amazon.com/AmazonS3/latest/dev/CopyingObjectsExamples.html

• :website_redirect_location (String) —

  If the destination bucket is configured as a website, redirects requests for this object copy to another object in the same bucket or to an external URL. Amazon S3 stores the value of this header in the object metadata. This value is unique to each object and is not copied when using the ‘x-amz-metadata-directive` header. Instead, you may opt to provide this header in combination with the `x-amz-metadata-directive` header.

  <note markdown=“1”> This functionality is not supported for directory buckets.

  </note>
  

• :sse_customer_algorithm (String) —

  Specifies the algorithm to use when encrypting the object (for example, ‘AES256`).

  When you perform a ‘CopyObject` operation, if you want to use a different type of encryption setting for the target object, you can specify appropriate encryption-related headers to encrypt the target object with an Amazon S3 managed key, a KMS key, or a customer-provided key. If the encryption setting in your request is different from the default encryption configuration of the destination bucket, the encryption setting in your request takes precedence.

  <note markdown=“1”> This functionality is not supported when the destination bucket is a directory bucket.

  </note>
  

• :sse_customer_key (String) —

  Specifies the customer-provided encryption key for Amazon S3 to use in encrypting data. This value is used to store the object and then it is discarded. Amazon S3 does not store the encryption key. The key must be appropriate for use with the algorithm specified in the ‘x-amz-server-side-encryption-customer-algorithm` header.

  <note markdown=“1”> This functionality is not supported when the destination bucket is a directory bucket.

  </note>
  

• :sse_customer_key_md5 (String) —

  Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. Amazon S3 uses this header for a message integrity check to ensure that the encryption key was transmitted without error.

  <note markdown=“1”> This functionality is not supported when the destination bucket is a directory bucket.

  </note>
  

• :ssekms_key_id (String) —

  Specifies the KMS key ID (Key ID, Key ARN, or Key Alias) to use for object encryption. All GET and PUT requests for an object protected by KMS will fail if they’re not made via SSL or using SigV4. For information about configuring any of the officially supported Amazon Web Services SDKs and Amazon Web Services CLI, see [Specifying the Signature Version in Request Authentication] in the *Amazon S3 User Guide*.

  **Directory buckets** - If you specify ‘x-amz-server-side-encryption` with `aws:kms`, the ` x-amz-server-side-encryption-aws-kms-key-id` header is implicitly assigned the ID of the KMS symmetric encryption customer managed key that’s configured for your directory bucket’s default encryption setting. If you want to specify the ‘ x-amz-server-side-encryption-aws-kms-key-id` header explicitly, you can only specify it with the ID (Key ID or Key ARN) of the KMS customer managed key that’s configured for your directory bucket’s default encryption setting. Otherwise, you get an HTTP ‘400 Bad Request` error. Only use the key ID or key ARN. The key alias format of the KMS key isn’t supported. Your SSE-KMS configuration can only support 1 [customer managed key] per directory bucket for the lifetime of the bucket. The [Amazon Web Services managed key] (‘aws/s3`) isn’t supported.

  [1]: docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version [2]: docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk [3]: docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk

• :ssekms_encryption_context (String) —

  Specifies the Amazon Web Services KMS Encryption Context as an additional encryption context to use for the destination object encryption. The value of this header is a base64-encoded UTF-8 string holding JSON with the encryption context key-value pairs.

  **General purpose buckets** - This value must be explicitly added to specify encryption context for ‘CopyObject` requests if you want an additional encryption context for your destination object. The additional encryption context of the source object won’t be copied to the destination object. For more information, see [Encryption context] in the *Amazon S3 User Guide*.

  **Directory buckets** - You can optionally provide an explicit encryption context value. The value must match the default encryption context - the bucket Amazon Resource Name (ARN). An additional encryption context value is not supported.

  [1]: docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html#encryption-context

• :bucket_key_enabled (Boolean) —

  Specifies whether Amazon S3 should use an S3 Bucket Key for object encryption with server-side encryption using Key Management Service (KMS) keys (SSE-KMS). If a target object uses SSE-KMS, you can enable an S3 Bucket Key for the object.

  Setting this header to ‘true` causes Amazon S3 to use an S3 Bucket Key for object encryption with SSE-KMS. Specifying this header with a COPY action doesn’t affect bucket-level settings for S3 Bucket Key.

  For more information, see [Amazon S3 Bucket Keys] in the *Amazon S3 User Guide*.

  <note markdown=“1”> **Directory buckets** - S3 Bucket Keys aren’t supported, when you copy SSE-KMS encrypted objects from general purpose buckets to directory buckets, from directory buckets to general purpose buckets, or between directory buckets, through [CopyObject]. In this case, Amazon S3 makes a call to KMS every time a copy request is made for a KMS-encrypted object.

  </note>
  

  [1]: docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html [2]: docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html

• :copy_source_sse_customer_algorithm (String) —

  Specifies the algorithm to use when decrypting the source object (for example, ‘AES256`).

  If the source object for the copy is stored in Amazon S3 using SSE-C, you must provide the necessary encryption information in your request so that Amazon S3 can decrypt the object for copying.

  <note markdown=“1”> This functionality is not supported when the source object is in a directory bucket.

  </note>
  

• :copy_source_sse_customer_key (String) —

  Specifies the customer-provided encryption key for Amazon S3 to use to decrypt the source object. The encryption key provided in this header must be the same one that was used when the source object was created.

  If the source object for the copy is stored in Amazon S3 using SSE-C, you must provide the necessary encryption information in your request so that Amazon S3 can decrypt the object for copying.

  <note markdown=“1”> This functionality is not supported when the source object is in a directory bucket.

  </note>
  

• :copy_source_sse_customer_key_md5 (String) —

  Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. Amazon S3 uses this header for a message integrity check to ensure that the encryption key was transmitted without error.

  If the source object for the copy is stored in Amazon S3 using SSE-C, you must provide the necessary encryption information in your request so that Amazon S3 can decrypt the object for copying.

  <note markdown=“1”> This functionality is not supported when the source object is in a directory bucket.

  </note>
  

• :request_payer (String) —

  Confirms that the requester knows that they will be charged for the request. Bucket owners need not specify this parameter in their requests. If either the source or destination S3 bucket has Requester Pays enabled, the requester will pay for corresponding charges to copy the object. For information about downloading objects from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets] in the *Amazon S3 User Guide*.

  <note markdown=“1”> This functionality is not supported for directory buckets.

  </note>
  

  [1]: docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html

• :tagging (String) —

  The tag-set for the object copy in the destination bucket. This value must be used in conjunction with the ‘x-amz-tagging-directive` if you choose `REPLACE` for the `x-amz-tagging-directive`. If you choose `COPY` for the `x-amz-tagging-directive`, you don’t need to set the ‘x-amz-tagging` header, because the tag-set will be copied from the source object directly. The tag-set must be encoded as URL Query parameters.

  The default value is the empty value.

  <note markdown=“1”> **Directory buckets** - For directory buckets in a ‘CopyObject` operation, only the empty tag-set is supported. Any requests that attempt to write non-empty tags into directory buckets will receive a `501 Not Implemented` status code. When the destination bucket is a directory bucket, you will receive a `501 Not Implemented` response in any of the following situations:

  * When you attempt to `COPY` the tag-set from an S3 source object that
   has non-empty tags.
  

  • When you attempt to ‘REPLACE` the tag-set of a source object and set a non-empty value to `x-amz-tagging`.

  • When you don’t set the ‘x-amz-tagging-directive` header and the source object has non-empty tags. This is because the default value of `x-amz-tagging-directive` is `COPY`.

  Because only the empty tag-set is supported for directory buckets in a
  

  ‘CopyObject` operation, the following situations are allowed:

  * When you attempt to `COPY` the tag-set from a directory bucket
   source object that has no tags to a general purpose bucket. It
   copies an empty tag-set to the destination object.
  

  • When you attempt to ‘REPLACE` the tag-set of a directory bucket source object and set the `x-amz-tagging` value of the directory bucket destination object to empty.

  • When you attempt to ‘REPLACE` the tag-set of a general purpose bucket source object that has non-empty tags and set the `x-amz-tagging` value of the directory bucket destination object to empty.

  • When you attempt to ‘REPLACE` the tag-set of a directory bucket source object and don’t set the ‘x-amz-tagging` value of the directory bucket destination object. This is because the default value of `x-amz-tagging` is the empty value.

  </note>
  

• :object_lock_mode (String) —

  The Object Lock mode that you want to apply to the object copy.

  <note markdown=“1”> This functionality is not supported for directory buckets.

  </note>
  

• :object_lock_retain_until_date (Time, DateTime, Date, Integer, String) —

  The date and time when you want the Object Lock of the object copy to expire.

  <note markdown=“1”> This functionality is not supported for directory buckets.

  </note>
  

• :object_lock_legal_hold_status (String) —

  Specifies whether you want to apply a legal hold to the object copy.

  <note markdown=“1”> This functionality is not supported for directory buckets.

  </note>
  

• :expected_bucket_owner (String) —

  The account ID of the expected destination bucket owner. If the account ID that you provide does not match the actual owner of the destination bucket, the request fails with the HTTP status code ‘403 Forbidden` (access denied).

• :expected_source_bucket_owner (String) —

  The account ID of the expected source bucket owner. If the account ID that you provide does not match the actual owner of the source bucket, the request fails with the HTTP status code ‘403 Forbidden` (access denied).

Returns:

• (Types::CopyObjectOutput)

# File 'lib/aws-sdk-s3/customizations/object.rb', line 78

alias_method :copy_from, :copy_from

#copy_to(target, options = {}) ⇒ Object

Note:

If you need to copy to a bucket in a different region, use #copy_from.

Copies this object to another object. Use ‘multipart_copy: true` for large objects. This is required for objects that exceed 5GB.

Examples:

Basic object copy

bucket = Aws::S3::Bucket.new('source-bucket')
object = bucket.object('source-key')

# target as String
object.copy_to('target-bucket/target-key')

# target as Hash
object.copy_to(bucket: 'target-bucket', key: 'target-key')

# target as Aws::S3::Object
object.copy_to(bucket.object('target-key'))

Managed copy of large objects

# uses multipart upload APIs to copy object
object.copy_to('src-bucket/src-key', multipart_copy: true)

Parameters:

• target (S3::Object, String, Hash) —

  Where to copy the object data to. ‘target` must be one of the following:

  • Aws::S3::Object

  • Hash - with ‘:bucket` and `:key`

  • String - formatted like ‘“target-bucket-name/target-key”`

# File 'lib/aws-sdk-s3/customizations/object.rb', line 121

def copy_to(target, options = {})
  Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
    ObjectCopier.new(self, options).copy_to(target, options)
  end
end

#data ⇒ Types::HeadObjectOutput

Returns the data for this Aws::S3::Object. Calls Client#head_object if #data_loaded? is ‘false`.

Returns:

• (Types::HeadObjectOutput) —

  Returns the data for this Aws::S3::Object. Calls Client#head_object if #data_loaded? is ‘false`.

# File 'lib/aws-sdk-s3/object.rb', line 503

def data
  load unless @data
  @data
end

#data_loaded? ⇒ Boolean

Returns ‘true` if this resource is loaded. Accessing attributes or #data on an unloaded resource will trigger a call to #load.

Returns:

• (Boolean) —

  Returns ‘true` if this resource is loaded. Accessing attributes or #data on an unloaded resource will trigger a call to #load.

# File 'lib/aws-sdk-s3/object.rb', line 511

def data_loaded?
  !!@data
end

#delete(options = {}) ⇒ Types::DeleteObjectOutput

Examples:

Request syntax with placeholder values

object.delete({
  mfa: "MFA",
  version_id: "ObjectVersionId",
  request_payer: "requester", # accepts requester
  bypass_governance_retention: false,
  expected_bucket_owner: "AccountId",
})

Parameters:

• options (Hash) (defaults to: {}) —

  ({})

Options Hash (options):

• :mfa (String) —

  The concatenation of the authentication device’s serial number, a space, and the value that is displayed on your authentication device. Required to permanently delete a versioned object if versioning is configured with MFA delete enabled.

  <note markdown=“1”> This functionality is not supported for directory buckets.

  </note>
  

• :version_id (String) —

  Version ID used to reference a specific version of the object.

  <note markdown=“1”> For directory buckets in this API operation, only the ‘null` value of the version ID is supported.

  </note>
  

• :request_payer (String) —

  Confirms that the requester knows that they will be charged for the request. Bucket owners need not specify this parameter in their requests. If either the source or destination S3 bucket has Requester Pays enabled, the requester will pay for corresponding charges to copy the object. For information about downloading objects from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets] in the *Amazon S3 User Guide*.

  <note markdown=“1”> This functionality is not supported for directory buckets.

  </note>
  

  [1]: docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html

• :bypass_governance_retention (Boolean) —

  Indicates whether S3 Object Lock should bypass Governance-mode restrictions to process this operation. To use this header, you must have the ‘s3:BypassGovernanceRetention` permission.

  <note markdown=“1”> This functionality is not supported for directory buckets.

  </note>
  

• :expected_bucket_owner (String) —

  The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code ‘403 Forbidden` (access denied).

Returns:

• (Types::DeleteObjectOutput)

# File 'lib/aws-sdk-s3/object.rb', line 1460

def delete(options = {})
  options = options.merge(
    bucket: @bucket_name,
    key: @key
  )
  resp = Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
    @client.delete_object(options)
  end
  resp.data
end

#delete_marker ⇒ Boolean

Specifies whether the object retrieved was (true) or was not (false) a Delete Marker. If false, this response header does not appear in the response.

