amazon simple storage service - 開発者ガイド simple storage service 開発者ガイド amazon...
TRANSCRIPT
-
Amazon Simple Storage Service
API 2006-03-01
-
Amazon Simple Storage Service
Amazon Simple Storage Service: Copyright 2018 Amazon Web Services, Inc. and/or its affiliates. All rights reserved.
Amazon's trademarks and trade dress may not be used in connection with any product or service that is not Amazon's, in any mannerthat is likely to cause confusion among customers, or in any manner that disparages or discredits Amazon. All other trademarks notowned by Amazon are the property of their respective owners, who may or may not be affiliated with, connected to, or sponsored byAmazon.
-
Amazon Simple Storage Service
Table of ContentsAmazon S3 ................................................................................................................. 1
? ...................................................................................................................... 1 ............................................................................................................................................ 2
Amazon S3 ...................................................................................................... 2Amazon S3 ............................................................................................................... 2Amazon S3 ..................................................................................................................... 3
............................................................................................................................ 3 ..................................................................................................................... 3 .................................................................................................................................. 3 ........................................................................................................................ 4Amazon S3 ........................................................................................ 4
Amazon S3 ..................................................................................................................... 6 ............................................................................................................... 6 ............................................................................................................... 6AWS Identity and Access Management .................................................................................. 7 ................................................................................................ 7 .................................................................................................................. 7 .................................................................................................................................. 8
Amazon S3 (API) ................................................ 8REST ...................................................................................................... 8SOAP ...................................................................................................... 9
Amazon S3 ..................................................................................................................... 9 ............................................................................................................................. 9
.............................................................................................................................. 10 ............................................................................................................... 10
AWS ............................................................................................ 10IAM ................................................................................................. 10 .............................................................................................. 11
...................................................................................................... 11IPv6 ............................................................................................... 12
IPv6 ............................................................................................................... 12IAM IPv6 ............................................................................... 13IP ................................................................................................ 14 ...................................................................... 14
AWS SDK ....................................................................................... 18AWS IAM ......................................................... 18IAM .............................................................................. 25 ............................................................ 34
REST API ....................................................................................... 45 (REST API) .................................................................... 46 .............................................................................................. 46 REST API ............................................................................... 51
.......................................................................................................................................... 54 ......................................................................................................................... 54
....................................................................................................... 55 ............................................................................................................... 56 ............................................................................................................ 57 ............................................................................................................................... 58
.......................................................................................................................... 59 ............................................................................................................... 60
Amazon S3 ............................................................................................ 61AWS SDK for Java ................................................................................................. 61AWS SDK for .NET ................................................................................................. 62AWS SDK for Ruby 3 ............................................................................. 63
API 2006-03-01iii
-
Amazon Simple Storage Service
AWS SDK ...................................................................................................... 63 .......................................................................................... 63
................................................................................................................. 63 .......................................................................................................... 66
...................................................................................................... 67Amazon S3 ........................................................ 68 ....................................... 69 ............................................. 69CloudTrail CloudWatch ........................ 70 ................................................................................................................................ 70
...................................................................................................... 70AWS .................................................................................. 71AWS SDK for Java ................................................................................................. 71AWS SDK for .NET ................................................................................................. 72PHP SDK .......................................................................................................... 73REST API ............................................................................................................. 74
Transfer Acceleration ................................................................................................................. 75Transfer Acceleration .................................................................................. 75 ....................................................................................................... 75Amazon S3 Transfer Acceleration ........................................................ 77Transfer Acceleration ................................................................................................. 77
......................................................................................................... 82 ....................................................................................................... 82REST API ....................................................................................................... 83 ....................................................................................................................... 85
............................................................................................................... 85 ...................................................................................................... 85
.................................................................................................................... 86 .............................................................................................................. 87 ..................................................................................... 89 ....................................................................................................... 94
.................................................................................................................................... 97 ................................................................................................... 98
.............................................................................................................. 98 ................................................................................................... 100
.................................................................................................................... 102 ........................................................... 103 ........................................................... 103GLACIER ............................................................................................. 104: ........................................................................... 105 ............................................................................. 106
.......................................................................................................................... 106 ....................................................................................................................... 107 ........................................................................................................... 109
API ....................................................... 111 ................................................................................... 112 ................................................................................................... 115
................................................................................................................. 118 .................................................................... 118 ........................................................... 119 ............................................................................................................... 119 ................................................................................................ 125 ................................................................................................... 131 ................................................................................................ 141
Cross-Origin Resource Sharing (CORS) ..................................................................................... 150Cross-Origin Resource Sharing: ...................................................... 150 CORS .................................................................................... 151
API 2006-03-01iv
-
Amazon Simple Storage Service
Amazon S3 CORS .......................................................... 153CORS .............................................................................................................. 153CORS ...................................................................................... 159
