service/s3/api_op_PutObject.go (308 lines of code) (raw):
// Code generated by smithy-go-codegen DO NOT EDIT.
package s3
import (
"context"
"fmt"
awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
awshttp "github.com/aws/aws-sdk-go-v2/aws/transport/http"
internalChecksum "github.com/aws/aws-sdk-go-v2/service/internal/checksum"
s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
"github.com/aws/aws-sdk-go-v2/service/s3/types"
"github.com/aws/smithy-go/middleware"
smithyhttp "github.com/aws/smithy-go/transport/http"
"io"
"time"
)
// Adds an object to a bucket.
//
// - Amazon S3 never adds partial objects; if you receive a success response,
// Amazon S3 added the entire object to the bucket. You cannot use PutObject to
// only update a single piece of metadata for an existing object. You must put the
// entire object with updated metadata if you want to update some values.
//
// - If your bucket uses the bucket owner enforced setting for Object Ownership,
// ACLs are disabled and no longer affect permissions. All objects written to the
// bucket by any account will be owned by the bucket owner.
//
// - Directory buckets - For directory buckets, you must make requests for this
// API operation to the Zonal endpoint. These endpoints support
// virtual-hosted-style requests in the format
// https://amzn-s3-demo-bucket.s3express-zone-id.region-code.amazonaws.com/key-name
// . Path-style requests are not supported. For more information about endpoints
// in Availability Zones, see [Regional and Zonal endpoints for directory buckets in Availability Zones]in the Amazon S3 User Guide. For more information
// about endpoints in Local Zones, see [Concepts for directory buckets in Local Zones]in the Amazon S3 User Guide.
//
// Amazon S3 is a distributed system. If it receives multiple write requests for
// the same object simultaneously, it overwrites all but the last object written.
// However, Amazon S3 provides features that can modify this behavior:
//
// - S3 Object Lock - To prevent objects from being deleted or overwritten, you
// can use [Amazon S3 Object Lock]in the Amazon S3 User Guide.
//
// This functionality is not supported for directory buckets.
//
// - If-None-Match - Uploads the object only if the object key name does not
// already exist in the specified bucket. Otherwise, Amazon S3 returns a 412
// Precondition Failed error. If a conflicting operation occurs during the
// upload, S3 returns a 409 ConditionalRequestConflict response. On a 409
// failure, retry the upload.
//
// Expects the * character (asterisk).
//
// For more information, see [Add preconditions to S3 operations with conditional requests]in the Amazon S3 User Guide or [RFC 7232].
//
// This functionality is not supported for S3 on Outposts.
//
// - S3 Versioning - When you enable versioning for a bucket, if Amazon S3
// receives multiple write requests for the same object simultaneously, it stores
// all versions of the objects. For each write request that is made to the same
// object, Amazon S3 automatically generates a unique version ID of that object
// being stored in Amazon S3. You can retrieve, replace, or delete any version of
// the object. For more information about versioning, see [Adding Objects to Versioning-Enabled Buckets]in the Amazon S3 User
// Guide. For information about returning the versioning state of a bucket, see [GetBucketVersioning]
// .
//
// This functionality is not supported for directory buckets.
//
// Permissions
//
// - General purpose bucket permissions - The following permissions are required
// in your policies when your PutObject request includes specific headers.
//
// - s3:PutObject - To successfully complete the PutObject request, you must
// always have the s3:PutObject permission on a bucket to add an object to it.
//
// - s3:PutObjectAcl - To successfully change the objects ACL of your PutObject
// request, you must have the s3:PutObjectAcl .
//
// - s3:PutObjectTagging - To successfully set the tag-set with your PutObject
// request, you must have the s3:PutObjectTagging .
//
// - Directory bucket permissions - To grant access to this API operation on a
// directory bucket, we recommend that you use the [CreateSession]CreateSession API operation
// for session-based authorization. Specifically, you grant the
// s3express:CreateSession permission to the directory bucket in a bucket policy
// or an IAM identity-based policy. Then, you make the CreateSession API call on
// the bucket to obtain a session token. With the session token in your request
// header, you can make API requests to this operation. After the session token
// expires, you make another CreateSession API call to generate a new session
// token for use. Amazon Web Services CLI or SDKs create session and refresh the
// session token automatically to avoid service interruptions when a session
// expires. For more information about authorization, see [CreateSession]CreateSession .
//
// If the object is encrypted with SSE-KMS, you must also have the
//
// kms:GenerateDataKey and kms:Decrypt permissions in IAM identity-based policies
// and KMS key policies for the KMS key.
//
// Data integrity with Content-MD5
//
// - General purpose bucket - To ensure that data is not corrupted traversing
// the network, use the Content-MD5 header. When you use this header, Amazon S3
// checks the object against the provided MD5 value and, if they do not match,
// Amazon S3 returns an error. Alternatively, when the object's ETag is its MD5
// digest, you can calculate the MD5 while putting the object to Amazon S3 and
// compare the returned ETag to the calculated MD5 value.
//
// - Directory bucket - This functionality is not supported for directory
// buckets.
//
// HTTP Host header syntax Directory buckets - The HTTP Host header syntax is
// Bucket-name.s3express-zone-id.region-code.amazonaws.com .