<note markdown=“1”> This functionality is not supported for directory buckets.

</note>

Returns:

• (Boolean)

# File 'lib/aws-sdk-s3/object.rb', line 53

def delete_marker
  data[:delete_marker]
end

#download_file(destination, options = {}) ⇒ Boolean

Downloads a file in S3 to a path on disk.

# small files (< 5MB) are downloaded in a single API call
obj.download_file('/path/to/file')

Files larger than 5MB are downloaded using multipart method

# large files are split into parts
# and the parts are downloaded in parallel
obj.download_file('/path/to/very_large_file')

You can provide a callback to monitor progress of the download:

# bytes and part_sizes are each an array with 1 entry per part
# part_sizes may not be known until the first bytes are retrieved
progress = Proc.new do |bytes, part_sizes, file_size|
  puts bytes.map.with_index { |b, i| "Part #{i+1}: #{b} / #{part_sizes[i]}"}.join(' ') + "Total: #{100.0 * bytes.sum / file_size}%" }
end
obj.download_file('/path/to/file', progress_callback: progress)

Parameters:

• destination (String) —

  Where to download the file to.

• options (Hash) (defaults to: {}) —

  Additional options for Client#get_object and #Client#head_object may be provided.

Options Hash (options):

• mode (String) —

  ‘auto`, `single_request`, `get_range` `single_request` mode forces only 1 GET request is made in download, `get_range` mode allows `chunk_size` parameter to configured in customizing each range size in multipart_download, By default, `auto` mode is enabled, which performs multipart_download

• chunk_size (Integer) —

  required in get_range mode.

• thread_count (Integer) — default: 10 —

  Customize threads used in the multipart download.

• version_id (String) —

  The object version id used to retrieve the object. For more about object versioning, see: docs.aws.amazon.com/AmazonS3/latest/dev/ObjectVersioning.html

• checksum_mode (String) — default: ENABLED —

  When ‘ENABLED` and the object has a stored checksum, it will be used to validate the download and will raise an `Aws::Errors::ChecksumError` if checksum validation fails. You may provide a `on_checksum_validated` callback if you need to verify that validation occurred and which algorithm was used. To disable checksum validation, set `checksum_mode` to “DISABLED”.

• on_checksum_validated (Callable) —

  Called each time a request’s checksum is validated with the checksum algorithm and the response. For multipart downloads, this will be called for each part that is downloaded and validated.

• :progress_callback (Proc) —

  A Proc that will be called when each chunk of the download is received. It will be invoked with [bytes_read], [part_sizes], file_size. When the object is downloaded as parts (rather than by ranges), the part_sizes will not be known ahead of time and will be nil in the callback until the first bytes in the part are received.

Returns:

• (Boolean) —

  Returns ‘true` when the file is downloaded without any errors.

See Also:

• Client#get_object
• Client#head_object

# File 'lib/aws-sdk-s3/customizations/object.rb', line 552

def download_file(destination, options = {})
  downloader = FileDownloader.new(client: client)
  Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
    downloader.download(
      destination,
      options.merge(bucket: bucket_name, key: key)
    )
  end
  true
end

#etag ⇒ String

An entity tag (ETag) is an opaque identifier assigned by a web server to a specific version of a resource found at a URL.

Returns:

• (String)

# File 'lib/aws-sdk-s3/object.rb', line 206

def etag
  data[:etag]
end

#exists?(options = {}) ⇒ Boolean

Returns ‘true` if the Object exists.

Parameters:

• options (Hash) (defaults to: {}) —

  ({})

Returns:

• (Boolean) —

  Returns ‘true` if the Object exists.

# File 'lib/aws-sdk-s3/object.rb', line 518

def exists?(options = {})
  begin
    wait_until_exists(options.merge(max_attempts: 1))
    true
  rescue Aws::Waiters::Errors::UnexpectedError => e
    raise e.error
  rescue Aws::Waiters::Errors::WaiterFailed
    false
  end
end

#expiration ⇒ String

If the object expiration is configured (see [ ‘PutBucketLifecycleConfiguration` ][1]), the response includes this header. It includes the `expiry-date` and `rule-id` key-value pairs providing object expiration information. The value of the `rule-id` is URL-encoded.

<note markdown=“1”> This functionality is not supported for directory buckets.

</note>

[1]: docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html

Returns:

• (String)

# File 'lib/aws-sdk-s3/object.rb', line 77

def expiration
  data[:expiration]
end

#expires ⇒ Time

The date and time at which the object is no longer cacheable.

Returns:

• (Time)

# File 'lib/aws-sdk-s3/object.rb', line 268

def expires
  data[:expires]
end

#expires_string ⇒ String

Returns:

• (String)

# File 'lib/aws-sdk-s3/object.rb', line 273

def expires_string
  data[:expires_string]
end

#get(options = {}, &block) ⇒ Types::GetObjectOutput

Examples:

Request syntax with placeholder values

object.get({
  if_match: "IfMatch",
  if_modified_since: Time.now,
  if_none_match: "IfNoneMatch",
  if_unmodified_since: Time.now,
  range: "Range",
  response_cache_control: "ResponseCacheControl",
  response_content_disposition: "ResponseContentDisposition",
  response_content_encoding: "ResponseContentEncoding",
  response_content_language: "ResponseContentLanguage",
  response_content_type: "ResponseContentType",
  response_expires: Time.now,
  version_id: "ObjectVersionId",
  sse_customer_algorithm: "SSECustomerAlgorithm",
  sse_customer_key: "SSECustomerKey",
  sse_customer_key_md5: "SSECustomerKeyMD5",
  request_payer: "requester", # accepts requester
  part_number: 1,
  expected_bucket_owner: "AccountId",
  checksum_mode: "ENABLED", # accepts ENABLED
})

Parameters:

• options (Hash) (defaults to: {}) —

  ({})

Options Hash (options):

• :if_match (String) —

  Return the object only if its entity tag (ETag) is the same as the one specified in this header; otherwise, return a ‘412 Precondition Failed` error.

  If both of the ‘If-Match` and `If-Unmodified-Since` headers are present in the request as follows: `If-Match` condition evaluates to `true`, and; `If-Unmodified-Since` condition evaluates to `false`; then, S3 returns `200 OK` and the data requested.

  For more information about conditional requests, see [RFC 7232].

  [1]: tools.ietf.org/html/rfc7232

• :if_modified_since (Time, DateTime, Date, Integer, String) —

  Return the object only if it has been modified since the specified time; otherwise, return a ‘304 Not Modified` error.

  If both of the ‘If-None-Match` and `If-Modified-Since` headers are present in the request as follows:` If-None-Match` condition evaluates to `false`, and; `If-Modified-Since` condition evaluates to `true`; then, S3 returns `304 Not Modified` status code.

  For more information about conditional requests, see [RFC 7232].

  [1]: tools.ietf.org/html/rfc7232

• :if_none_match (String) —

  Return the object only if its entity tag (ETag) is different from the one specified in this header; otherwise, return a ‘304 Not Modified` error.

  If both of the ‘If-None-Match` and `If-Modified-Since` headers are present in the request as follows:` If-None-Match` condition evaluates to `false`, and; `If-Modified-Since` condition evaluates to `true`; then, S3 returns `304 Not Modified` HTTP status code.

  For more information about conditional requests, see [RFC 7232].

  [1]: tools.ietf.org/html/rfc7232

• :if_unmodified_since (Time, DateTime, Date, Integer, String) —

  Return the object only if it has not been modified since the specified time; otherwise, return a ‘412 Precondition Failed` error.

  If both of the ‘If-Match` and `If-Unmodified-Since` headers are present in the request as follows: `If-Match` condition evaluates to `true`, and; `If-Unmodified-Since` condition evaluates to `false`; then, S3 returns `200 OK` and the data requested.

  For more information about conditional requests, see [RFC 7232].

  [1]: tools.ietf.org/html/rfc7232

• :range (String) —

  Downloads the specified byte range of an object. For more information about the HTTP Range header, see [www.rfc-editor.org/rfc/rfc9110.html#name-range][1].

  <note markdown=“1”> Amazon S3 doesn’t support retrieving multiple ranges of data per ‘GET` request.

  </note>
  

  [1]: www.rfc-editor.org/rfc/rfc9110.html#name-range

• :response_cache_control (String) —

  Sets the ‘Cache-Control` header of the response.

• :response_content_disposition (String) —

  Sets the ‘Content-Disposition` header of the response.

• :response_content_encoding (String) —

  Sets the ‘Content-Encoding` header of the response.

• :response_content_language (String) —

  Sets the ‘Content-Language` header of the response.

• :response_content_type (String) —

  Sets the ‘Content-Type` header of the response.

• :response_expires (Time, DateTime, Date, Integer, String) —

  Sets the ‘Expires` header of the response.

• :version_id (String) —

  Version ID used to reference a specific version of the object.

  By default, the ‘GetObject` operation returns the current version of an object. To return a different version, use the `versionId` subresource.

  <note markdown=“1”> * If you include a ‘versionId` in your request header, you must have

  the `s3:GetObjectVersion` permission to access a specific version of
  an object. The `s3:GetObject` permission is not required in this
  scenario.
  

  • If you request the current version of an object without a specific ‘versionId` in the request header, only the `s3:GetObject` permission is required. The `s3:GetObjectVersion` permission is not required in this scenario.

  • **Directory buckets** - S3 Versioning isn’t enabled and supported for directory buckets. For this API operation, only the ‘null` value of the version ID is supported by directory buckets. You can only specify `null` to the `versionId` query parameter in the request.

  </note>
  

  For more information about versioning, see [PutBucketVersioning].

  [1]: docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketVersioning.html

• :sse_customer_algorithm (String) —

  Specifies the algorithm to use when decrypting the object (for example, ‘AES256`).

  If you encrypt an object by using server-side encryption with customer-provided encryption keys (SSE-C) when you store the object in Amazon S3, then when you GET the object, you must use the following headers:

  • ‘x-amz-server-side-encryption-customer-algorithm`

  • ‘x-amz-server-side-encryption-customer-key`

  • ‘x-amz-server-side-encryption-customer-key-MD5`

  For more information about SSE-C, see [Server-Side Encryption (Using Customer-Provided Encryption Keys)] in the *Amazon S3 User Guide*.

  <note markdown=“1”> This functionality is not supported for directory buckets.

  </note>
  

  [1]: docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html

• :sse_customer_key (String) —

  Specifies the customer-provided encryption key that you originally provided for Amazon S3 to encrypt the data before storing it. This value is used to decrypt the object when recovering it and must match the one used when storing the data. The key must be appropriate for use with the algorithm specified in the ‘x-amz-server-side-encryption-customer-algorithm` header.

  If you encrypt an object by using server-side encryption with customer-provided encryption keys (SSE-C) when you store the object in Amazon S3, then when you GET the object, you must use the following headers:

  • ‘x-amz-server-side-encryption-customer-algorithm`

  • ‘x-amz-server-side-encryption-customer-key`

  • ‘x-amz-server-side-encryption-customer-key-MD5`

  For more information about SSE-C, see [Server-Side Encryption (Using Customer-Provided Encryption Keys)] in the *Amazon S3 User Guide*.

  <note markdown=“1”> This functionality is not supported for directory buckets.

  </note>
  

  [1]: docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html

• :sse_customer_key_md5 (String) —

  Specifies the 128-bit MD5 digest of the customer-provided encryption key according to RFC 1321. Amazon S3 uses this header for a message integrity check to ensure that the encryption key was transmitted without error.

  If you encrypt an object by using server-side encryption with customer-provided encryption keys (SSE-C) when you store the object in Amazon S3, then when you GET the object, you must use the following headers:

  • ‘x-amz-server-side-encryption-customer-algorithm`

  • ‘x-amz-server-side-encryption-customer-key`

  • ‘x-amz-server-side-encryption-customer-key-MD5`

  For more information about SSE-C, see [Server-Side Encryption (Using Customer-Provided Encryption Keys)] in the *Amazon S3 User Guide*.

  <note markdown=“1”> This functionality is not supported for directory buckets.

  </note>
  

  [1]: docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html

• :request_payer (String) —

  Confirms that the requester knows that they will be charged for the request. Bucket owners need not specify this parameter in their requests. If either the source or destination S3 bucket has Requester Pays enabled, the requester will pay for corresponding charges to copy the object. For information about downloading objects from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets] in the *Amazon S3 User Guide*.

  <note markdown=“1”> This functionality is not supported for directory buckets.

  </note>
  

  [1]: docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html

• :part_number (Integer) —

  Part number of the object being read. This is a positive integer between 1 and 10,000. Effectively performs a ‘ranged’ GET request for the part specified. Useful for downloading just a part of an object.

• :expected_bucket_owner (String) —

  The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code ‘403 Forbidden` (access denied).

• :checksum_mode (String) —

  To retrieve the checksum, this mode must be enabled.

  **General purpose buckets** - In addition, if you enable checksum mode and the object is uploaded with a [checksum] and encrypted with an Key Management Service (KMS) key, you must have permission to use the ‘kms:Decrypt` action to retrieve the checksum.