........................................................................................ 159 ......................................................................................................... 160 ............................................................................................. 169 ...................................................................................................... 212 ................................................................................................ 222 ......................................................................................................... 229 ................................................................................ 247 ................................................................................ 250 ................................................................................ 254
...................................................................................................................... 258 ............................................................................ 258 .............................................................................................................. 259 ................................................................... 261
.................................................. 263Amazon S3 REST API .................................................................................................. 263
.................................................................................................................................. 264Amazon S3 ....................................................................... 264
Amazon S3 ................................................................................. 264Amazon S3 ........................................................................... 265
................................................................................................................. 266 ......................................................................................................... 267
........................................................................................................ 268 ......................................................................................... 269
........................................................................................................ 270>Athena ........................................................................................ 270Amazon S3 REST API ......................................................................................... 271
............................................................................................................................... 272 ................................................................................................................................ 272
.............................................................................................................................. 273Amazon S3 ........................................................................... 278 ............................................... 283: .................................................................................... 287
............................................................................... 316 ............................................................................................. 316 ...................................................................................................... 346 ...................................................................................................... 355
ACL .......................................................................................................... 379 (ACL) ......................................................................... 379ACL .................................................................................................................... 385
.................................................................................................................................. 391 ....................................................................................................................... 391
......................................................................................................... 392 ................................................................................................... 421
....................................................................................................................... 429 .......................................................................... 430MFA Delete .................................................................................................................... 431 .................................................................................................................. 432 ................................................................................................................................. 432 ..................................................... 434 ........................................... 449
...................................................................................................... 452 ..................................................................................................... 453
Amazon REST API .............................................. 454 ............................................................................ 454
API 2006-03-01v
-
Amazon Simple Storage Service
................................................................................ 455 ....................................................................... 455 ....................................................................... 457() .............................................................. 457() ........................................................... 458() ...................................................................................... 459
.................................................................................................................... 466: ........................................................................... 466: .......................................... 468: Amazon CloudFront ........................................................... 477 ............................................................................................. 479
Notifications .................................................................................................................................... 481 ...................................................................................................................................... 481 ................................................................................................. 482 ........................................................................................... 484
......................................................................................... 484 ......................................................................................................... 484
................................................... 485 ............................... 485/ ........................................... 488
............................................. 489AWS Lambda ...................................................... 490SNS SQS ................ 490
1 ................................................................................................................. 492 ...................................................................................................... 492 1: Amazon SNS .................................................................... 492 2: Amazon SQS ....................................................................... 493 3: ........................................................................ 494 4: ..................................................................................... 497
2 ................................................................................................................. 497 ........................................................................................................ 497
(CRR) .......................................................................................... 500 ........................................................................................................... 501 ...................................................................................................................................... 501 .......................................................................................................................... 502 ........................................................................................ 502
...................................................................................................... 502 ................................................................................................... 503 .................................................................................................................. 504
CRR ............................................................................................................... 504 AWS . 505 AWS ................................................................................................................................. 510 .................................................................................................................. 511
CRR .................................................................................................................... 511CRR: .......................................................................................... 511CRR: AWS KMS SSE ..................................................................................................................... 513
CRR .............................................................................................................................. 518 1: AWS ............................................................................ 518 2: AWS ......................................................................... 519CRR: ............................................................................................. 524 ...................................................................................................... 531AWS SDK for Java ............................................................................................... 531AWS SDK for .NET ............................................................................................... 533
CRR ............................................................................................................ 535 .................................................................................................................. 536
API 2006-03-01vi
-
Amazon Simple Storage Service
CRR ................................................................................................... 536 .................................................................................................................. 537
CRR: .............................................................................................................. 537 .................................................................... 537 ....................................................................... 538 ................................................................................ 538CRR ........................................................................................... 538 ...................................................................................... 539 .................................................................................................................. 539
................................................................................................................... 540 REST API ..................................................................................... 540
.............................................................................................................................. 540DNS .......................................................................................................... 540 ................................................................................... 541 ................................................................................... 543
DNS ............................................................................................................ 543 ................................................................................................................... 545
................................................... 545 ............................................... 546 GET ................................................................................. 548
TCP ................................................................................................... 548TCP ................................................................................................................ 549
