Skip to main content

s3

Amazon S3

Config#

Servicer#

NameRequiredComments
credentialYsupport hmac and env protocol
force_path_styleNvirtual hosting of buckets
disable_100_continueNto disable the SDK adding the Expect: 100-Continue header to PUT requests over 2MB of content
use_accelerateNs3 accelerate feature
use_arn_regionNuse the region specified in the ARN

Storager#

NameRequiredComments
nameYbucket name
work_dirNwork dir
locationYbucket location

Example#

Init servicer

credential: hmac:<account_name>:<account_key>

Init storager

credential: hmac:<account_name>:<account_key>
name: <container_name>
work_dir: /<work_dir>
location: <bucket_location>

Implementation#

This service implements following interfaces:

Pairs#

Server-Side Encryption (SSE)#

S3 supports three options for Server-Side Encryption:

  • Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3)
  • Server-Side Encryption with Customer Master Keys (CMKs) Stored in AWS Key Management Service (SSE-KMS)
  • Server-Side Encryption with Customer-Provided Keys (SSE-C)

Refer to https://docs.aws.amazon.com/AmazonS3/latest/userguide/serv-side-encryption.html for more details.

SSE-S3#

Server-Side Encryption with Amazon S3-Management Keys

NameComments
server-side-encryptionthe encryption algorithm. should be AES256
Supported Operations#

SSE-KMS#

Server-Side Encryption with Customer Master Keys Stored in AWS Key Management Services

NameComments
server-side-encryptionthe server-side encryption algorithm used when storing this object in Amazon. Should be aws:kms.
server-side-encryption-aws-kms-key-idspecify the ID of the customer managed CMK used to protect the data
server-side-encryption-contextan optional set of key-value pairs that can contain additional contextual information about the data.The value of this header is a base64-encoded UTF-8 string holding JSON with the encryption context key-value pairs.
server-side-encryption-bucket-key-enabledenable or disable an S3 Bucket Key at the object-level. S3 Bucket Keys can reduce your AWS KMS request costs by decreasing the request traffic from Amazon S3 to AWS KMS.
Supported Operations#

SSE-C#

Server-Side Encryption with Customer-Provided Keys

NameComments
server-side-encryption-customer-algorithmUse this header to specify the encryption algorithm. The header value must be "AES256".
server-side-encryption-customer-keya 32-byte customer-provided AES256 key
Supported Operations#
Last updated on by Xuanwo