  [1]: docs.aws.amazon.com/AmazonS3/latest/API/API_Checksum.html

Returns:

• (Types::GetObjectOutput)

# File 'lib/aws-sdk-s3/object.rb', line 1725

def get(options = {}, &block)
  options = options.merge(
    bucket: @bucket_name,
    key: @key
  )
  resp = Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
    @client.get_object(options, &block)
  end
  resp.data
end

#head(options = {}) ⇒ Types::HeadObjectOutput

Examples:

Request syntax with placeholder values

object.head({
  if_match: "IfMatch",
  if_modified_since: Time.now,
  if_none_match: "IfNoneMatch",
  if_unmodified_since: Time.now,
  range: "Range",
  response_cache_control: "ResponseCacheControl",
  response_content_disposition: "ResponseContentDisposition",
  response_content_encoding: "ResponseContentEncoding",
  response_content_language: "ResponseContentLanguage",
  response_content_type: "ResponseContentType",
  response_expires: Time.now,
  version_id: "ObjectVersionId",
  sse_customer_algorithm: "SSECustomerAlgorithm",
  sse_customer_key: "SSECustomerKey",
  sse_customer_key_md5: "SSECustomerKeyMD5",
  request_payer: "requester", # accepts requester
  part_number: 1,
  expected_bucket_owner: "AccountId",
  checksum_mode: "ENABLED", # accepts ENABLED
})

Parameters:

• options (Hash) (defaults to: {}) —

  ({})

Options Hash (options):

• :if_match (String) —

  Return the object only if its entity tag (ETag) is the same as the one specified; otherwise, return a 412 (precondition failed) error.

  If both of the ‘If-Match` and `If-Unmodified-Since` headers are present in the request as follows:

  • ‘If-Match` condition evaluates to `true`, and;

  • ‘If-Unmodified-Since` condition evaluates to `false`;

  Then Amazon S3 returns ‘200 OK` and the data requested.

  For more information about conditional requests, see [RFC 7232].

  [1]: tools.ietf.org/html/rfc7232

• :if_modified_since (Time, DateTime, Date, Integer, String) —

  Return the object only if it has been modified since the specified time; otherwise, return a 304 (not modified) error.

  If both of the ‘If-None-Match` and `If-Modified-Since` headers are present in the request as follows:

  • ‘If-None-Match` condition evaluates to `false`, and;

  • ‘If-Modified-Since` condition evaluates to `true`;

  Then Amazon S3 returns the ‘304 Not Modified` response code.

  For more information about conditional requests, see [RFC 7232].

  [1]: tools.ietf.org/html/rfc7232

• :if_none_match (String) —

  Return the object only if its entity tag (ETag) is different from the one specified; otherwise, return a 304 (not modified) error.

  If both of the ‘If-None-Match` and `If-Modified-Since` headers are present in the request as follows:

  • ‘If-None-Match` condition evaluates to `false`, and;

  • ‘If-Modified-Since` condition evaluates to `true`;

  Then Amazon S3 returns the ‘304 Not Modified` response code.

  For more information about conditional requests, see [RFC 7232].

  [1]: tools.ietf.org/html/rfc7232

• :if_unmodified_since (Time, DateTime, Date, Integer, String) —

  Return the object only if it has not been modified since the specified time; otherwise, return a 412 (precondition failed) error.

  If both of the ‘If-Match` and `If-Unmodified-Since` headers are present in the request as follows:

  • ‘If-Match` condition evaluates to `true`, and;

  • ‘If-Unmodified-Since` condition evaluates to `false`;

  Then Amazon S3 returns ‘200 OK` and the data requested.

  For more information about conditional requests, see [RFC 7232].

  [1]: tools.ietf.org/html/rfc7232

• :range (String) —

  HeadObject returns only the metadata for an object. If the Range is satisfiable, only the ‘ContentLength` is affected in the response. If the Range is not satisfiable, S3 returns a `416 - Requested Range Not Satisfiable` error.

• :response_cache_control (String) —

  Sets the ‘Cache-Control` header of the response.

• :response_content_disposition (String) —

  Sets the ‘Content-Disposition` header of the response.

• :response_content_encoding (String) —

  Sets the ‘Content-Encoding` header of the response.

• :response_content_language (String) —

  Sets the ‘Content-Language` header of the response.

• :response_content_type (String) —

  Sets the ‘Content-Type` header of the response.

• :response_expires (Time, DateTime, Date, Integer, String) —

  Sets the ‘Expires` header of the response.

• :version_id (String) —

  Version ID used to reference a specific version of the object.

  <note markdown=“1”> For directory buckets in this API operation, only the ‘null` value of the version ID is supported.

  </note>
  

• :sse_customer_algorithm (String) —

  Specifies the algorithm to use when encrypting the object (for example, AES256).

  <note markdown=“1”> This functionality is not supported for directory buckets.

  </note>
  

• :sse_customer_key (String) —

  Specifies the customer-provided encryption key for Amazon S3 to use in encrypting data. This value is used to store the object and then it is discarded; Amazon S3 does not store the encryption key. The key must be appropriate for use with the algorithm specified in the ‘x-amz-server-side-encryption-customer-algorithm` header.

  <note markdown=“1”> This functionality is not supported for directory buckets.

  </note>
  

• :sse_customer_key_md5 (String) —

  Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. Amazon S3 uses this header for a message integrity check to ensure that the encryption key was transmitted without error.

  <note markdown=“1”> This functionality is not supported for directory buckets.

  </note>
  

• :request_payer (String) —

  Confirms that the requester knows that they will be charged for the request. Bucket owners need not specify this parameter in their requests. If either the source or destination S3 bucket has Requester Pays enabled, the requester will pay for corresponding charges to copy the object. For information about downloading objects from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets] in the *Amazon S3 User Guide*.

  <note markdown=“1”> This functionality is not supported for directory buckets.

  </note>
  

  [1]: docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html

• :part_number (Integer) —

  Part number of the object being read. This is a positive integer between 1 and 10,000. Effectively performs a ‘ranged’ HEAD request for the part specified. Useful querying about the size of the part and the number of parts in this object.

• :expected_bucket_owner (String) —

  The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code ‘403 Forbidden` (access denied).

• :checksum_mode (String) —

  To retrieve the checksum, this parameter must be enabled.

  **General purpose buckets** - If you enable checksum mode and the object is uploaded with a [checksum] and encrypted with an Key Management Service (KMS) key, you must have permission to use the ‘kms:Decrypt` action to retrieve the checksum.

  **Directory buckets** - If you enable ‘ChecksumMode` and the object is encrypted with Amazon Web Services Key Management Service (Amazon Web Services KMS), you must also have the `kms:GenerateDataKey` and `kms:Decrypt` permissions in IAM identity-based policies and KMS key policies for the KMS key to retrieve the checksum of the object.

  [1]: docs.aws.amazon.com/AmazonS3/latest/API/API_Checksum.html

Returns:

• (Types::HeadObjectOutput)

# File 'lib/aws-sdk-s3/object.rb', line 3214

def head(options = {})
  options = options.merge(
    bucket: @bucket_name,
    key: @key
  )
  resp = Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
    @client.head_object(options)
  end
  resp.data
end

#identifiers ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Deprecated.

# File 'lib/aws-sdk-s3/object.rb', line 3268

def identifiers
  {
    bucket_name: @bucket_name,
    key: @key
  }
end

#initiate_multipart_upload(options = {}) ⇒ MultipartUpload

Examples:

Request syntax with placeholder values

multipartupload = object.initiate_multipart_upload({
  acl: "private", # accepts private, public-read, public-read-write, authenticated-read, aws-exec-read, bucket-owner-read, bucket-owner-full-control
  cache_control: "CacheControl",
  content_disposition: "ContentDisposition",
  content_encoding: "ContentEncoding",
  content_language: "ContentLanguage",
  content_type: "ContentType",
  expires: Time.now,
  grant_full_control: "GrantFullControl",
  grant_read: "GrantRead",
  grant_read_acp: "GrantReadACP",
  grant_write_acp: "GrantWriteACP",
  metadata: {
    "MetadataKey" => "MetadataValue",
  },
  server_side_encryption: "AES256", # accepts AES256, aws:kms, aws:kms:dsse
  storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS, GLACIER_IR, SNOW, EXPRESS_ONEZONE
  website_redirect_location: "WebsiteRedirectLocation",
  sse_customer_algorithm: "SSECustomerAlgorithm",
  sse_customer_key: "SSECustomerKey",
  sse_customer_key_md5: "SSECustomerKeyMD5",
  ssekms_key_id: "SSEKMSKeyId",
  ssekms_encryption_context: "SSEKMSEncryptionContext",
  bucket_key_enabled: false,
  request_payer: "requester", # accepts requester
  tagging: "TaggingHeader",
  object_lock_mode: "GOVERNANCE", # accepts GOVERNANCE, COMPLIANCE
  object_lock_retain_until_date: Time.now,
  object_lock_legal_hold_status: "ON", # accepts ON, OFF
  expected_bucket_owner: "AccountId",
  checksum_algorithm: "CRC32", # accepts CRC32, CRC32C, SHA1, SHA256
})

Parameters:

• options (Hash) (defaults to: {}) —

  ({})

Options Hash (options):

• :acl (String) —

  The canned ACL to apply to the object. Amazon S3 supports a set of predefined ACLs, known as *canned ACLs*. Each canned ACL has a predefined set of grantees and permissions. For more information, see

  Canned ACL][1

  in the *Amazon S3 User Guide*.

  By default, all objects are private. Only the owner has full access control. When uploading an object, you can grant access permissions to individual Amazon Web Services accounts or to predefined groups defined by Amazon S3. These permissions are then added to the access control list (ACL) on the new object. For more information, see [Using ACLs]. One way to grant the permissions using the request headers is to specify a canned ACL with the ‘x-amz-acl` request header.

  <note markdown=“1”> * This functionality is not supported for directory buckets.

  • This functionality is not supported for Amazon S3 on Outposts.

  </note>
  

  [1]: docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL [2]: docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html

• :cache_control (String) —

  Specifies caching behavior along the request/reply chain.

• :content_disposition (String) —

  Specifies presentational information for the object.

• :content_encoding (String) —

  Specifies what content encodings have been applied to the object and thus what decoding mechanisms must be applied to obtain the media-type referenced by the Content-Type header field.

  <note markdown=“1”> For directory buckets, only the ‘aws-chunked` value is supported in this header field.

  </note>
  

• :content_language (String) —

  The language that the content is in.

• :content_type (String) —

  A standard MIME type describing the format of the object data.

• :expires (Time, DateTime, Date, Integer, String) —

  The date and time at which the object is no longer cacheable.

• :grant_full_control (String) —

  Specify access permissions explicitly to give the grantee READ, READ_ACP, and WRITE_ACP permissions on the object.

  By default, all objects are private. Only the owner has full access control. When uploading an object, you can use this header to explicitly grant access permissions to specific Amazon Web Services accounts or groups. This header maps to specific permissions that Amazon S3 supports in an ACL. For more information, see [Access Control List (ACL) Overview] in the *Amazon S3 User Guide*.

  You specify each grantee as a type=value pair, where the type is one of the following:

  • ‘id` – if the value specified is the canonical user ID of an Amazon Web Services account

  • ‘uri` – if you are granting permissions to a predefined group

  • ‘emailAddress` – if the value specified is the email address of an Amazon Web Services account

    <note markdown=“1”> Using email addresses to specify a grantee is only supported in the following Amazon Web Services Regions:

    * US East (N. Virginia)
    

    • US West (N. California)

    • US West (Oregon)

    • Asia Pacific (Singapore)

    • Asia Pacific (Sydney)

    • Asia Pacific (Tokyo)

    • Europe (Ireland)

    • South America (São Paulo)

    For a list of all the Amazon S3 supported Regions and endpoints, see
    

    Regions and Endpoints][2

    in the Amazon Web Services General

    Reference.

    </note>
    

  For example, the following ‘x-amz-grant-read` header grants the Amazon Web Services accounts identified by account IDs permissions to read object data and its metadata:

  ‘x-amz-grant-read: id=“11112222333”, id=“444455556666” `

  <note markdown=“1”> * This functionality is not supported for directory buckets.

  • This functionality is not supported for Amazon S3 on Outposts.

  </note>
  

  [1]: docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html [2]: docs.aws.amazon.com/general/latest/gr/rande.html#s3_region

• :grant_read (String) —

  Specify access permissions explicitly to allow grantee to read the object data and its metadata.

  By default, all objects are private. Only the owner has full access control. When uploading an object, you can use this header to explicitly grant access permissions to specific Amazon Web Services accounts or groups. This header maps to specific permissions that Amazon S3 supports in an ACL. For more information, see [Access Control List (ACL) Overview] in the *Amazon S3 User Guide*.

  You specify each grantee as a type=value pair, where the type is one of the following:

  • ‘id` – if the value specified is the canonical user ID of an Amazon Web Services account

  • ‘uri` – if you are granting permissions to a predefined group

  • ‘emailAddress` – if the value specified is the email address of an Amazon Web Services account

    <note markdown=“1”> Using email addresses to specify a grantee is only supported in the following Amazon Web Services Regions:

    * US East (N. Virginia)
    

    • US West (N. California)

    • US West (Oregon)

    • Asia Pacific (Singapore)

    • Asia Pacific (Sydney)

    • Asia Pacific (Tokyo)

    • Europe (Ireland)

    • South America (São Paulo)

    For a list of all the Amazon S3 supported Regions and endpoints, see
    

    Regions and Endpoints][2

    in the Amazon Web Services General

    Reference.

    </note>
    

  For example, the following ‘x-amz-grant-read` header grants the Amazon Web Services accounts identified by account IDs permissions to read object data and its metadata:

  ‘x-amz-grant-read: id=“11112222333”, id=“444455556666” `

  <note markdown=“1”> * This functionality is not supported for directory buckets.