//
// For more information about related Amazon S3 APIs, see the following:
//
// [CopyObject]
//
// [DeleteObject]
//
// [Concepts for directory buckets in Local Zones]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-lzs-for-directory-buckets.html
// [Amazon S3 Object Lock]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock.html
// [DeleteObject]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html
// [Adding Objects to Versioning-Enabled Buckets]: https://docs.aws.amazon.com/AmazonS3/latest/dev/AddingObjectstoVersioningEnabledBuckets.html
// [Add preconditions to S3 operations with conditional requests]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/conditional-requests.html
// [CopyObject]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html
// [CreateSession]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html
// [RFC 7232]: https://datatracker.ietf.org/doc/rfc7232/
// [Regional and Zonal endpoints for directory buckets in Availability Zones]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/endpoint-directory-buckets-AZ.html
// [GetBucketVersioning]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketVersioning.html
func (c *Client) PutObject(ctx context.Context, params *PutObjectInput, optFns ...func(*Options)) (*PutObjectOutput, error) {
if params == nil {
params = &PutObjectInput{}
}
result, metadata, err := c.invokeOperation(ctx, "PutObject", params, optFns, c.addOperationPutObjectMiddlewares)
if err != nil {
return nil, err
}
out := result.(*PutObjectOutput)
out.ResultMetadata = metadata
return out, nil
}
type PutObjectInput struct {
// The bucket name to which the PUT action was initiated.
//
// Directory buckets - When you use this operation with a directory bucket, you
// must use virtual-hosted-style requests in the format
// Bucket-name.s3express-zone-id.region-code.amazonaws.com . Path-style requests
// are not supported. Directory bucket names must be unique in the chosen Zone
// (Availability Zone or Local Zone). Bucket names must follow the format
// bucket-base-name--zone-id--x-s3 (for example,
// amzn-s3-demo-bucket--usw2-az1--x-s3 ). For information about bucket naming
// restrictions, see [Directory bucket naming rules]in the Amazon S3 User Guide.
//
// Access points - When you use this action with an access point for general
// purpose buckets, you must provide the alias of the access point in place of the
// bucket name or specify the access point ARN. When you use this action with an
// access point for directory buckets, you must provide the access point name in
// place of the bucket name. When using the access point ARN, you must direct
// requests to the access point hostname. The access point hostname takes the form
// AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this
// action with an access point through the Amazon Web Services SDKs, you provide
// the access point ARN in place of the bucket name. For more information about
// access point ARNs, see [Using access points]in the Amazon S3 User Guide.
//
// Object Lambda access points are not supported by directory buckets.
//
// S3 on Outposts - When you use this action with S3 on Outposts, you must direct
// requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the
// form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When
// you use this action with S3 on Outposts, the destination bucket must be the
// Outposts access point ARN or the access point alias. For more information about
// S3 on Outposts, see [What is S3 on Outposts?]in the Amazon S3 User Guide.
//
// [Directory bucket naming rules]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html
// [What is S3 on Outposts?]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html
// [Using access points]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html
//
// This member is required.
Bucket *string
// Object key for which the PUT action was initiated.
//
// This member is required.
Key *string
// The canned ACL to apply to the object. For more information, see [Canned ACL] in the Amazon
// S3 User Guide.
//
// When adding a new object, you can use headers to grant ACL-based permissions to
// individual Amazon Web Services accounts or to predefined groups defined by
// Amazon S3. These permissions are then added to the ACL on the object. By
// default, all objects are private. Only the owner has full access control. For
// more information, see [Access Control List (ACL) Overview]and [Managing ACLs Using the REST API] in the Amazon S3 User Guide.
//
// If the bucket that you're uploading objects to uses the bucket owner enforced
// setting for S3 Object Ownership, ACLs are disabled and no longer affect
// permissions. Buckets that use this setting only accept PUT requests that don't
// specify an ACL or PUT requests that specify bucket owner full control ACLs, such
// as the bucket-owner-full-control canned ACL or an equivalent form of this ACL
// expressed in the XML format. PUT requests that contain other ACLs (for example,
// custom grants to certain Amazon Web Services accounts) fail and return a 400
// error with the error code AccessControlListNotSupported . For more information,
// see [Controlling ownership of objects and disabling ACLs]in the Amazon S3 User Guide.
//
// - This functionality is not supported for directory buckets.
//
// - This functionality is not supported for Amazon S3 on Outposts.
//
// [Managing ACLs Using the REST API]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-using-rest-api.html
// [Access Control List (ACL) Overview]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html
// [Canned ACL]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL
// [Controlling ownership of objects and disabling ACLs]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html
ACL types.ObjectCannedACL
// Object data.
Body io.Reader
// Specifies whether Amazon S3 should use an S3 Bucket Key for object encryption
// with server-side encryption using Key Management Service (KMS) keys (SSE-KMS).
//
// General purpose buckets - Setting this header to true causes Amazon S3 to use
// an S3 Bucket Key for object encryption with SSE-KMS. Also, specifying this
// header with a PUT action doesn't affect bucket-level settings for S3 Bucket Key.