.................................................................................................................................. 550 ................................................................................................................. 550
.................................................................................................................. 550 ..................................................................................................................... 550
CloudWatch ...................................................................... 551 ............................................................................................. 552 Amazon S3 CloudWatch ............................................. 552Amazon S3 CloudWatch ................................................................... 552Amazon S3 CloudWatch ............................................................................ 554CloudWatch ................................................................................. 555 .................................................................................................................. 556
........................................................................................................ 556 CloudWatch ............................................................. 557 ...................................................................................... 557 ......................................................................................... 557
AWS CloudTrail API ................................................................... 558CloudTrail Amazon S3 ....................................................................................... 558Amazon S3 CloudWatch Logs CloudTrail .......... 563Amazon S3 ........................................................................... 563 .................................................................................................................. 565
BitTorrent ....................................................................................................................................... 566BitTorrent ..................................................................................................... 566BitTorrent Amazon S3 ............................................ 567Amazon S3 BitTorrent ................................................................. 568
..................................................................................................................................... 569REST ........................................................................................................... 569
......................................................................................................... 569 ............................................................................................................ 570
SOAP .......................................................................................................... 570Amazon S3 ....................................................................... 571
InternalError ....................................................................................... 571SlowDown .................................................... 571 ............................................................................................................ 572
Amazon S3 .............................................................................................. 573 Amazon S3 ......................................................................... 573
API 2006-03-01vii
-
Amazon Simple Storage Service
HTTP 503 .............................................................................................................................. 573CORS ........................................ 574
AWS Amazon S3 ID ..................................................................... 574HTTP ID .............................................................................. 574 ID ................................................ 574AWS SDK ID ........................................................................ 575AWS CLI ID ......................................................................... 576
.......................................................................................................................... 576 ............................................................................................................. 577
...................................................................................................................................... 577 ................................................................................ 578 ............................................................................................................... 578 ............................................................................. 578 ............................ 578
.......................................................................................................................... 579 ..................................................................................... 579 ..................................................................................... 579
............................................................................................................ 579 WRITE READ_ACP ................................... 580: AWS SDK for .NET .................................................................................................... 580
............................................................................................................................. 582 ................................................................................................ 585 ............................ 586 ................................................................................ 586
................................................................................................................. 589AWS SDK Explorer ..................................................................................................................... 590
.................................................................................. 591AWS CLI ......................................................................................................... 592AWS SDK for Java ....................................................................................................... 593
Java API ............................................................................................................. 594Amazon S3 Java ................................................................................... 594
AWS SDK for .NET ....................................................................................................... 594.NET API ............................................................................................................. 595Amazon S3 .NET ...................................................................................... 595
AWS SDK for PHP PHP ....................................................................... 595AWS SDK for PHP ........................................................................................... 596PHP ....................................................................................................... 596 .................................................................................................................. 596
AWS SDK for Ruby 3 .................................................................................... 596Ruby API ............................................................................................................. 597Ruby ............................................................................................. 597
AWS SDK for Python (Boto) ........................................................................................... 598iOS Android AWS Mobile SDK ................................................................ 598
.............................................................................................................................. 598AWS Amplify JavaScript ........................................................................... 598
.............................................................................................................................. 599 .............................................................................................................................................. 600
A: SOAP API ........................................................................................................ 600 SOAP API ................................................................................................. 600SOAP ............................................................................................ 601SOAP ...................................................................................... 602
B: (AWS 2) ..................................................................... 603REST API ............................................................................. 604REST ......................................................................................... 606POST ................................................................. 616
........................................................................................................................................ 633
API 2006-03-01viii
-
Amazon Simple Storage Service
SQL ........................................................................................................................... 634SELECT ................................................................................................................... 634
SELECT .............................................................................................................. 634FROM ....................................................................................................................... 634WHERE ..................................................................................................................... 635LIMIT (Amazon S3 Select ) .................................................................................... 635 .................................................................................................................. 635/ ............................................................................ 636 .............................................................. 637 ..................................................................................................................... 637
................................................................................................................................ 638 .................................................................................................................. 638 ...................................................................................... 638
................................................................................................................................... 638 ..................................................................................................................... 639 ..................................................................................................................... 639 ................................................................................................ 639 ..................................................................................................................... 639 ............................................................................................................ 639
....................................................................................................................... 640SQL ............................................................................................................................... 644
(Amazon S3 Select ) .................................................................................... 644 ........................................................................................................................ 645 ........................................................................................................................ 646 ........................................................................................................................ 646 ..................................................................................................................... 652
............................................................................................................................ 655AWS ................................................................................................................................ 670
API 2006-03-01ix
-
Amazon Simple Storage Service ?