  • This functionality is not supported for Amazon S3 on Outposts.

  </note>
  

  [1]: docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html [2]: docs.aws.amazon.com/general/latest/gr/rande.html#s3_region

• :grant_read_acp (String) —

  Specify access permissions explicitly to allows grantee to read the object ACL.

  By default, all objects are private. Only the owner has full access control. When uploading an object, you can use this header to explicitly grant access permissions to specific Amazon Web Services accounts or groups. This header maps to specific permissions that Amazon S3 supports in an ACL. For more information, see [Access Control List (ACL) Overview] in the *Amazon S3 User Guide*.

  You specify each grantee as a type=value pair, where the type is one of the following:

  • ‘id` – if the value specified is the canonical user ID of an Amazon Web Services account

  • ‘uri` – if you are granting permissions to a predefined group

  • ‘emailAddress` – if the value specified is the email address of an Amazon Web Services account

    <note markdown=“1”> Using email addresses to specify a grantee is only supported in the following Amazon Web Services Regions:

    * US East (N. Virginia)
    

    • US West (N. California)

    • US West (Oregon)

    • Asia Pacific (Singapore)

    • Asia Pacific (Sydney)

    • Asia Pacific (Tokyo)

    • Europe (Ireland)

    • South America (São Paulo)

    For a list of all the Amazon S3 supported Regions and endpoints, see
    

    Regions and Endpoints][2

    in the Amazon Web Services General

    Reference.

    </note>
    

  For example, the following ‘x-amz-grant-read` header grants the Amazon Web Services accounts identified by account IDs permissions to read object data and its metadata:

  ‘x-amz-grant-read: id=“11112222333”, id=“444455556666” `

  <note markdown=“1”> * This functionality is not supported for directory buckets.

  • This functionality is not supported for Amazon S3 on Outposts.

  </note>
  

  [1]: docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html [2]: docs.aws.amazon.com/general/latest/gr/rande.html#s3_region

• :grant_write_acp (String) —

  Specify access permissions explicitly to allows grantee to allow grantee to write the ACL for the applicable object.

  By default, all objects are private. Only the owner has full access control. When uploading an object, you can use this header to explicitly grant access permissions to specific Amazon Web Services accounts or groups. This header maps to specific permissions that Amazon S3 supports in an ACL. For more information, see [Access Control List (ACL) Overview] in the *Amazon S3 User Guide*.

  You specify each grantee as a type=value pair, where the type is one of the following:

  • ‘id` – if the value specified is the canonical user ID of an Amazon Web Services account

  • ‘uri` – if you are granting permissions to a predefined group

  • ‘emailAddress` – if the value specified is the email address of an Amazon Web Services account

    <note markdown=“1”> Using email addresses to specify a grantee is only supported in the following Amazon Web Services Regions:

    * US East (N. Virginia)
    

    • US West (N. California)

    • US West (Oregon)

    • Asia Pacific (Singapore)

    • Asia Pacific (Sydney)

    • Asia Pacific (Tokyo)

    • Europe (Ireland)

    • South America (São Paulo)

    For a list of all the Amazon S3 supported Regions and endpoints, see
    

    Regions and Endpoints][2

    in the Amazon Web Services General

    Reference.

    </note>
    

  For example, the following ‘x-amz-grant-read` header grants the Amazon Web Services accounts identified by account IDs permissions to read object data and its metadata:

  ‘x-amz-grant-read: id=“11112222333”, id=“444455556666” `

  <note markdown=“1”> * This functionality is not supported for directory buckets.

  • This functionality is not supported for Amazon S3 on Outposts.

  </note>
  

  [1]: docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html [2]: docs.aws.amazon.com/general/latest/gr/rande.html#s3_region

• :metadata (Hash<String,String>) —

  A map of metadata to store with the object in S3.

• :server_side_encryption (String) —

  The server-side encryption algorithm used when you store this object in Amazon S3 (for example, ‘AES256`, `aws:kms`).

  • Directory buckets - For directory buckets, there are only two supported options for server-side encryption: server-side encryption with Amazon S3 managed keys (SSE-S3) (‘AES256`) and server-side encryption with KMS keys (SSE-KMS) (`aws:kms`). We recommend that the bucket’s default encryption uses the desired encryption configuration and you don’t override the bucket default encryption in your ‘CreateSession` requests or `PUT` object requests. Then, new objects are automatically encrypted with the desired encryption settings. For more information, see [Protecting data with server-side encryption] in the *Amazon S3 User Guide*. For more information about the encryption overriding behaviors in directory buckets, see [Specifying server-side encryption with KMS for new object uploads].

    In the Zonal endpoint API calls (except [CopyObject] and [UploadPartCopy]) using the REST API, the encryption request headers must match the encryption settings that are specified in the ‘CreateSession` request. You can’t override the values of the encryption settings (‘x-amz-server-side-encryption`, `x-amz-server-side-encryption-aws-kms-key-id`, `x-amz-server-side-encryption-context`, and `x-amz-server-side-encryption-bucket-key-enabled`) that are specified in the `CreateSession` request. You don’t need to explicitly specify these encryption settings values in Zonal endpoint API calls, and Amazon S3 will use the encryption settings values from the ‘CreateSession` request to protect new objects in the directory bucket.

    <note markdown=“1”> When you use the CLI or the Amazon Web Services SDKs, for ‘CreateSession`, the session token refreshes automatically to avoid service interruptions when a session expires. The CLI or the Amazon Web Services SDKs use the bucket’s default encryption configuration for the ‘CreateSession` request. It’s not supported to override the encryption settings values in the ‘CreateSession` request. So in the Zonal endpoint API calls (except [CopyObject] and [UploadPartCopy]), the encryption request headers must match the default encryption configuration of the directory bucket.

    </note>
    

  [1]: docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-serv-side-encryption.html [2]: docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-specifying-kms-encryption.html [3]: docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html [4]: docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html

• :storage_class (String) —

  By default, Amazon S3 uses the STANDARD Storage Class to store newly created objects. The STANDARD storage class provides high durability and high availability. Depending on performance needs, you can specify a different Storage Class. For more information, see [Storage Classes] in the *Amazon S3 User Guide*.

  <note markdown=“1”> * For directory buckets, only the S3 Express One Zone storage class is

  supported to store newly created objects.
  

  • Amazon S3 on Outposts only uses the OUTPOSTS Storage Class.

  </note>
  

  [1]: docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html

• :website_redirect_location (String) —

  If the bucket is configured as a website, redirects requests for this object to another object in the same bucket or to an external URL. Amazon S3 stores the value of this header in the object metadata.

  <note markdown=“1”> This functionality is not supported for directory buckets.

  </note>
  

• :sse_customer_algorithm (String) —

  Specifies the algorithm to use when encrypting the object (for example, AES256).

  <note markdown=“1”> This functionality is not supported for directory buckets.

  </note>
  

• :sse_customer_key (String) —

  Specifies the customer-provided encryption key for Amazon S3 to use in encrypting data. This value is used to store the object and then it is discarded; Amazon S3 does not store the encryption key. The key must be appropriate for use with the algorithm specified in the ‘x-amz-server-side-encryption-customer-algorithm` header.

  <note markdown=“1”> This functionality is not supported for directory buckets.

  </note>
  

• :sse_customer_key_md5 (String) —

  Specifies the 128-bit MD5 digest of the customer-provided encryption key according to RFC 1321. Amazon S3 uses this header for a message integrity check to ensure that the encryption key was transmitted without error.

  <note markdown=“1”> This functionality is not supported for directory buckets.

  </note>
  

• :ssekms_key_id (String) —

  Specifies the KMS key ID (Key ID, Key ARN, or Key Alias) to use for object encryption. If the KMS key doesn’t exist in the same account that’s issuing the command, you must use the full Key ARN not the Key ID.

  **General purpose buckets** - If you specify ‘x-amz-server-side-encryption` with `aws:kms` or `aws:kms:dsse`, this header specifies the ID (Key ID, Key ARN, or Key Alias) of the KMS key to use. If you specify `x-amz-server-side-encryption:aws:kms` or `x-amz-server-side-encryption:aws:kms:dsse`, but do not provide `x-amz-server-side-encryption-aws-kms-key-id`, Amazon S3 uses the Amazon Web Services managed key (`aws/s3`) to protect the data.

  **Directory buckets** - If you specify ‘x-amz-server-side-encryption` with `aws:kms`, the ` x-amz-server-side-encryption-aws-kms-key-id` header is implicitly assigned the ID of the KMS symmetric encryption customer managed key that’s configured for your directory bucket’s default encryption setting. If you want to specify the ‘ x-amz-server-side-encryption-aws-kms-key-id` header explicitly, you can only specify it with the ID (Key ID or Key ARN) of the KMS customer managed key that’s configured for your directory bucket’s default encryption setting. Otherwise, you get an HTTP ‘400 Bad Request` error. Only use the key ID or key ARN. The key alias format of the KMS key isn’t supported. Your SSE-KMS configuration can only support 1 [customer managed key] per directory bucket for the lifetime of the bucket. The [Amazon Web Services managed key] (‘aws/s3`) isn’t supported.

  [1]: docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk [2]: docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk

• :ssekms_encryption_context (String) —

  Specifies the Amazon Web Services KMS Encryption Context to use for object encryption. The value of this header is a Base64-encoded string of a UTF-8 encoded JSON, which contains the encryption context as key-value pairs.

  **Directory buckets** - You can optionally provide an explicit encryption context value. The value must match the default encryption context - the bucket Amazon Resource Name (ARN). An additional encryption context value is not supported.

• :bucket_key_enabled (Boolean) —

  Specifies whether Amazon S3 should use an S3 Bucket Key for object encryption with server-side encryption using Key Management Service (KMS) keys (SSE-KMS).

  **General purpose buckets** - Setting this header to ‘true` causes Amazon S3 to use an S3 Bucket Key for object encryption with SSE-KMS. Also, specifying this header with a PUT action doesn’t affect bucket-level settings for S3 Bucket Key.

  **Directory buckets** - S3 Bucket Keys are always enabled for ‘GET` and `PUT` operations in a directory bucket and can’t be disabled. S3 Bucket Keys aren’t supported, when you copy SSE-KMS encrypted objects from general purpose buckets to directory buckets, from directory buckets to general purpose buckets, or between directory buckets, through [CopyObject], [UploadPartCopy], [the Copy operation in Batch Operations], or [the import jobs]. In this case, Amazon S3 makes a call to KMS every time a copy request is made for a KMS-encrypted object.

  [1]: docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html [2]: docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html [3]: docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-objects-Batch-Ops [4]: docs.aws.amazon.com/AmazonS3/latest/userguide/create-import-job

• :request_payer (String) —

  Confirms that the requester knows that they will be charged for the request. Bucket owners need not specify this parameter in their requests. If either the source or destination S3 bucket has Requester Pays enabled, the requester will pay for corresponding charges to copy the object. For information about downloading objects from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets] in the *Amazon S3 User Guide*.

  <note markdown=“1”> This functionality is not supported for directory buckets.

  </note>
  

  [1]: docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html

• :tagging (String) —

  The tag-set for the object. The tag-set must be encoded as URL Query parameters.

  <note markdown=“1”> This functionality is not supported for directory buckets.

  </note>
  

• :object_lock_mode (String) —

  Specifies the Object Lock mode that you want to apply to the uploaded object.

  <note markdown=“1”> This functionality is not supported for directory buckets.

  </note>
  

• :object_lock_retain_until_date (Time, DateTime, Date, Integer, String) —

  Specifies the date and time when you want the Object Lock to expire.

  <note markdown=“1”> This functionality is not supported for directory buckets.

  </note>
  

• :object_lock_legal_hold_status (String) —

  Specifies whether you want to apply a legal hold to the uploaded object.

  <note markdown=“1”> This functionality is not supported for directory buckets.

  </note>
  

• :expected_bucket_owner (String) —

  The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code ‘403 Forbidden` (access denied).

• :checksum_algorithm (String) —

  Indicates the algorithm that you want Amazon S3 to use to create the checksum for the object. For more information, see [Checking object integrity] in the *Amazon S3 User Guide*.

  [1]: docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html

Returns:

• (MultipartUpload)

# File 'lib/aws-sdk-s3/object.rb', line 2294

def initiate_multipart_upload(options = {})
  options = options.merge(
    bucket: @bucket_name,
    key: @key
  )
  resp = Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
    @client.create_multipart_upload(options)
  end
  MultipartUpload.new(
    bucket_name: @bucket_name,
    object_key: @key,
    id: resp.data.upload_id,
    client: @client
  )
end

#key ⇒ String

Returns:

• (String)

# File 'lib/aws-sdk-s3/object.rb', line 41

def key
  @key
end

#last_modified ⇒ Time

Date and time when the object was last modified.

Returns:

• (Time)

# File 'lib/aws-sdk-s3/object.rb', line 125

def last_modified
  data[:last_modified]
end

#load ⇒ self Also known as: reload

Loads, or reloads #data for the current Aws::S3::Object. Returns ‘self` making it possible to chain methods.

object.reload.data

Returns:

• (self)

# File 'lib/aws-sdk-s3/object.rb', line 488

def load
  resp = Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
    @client.head_object(
    bucket: @bucket_name,
    key: @key
  )
  end
  @data = resp.data
  self
end

#metadata ⇒ Hash<String,String>

A map of metadata to store with the object in S3.