//
// Directory buckets - S3 Bucket Keys are always enabled for GET and PUT
// operations in a directory bucket and can’t be disabled. S3 Bucket Keys aren't
// supported, when you copy SSE-KMS encrypted objects from general purpose buckets
// to directory buckets, from directory buckets to general purpose buckets, or
// between directory buckets, through [CopyObject], [UploadPartCopy], [the Copy operation in Batch Operations], or [the import jobs]. In this case, Amazon S3 makes a
// call to KMS every time a copy request is made for a KMS-encrypted object.
//
// [CopyObject]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html
// [the import jobs]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/create-import-job
// [UploadPartCopy]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html
// [the Copy operation in Batch Operations]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-objects-Batch-Ops
BucketKeyEnabled *bool
// Can be used to specify caching behavior along the request/reply chain. For more
// information, see [http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9].
//
// [http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9]: http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9
CacheControl *string
// Indicates the algorithm used to create the checksum for the object when you use
// the SDK. This header will not provide any additional functionality if you don't
// use the SDK. When you send this header, there must be a corresponding
// x-amz-checksum-algorithm or x-amz-trailer header sent. Otherwise, Amazon S3
// fails the request with the HTTP status code 400 Bad Request .
//
// For the x-amz-checksum-algorithm header, replace algorithm with the
// supported algorithm from the following list:
//
// - CRC32
//
// - CRC32C
//
// - CRC64NVME
//
// - SHA1
//
// - SHA256
//
// For more information, see [Checking object integrity] in the Amazon S3 User Guide.
//
// If the individual checksum value you provide through x-amz-checksum-algorithm
// doesn't match the checksum algorithm you set through
// x-amz-sdk-checksum-algorithm , Amazon S3 fails the request with a BadDigest
// error.
//
// The Content-MD5 or x-amz-sdk-checksum-algorithm header is required for any
// request to upload an object with a retention period configured using Amazon S3
// Object Lock. For more information, see [Uploading objects to an Object Lock enabled bucket]in the Amazon S3 User Guide.
//
// For directory buckets, when you use Amazon Web Services SDKs, CRC32 is the
// default checksum algorithm that's used for performance.
//
// [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html
// [Uploading objects to an Object Lock enabled bucket]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-managing.html#object-lock-put-object
ChecksumAlgorithm types.ChecksumAlgorithm
// This header can be used as a data integrity check to verify that the data
// received is the same data that was originally sent. This header specifies the
// Base64 encoded, 32-bit CRC32 checksum of the object. For more information, see [Checking object integrity]
// in the Amazon S3 User Guide.
//
// [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html
ChecksumCRC32 *string
// This header can be used as a data integrity check to verify that the data
// received is the same data that was originally sent. This header specifies the
// Base64 encoded, 32-bit CRC32C checksum of the object. For more information, see [Checking object integrity]
// in the Amazon S3 User Guide.
//
// [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html
ChecksumCRC32C *string
// This header can be used as a data integrity check to verify that the data
// received is the same data that was originally sent. This header specifies the
// Base64 encoded, 64-bit CRC64NVME checksum of the object. The CRC64NVME checksum
// is always a full object checksum. For more information, see [Checking object integrity in the Amazon S3 User Guide].
//
// [Checking object integrity in the Amazon S3 User Guide]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html
ChecksumCRC64NVME *string
// This header can be used as a data integrity check to verify that the data
// received is the same data that was originally sent. This header specifies the
// Base64 encoded, 160-bit SHA1 digest of the object. For more information, see [Checking object integrity]
// in the Amazon S3 User Guide.
//
// [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html
ChecksumSHA1 *string
// This header can be used as a data integrity check to verify that the data
// received is the same data that was originally sent. This header specifies the
// Base64 encoded, 256-bit SHA256 digest of the object. For more information, see [Checking object integrity]
// in the Amazon S3 User Guide.
//
// [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html
ChecksumSHA256 *string
// Specifies presentational information for the object. For more information, see [https://www.rfc-editor.org/rfc/rfc6266#section-4].
//
// [https://www.rfc-editor.org/rfc/rfc6266#section-4]: https://www.rfc-editor.org/rfc/rfc6266#section-4
ContentDisposition *string
// Specifies what content encodings have been applied to the object and thus what
// decoding mechanisms must be applied to obtain the media-type referenced by the
// Content-Type header field. For more information, see [https://www.rfc-editor.org/rfc/rfc9110.html#field.content-encoding].
//
// [https://www.rfc-editor.org/rfc/rfc9110.html#field.content-encoding]: https://www.rfc-editor.org/rfc/rfc9110.html#field.content-encoding
ContentEncoding *string
// The language the content is in.
ContentLanguage *string
// Size of the body in bytes. This parameter is useful when the size of the body
// cannot be determined automatically. For more information, see [https://www.rfc-editor.org/rfc/rfc9110.html#name-content-length].
//
// [https://www.rfc-editor.org/rfc/rfc9110.html#name-content-length]: https://www.rfc-editor.org/rfc/rfc9110.html#name-content-length
ContentLength *int64
// The Base64 encoded 128-bit MD5 digest of the message (without the headers)
// according to RFC 1864. This header can be used as a message integrity check to
// verify that the data is the same data that was originally sent. Although it is
// optional, we recommend using the Content-MD5 mechanism as an end-to-end
// integrity check. For more information about REST request authentication, see [REST Authentication].