Amazon S3 Amazon Simple Storage Service
Amazon S3 Amazon
Amazon S3 (API) Amazon S3
?
Amazon S3
Amazon S3 Amazon Simple Storage Service
Amazon S3 Amazon S3 (p. 2)
? Amazon S3 (p. 54)
Amazon S3 (p. 97)
(p. 10)
Amazon S3 (p. 272)
API 2006-03-011
https://aws.amazon.com/s3/http://docs.aws.amazon.com/AmazonS3/latest/gsg/
-
Amazon Simple Storage Service Amazon S3
Amazon S3 Amazon Simple Storage Service
Amazon S3 (p. 2) Amazon S3 (p. 2) Amazon S3 (p. 3) Amazon S3 (p. 6) Amazon S3 (API) (p. 8) Amazon S3 (p. 9) (p. 9)
Amazon S3 Amazon S3
Amazon S3 (READWRITE ) (AWS)
Amazon S3 Amazon S3 Amazon S3
Amazon S3
Amazon S3 5 TB
Amazon S3 3
REST SOAP
API 2006-03-012
-
Amazon Simple Storage Service Amazon S3
Note
SOAP HTTP HTTPS SOAP Amazon S3 REST API AWSSDK
Amazon S3
(p. 3) (p. 3) (p. 3) (p. 4) Amazon S3 (p. 4)
Amazon S3
Amazon S3 photos/puppy.jpg johnsmith URL http://johnsmith.s3.amazonaws.com/photos/puppy.jpg
Amazon S3
Buckets andRegions (p. 56) Amazon S3 ID Versioning (p. 429)
Amazon S3 (p. 54)
Amazon S3 Amazon S3 Content-Type HTTP
() ID Keys (p. 3) Versioning (p. 429)
1 ID
API 2006-03-013
-
Amazon Simple Storage Service
Amazon S3 + + Amazon S3 http://doc.s3.amazonaws.com/2006-03-01/AmazonS3.wsdl URL doc2006-03-01/AmazonS3.wsdl
Amazon S3 ()
Amazon S3 AWS
Amazon S3 Amazon S3 S3 PUTS "" () HEAD GET Amazon S3
Amazon S3 PUT DELETE
PUT
Amazon S3 Amazon PUT Amazon S3
Amazon S3
Amazon S3
Amazon S3
Amazon S3
Note
Amazon S3 2 PUT
API 2006-03-014
http://docs.aws.amazon.com/general/latest/gr/rande.html#s3_regionhttp://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region
-
Amazon Simple Storage Service Amazon S3
R1 ( 1) R2 ( 2) W1 ( 1) W2 ( 2) R1 R2 color = ruby R1 R2 color = red color = ruby
R1 W2 R1 color = ruby color = garnet
R2 color = garnet R2 color = ruby color = garnet
API 2006-03-015
-
Amazon Simple Storage Service Amazon S3
2 Amazon S3 W1 W2 (color = garnet color = brick) ()
Amazon S3
(p. 6) (p. 6) AWS Identity and Access Management (p. 7) (p. 7) (p. 7) (p. 8)
Amazon S3
Amazon S3 Amazon S3 STANDARD Amazon S3 STANDARD_IA GLACIER
(p. 102)
Amazon S3 (: IP )
Amazon S3 () Amazon
API 2006-03-016
-
Amazon Simple Storage Service AWS Identity and Access Management
S3
1 1 IP (: Nevada/*Utah/*)
() () () 1 Amazon (ARN) () html
Amazon S3 (: PUT ?acl)) (PUTObjectGET Object )
GetObjectGetObjectVersionDeleteObjectDeleteBucket Amazon S3
IP CIDR IP HTTPReferrer (HTTP HTTPS)
(p. 316)
AWS Identity and Access ManagementIAM Amazon S3 AWS Amazon S3
IAM
AWS Identity and Access Management (IAM) IAM
ACL (p. 379)
(p. 107)
API 2006-03-017
https://aws.amazon.com/iam/http://docs.aws.amazon.com/IAM/latest/UserGuide/getting-started.htmlhttp://docs.aws.amazon.com/IAM/latest/UserGuide/
-
Amazon Simple Storage Service
API
HTTP BitTorrent
Amazon S3 (API)
Amazon S3
Amazon S3 REST SOAP 2 REST HTTP 4 KB () HTTP
Note
SOAP HTTP HTTPS SOAP Amazon S3 REST API AWS SDK
REST REST API Amazon S3 HTTP REST HTTP
REST API HTTP
REST API HTTP HTTP () HTTP
API 2006-03-018
-
Amazon Simple Storage Service SOAP
SOAP Note