Returns:

• (Hash<String,String>)

# File 'lib/aws-sdk-s3/object.rb', line 298

def metadata
  data[:metadata]
end

#missing_meta ⇒ Integer

This is set to the number of metadata entries not returned in ‘x-amz-meta` headers. This can happen if you create metadata using an API like SOAP that supports more flexible metadata than the REST API. For example, using SOAP, you can create metadata whose values are not legal HTTP headers.

<note markdown=“1”> This functionality is not supported for directory buckets.

</note>

Returns:

• (Integer)

# File 'lib/aws-sdk-s3/object.rb', line 220

def missing_meta
  data[:missing_meta]
end

#move_to(target, options = {}) ⇒ void

This method returns an undefined value.

Copies and deletes the current object. The object will only be deleted if the copy operation succeeds.

Parameters:

• target (S3::Object, String, Hash) —

  Where to copy the object data to. ‘target` must be one of the following:

  • Aws::S3::Object

  • Hash - with ‘:bucket` and `:key`

  • String - formatted like ‘“target-bucket-name/target-key”`

See Also:

• #copy_to
• #delete

# File 'lib/aws-sdk-s3/customizations/object.rb', line 135

def move_to(target, options = {})
  copy_to(target, options)
  delete
end

#multipart_upload(id) ⇒ MultipartUpload

Parameters:

• id (String)

Returns:

• (MultipartUpload)

# File 'lib/aws-sdk-s3/object.rb', line 3246

def multipart_upload(id)
  MultipartUpload.new(
    bucket_name: @bucket_name,
    object_key: @key,
    id: id,
    client: @client
  )
end

#object_lock_legal_hold_status ⇒ String

Specifies whether a legal hold is in effect for this object. This header is only returned if the requester has the ‘s3:GetObjectLegalHold` permission. This header is not returned if the specified version of this object has never had a legal hold applied. For more information about S3 Object Lock, see [Object Lock].

<note markdown=“1”> This functionality is not supported for directory buckets.

</note>

[1]: docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html

Returns:

• (String)

# File 'lib/aws-sdk-s3/object.rb', line 471

def object_lock_legal_hold_status
  data[:object_lock_legal_hold_status]
end

#object_lock_mode ⇒ String

The Object Lock mode, if any, that’s in effect for this object. This header is only returned if the requester has the ‘s3:GetObjectRetention` permission. For more information about S3 Object Lock, see [Object Lock].

<note markdown=“1”> This functionality is not supported for directory buckets.

</note>

[1]: docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html

Returns:

• (String)

# File 'lib/aws-sdk-s3/object.rb', line 441

def object_lock_mode
  data[:object_lock_mode]
end

#object_lock_retain_until_date ⇒ Time

The date and time when the Object Lock retention period expires. This header is only returned if the requester has the ‘s3:GetObjectRetention` permission.

<note markdown=“1”> This functionality is not supported for directory buckets.

</note>

Returns:

• (Time)

# File 'lib/aws-sdk-s3/object.rb', line 453

def object_lock_retain_until_date
  data[:object_lock_retain_until_date]
end

#parts_count ⇒ Integer

The count of parts this object has. This value is only returned if you specify ‘partNumber` in your request and the object was uploaded as a multipart upload.

Returns:

• (Integer)

# File 'lib/aws-sdk-s3/object.rb', line 424

def parts_count
  data[:parts_count]
end

#presigned_post(options = {}) ⇒ PresignedPost

Creates a PresignedPost that makes it easy to upload a file from a web browser direct to Amazon S3 using an HTML post form with a file field.

See the PresignedPost documentation for more information.

Parameters:

• options (Hash) (defaults to: {}) —

  a customizable set of options

Options Hash (options):

• :use_accelerate_endpoint (Boolean) — default: false —

  When ‘true`, PresignedPost will attempt to use accelerated endpoint.

• :url (String) —

  See PresignedPost#url.

• :allow_any (Sting, Array<String>) —

  See PresignedPost#allow_any.

• :signature_expiration (Time) —

  Specify when the signature on the post will expire. Defaults to one hour from creation of the presigned post. May not exceed one week from creation time.

• :key (String) —

  See PresignedPost#key.

• :key_starts_with (String) —

  See PresignedPost#key_starts_with.

• :acl (String) —

  See PresignedPost#acl.

• :acl_starts_with (String) —

  See PresignedPost#acl_starts_with.

• :cache_control (String) —

  See PresignedPost#cache_control.

• :cache_control_starts_with (String) —

  See PresignedPost#cache_control_starts_with.

• :content_type (String) —

  See PresignedPost#content_type.

• :content_type_starts_with (String) —

  See PresignedPost#content_type_starts_with.

• :content_disposition (String) —

  See PresignedPost#content_disposition.

• :content_disposition_starts_with (String) —

  See PresignedPost#content_disposition_starts_with.

• :content_encoding (String) —

  See PresignedPost#content_encoding.

• :content_encoding_starts_with (String) —

  See PresignedPost#content_encoding_starts_with.

• :expires (Time) —

  See PresignedPost#expires.

• :expires_starts_with (String) —

  See PresignedPost#expires_starts_with.

• :content_length_range (Range<Integer>) —

  See PresignedPost#content_length_range.

• :success_action_redirect (String) —

  See PresignedPost#success_action_redirect.

• :success_action_redirect_starts_with (String) —

  See PresignedPost#success_action_redirect_starts_with.

• :success_action_status (String) —

  See PresignedPost#success_action_status.

• :storage_class (String) —

  See PresignedPost#storage_class.

• :website_redirect_location (String) —

  See PresignedPost#website_redirect_location.

• :metadata (Hash<String,String>) —

  See PresignedPost#metadata.

• :metadata_starts_with (Hash<String,String>) —

  See PresignedPost#metadata_starts_with.

• :server_side_encryption (String) —

  See PresignedPost#server_side_encryption.

• :server_side_encryption_aws_kms_key_id (String) —

  See PresignedPost#server_side_encryption_aws_kms_key_id.

• :server_side_encryption_customer_algorithm (String) —

  See PresignedPost#server_side_encryption_customer_algorithm.

• :server_side_encryption_customer_key (String) —

  See PresignedPost#server_side_encryption_customer_key.

• :server_side_encryption_customer_key_starts_with (String) —

  See PresignedPost#server_side_encryption_customer_key_starts_with.

Returns:

• (PresignedPost)

See Also:

• PresignedPost

# File 'lib/aws-sdk-s3/customizations/object.rb', line 149

def presigned_post(options = {})
  PresignedPost.new(
    client.config.credentials,
    client.config.region,
    bucket_name,
    { key: key, url: bucket.url }.merge(options)
  )
end

#presigned_request(method, params = {}) ⇒ String, Hash

Allows you to create presigned URL requests for S3 operations. This method returns a tuple containing the URL and the signed X-amz-* headers to be used with the presigned url.

Examples:

Pre-signed GET URL, valid for one hour

obj.presigned_request(:get, expires_in: 3600)
#=> ["https://bucket-name.s3.amazonaws.com/object-key?...", {}]

Pre-signed PUT with a canned ACL

# the object uploaded using this URL will be publicly accessible
obj.presigned_request(:put, acl: 'public-read')
#=> ["https://bucket-name.s3.amazonaws.com/object-key?...",
 {"x-amz-acl"=>"public-read"}]

Parameters:

• method (Symbol) —

  The S3 operation to generate a presigned request for. Valid values are ‘:get`, `:put`, `:head`, `:delete`, `:create_multipart_upload`, `:list_multipart_uploads`, `:complete_multipart_upload`, `:abort_multipart_upload`, `:list_parts`, and `:upload_part`.

• params (Hash) (defaults to: {}) —

  Additional request parameters to use when generating the pre-signed request. See the related documentation in Client for accepted params.

  | Method | Client Method | |——————————|————————————| | ‘:get` | Client#get_object | | `:put` | Client#put_object | | `:head` | Client#head_object | | `:delete` | Client#delete_object | | `:create_multipart_upload` | Client#create_multipart_upload | | `:list_multipart_uploads` | Client#list_multipart_uploads | | `:complete_multipart_upload` | Client#complete_multipart_upload | | `:abort_multipart_upload` | Client#abort_multipart_upload | | `:list_parts` | Client#list_parts | | `:upload_part` | Client#upload_part |

Options Hash (params):

• :virtual_host (Boolean) — default: false —

  When ‘true` the presigned URL will use the bucket name as a virtual host.

  bucket = Aws::S3::Bucket.new('my.bucket.com')
  bucket.object('key').presigned_request(virtual_host: true)
  #=> ["http://my.bucket.com/key?...", {}]
  

• :expires_in (Integer) — default: 900 —

  Number of seconds before the pre-signed URL expires. This may not exceed one week (604800 seconds). Note that the pre-signed URL is also only valid as long as credentials used to sign it are. For example, when using IAM roles, temporary tokens generated for signing also have a default expiration which will affect the effective expiration of the pre-signed URL.

Returns:

• (String, Hash) —

  A tuple with a presigned URL and headers that should be included with the request.

Raises:

• (ArgumentError) —

  Raised if ‘:expires_in` exceeds one week (604800 seconds).

# File 'lib/aws-sdk-s3/customizations/object.rb', line 293

def presigned_request(method, params = {})
  presigner = Presigner.new(client: client)

  if %w(delete head get put).include?(method.to_s)
    method = "#{method}_object".to_sym
  end

  presigner.presigned_request(
    method.downcase,
    params.merge(bucket: bucket_name, key: key)
  )
end

#presigned_url(method, params = {}) ⇒ String

Generates a pre-signed URL for this object.

Examples:

Pre-signed GET URL, valid for one hour

obj.presigned_url(:get, expires_in: 3600)
#=> "https://bucket-name.s3.amazonaws.com/object-key?..."

Pre-signed PUT with a canned ACL

# the object uploaded using this URL will be publicly accessible
obj.presigned_url(:put, acl: 'public-read')
#=> "https://bucket-name.s3.amazonaws.com/object-key?..."

Pre-signed UploadPart PUT

# the object uploaded using this URL will be publicly accessible
obj.presigned_url(:upload_part, part_number: 1, upload_id: 'uploadIdToken')
#=> "https://bucket-name.s3.amazonaws.com/object-key?..."

Parameters:

• method (Symbol) —

  The S3 operation to generate a presigned URL for. Valid values are ‘:get`, `:put`, `:head`, `:delete`, `:create_multipart_upload`, `:list_multipart_uploads`, `:complete_multipart_upload`, `:abort_multipart_upload`, `:list_parts`, and `:upload_part`.

• params (Hash) (defaults to: {}) —

  Additional request parameters to use when generating the pre-signed URL. See the related documentation in Client for accepted params.

  | Method | Client Method | |——————————|————————————| | ‘:get` | Client#get_object | | `:put` | Client#put_object | | `:head` | Client#head_object | | `:delete` | Client#delete_object | | `:create_multipart_upload` | Client#create_multipart_upload | | `:list_multipart_uploads` | Client#list_multipart_uploads | | `:complete_multipart_upload` | Client#complete_multipart_upload | | `:abort_multipart_upload` | Client#abort_multipart_upload | | `:list_parts` | Client#list_parts | | `:upload_part` | Client#upload_part |

Options Hash (params):

• :virtual_host (Boolean) — default: false —

  When ‘true` the presigned URL will use the bucket name as a virtual host.

  bucket = Aws::S3::Bucket.new('my.bucket.com')
  bucket.object('key').presigned_url(virtual_host: true)
  #=> "http://my.bucket.com/key?..."
  

• :expires_in (Integer) — default: 900 —

  Number of seconds before the pre-signed URL expires. This may not exceed one week (604800 seconds). Note that the pre-signed URL is also only valid as long as credentials used to sign it are. For example, when using IAM roles, temporary tokens generated for signing also have a default expiration which will affect the effective expiration of the pre-signed URL.

Returns:

• (String)

Raises:

• (ArgumentError) —

  Raised if ‘:expires_in` exceeds one week (604800 seconds).

# File 'lib/aws-sdk-s3/customizations/object.rb', line 220

def presigned_url(method, params = {})
  presigner = Presigner.new(client: client)

  if %w(delete head get put).include?(method.to_s)
    method = "#{method}_object".to_sym
  end

  presigner.presigned_url(
    method.downcase,
    params.merge(bucket: bucket_name, key: key)
  )
end

#public_url(options = {}) ⇒ String

Returns the public (un-signed) URL for this object.

s3.bucket('bucket-name').object('obj-key').public_url
#=> "https://bucket-name.s3.amazonaws.com/obj-key"

To use virtual hosted bucket url. Uses https unless secure: false is set. If the bucket name contains dots (.) then you will need to set secure: false.

s3.bucket('my-bucket.com').object('key')
  .public_url(virtual_host: true)
#=> "https://my-bucket.com/key"

Parameters:

• options (Hash) (defaults to: {}) —

  a customizable set of options

Options Hash (options):

• :virtual_host (Boolean) — default: false —

  When ‘true`, the bucket name will be used as the host name. This is useful when you have a CNAME configured for the bucket.

• :secure (Boolean) — default: true —

  When ‘false`, http will be used with virtual_host. This is required when the bucket name has a dot (.) in it.