//
// The Content-MD5 or x-amz-sdk-checksum-algorithm header is required for any
// request to upload an object with a retention period configured using Amazon S3
// Object Lock. For more information, see [Uploading objects to an Object Lock enabled bucket]in the Amazon S3 User Guide.
//
// This functionality is not supported for directory buckets.
//
// [REST Authentication]: https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html
// [Uploading objects to an Object Lock enabled bucket]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-managing.html#object-lock-put-object
ContentMD5 *string
// A standard MIME type describing the format of the contents. For more
// information, see [https://www.rfc-editor.org/rfc/rfc9110.html#name-content-type].
//
// [https://www.rfc-editor.org/rfc/rfc9110.html#name-content-type]: https://www.rfc-editor.org/rfc/rfc9110.html#name-content-type
ContentType *string
// The account ID of the expected bucket owner. If the account ID that you provide
// does not match the actual owner of the bucket, the request fails with the HTTP
// status code 403 Forbidden (access denied).
ExpectedBucketOwner *string
// The date and time at which the object is no longer cacheable. For more
// information, see [https://www.rfc-editor.org/rfc/rfc7234#section-5.3].
//
// [https://www.rfc-editor.org/rfc/rfc7234#section-5.3]: https://www.rfc-editor.org/rfc/rfc7234#section-5.3
Expires *time.Time
// Gives the grantee READ, READ_ACP, and WRITE_ACP permissions on the object.
//
// - This functionality is not supported for directory buckets.
//
// - This functionality is not supported for Amazon S3 on Outposts.
GrantFullControl *string
// Allows grantee to read the object data and its metadata.
//
// - This functionality is not supported for directory buckets.
//
// - This functionality is not supported for Amazon S3 on Outposts.
GrantRead *string
// Allows grantee to read the object ACL.
//
// - This functionality is not supported for directory buckets.
//
// - This functionality is not supported for Amazon S3 on Outposts.
GrantReadACP *string
// Allows grantee to write the ACL for the applicable object.
//
// - This functionality is not supported for directory buckets.
//
// - This functionality is not supported for Amazon S3 on Outposts.
GrantWriteACP *string
// Uploads the object only if the ETag (entity tag) value provided during the
// WRITE operation matches the ETag of the object in S3. If the ETag values do not
// match, the operation returns a 412 Precondition Failed error.
//
// If a conflicting operation occurs during the upload S3 returns a 409
// ConditionalRequestConflict response. On a 409 failure you should fetch the
// object's ETag and retry the upload.
//
// Expects the ETag value as a string.
//
// For more information about conditional requests, see [RFC 7232], or [Conditional requests] in the Amazon S3
// User Guide.
//
// [Conditional requests]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/conditional-requests.html
// [RFC 7232]: https://tools.ietf.org/html/rfc7232
IfMatch *string
// Uploads the object only if the object key name does not already exist in the
// bucket specified. Otherwise, Amazon S3 returns a 412 Precondition Failed error.
//
// If a conflicting operation occurs during the upload S3 returns a 409
// ConditionalRequestConflict response. On a 409 failure you should retry the
// upload.
//
// Expects the '*' (asterisk) character.
//
// For more information about conditional requests, see [RFC 7232], or [Conditional requests] in the Amazon S3
// User Guide.
//
// [Conditional requests]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/conditional-requests.html
// [RFC 7232]: https://tools.ietf.org/html/rfc7232
IfNoneMatch *string
// A map of metadata to store with the object in S3.
Metadata map[string]string
// Specifies whether a legal hold will be applied to this object. For more
// information about S3 Object Lock, see [Object Lock]in the Amazon S3 User Guide.
//
// This functionality is not supported for directory buckets.
//
// [Object Lock]: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html
ObjectLockLegalHoldStatus types.ObjectLockLegalHoldStatus
// The Object Lock mode that you want to apply to this object.
//
// This functionality is not supported for directory buckets.
ObjectLockMode types.ObjectLockMode
// The date and time when you want this object's Object Lock to expire. Must be
// formatted as a timestamp parameter.
//
// This functionality is not supported for directory buckets.
ObjectLockRetainUntilDate *time.Time
// Confirms that the requester knows that they will be charged for the request.
// Bucket owners need not specify this parameter in their requests. If either the
// source or destination S3 bucket has Requester Pays enabled, the requester will
// pay for corresponding charges to copy the object. For information about
// downloading objects from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets]in the Amazon S3 User
// Guide.
//
// This functionality is not supported for directory buckets.
//
// [Downloading Objects in Requester Pays Buckets]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
RequestPayer types.RequestPayer
// Specifies the algorithm to use when encrypting the object (for example, AES256 ).
//
// This functionality is not supported for directory buckets.
SSECustomerAlgorithm *string
// Specifies the customer-provided encryption key for Amazon S3 to use in
// encrypting data. This value is used to store the object and then it is
// discarded; Amazon S3 does not store the encryption key. The key must be
// appropriate for use with the algorithm specified in the
// x-amz-server-side-encryption-customer-algorithm header.
//
// This functionality is not supported for directory buckets.
SSECustomerKey *string
// Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321.
// Amazon S3 uses this header for a message integrity check to ensure that the
// encryption key was transmitted without error.
//
// This functionality is not supported for directory buckets.