SOAP HTTP HTTPS SOAP Amazon S3 REST API AWS SDK
SOAP API SOAP 1.1 SOAP WSDL (http://doc.s3.amazonaws.com/2006-03-01/AmazonS3.wsdl )Apache Axis Microsoft .NET SOAP Amazon S3
Amazon S3 Amazon S3
Amazon S3 Amazon
Amazon S3
Amazon S3 Amazon S3
Amazon S3
Amazon Elastic Compute Cloud Amazon EC2
Amazon EMR Hadoop Hadoop Amazon EC2 AmazonS3 Amazon EMR
AWS Import/Export AWS Import/Export RAID Amazon Amazon S3 () AWS Import/Export Developer Guide
API 2006-03-019
http://doc.s3.amazonaws.com/2006-03-01/AmazonS3.wsdlhttp://doc.s3.amazonaws.com/2006-03-01/AmazonS3.wsdlhttps://aws.amazon.com/s3/pricing/https://aws.amazon.com/ec2/https://aws.amazon.com/elasticmapreduce/https://aws.amazon.com/elasticmapreduce/http://docs.aws.amazon.com/AWSImportExport/latest/DG/http://docs.aws.amazon.com/AWSImportExport/latest/DG/
-
Amazon Simple Storage Service
(p. 10) (p. 11) IPv6 Amazon S3 (p. 12) AWS SDK (p. 18) REST API (p. 45)
Amazon S3 REST Amazon S3 REST API Amazon S3 REST API AWS SDK (Sample Code and Libraries)
Amazon S3 (AWS) ID AWS ( ID ) How Do I Get Security Credentials?(AWS General Reference)
AWS SDK REST API
AWS AWS
ID ( 20 ): AKIAIOSFODNN7EXAMPLE (40 ): wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
ID AWS Amazon S3
IAM 1 AWS AWS AWS AWS
AWS Identity and Access Management (IAM) AWS IAM IAM
API 2006-03-0110
https://aws.amazon.com/codehttp://docs.aws.amazon.com/general/latest/gr/getting-aws-sec-creds.html
-
Amazon Simple Storage Service
AWS IAM AWS IAM AWS IAM Amazon S3 AWS AWS Identity and Access Management
IAM IAM IAM () AWSAWS AWS
IAM AWS Security Token Service API AWS STS API AWS SDK API ( ID ) ID AWS IAMAmazon S3
IAM IAM IAM
Amazon S3 API Amazon S3
REST API REST (p. 606) AWS SDK AWS SDK (p. 18)
IAM IAM
Amazon S3 (MFA) MFA (p. 351) Amazon S3 MFA MFA IAM AWS Multi-Factor Authentication() Configuring MFA-Protected API Access
REST AWS AWS General Reference
API 2006-03-0111
https://aws.amazon.com/iam/http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.htmlhttp://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.htmlhttps://aws.amazon.com/mfa/http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_configure-api-require.htmlhttp://docs.aws.amazon.com/general/latest/gr/rande.htmlhttp://docs.aws.amazon.com/general/latest/gr/rande.html
-
Amazon Simple Storage Service IPv6
IPv6 Amazon S3
Amazon Simple Storage Service (Amazon S3) IPv4 6IPv6 S3 Amazon S3IPv6 IPv4 S3 IPv6 Amazon S3 Amazon S3
IPv6 (p. 12) IAM IPv6 (p. 13) IP (p. 14) Amazon S3 (p. 14)
IPv6 IPv6 S3 IPv6
IPv6
IPv6 IPv6
Amazon S3 (p. 15) AWS Identity and Access Management (IAM) IP
IPv6 IAM IPv6 (p. 13)
IPv6 IPv6 IP IPv6 Remote IP Amazon S3 (p. 582) (p. 577)
Note
IPv6 AWS
IPv6 IPv6 Amazon S3 API Amazon S3 API IPv6 IPv4 AmazonS3
REST API (p. 15)
AWS Command Line Interface (AWS CLI) AWS SDK Amazon S3
API 2006-03-0112
https://aws.amazon.com/s3/pricing/https://aws.amazon.com/premiumsupport/
-
Amazon Simple Storage Service IAM IPv6
IPv6
AWS CLI AWS CLI (p. 15)
AWS SDK AWS SDK (p. 16)
REST API REST API (p. 46)
IPv6 IPv6 S3
S3 BitTorrent