Returns:

• (String)

# File 'lib/aws-sdk-s3/customizations/object.rb', line 328

def public_url(options = {})
  url = URI.parse(bucket.url(options))
  url.path += '/' unless url.path[-1] == '/'
  url.path += key.gsub(/[^\/]+/) { |s| Seahorse::Util.uri_escape(s) }
  url.to_s
end

#put(options = {}) ⇒ Types::PutObjectOutput

Examples:

Request syntax with placeholder values

object.put({
  acl: "private", # accepts private, public-read, public-read-write, authenticated-read, aws-exec-read, bucket-owner-read, bucket-owner-full-control
  body: source_file,
  cache_control: "CacheControl",
  content_disposition: "ContentDisposition",
  content_encoding: "ContentEncoding",
  content_language: "ContentLanguage",
  content_length: 1,
  content_md5: "ContentMD5",
  content_type: "ContentType",
  checksum_algorithm: "CRC32", # accepts CRC32, CRC32C, SHA1, SHA256
  checksum_crc32: "ChecksumCRC32",
  checksum_crc32c: "ChecksumCRC32C",
  checksum_sha1: "ChecksumSHA1",
  checksum_sha256: "ChecksumSHA256",
  expires: Time.now,
  if_none_match: "IfNoneMatch",
  grant_full_control: "GrantFullControl",
  grant_read: "GrantRead",
  grant_read_acp: "GrantReadACP",
  grant_write_acp: "GrantWriteACP",
  metadata: {
    "MetadataKey" => "MetadataValue",
  },
  server_side_encryption: "AES256", # accepts AES256, aws:kms, aws:kms:dsse
  storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS, GLACIER_IR, SNOW, EXPRESS_ONEZONE
  website_redirect_location: "WebsiteRedirectLocation",
  sse_customer_algorithm: "SSECustomerAlgorithm",
  sse_customer_key: "SSECustomerKey",
  sse_customer_key_md5: "SSECustomerKeyMD5",
  ssekms_key_id: "SSEKMSKeyId",
  ssekms_encryption_context: "SSEKMSEncryptionContext",
  bucket_key_enabled: false,
  request_payer: "requester", # accepts requester
  tagging: "TaggingHeader",
  object_lock_mode: "GOVERNANCE", # accepts GOVERNANCE, COMPLIANCE
  object_lock_retain_until_date: Time.now,
  object_lock_legal_hold_status: "ON", # accepts ON, OFF
  expected_bucket_owner: "AccountId",
})

Parameters:

• options (Hash) (defaults to: {}) —

  ({})

Options Hash (options):

• :acl (String) —

  The canned ACL to apply to the object. For more information, see

  Canned ACL][1

  in the *Amazon S3 User Guide*.

  When adding a new object, you can use headers to grant ACL-based permissions to individual Amazon Web Services accounts or to predefined groups defined by Amazon S3. These permissions are then added to the ACL on the object. By default, all objects are private. Only the owner has full access control. For more information, see

  Access Control List (ACL) Overview][2

  and [Managing ACLs Using the

  REST API] in the *Amazon S3 User Guide*.

  If the bucket that you’re uploading objects to uses the bucket owner enforced setting for S3 Object Ownership, ACLs are disabled and no longer affect permissions. Buckets that use this setting only accept PUT requests that don’t specify an ACL or PUT requests that specify bucket owner full control ACLs, such as the ‘bucket-owner-full-control` canned ACL or an equivalent form of this ACL expressed in the XML format. PUT requests that contain other ACLs (for example, custom grants to certain Amazon Web Services accounts) fail and return a `400` error with the error code `AccessControlListNotSupported`. For more information, see [ Controlling ownership of objects and disabling ACLs] in the *Amazon S3 User Guide*.

  <note markdown=“1”> * This functionality is not supported for directory buckets.

  • This functionality is not supported for Amazon S3 on Outposts.

  </note>
  

  [1]: docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL [2]: docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html [3]: docs.aws.amazon.com/AmazonS3/latest/dev/acl-using-rest-api.html [4]: docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html

• :body (String, StringIO, File) —

  Object data.

• :cache_control (String) —

  Can be used to specify caching behavior along the request/reply chain. For more information, see [www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9][1].

  [1]: www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9

• :content_disposition (String) —

  Specifies presentational information for the object. For more information, see [www.rfc-editor.org/rfc/rfc6266#section-4][1].

  [1]: www.rfc-editor.org/rfc/rfc6266#section-4

• :content_encoding (String) —

  Specifies what content encodings have been applied to the object and thus what decoding mechanisms must be applied to obtain the media-type referenced by the Content-Type header field. For more information, see [www.rfc-editor.org/rfc/rfc9110.html#field.content-encoding][1].

  [1]: www.rfc-editor.org/rfc/rfc9110.html#field.content-encoding

• :content_language (String) —

  The language the content is in.

• :content_length (Integer) —

  Size of the body in bytes. This parameter is useful when the size of the body cannot be determined automatically. For more information, see [www.rfc-editor.org/rfc/rfc9110.html#name-content-length][1].

  [1]: www.rfc-editor.org/rfc/rfc9110.html#name-content-length

• :content_md5 (String) —

  The base64-encoded 128-bit MD5 digest of the message (without the headers) according to RFC 1864. This header can be used as a message integrity check to verify that the data is the same data that was originally sent. Although it is optional, we recommend using the Content-MD5 mechanism as an end-to-end integrity check. For more information about REST request authentication, see [REST Authentication].

  <note markdown=“1”> The ‘Content-MD5` or `x-amz-sdk-checksum-algorithm` header is required for any request to upload an object with a retention period configured using Amazon S3 Object Lock. For more information, see [Uploading objects to an Object Lock enabled bucket ][2] in the *Amazon S3 User Guide*.

  </note>
  

  <note markdown=“1”> This functionality is not supported for directory buckets.

  </note>
  

  [1]: docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html [2]: docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-managing.html#object-lock-put-object

• :content_type (String) —

  A standard MIME type describing the format of the contents. For more information, see [www.rfc-editor.org/rfc/rfc9110.html#name-content-type][1].

  [1]: www.rfc-editor.org/rfc/rfc9110.html#name-content-type

• :checksum_algorithm (String) —

  Indicates the algorithm used to create the checksum for the object when you use the SDK. This header will not provide any additional functionality if you don’t use the SDK. When you send this header, there must be a corresponding ‘x-amz-checksum-algorithm ` or `x-amz-trailer` header sent. Otherwise, Amazon S3 fails the request with the HTTP status code `400 Bad Request`.

  For the ‘x-amz-checksum-algorithm ` header, replace ` algorithm ` with the supported algorithm from the following list:

  • ‘CRC32`

  • ‘CRC32C`

  • ‘SHA1`

  • ‘SHA256`

  For more information, see [Checking object integrity] in the *Amazon S3 User Guide*.

  If the individual checksum value you provide through ‘x-amz-checksum-algorithm ` doesn’t match the checksum algorithm you set through ‘x-amz-sdk-checksum-algorithm`, Amazon S3 ignores any provided `ChecksumAlgorithm` parameter and uses the checksum algorithm that matches the provided value in `x-amz-checksum-algorithm `.

  <note markdown=“1”> The ‘Content-MD5` or `x-amz-sdk-checksum-algorithm` header is required for any request to upload an object with a retention period configured using Amazon S3 Object Lock. For more information, see [Uploading objects to an Object Lock enabled bucket ][2] in the *Amazon S3 User Guide*.

  </note>
  

  For directory buckets, when you use Amazon Web Services SDKs, ‘CRC32` is the default checksum algorithm that’s used for performance.

  [1]: docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html [2]: docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-managing.html#object-lock-put-object

• :checksum_crc32 (String) —

  This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This header specifies the base64-encoded, 32-bit CRC-32 checksum of the object. For more information, see [Checking object integrity] in the *Amazon S3 User Guide*.

  [1]: docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html

• :checksum_crc32c (String) —

  This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This header specifies the base64-encoded, 32-bit CRC-32C checksum of the object. For more information, see [Checking object integrity] in the *Amazon S3 User Guide*.

  [1]: docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html

• :checksum_sha1 (String) —

  This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This header specifies the base64-encoded, 160-bit SHA-1 digest of the object. For more information, see [Checking object integrity] in the *Amazon S3 User Guide*.

  [1]: docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html

• :checksum_sha256 (String) —

  This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This header specifies the base64-encoded, 256-bit SHA-256 digest of the object. For more information, see [Checking object integrity] in the *Amazon S3 User Guide*.

  [1]: docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html

• :expires (Time, DateTime, Date, Integer, String) —

  The date and time at which the object is no longer cacheable. For more information, see [www.rfc-editor.org/rfc/rfc7234#section-5.3][1].

  [1]: www.rfc-editor.org/rfc/rfc7234#section-5.3

• :if_none_match (String) —

  Uploads the object only if the object key name does not already exist in the bucket specified. Otherwise, Amazon S3 returns a ‘412 Precondition Failed` error.

  If a conflicting operation occurs during the upload S3 returns a ‘409 ConditionalRequestConflict` response. On a 409 failure you should retry the upload.

  Expects the ‘*’ (asterisk) character.

  For more information about conditional requests, see [RFC 7232], or

  Conditional requests][2

  in the *Amazon S3 User Guide*.

  [1]: tools.ietf.org/html/rfc7232 [2]: docs.aws.amazon.com/AmazonS3/latest/userguide/conditional-requests.html

• :grant_full_control (String) —

  Gives the grantee READ, READ_ACP, and WRITE_ACP permissions on the object.

  <note markdown=“1”> * This functionality is not supported for directory buckets.

  • This functionality is not supported for Amazon S3 on Outposts.

  </note>
  

• :grant_read (String) —

  Allows grantee to read the object data and its metadata.

  <note markdown=“1”> * This functionality is not supported for directory buckets.

  • This functionality is not supported for Amazon S3 on Outposts.

  </note>
  

• :grant_read_acp (String) —

  Allows grantee to read the object ACL.

  <note markdown=“1”> * This functionality is not supported for directory buckets.

  • This functionality is not supported for Amazon S3 on Outposts.

  </note>
  

• :grant_write_acp (String) —

  Allows grantee to write the ACL for the applicable object.

  <note markdown=“1”> * This functionality is not supported for directory buckets.

  • This functionality is not supported for Amazon S3 on Outposts.

  </note>
  

• :metadata (Hash<String,String>) —

  A map of metadata to store with the object in S3.

• :server_side_encryption (String) —

  The server-side encryption algorithm that was used when you store this object in Amazon S3 (for example, ‘AES256`, `aws:kms`, `aws:kms:dsse`).

  • General purpose buckets - You have four mutually exclusive options to protect data using server-side encryption in Amazon S3, depending on how you choose to manage the encryption keys. Specifically, the encryption key options are Amazon S3 managed keys (SSE-S3), Amazon Web Services KMS keys (SSE-KMS or DSSE-KMS), and customer-provided keys (SSE-C). Amazon S3 encrypts data with server-side encryption by using Amazon S3 managed keys (SSE-S3) by default. You can optionally tell Amazon S3 to encrypt data at rest by using server-side encryption with other key options. For more information, see [Using Server-Side Encryption] in the *Amazon S3 User Guide*.

  • Directory buckets - For directory buckets, there are only two supported options for server-side encryption: server-side encryption with Amazon S3 managed keys (SSE-S3) (‘AES256`) and server-side encryption with KMS keys (SSE-KMS) (`aws:kms`). We recommend that the bucket’s default encryption uses the desired encryption configuration and you don’t override the bucket default encryption in your ‘CreateSession` requests or `PUT` object requests. Then, new objects are automatically encrypted with the desired encryption settings. For more information, see [Protecting data with server-side encryption] in the *Amazon S3 User Guide*. For more information about the encryption overriding behaviors in directory buckets, see [Specifying server-side encryption with KMS for new object uploads].

    In the Zonal endpoint API calls (except [CopyObject] and [UploadPartCopy]) using the REST API, the encryption request headers must match the encryption settings that are specified in the ‘CreateSession` request. You can’t override the values of the encryption settings (‘x-amz-server-side-encryption`, `x-amz-server-side-encryption-aws-kms-key-id`, `x-amz-server-side-encryption-context`, and `x-amz-server-side-encryption-bucket-key-enabled`) that are specified in the `CreateSession` request. You don’t need to explicitly specify these encryption settings values in Zonal endpoint API calls, and Amazon S3 will use the encryption settings values from the ‘CreateSession` request to protect new objects in the directory bucket.

    <note markdown=“1”> When you use the CLI or the Amazon Web Services SDKs, for ‘CreateSession`, the session token refreshes automatically to avoid service interruptions when a session expires. The CLI or the Amazon Web Services SDKs use the bucket’s default encryption configuration for the ‘CreateSession` request. It’s not supported to override the encryption settings values in the ‘CreateSession` request. So in the Zonal endpoint API calls (except [CopyObject] and [UploadPartCopy]), the encryption request headers must match the default encryption configuration of the directory bucket.

    </note>
    

  [1]: docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html [2]: docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-serv-side-encryption.html [3]: docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-specifying-kms-encryption.html [4]: docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html [5]: docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html

• :storage_class (String) —

  By default, Amazon S3 uses the STANDARD Storage Class to store newly created objects. The STANDARD storage class provides high durability and high availability. Depending on performance needs, you can specify a different Storage Class. For more information, see [Storage Classes] in the *Amazon S3 User Guide*.

  <note markdown=“1”> * For directory buckets, only the S3 Express One Zone storage class is

  supported to store newly created objects.
  

  • Amazon S3 on Outposts only uses the OUTPOSTS Storage Class.