SSECustomerKeyMD5 *string
// Specifies the Amazon Web Services KMS Encryption Context as an additional
// encryption context to use for object encryption. The value of this header is a
// Base64 encoded string of a UTF-8 encoded JSON, which contains the encryption
// context as key-value pairs. This value is stored as object metadata and
// automatically gets passed on to Amazon Web Services KMS for future GetObject
// operations on this object.
//
// General purpose buckets - This value must be explicitly added during CopyObject
// operations if you want an additional encryption context for your object. For
// more information, see [Encryption context]in the Amazon S3 User Guide.
//
// Directory buckets - You can optionally provide an explicit encryption context
// value. The value must match the default encryption context - the bucket Amazon
// Resource Name (ARN). An additional encryption context value is not supported.
//
// [Encryption context]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html#encryption-context
SSEKMSEncryptionContext *string
// Specifies the KMS key ID (Key ID, Key ARN, or Key Alias) to use for object
// encryption. If the KMS key doesn't exist in the same account that's issuing the
// command, you must use the full Key ARN not the Key ID.
//
// General purpose buckets - If you specify x-amz-server-side-encryption with
// aws:kms or aws:kms:dsse , this header specifies the ID (Key ID, Key ARN, or Key
// Alias) of the KMS key to use. If you specify
// x-amz-server-side-encryption:aws:kms or
// x-amz-server-side-encryption:aws:kms:dsse , but do not provide
// x-amz-server-side-encryption-aws-kms-key-id , Amazon S3 uses the Amazon Web
// Services managed key ( aws/s3 ) to protect the data.
//
// Directory buckets - To encrypt data using SSE-KMS, it's recommended to specify
// the x-amz-server-side-encryption header to aws:kms . Then, the
// x-amz-server-side-encryption-aws-kms-key-id header implicitly uses the bucket's
// default KMS customer managed key ID. If you want to explicitly set the
// x-amz-server-side-encryption-aws-kms-key-id header, it must match the bucket's
// default customer managed key (using key ID or ARN, not alias). Your SSE-KMS
// configuration can only support 1 [customer managed key]per directory bucket's lifetime. The [Amazon Web Services managed key] ( aws/s3
// ) isn't supported.
//
// Incorrect key specification results in an HTTP 400 Bad Request error.
//
// [customer managed key]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk
// [Amazon Web Services managed key]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk
SSEKMSKeyId *string
// The server-side encryption algorithm that was used when you store this object
// in Amazon S3 (for example, AES256 , aws:kms , aws:kms:dsse ).
//
// - General purpose buckets - You have four mutually exclusive options to
// protect data using server-side encryption in Amazon S3, depending on how you
// choose to manage the encryption keys. Specifically, the encryption key options
// are Amazon S3 managed keys (SSE-S3), Amazon Web Services KMS keys (SSE-KMS or
// DSSE-KMS), and customer-provided keys (SSE-C). Amazon S3 encrypts data with
// server-side encryption by using Amazon S3 managed keys (SSE-S3) by default. You
// can optionally tell Amazon S3 to encrypt data at rest by using server-side
// encryption with other key options. For more information, see [Using Server-Side Encryption]in the Amazon S3
// User Guide.
//
// - Directory buckets - For directory buckets, there are only two supported
// options for server-side encryption: server-side encryption with Amazon S3
// managed keys (SSE-S3) ( AES256 ) and server-side encryption with KMS keys
// (SSE-KMS) ( aws:kms ). We recommend that the bucket's default encryption uses
// the desired encryption configuration and you don't override the bucket default
// encryption in your CreateSession requests or PUT object requests. Then, new
// objects are automatically encrypted with the desired encryption settings. For
// more information, see [Protecting data with server-side encryption]in the Amazon S3 User Guide. For more information about
// the encryption overriding behaviors in directory buckets, see [Specifying server-side encryption with KMS for new object uploads].
//
// In the Zonal endpoint API calls (except [CopyObject]and [UploadPartCopy]) using the REST API, the
// encryption request headers must match the encryption settings that are specified
// in the CreateSession request. You can't override the values of the encryption
// settings ( x-amz-server-side-encryption ,
// x-amz-server-side-encryption-aws-kms-key-id ,
// x-amz-server-side-encryption-context , and
// x-amz-server-side-encryption-bucket-key-enabled ) that are specified in the
// CreateSession request. You don't need to explicitly specify these encryption
// settings values in Zonal endpoint API calls, and Amazon S3 will use the
// encryption settings values from the CreateSession request to protect new
// objects in the directory bucket.
//
// When you use the CLI or the Amazon Web Services SDKs, for CreateSession , the
// session token refreshes automatically to avoid service interruptions when a
// session expires. The CLI or the Amazon Web Services SDKs use the bucket's
// default encryption configuration for the CreateSession request. It's not
// supported to override the encryption settings values in the CreateSession
// request. So in the Zonal endpoint API calls (except [CopyObject]and [UploadPartCopy]), the encryption
// request headers must match the default encryption configuration of the directory
// bucket.