IAM IPv6 IPv6 IP IAM S3 IPv6 IPv6 IP IPv6 IAM Amazon S3 (p. 272)
IP IAM IP 54.240.143 IP * IPv4 IP (examplebucket) IPv6 IPv6 examplebucket
{ "Version": "2012-10-17", "Statement": [ { "Sid": "IPAllow", "Effect": "Allow", "Principal": "*", "Action": "s3:*", "Resource": "arn:aws:s3:::examplebucket/*", "Condition": { "IpAddress": {"aws:SourceIp": "54.240.143.0/24"} } } ]}
Condition IPv4 (54.240.143.0/24) IPv6 (2001:DB8:1234:5678::/64) IAM Condition
"Condition": { "IpAddress": { "aws:SourceIp": [ "54.240.143.0/24",
API 2006-03-0113
http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements.html#Conditions_IPAddress
-
Amazon Simple Storage Service IP
"2001:DB8:1234:5678::/64" ] } }
IPv6 IPv6 IP IAM IPv4 IAM IPv6 IPv6 IPv4 IP (p. 348)
https://console.aws.amazon.com/iam/ IAM IAM IAM IAM S3 S3 (Amazon Simple Storage Service )
IP Linux/Unix Mac OS X curl IPv6
Example
curl -v http://s3.dualstack.us-west-2.amazonaws.com/
IPv6 IP IPv6
* About to connect() to s3-us-west-2.amazonaws.com port 80 (#0)* Trying IPv6 address... connected* Connected to s3.dualstack.us-west-2.amazonaws.com (IPv6 address) port 80 (#0)> GET / HTTP/1.1> User-Agent: curl/7.18.1 (x86_64-unknown-linux-gnu) libcurl/7.18.1 OpenSSL/1.0.1t zlib/1.2.3> Host: s3.dualstack.us-west-2.amazonaws.com
Microsoft Windows 7 ping IPv6 IPv4
ping ipv6.s3.dualstack.us-west-2.amazonaws.com
Amazon S3 Amazon S3 IPv6 IPv4 S3
Amazon S3 (p. 15) AWS CLI (p. 15) AWS SDK (p. 16) REST API (p. 17)
API 2006-03-0114
https://console.aws.amazon.com/iam/http://docs.aws.amazon.com/IAM/latest/UserGuide/http://docs.aws.amazon.com/AmazonS3/latest/user-guide/add-bucket-policy.html
-
Amazon Simple Storage Service
Amazon S3 URL IPv6 IPv4 IPv6 IPv6 Amazon S3 (p. 12)
REST API (URI) Amazon S3 S3 Amazon S3
:
bucketname.s3.dualstack.aws-region.amazonaws.com
:
s3.dualstack.aws-region.amazonaws.com/bucketname
(p. 56)Amazon S3 AWS General Reference
Important
Transfer Acceleration Amazon S3 Transfer Acceleration (p. 75)
AWS Command Line Interface (AWS CLI) AWS SDK Amazon S3 AWS CLI AWS SDK
AWS CLI AWS CLIAWS CLI AWS CLI (p. 592)
AWS Config use_dualstack_endpoint true s3 s3api AWS CLI Amazon S3 --region
AWS CLI path virtual URL CLI AWS CLI Amazon S3 Configuration
use_dualstack_endpoint true addressing_style virtual
$ aws configure set default.s3.use_dualstack_endpoint true$ aws configure set default.s3.addressing_style virtual
API 2006-03-0115
http://docs.aws.amazon.com/general/latest/gr/rande.html#s3_regionhttp://docs.aws.amazon.com/general/latest/gr/rande.html#s3_regionhttp://docs.aws.amazon.com/cli/latest/topic/s3-config.html
-
Amazon Simple Storage Service
AWS CLI
s3 s3api --endpoint-url https://s3.dualstack.aws-region.amazonaws.com http://s3.dualstack.aws-region.amazonaws.com
$ aws s3api list-objects --bucket bucketname --endpoint-url https://s3.dualstack.aws-region.amazonaws.com
AWS Config use_dualstack_endpoint true use_dualstack_endpoint
Note
AWS CLI TransferAcceleration AWS CLI AWS Command Line Interface (AWS CLI) Transfer Acceleration (p. 78)
AWS SDK AWS SDK