  </note>
  

  [1]: docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html

• :website_redirect_location (String) —

  If the bucket is configured as a website, redirects requests for this object to another object in the same bucket or to an external URL. Amazon S3 stores the value of this header in the object metadata. For information about object metadata, see [Object Key and Metadata] in the *Amazon S3 User Guide*.

  In the following example, the request header sets the redirect to an object (anotherPage.html) in the same bucket:

  ‘x-amz-website-redirect-location: /anotherPage.html`

  In the following example, the request header sets the object redirect to another website:

  ‘x-amz-website-redirect-location: www.example.com/`

  For more information about website hosting in Amazon S3, see [Hosting Websites on Amazon S3] and [How to Configure Website Page Redirects] in the *Amazon S3 User Guide*.

  <note markdown=“1”> This functionality is not supported for directory buckets.

  </note>
  

  [1]: docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html [2]: docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html [3]: docs.aws.amazon.com/AmazonS3/latest/dev/how-to-page-redirect.html

• :sse_customer_algorithm (String) —

  Specifies the algorithm to use when encrypting the object (for example, ‘AES256`).

  <note markdown=“1”> This functionality is not supported for directory buckets.

  </note>
  

• :sse_customer_key (String) —

  Specifies the customer-provided encryption key for Amazon S3 to use in encrypting data. This value is used to store the object and then it is discarded; Amazon S3 does not store the encryption key. The key must be appropriate for use with the algorithm specified in the ‘x-amz-server-side-encryption-customer-algorithm` header.

  <note markdown=“1”> This functionality is not supported for directory buckets.

  </note>
  

• :sse_customer_key_md5 (String) —

  Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. Amazon S3 uses this header for a message integrity check to ensure that the encryption key was transmitted without error.

  <note markdown=“1”> This functionality is not supported for directory buckets.

  </note>
  

• :ssekms_key_id (String) —

  Specifies the KMS key ID (Key ID, Key ARN, or Key Alias) to use for object encryption. If the KMS key doesn’t exist in the same account that’s issuing the command, you must use the full Key ARN not the Key ID.

  **General purpose buckets** - If you specify ‘x-amz-server-side-encryption` with `aws:kms` or `aws:kms:dsse`, this header specifies the ID (Key ID, Key ARN, or Key Alias) of the KMS key to use. If you specify `x-amz-server-side-encryption:aws:kms` or `x-amz-server-side-encryption:aws:kms:dsse`, but do not provide `x-amz-server-side-encryption-aws-kms-key-id`, Amazon S3 uses the Amazon Web Services managed key (`aws/s3`) to protect the data.

  **Directory buckets** - If you specify ‘x-amz-server-side-encryption` with `aws:kms`, the ` x-amz-server-side-encryption-aws-kms-key-id` header is implicitly assigned the ID of the KMS symmetric encryption customer managed key that’s configured for your directory bucket’s default encryption setting. If you want to specify the ‘ x-amz-server-side-encryption-aws-kms-key-id` header explicitly, you can only specify it with the ID (Key ID or Key ARN) of the KMS customer managed key that’s configured for your directory bucket’s default encryption setting. Otherwise, you get an HTTP ‘400 Bad Request` error. Only use the key ID or key ARN. The key alias format of the KMS key isn’t supported. Your SSE-KMS configuration can only support 1 [customer managed key] per directory bucket for the lifetime of the bucket. The [Amazon Web Services managed key] (‘aws/s3`) isn’t supported.

  [1]: docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk [2]: docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk

• :ssekms_encryption_context (String) —

  Specifies the Amazon Web Services KMS Encryption Context as an additional encryption context to use for object encryption. The value of this header is a Base64-encoded string of a UTF-8 encoded JSON, which contains the encryption context as key-value pairs. This value is stored as object metadata and automatically gets passed on to Amazon Web Services KMS for future ‘GetObject` operations on this object.

  **General purpose buckets** - This value must be explicitly added during ‘CopyObject` operations if you want an additional encryption context for your object. For more information, see [Encryption context] in the *Amazon S3 User Guide*.

  **Directory buckets** - You can optionally provide an explicit encryption context value. The value must match the default encryption context - the bucket Amazon Resource Name (ARN). An additional encryption context value is not supported.

  [1]: docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html#encryption-context

• :bucket_key_enabled (Boolean) —

  Specifies whether Amazon S3 should use an S3 Bucket Key for object encryption with server-side encryption using Key Management Service (KMS) keys (SSE-KMS).

  **General purpose buckets** - Setting this header to ‘true` causes Amazon S3 to use an S3 Bucket Key for object encryption with SSE-KMS. Also, specifying this header with a PUT action doesn’t affect bucket-level settings for S3 Bucket Key.

  **Directory buckets** - S3 Bucket Keys are always enabled for ‘GET` and `PUT` operations in a directory bucket and can’t be disabled. S3 Bucket Keys aren’t supported, when you copy SSE-KMS encrypted objects from general purpose buckets to directory buckets, from directory buckets to general purpose buckets, or between directory buckets, through [CopyObject], [UploadPartCopy], [the Copy operation in Batch Operations], or [the import jobs]. In this case, Amazon S3 makes a call to KMS every time a copy request is made for a KMS-encrypted object.

  [1]: docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html [2]: docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html [3]: docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-objects-Batch-Ops [4]: docs.aws.amazon.com/AmazonS3/latest/userguide/create-import-job

• :request_payer (String) —

  Confirms that the requester knows that they will be charged for the request. Bucket owners need not specify this parameter in their requests. If either the source or destination S3 bucket has Requester Pays enabled, the requester will pay for corresponding charges to copy the object. For information about downloading objects from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets] in the *Amazon S3 User Guide*.

  <note markdown=“1”> This functionality is not supported for directory buckets.

  </note>
  

  [1]: docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html

• :tagging (String) —

  The tag-set for the object. The tag-set must be encoded as URL Query parameters. (For example, “Key1=Value1”)

  <note markdown=“1”> This functionality is not supported for directory buckets.

  </note>
  

• :object_lock_mode (String) —

  The Object Lock mode that you want to apply to this object.

  <note markdown=“1”> This functionality is not supported for directory buckets.

  </note>
  

• :object_lock_retain_until_date (Time, DateTime, Date, Integer, String) —

  The date and time when you want this object’s Object Lock to expire. Must be formatted as a timestamp parameter.

  <note markdown=“1”> This functionality is not supported for directory buckets.

  </note>
  

• :object_lock_legal_hold_status (String) —

  Specifies whether a legal hold will be applied to this object. For more information about S3 Object Lock, see [Object Lock] in the *Amazon S3 User Guide*.

  <note markdown=“1”> This functionality is not supported for directory buckets.

  </note>
  

  [1]: docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html

• :expected_bucket_owner (String) —

  The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code ‘403 Forbidden` (access denied).

Returns:

• (Types::PutObjectOutput)

# File 'lib/aws-sdk-s3/object.rb', line 2874

def put(options = {})
  options = options.merge(
    bucket: @bucket_name,
    key: @key
  )
  resp = Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
    @client.put_object(options)
  end
  resp.data
end

#replication_status ⇒ String

Amazon S3 can return this header if your request involves a bucket that is either a source or a destination in a replication rule.

In replication, you have a source bucket on which you configure replication and destination bucket or buckets where Amazon S3 stores object replicas. When you request an object (‘GetObject`) or object metadata (`HeadObject`) from these buckets, Amazon S3 will return the `x-amz-replication-status` header in the response as follows:

• **If requesting an object from the source bucket**, Amazon S3 will return the ‘x-amz-replication-status` header if the object in your request is eligible for replication.

  For example, suppose that in your replication configuration, you specify object prefix ‘TaxDocs` requesting Amazon S3 to replicate objects with key prefix `TaxDocs`. Any objects you upload with this key name prefix, for example `TaxDocs/document1.pdf`, are eligible for replication. For any object request with this key name prefix, Amazon S3 will return the `x-amz-replication-status` header with value PENDING, COMPLETED or FAILED indicating object replication status.

• **If requesting an object from a destination bucket**, Amazon S3 will return the ‘x-amz-replication-status` header with value REPLICA if the object in your request is a replica that Amazon S3 created and there is no replica modification replication in progress.

• **When replicating objects to multiple destination buckets**, the ‘x-amz-replication-status` header acts differently. The header of the source object will only return a value of COMPLETED when replication is successful to all destinations. The header will remain at value PENDING until replication has completed for all destinations. If one or more destinations fails replication the header will return FAILED.

For more information, see [Replication].

<note markdown=“1”> This functionality is not supported for directory buckets.

</note>

[1]: docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html

Returns:

• (String)

# File 'lib/aws-sdk-s3/object.rb', line 416

def replication_status
  data[:replication_status]
end

#request_charged ⇒ String

If present, indicates that the requester was successfully charged for the request.

<note markdown=“1”> This functionality is not supported for directory buckets.

</note>

Returns:

• (String)

# File 'lib/aws-sdk-s3/object.rb', line 367

def request_charged
  data[:request_charged]
end

#restore ⇒ String

If the object is an archived object (an object whose storage class is GLACIER), the response includes this header if either the archive restoration is in progress (see [RestoreObject] or an archive copy is already restored.

If an archive copy is already restored, the header value indicates when Amazon S3 is scheduled to delete the object copy. For example:

‘x-amz-restore: ongoing-request=“false”, expiry-date=“Fri, 21 Dec 2012 00:00:00 GMT”`

If the object restoration is in progress, the header returns the value ‘ongoing-request=“true”`.

For more information about archiving objects, see [Transitioning Objects: General Considerations].

<note markdown=“1”> This functionality is not supported for directory buckets. Only the S3 Express One Zone storage class is supported by directory buckets to store objects.

</note>

[1]: docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html [2]: docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html#lifecycle-transition-general-considerations

Returns:

• (String)

# File 'lib/aws-sdk-s3/object.rb', line 109

def restore
  data[:restore]
end

#restore_object(options = {}) ⇒ Types::RestoreObjectOutput

Examples:

Request syntax with placeholder values

object.restore_object({
  version_id: "ObjectVersionId",
  restore_request: {
    days: 1,
    glacier_job_parameters: {
      tier: "Standard", # required, accepts Standard, Bulk, Expedited
    },
    type: "SELECT", # accepts SELECT
    tier: "Standard", # accepts Standard, Bulk, Expedited
    description: "Description",
    select_parameters: {
      input_serialization: { # required
        csv: {
          file_header_info: "USE", # accepts USE, IGNORE, NONE
          comments: "Comments",
          quote_escape_character: "QuoteEscapeCharacter",
          record_delimiter: "RecordDelimiter",
          field_delimiter: "FieldDelimiter",
          quote_character: "QuoteCharacter",
          allow_quoted_record_delimiter: false,
        },
        compression_type: "NONE", # accepts NONE, GZIP, BZIP2
        json: {
          type: "DOCUMENT", # accepts DOCUMENT, LINES
        },
        parquet: {
        },
      },
      expression_type: "SQL", # required, accepts SQL
      expression: "Expression", # required
      output_serialization: { # required
        csv: {
          quote_fields: "ALWAYS", # accepts ALWAYS, ASNEEDED
          quote_escape_character: "QuoteEscapeCharacter",
          record_delimiter: "RecordDelimiter",
          field_delimiter: "FieldDelimiter",
          quote_character: "QuoteCharacter",
        },
        json: {
          record_delimiter: "RecordDelimiter",
        },
      },
    },
    output_location: {
      s3: {
        bucket_name: "BucketName", # required
        prefix: "LocationPrefix", # required
        encryption: {
          encryption_type: "AES256", # required, accepts AES256, aws:kms, aws:kms:dsse
          kms_key_id: "SSEKMSKeyId",
          kms_context: "KMSContext",
        },
        canned_acl: "private", # accepts private, public-read, public-read-write, authenticated-read, aws-exec-read, bucket-owner-read, bucket-owner-full-control
        access_control_list: [
          {
            grantee: {
              display_name: "DisplayName",
              email_address: "EmailAddress",
              id: "ID",
              type: "CanonicalUser", # required, accepts CanonicalUser, AmazonCustomerByEmail, Group
              uri: "URI",
            },
            permission: "FULL_CONTROL", # accepts FULL_CONTROL, WRITE, WRITE_ACP, READ, READ_ACP
          },
        ],
        tagging: {
          tag_set: [ # required
            {
              key: "ObjectKey", # required
              value: "Value", # required
            },
          ],
        },
        user_metadata: [
          {
            name: "MetadataKey",
            value: "MetadataValue",
          },
        ],
        storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS, GLACIER_IR, SNOW, EXPRESS_ONEZONE
      },
    },
  },
  request_payer: "requester", # accepts requester
  checksum_algorithm: "CRC32", # accepts CRC32, CRC32C, SHA1, SHA256
  expected_bucket_owner: "AccountId",
})

Parameters:

• options (Hash) (defaults to: {}) —

  ({})

Options Hash (options):

• :version_id (String) —

  VersionId used to reference a specific version of the object.

• :restore_request (Types::RestoreRequest) —

  Container for restore job parameters.

• :request_payer (String) —

  Confirms that the requester knows that they will be charged for the request. Bucket owners need not specify this parameter in their requests. If either the source or destination S3 bucket has Requester Pays enabled, the requester will pay for corresponding charges to copy the object. For information about downloading objects from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets] in the *Amazon S3 User Guide*.

  <note markdown=“1”> This functionality is not supported for directory buckets.