//
// [Using Server-Side Encryption]: https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html
// [Specifying server-side encryption with KMS for new object uploads]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-specifying-kms-encryption.html
// [Protecting data with server-side encryption]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-serv-side-encryption.html
// [CopyObject]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html
// [UploadPartCopy]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html
ServerSideEncryption types.ServerSideEncryption
// By default, Amazon S3 uses the STANDARD Storage Class to store newly created
// objects. The STANDARD storage class provides high durability and high
// availability. Depending on performance needs, you can specify a different
// Storage Class. For more information, see [Storage Classes]in the Amazon S3 User Guide.
//
// - Directory buckets only support EXPRESS_ONEZONE (the S3 Express One Zone
// storage class) in Availability Zones and ONEZONE_IA (the S3 One
// Zone-Infrequent Access storage class) in Dedicated Local Zones.
//
// - Amazon S3 on Outposts only uses the OUTPOSTS Storage Class.
//
// [Storage Classes]: https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html
StorageClass types.StorageClass
// The tag-set for the object. The tag-set must be encoded as URL Query
// parameters. (For example, "Key1=Value1")
//
// This functionality is not supported for directory buckets.
Tagging *string
// If the bucket is configured as a website, redirects requests for this object to
// another object in the same bucket or to an external URL. Amazon S3 stores the
// value of this header in the object metadata. For information about object
// metadata, see [Object Key and Metadata]in the Amazon S3 User Guide.
//
// In the following example, the request header sets the redirect to an object
// (anotherPage.html) in the same bucket:
//
// x-amz-website-redirect-location: /anotherPage.html
//
// In the following example, the request header sets the object redirect to
// another website:
//
// x-amz-website-redirect-location: http://www.example.com/
//
// For more information about website hosting in Amazon S3, see [Hosting Websites on Amazon S3] and [How to Configure Website Page Redirects] in the
// Amazon S3 User Guide.
//
// This functionality is not supported for directory buckets.
//
// [How to Configure Website Page Redirects]: https://docs.aws.amazon.com/AmazonS3/latest/dev/how-to-page-redirect.html
// [Hosting Websites on Amazon S3]: https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html
// [Object Key and Metadata]: https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html
WebsiteRedirectLocation *string
// Specifies the offset for appending data to existing objects in bytes. The
// offset must be equal to the size of the existing object being appended to. If no
// object exists, setting this header to 0 will create a new object.
//
// This functionality is only supported for objects in the Amazon S3 Express One
// Zone storage class in directory buckets.
WriteOffsetBytes *int64
noSmithyDocumentSerde
}
func (in *PutObjectInput) bindEndpointParams(p *EndpointParameters) {
p.Bucket = in.Bucket
p.Key = in.Key
}
type PutObjectOutput struct {
// Indicates whether the uploaded object uses an S3 Bucket Key for server-side
// encryption with Key Management Service (KMS) keys (SSE-KMS).
BucketKeyEnabled *bool
// The Base64 encoded, 32-bit CRC32 checksum of the object. This checksum is only
// be present if the checksum was uploaded with the object. When you use an API
// operation on an object that was uploaded using multipart uploads, this value may
// not be a direct checksum value of the full object. Instead, it's a calculation
// based on the checksum values of each individual part. For more information about
// how checksums are calculated with multipart uploads, see [Checking object integrity]in the Amazon S3 User
// Guide.
//
// [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums
ChecksumCRC32 *string
// The Base64 encoded, 32-bit CRC32C checksum of the object. This checksum is only
// present if the checksum was uploaded with the object. When you use an API
// operation on an object that was uploaded using multipart uploads, this value may
// not be a direct checksum value of the full object. Instead, it's a calculation
// based on the checksum values of each individual part. For more information about
// how checksums are calculated with multipart uploads, see [Checking object integrity]in the Amazon S3 User
// Guide.
//
// [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums
ChecksumCRC32C *string
// The Base64 encoded, 64-bit CRC64NVME checksum of the object. This header is
// present if the object was uploaded with the CRC64NVME checksum algorithm, or if
// it was uploaded without a checksum (and Amazon S3 added the default checksum,
// CRC64NVME , to the uploaded object). For more information about how checksums
// are calculated with multipart uploads, see [Checking object integrity in the Amazon S3 User Guide].
//
// [Checking object integrity in the Amazon S3 User Guide]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html
ChecksumCRC64NVME *string
// The Base64 encoded, 160-bit SHA1 digest of the object. This will only be
// present if the object was uploaded with the object. When you use the API
// operation on an object that was uploaded using multipart uploads, this value may
// not be a direct checksum value of the full object. Instead, it's a calculation
// based on the checksum values of each individual part. For more information about
// how checksums are calculated with multipart uploads, see [Checking object integrity]in the Amazon S3 User
// Guide.
//
// [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums
ChecksumSHA1 *string
// The Base64 encoded, 256-bit SHA256 digest of the object. This will only be
// present if the object was uploaded with the object. When you use an API
// operation on an object that was uploaded using multipart uploads, this value may
// not be a direct checksum value of the full object. Instead, it's a calculation
// based on the checksum values of each individual part. For more information about
// how checksums are calculated with multipart uploads, see [Checking object integrity]in the Amazon S3 User
// Guide.
//
// [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums
ChecksumSHA256 *string
// This header specifies the checksum type of the object, which determines how
// part-level checksums are combined to create an object-level checksum for
// multipart objects. For PutObject uploads, the checksum type is always
// FULL_OBJECT . You can use this header as a data integrity check to verify that
// the checksum type that is received is the same checksum that was specified. For
// more information, see [Checking object integrity]in the Amazon S3 User Guide.
