Skip to main content

s3

Amazon S3

Config#

Servicer#

NameRequiredComments
credentialYsupport hmac and env protocol
force_path_styleNvirtual hosting of buckets
disable_100_continueNto disable the SDK adding the Expect: 100-Continue header to PUT requests over 2MB of content
use_accelerateNs3 accelerate feature
use_arn_regionNuse the region specified in the ARN

Storager#

NameRequiredComments
nameYbucket name
work_dirNwork dir
locationYbucket location

Example#

Init servicer

credential: hmac:<account_name>:<account_key>

Init storager

credential: hmac:<account_name>:<account_key>
name: <container_name>
work_dir: /<work_dir>
location: <bucket_location>

Pairs#

Server-Side Encryption (SSE)#

SSE-S3#

Server-Side Encryption with Amazon S3-Management Keys

NameComments
server-side-encryptionthe encryption algorithm. should be AES256
Supported Operations#

The following REST upload APIs accept the x-amz-server-side-encryption request header:

The response headers of the following REST APIs return x-amz-server-side-encryption header when an object is stored using server-side encryption.

SSE-KMS#

Server-Side Encryption with Customer Master Keys Stored in AWS Key Management Services

NameComments
server-side-encryptionthe server-side encryption algorithm used when storing this object in Amazon. Should be aws:kms.
server-side-encryption-aws-kms-key-idspecify the ID of the customer managed CMK used to protect the data
server-side-encryption-contextan optional set of key-value pairs that can contain additional contextual information about the data.The value of this header is a base64-encoded UTF-8 string holding JSON with the encryption context key-value pairs.
server-side-encryption-bucket-key-enabledenable or disable an S3 Bucket Key at the object-level. S3 Bucket Keys can reduce your AWS KMS request costs by decreasing the request traffic from Amazon S3 to AWS KMS.
Supported Operations#

The following REST APIs accept the x-amz-server-side-encryption, x-amz-server-side-encryption-aws-kms-key-id, and x-amz-server-side-encryption-context request headers.

The response headers of the REST APIs return the x-amz-server-side-encryption header when an object is stored using server-side encryption are the same with SSE-S3.

SSE-C#

Server-Side Encryption with Customer-Provided Keys

NameComments
server-side-encryption-customer-algorithmUse this header to specify the encryption algorithm. The header value must be "AES256".
server-side-encryption-customer-keyUse this header to provide the 256-bit, base64-encoded encryption key for Amazon S3 to use to encrypt or decrypt your data.
server-side-encryption-customer-key-md5a message integrity check to ensure that the encryption key was transmitted without error. Use this header to provide the base64-encoded 128-bit MD5 digest of the encryption key according to RFC 1321.
Supported Operations#