  </note>
  

  [1]: docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html

• :checksum_algorithm (String) —

  Indicates the algorithm used to create the checksum for the object when you use the SDK. This header will not provide any additional functionality if you don’t use the SDK. When you send this header, there must be a corresponding ‘x-amz-checksum` or `x-amz-trailer` header sent. Otherwise, Amazon S3 fails the request with the HTTP status code `400 Bad Request`. For more information, see [Checking object integrity] in the *Amazon S3 User Guide*.

  If you provide an individual checksum, Amazon S3 ignores any provided ‘ChecksumAlgorithm` parameter.

  [1]: docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html

• :expected_bucket_owner (String) —

  The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code ‘403 Forbidden` (access denied).

Returns:

• (Types::RestoreObjectOutput)

# File 'lib/aws-sdk-s3/object.rb', line 3015

def restore_object(options = {})
  options = options.merge(
    bucket: @bucket_name,
    key: @key
  )
  resp = Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
    @client.restore_object(options)
  end
  resp.data
end

#server_side_encryption ⇒ String

The server-side encryption algorithm used when you store this object in Amazon S3 (for example, ‘AES256`, `aws:kms`, `aws:kms:dsse`).

Returns:

• (String)

# File 'lib/aws-sdk-s3/object.rb', line 292

def server_side_encryption
  data[:server_side_encryption]
end

#size ⇒ Object

# File 'lib/aws-sdk-s3/customizations/object.rb', line 6

alias size content_length

#sse_customer_algorithm ⇒ String

If server-side encryption with a customer-provided encryption key was requested, the response will include this header to confirm the encryption algorithm that’s used.

<note markdown=“1”> This functionality is not supported for directory buckets.

</note>

Returns:

• (String)

# File 'lib/aws-sdk-s3/object.rb', line 310

def sse_customer_algorithm
  data[:sse_customer_algorithm]
end

#sse_customer_key_md5 ⇒ String

If server-side encryption with a customer-provided encryption key was requested, the response will include this header to provide the round-trip message integrity verification of the customer-provided encryption key.

<note markdown=“1”> This functionality is not supported for directory buckets.

</note>

Returns:

• (String)

# File 'lib/aws-sdk-s3/object.rb', line 323

def sse_customer_key_md5
  data[:sse_customer_key_md5]
end

#ssekms_key_id ⇒ String

If present, indicates the ID of the KMS key that was used for object encryption.

Returns:

• (String)

# File 'lib/aws-sdk-s3/object.rb', line 330

def ssekms_key_id
  data[:ssekms_key_id]
end

#storage_class ⇒ String

Provides storage class information of the object. Amazon S3 returns this header for all objects except for S3 Standard storage class objects.

For more information, see [Storage Classes].

<note markdown=“1”> Directory buckets - Only the S3 Express One Zone storage class is supported by directory buckets to store objects.

</note>

[1]: docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html

Returns:

• (String)

# File 'lib/aws-sdk-s3/object.rb', line 356

def storage_class
  data[:storage_class]
end

#upload_file(source, options = {}) {|response| ... } ⇒ Boolean

Uploads a file from disk to the current object in S3.

# small files are uploaded in a single API call
obj.upload_file('/path/to/file')

Files larger than or equal to ‘:multipart_threshold` are uploaded using the Amazon S3 multipart upload APIs.

# large files are automatically split into parts
# and the parts are uploaded in parallel
obj.upload_file('/path/to/very_large_file')

The response of the S3 upload API is yielded if a block given.

# API response will have etag value of the file
obj.upload_file('/path/to/file') do |response|
  etag = response.etag
end

You can provide a callback to monitor progress of the upload:

# bytes and totals are each an array with 1 entry per part
progress = Proc.new do |bytes, totals|
  puts bytes.map.with_index { |b, i| "Part #{i+1}: #{b} / #{totals[i]}"}.join(' ') + "Total: #{100.0 * bytes.sum / totals.sum }%" }
end
obj.upload_file('/path/to/file', progress_callback: progress)

Parameters:

• source (String, Pathname, File, Tempfile) —

  A file on the local file system that will be uploaded as this object. This can either be a String or Pathname to the file, an open File object, or an open Tempfile object. If you pass an open File or Tempfile object, then you are responsible for closing it after the upload completes. When using an open Tempfile, rewind it before uploading or else the object will be empty.

• options (Hash) (defaults to: {}) —

  Additional options for Client#put_object when file sizes below the multipart threshold. For files larger than the multipart threshold, options for Client#create_multipart_upload, Client#complete_multipart_upload, and Client#upload_part can be provided.

Options Hash (options):

• :multipart_threshold (Integer) — default: 104857600 —

  Files larger than or equal to ‘:multipart_threshold` are uploaded using the S3 multipart APIs. Default threshold is 100MB.

• :thread_count (Integer) — default: 10 —

  The number of parallel multipart uploads. This option is not used if the file is smaller than ‘:multipart_threshold`.

• :progress_callback (Proc) —

  A Proc that will be called when each chunk of the upload is sent. It will be invoked with [bytes_read], [total_sizes]

Yields:

• (response)

Returns:

• (Boolean) —

  Returns ‘true` when the object is uploaded without any errors.

Raises:

• (MultipartUploadError) —

  If an object is being uploaded in parts, and the upload can not be completed, then the upload is aborted and this error is raised. The raised error has a ‘#errors` method that returns the failures that caused the upload to be aborted.

See Also:

• Client#put_object
• Client#create_multipart_upload
• Client#complete_multipart_upload
• Client#upload_part

# File 'lib/aws-sdk-s3/customizations/object.rb', line 470

def upload_file(source, options = {})
  uploading_options = options.dup
  uploader = FileUploader.new(
    multipart_threshold: uploading_options.delete(:multipart_threshold),
    client: client
  )
  response = Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
    uploader.upload(
      source,
      uploading_options.merge(bucket: bucket_name, key: key)
    )
  end
  yield response if block_given?
  true
end

#upload_stream(options = {}, &block) ⇒ Boolean

Uploads a stream in a streaming fashion to the current object in S3.

Passed chunks automatically split into multipart upload parts and the parts are uploaded in parallel. This allows for streaming uploads that never touch the disk.

Note that this is known to have issues in JRuby until jruby-9.1.15.0, so avoid using this with older versions of JRuby.

Examples:

Streaming chunks of data

obj.upload_stream do |write_stream|
  10.times { write_stream << 'foo' }
end

Streaming chunks of data

obj.upload_stream do |write_stream|
  IO.copy_stream(IO.popen('ls'), write_stream)
end

Streaming chunks of data

obj.upload_stream do |write_stream|
  IO.copy_stream(STDIN, write_stream)
end

Parameters:

• options (Hash) (defaults to: {}) —

  Additional options for Client#create_multipart_upload, Client#complete_multipart_upload, and Client#upload_part can be provided.

Options Hash (options):

• :thread_count (Integer) — default: 10 —

  The number of parallel multipart uploads

• :tempfile (Boolean) — default: false —

  Normally read data is stored in memory when building the parts in order to complete the underlying multipart upload. By passing ‘:tempfile => true` data read will be temporarily stored on disk reducing the memory footprint vastly.

• :part_size (Integer) — default: 5242880 —

  Define how big each part size but the last should be. Default ‘:part_size` is `5 * 1024 * 1024`.

Returns:

• (Boolean) —

  Returns ‘true` when the object is uploaded without any errors.

Raises:

• (MultipartUploadError) —

  If an object is being uploaded in parts, and the upload can not be completed, then the upload is aborted and this error is raised. The raised error has a ‘#errors` method that returns the failures that caused the upload to be aborted.

See Also:

• Client#create_multipart_upload
• Client#complete_multipart_upload
• Client#upload_part

# File 'lib/aws-sdk-s3/customizations/object.rb', line 385

def upload_stream(options = {}, &block)
  uploading_options = options.dup
  uploader = MultipartStreamUploader.new(
    client: client,
    thread_count: uploading_options.delete(:thread_count),
    tempfile: uploading_options.delete(:tempfile),
    part_size: uploading_options.delete(:part_size)
  )
  Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
    uploader.upload(
      uploading_options.merge(bucket: bucket_name, key: key),
      &block
    )
  end
  true
end

#version(id) ⇒ ObjectVersion

Parameters:

• id (String)

Returns:

• (ObjectVersion)

# File 'lib/aws-sdk-s3/object.rb', line 3257

def version(id)
  ObjectVersion.new(
    bucket_name: @bucket_name,
    object_key: @key,
    id: id,
    client: @client
  )
end

#version_id ⇒ String

Version ID of the object.

<note markdown=“1”> This functionality is not supported for directory buckets.

</note>

Returns:

• (String)

# File 'lib/aws-sdk-s3/object.rb', line 230

def version_id
  data[:version_id]
end

#wait_until(options = {}) {|resource| ... } ⇒ Resource

Deprecated.

Use [Aws::S3::Client] #wait_until instead

Note:

The waiting operation is performed on a copy. The original resource remains unchanged.

Waiter polls an API operation until a resource enters a desired state.

## Basic Usage

Waiter will polls until it is successful, it fails by entering a terminal state, or until a maximum number of attempts are made.

# polls in a loop until condition is true
resource.wait_until(options) {|resource| condition}

## Example

instance.wait_until(max_attempts:10, delay:5) do |instance|
  instance.state.name == 'running'
end

## Configuration

You can configure the maximum number of polling attempts, and the delay (in seconds) between each polling attempt. The waiting condition is set by passing a block to #wait_until:

# poll for ~25 seconds
resource.wait_until(max_attempts:5,delay:5) {|resource|...}

## Callbacks

You can be notified before each polling attempt and before each delay. If you throw ‘:success` or `:failure` from these callbacks, it will terminate the waiter.

started_at = Time.now
# poll for 1 hour, instead of a number of attempts
proc = Proc.new do |attempts, response|
  throw :failure if Time.now - started_at > 3600
end

  # disable max attempts
instance.wait_until(before_wait:proc, max_attempts:nil) {...}

## Handling Errors

When a waiter is successful, it returns the Resource. When a waiter fails, it raises an error.

begin
  resource.wait_until(...)
rescue Aws::Waiters::Errors::WaiterFailed
  # resource did not enter the desired state in time
end

attempts attempt in seconds invoked before each attempt invoked before each wait

Parameters:

• options (Hash) (defaults to: {}) —

  a customizable set of options

Options Hash (options):

• :max_attempts (Integer) — default: 10 —

  Maximum number of

• :delay (Integer) — default: 10 —

  Delay between each

• :before_attempt (Proc) — default: nil —

  Callback

• :before_wait (Proc) — default: nil —

  Callback

Yield Parameters:

• resource (Resource) —

  to be used in the waiting condition.

Returns:

• (Resource) —

  if the waiter was successful

Raises:

• (Aws::Waiters::Errors::FailureStateError) —

  Raised when the waiter terminates because the waiter has entered a state that it will not transition out of, preventing success.

  yet successful.

• (Aws::Waiters::Errors::UnexpectedError) —

  Raised when an error is encountered while polling for a resource that is not expected.

• (NotImplementedError) —

  Raised when the resource does not

# File 'lib/aws-sdk-s3/object.rb', line 651

def wait_until(options = {}, &block)
  self_copy = self.dup
  attempts = 0
  options[:max_attempts] = 10 unless options.key?(:max_attempts)
  options[:delay] ||= 10
  options[:poller] = Proc.new do
    attempts += 1
    if block.call(self_copy)
      [:success, self_copy]
    else
      self_copy.reload unless attempts == options[:max_attempts]
      :retry
    end
  end
  Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
    Aws::Waiters::Waiter.new(options).wait({})
  end
end

#wait_until_exists(options = {}, &block) ⇒ Object

Parameters:

• options (Hash) (defaults to: {}) —

  ({})

Options Hash (options):

• :max_attempts (Integer) — default: 20
• :delay (Float) — default: 5
• :before_attempt (Proc)
• :before_wait (Proc)

Returns:

• (Object)

# File 'lib/aws-sdk-s3/object.rb', line 535

def wait_until_exists(options = {}, &block)
  options, params = separate_params_and_options(options)
  waiter = Waiters::ObjectExists.new(options)
  yield_waiter_and_warn(waiter, &block) if block_given?
  Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
    waiter.wait(params.merge(bucket: @bucket_name,
    key: @key))
  end
  Object.new({
    bucket_name: @bucket_name,
    key: @key,
    client: @client
  })
end

#wait_until_not_exists(options = {}, &block) ⇒ Object

Parameters:

• options (Hash) (defaults to: {}) —

  ({})

Options Hash (options):

• :max_attempts (Integer) — default: 20
• :delay (Float) — default: 5
• :before_attempt (Proc)
• :before_wait (Proc)

Returns:

• (Object)

# File 'lib/aws-sdk-s3/object.rb', line 556

def wait_until_not_exists(options = {}, &block)
  options, params = separate_params_and_options(options)
  waiter = Waiters::ObjectNotExists.new(options)
  yield_waiter_and_warn(waiter, &block) if block_given?
  Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
    waiter.wait(params.merge(bucket: @bucket_name,
    key: @key))
  end
  Object.new({
    bucket_name: @bucket_name,
    key: @key,
    client: @client
  })
end

#website_redirect_location ⇒ String

If the bucket is configured as a website, redirects requests for this object to another object in the same bucket or to an external URL. Amazon S3 stores the value of this header in the object metadata.

<note markdown=“1”> This functionality is not supported for directory buckets.

</note>

Returns:

• (String)

# File 'lib/aws-sdk-s3/object.rb', line 285

def website_redirect_location
  data[:website_redirect_location]
end