//
// [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html
ChecksumType types.ChecksumType
// Entity tag for the uploaded object.
//
// General purpose buckets - To ensure that data is not corrupted traversing the
// network, for objects where the ETag is the MD5 digest of the object, you can
// calculate the MD5 while putting an object to Amazon S3 and compare the returned
// ETag to the calculated MD5 value.
//
// Directory buckets - The ETag for the object in a directory bucket isn't the MD5
// digest of the object.
ETag *string
// If the expiration is configured for the object (see [PutBucketLifecycleConfiguration]) in the Amazon S3 User
// Guide, the response includes this header. It includes the expiry-date and
// rule-id key-value pairs that provide information about object expiration. The
// value of the rule-id is URL-encoded.
//
// Object expiration information is not returned in directory buckets and this
// header returns the value " NotImplemented " in all responses for directory
// buckets.
//
// [PutBucketLifecycleConfiguration]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html
Expiration *string
// If present, indicates that the requester was successfully charged for the
// request.
//
// This functionality is not supported for directory buckets.
RequestCharged types.RequestCharged
// If server-side encryption with a customer-provided encryption key was
// requested, the response will include this header to confirm the encryption
// algorithm that's used.
//
// This functionality is not supported for directory buckets.
SSECustomerAlgorithm *string
// If server-side encryption with a customer-provided encryption key was
// requested, the response will include this header to provide the round-trip
// message integrity verification of the customer-provided encryption key.
//
// This functionality is not supported for directory buckets.
SSECustomerKeyMD5 *string
// If present, indicates the Amazon Web Services KMS Encryption Context to use for
// object encryption. The value of this header is a Base64 encoded string of a
// UTF-8 encoded JSON, which contains the encryption context as key-value pairs.
// This value is stored as object metadata and automatically gets passed on to
// Amazon Web Services KMS for future GetObject operations on this object.
SSEKMSEncryptionContext *string
// If present, indicates the ID of the KMS key that was used for object encryption.
SSEKMSKeyId *string
// The server-side encryption algorithm used when you store this object in Amazon
// S3.
ServerSideEncryption types.ServerSideEncryption
// The size of the object in bytes. This value is only be present if you append
// to an object.
//
// This functionality is only supported for objects in the Amazon S3 Express One
// Zone storage class in directory buckets.
Size *int64
// Version ID of the object.
//
// If you enable versioning for a bucket, Amazon S3 automatically generates a
// unique version ID for the object being stored. Amazon S3 returns this ID in the
// response. When you enable versioning for a bucket, if Amazon S3 receives
// multiple write requests for the same object simultaneously, it stores all of the
// objects. For more information about versioning, see [Adding Objects to Versioning-Enabled Buckets]in the Amazon S3 User
// Guide. For information about returning the versioning state of a bucket, see [GetBucketVersioning].
//
// This functionality is not supported for directory buckets.
//
// [Adding Objects to Versioning-Enabled Buckets]: https://docs.aws.amazon.com/AmazonS3/latest/dev/AddingObjectstoVersioningEnabledBuckets.html
// [GetBucketVersioning]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketVersioning.html
VersionId *string
// Metadata pertaining to the operation's result.
ResultMetadata middleware.Metadata
noSmithyDocumentSerde
}
func (c *Client) addOperationPutObjectMiddlewares(stack *middleware.Stack, options Options) (err error) {
if err := stack.Serialize.Add(&setOperationInputMiddleware{}, middleware.After); err != nil {
return err
}
err = stack.Serialize.Add(&awsRestxml_serializeOpPutObject{}, middleware.After)
if err != nil {
return err
}
err = stack.Deserialize.Add(&awsRestxml_deserializeOpPutObject{}, middleware.After)
if err != nil {
return err
}
if err := addProtocolFinalizerMiddlewares(stack, options, "PutObject"); err != nil {
return fmt.Errorf("add protocol finalizers: %v", err)
}
if err = addlegacyEndpointContextSetter(stack, options); err != nil {
return err
}
if err = addSetLoggerMiddleware(stack, options); err != nil {
return err
}
if err = addClientRequestID(stack); err != nil {
return err
}
if err = addComputeContentLength(stack); err != nil {
return err
}
if err = addResolveEndpointMiddleware(stack, options); err != nil {
return err
}
if err = addComputePayloadSHA256(stack); err != nil {
return err
}
if err = addRetry(stack, options); err != nil {
return err
}
if err = addRawResponseToMetadata(stack); err != nil {
return err
}
if err = addRecordResponseTiming(stack); err != nil {
return err
}
if err = addSpanRetryLoop(stack, options); err != nil {
return err
}
if err = addClientUserAgent(stack, options); err != nil {
return err
}
if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
return err
}
if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
return err
}
if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil {
return err
}
if err = addPutBucketContextMiddleware(stack); err != nil {
return err
}
if err = addTimeOffsetBuild(stack, c); err != nil {
return err
}
if err = addUserAgentRetryMode(stack, options); err != nil {
return err
}
if err = addIsExpressUserAgent(stack); err != nil {
return err
}
if err = addRequestChecksumMetricsTracking(stack, options); err != nil {
return err
}
if err = addCredentialSource(stack, options); err != nil {
return err
}
if err = addOpPutObjectValidationMiddleware(stack); err != nil {
return err
}
if err = stack.Initialize.Add(newServiceMetadataMiddleware_opPutObject(options.Region), middleware.Before); err != nil {
return err
}
if err = addMetadataRetrieverMiddleware(stack); err != nil {
return err
}
if err = add100Continue(stack, options); err != nil {
return err
}
if err = addRecursionDetection(stack); err != nil {
return err
}
if err = addPutObjectInputChecksumMiddlewares(stack, options); err != nil {
return err
}
if err = addPutObjectUpdateEndpoint(stack, options); err != nil {
return err
}
if err = addResponseErrorMiddleware(stack); err != nil {
return err
}
if err = v4.AddContentSHA256HeaderMiddleware(stack); err != nil {
return err
}
if err = v4.UseDynamicPayloadSigningMiddleware(stack); err != nil {
return err
}
if err = disableAcceptEncodingGzip(stack); err != nil {
return err
}
if err = addRequestResponseLogging(stack, options); err != nil {
return err
}
if err = addDisableHTTPSMiddleware(stack, options); err != nil {
return err
}
if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
return err
}
if err = addSpanInitializeStart(stack); err != nil {
return err
}
if err = addSpanInitializeEnd(stack); err != nil {
return err
}
if err = addSpanBuildRequestStart(stack); err != nil {
return err
}
if err = addSpanBuildRequestEnd(stack); err != nil {
return err
}
return nil
}
func (v *PutObjectInput) bucket() (string, bool) {
if v.Bucket == nil {
return "", false
}
return *v.Bucket, true
}
func newServiceMetadataMiddleware_opPutObject(region string) *awsmiddleware.RegisterServiceMetadata {
return &awsmiddleware.RegisterServiceMetadata{
Region: region,
ServiceID: ServiceID,
OperationName: "PutObject",
}
}
// getPutObjectRequestAlgorithmMember gets the request checksum algorithm value
// provided as input.
func getPutObjectRequestAlgorithmMember(input interface{}) (string, bool) {
in := input.(*PutObjectInput)
if len(in.ChecksumAlgorithm) == 0 {
return "", false
}
return string(in.ChecksumAlgorithm), true
}
func addPutObjectInputChecksumMiddlewares(stack *middleware.Stack, options Options) error {
return addInputChecksumMiddleware(stack, internalChecksum.InputMiddlewareOptions{
GetAlgorithm: getPutObjectRequestAlgorithmMember,
RequireChecksum: false,
RequestChecksumCalculation: options.RequestChecksumCalculation,
EnableTrailingChecksum: true,
EnableComputeSHA256PayloadHash: true,
EnableDecodedContentLengthHeader: true,
})
}
// getPutObjectBucketMember returns a pointer to string denoting a provided bucket
// member valueand a boolean indicating if the input has a modeled bucket name,
func getPutObjectBucketMember(input interface{}) (*string, bool) {
in := input.(*PutObjectInput)
if in.Bucket == nil {
return nil, false
}
return in.Bucket, true
}
func addPutObjectUpdateEndpoint(stack *middleware.Stack, options Options) error {
return s3cust.UpdateEndpoint(stack, s3cust.UpdateEndpointOptions{
Accessor: s3cust.UpdateEndpointParameterAccessor{
GetBucketFromInput: getPutObjectBucketMember,
},
UsePathStyle: options.UsePathStyle,
UseAccelerate: options.UseAccelerate,
SupportsAccelerate: true,
TargetS3ObjectLambda: false,
EndpointResolver: options.EndpointResolver,
EndpointResolverOptions: options.EndpointOptions,
UseARNRegion: options.UseARNRegion,
DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
})
}
// PresignPutObject is used to generate a presigned HTTP Request which contains
// presigned URL, signed headers and HTTP method used.
func (c *PresignClient) PresignPutObject(ctx context.Context, params *PutObjectInput, optFns ...func(*PresignOptions)) (*v4.PresignedHTTPRequest, error) {
if params == nil {
params = &PutObjectInput{}
}
options := c.options.copy()
for _, fn := range optFns {
fn(&options)
}
clientOptFns := append(options.ClientOptions, withNopHTTPClientAPIOption)
clientOptFns = append(options.ClientOptions, withNoDefaultChecksumAPIOption)
result, _, err := c.client.invokeOperation(ctx, "PutObject", params, clientOptFns,
c.client.addOperationPutObjectMiddlewares,
presignConverter(options).convertToPresignMiddleware,
func(stack *middleware.Stack, options Options) error {
return awshttp.RemoveContentTypeHeader(stack)
},
addPutObjectPayloadAsUnsigned,
)
if err != nil {
return nil, err
}
out := result.(*v4.PresignedHTTPRequest)
return out, nil
}
func addPutObjectPayloadAsUnsigned(stack *middleware.Stack, options Options) error {
v4.RemoveContentSHA256HeaderMiddleware(stack)
v4.RemoveComputePayloadSHA256Middleware(stack)
return v4.AddUnsignedPayloadMiddleware(stack)
}