AWS SDK for Java AWS SDK for Java Amazon S3
Java Amazon S3 Java (p. 594)
import com.amazonaws.AmazonServiceException;import com.amazonaws.SdkClientException;import com.amazonaws.auth.profile.ProfileCredentialsProvider;import com.amazonaws.services.s3.AmazonS3;import com.amazonaws.services.s3.AmazonS3ClientBuilder;
public class DualStackEndpoints {
public static void main(String[] args) { String clientRegion = "*** Client region ***"; String bucketName = "*** Bucket name ***";
try { // Create an Amazon S3 client with dual-stack endpoints enabled. AmazonS3 s3Client = AmazonS3ClientBuilder.standard() .withCredentials(new ProfileCredentialsProvider()) .withRegion(clientRegion) .withDualstackEnabled(true) .build();
s3Client.listObjects(bucketName); } catch(AmazonServiceException e) { // The call was transmitted successfully, but Amazon S3 couldn't process
API 2006-03-0116
-
Amazon Simple Storage Service
// it, so it returned an error response. e.printStackTrace(); } catch(SdkClientException e) { // Amazon S3 couldn't be contacted for a response, or the client // couldn't parse the response from Amazon S3. e.printStackTrace(); } }}
Windows AWS SDK for Java Java (JVM)
java.net.preferIPv6Addresses=true
AWS .NET SDK
AWS SDK for .NET AmazonS3Config
var config = new AmazonS3Config{ UseDualstackEndpoint = true, RegionEndpoint = RegionEndpoint.USWest2};
using (var s3Client = new AmazonS3Client(config)){ var request = new ListObjectsRequest { BucketName = myBucket };
var response = await s3Client.ListObjectsAsync(request);}
.NET AWS SDK for .NET (p. 226)
Note
Transfer Acceleration UseAccelerateEndpoint UseDualstackEndpoint .NET SDK AWS SDK for .NET Transfer Acceleration (p. 80)
.NET Amazon S3 .NET (p. 595)
REST API REST API REST API (p. 46)
API 2006-03-0117
-
Amazon Simple Storage Service AWS SDK
AWS SDK
AWS IAM (p. 18) IAM (p. 25) (p. 34)
Amazon S3 AWS SDK RESTAPI AWS SDK API REST API AWS SDK Sample Code & Libraries
AWS IAM AWS IAM Amazon S3 AWS SDK for JavaAWS SDK for .NETAWS SDK for PHP AWS SDK
AWS IAM AWS SDK for
Java (p. 19) AWS IAM AWS SDK
for .NET (p. 20) AWS IAM AWS SDK for
PHP (p. 22) AWS IAM AWS SDK for
Ruby (p. 23)
AWS SDK SDK AWS
AWS SDK AWS AWS Command Line Interface (AWS CLI) AWS
AWS
1. AWS IAM https://console.aws.amazon.com/iam/
2. IAM IAM () 8
3. AWS [.csv ] 4. .aws Linux OS X
Unix
~/.aws
API 2006-03-0118
https://aws.amazon.com/code/https://aws.amazon.com/code/https://console.aws.amazon.com/iam/https://console.aws.amazon.com/iam/http://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_create.html#id_users_create_consolehttp://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_create.html#id_users_create_console
-
Amazon Simple Storage Service AWS IAM
Windows
%HOMEPATH%\.aws
5. .aws credentials 6. IAM .csv
credentials
[default]aws_access_key_id = your_access_key_idaws_secret_access_key = your_secret_access_key
7. credentials 3 .csv
AWS SDK
AWS IAM AWS SDK for JavaAWS IAM Amazon S3
AmazonS3ClientBuilder AmazonS3Client AmazonS3Client 1 Amazon S3
Amazon S3Java (p. 594)
Example
import java.io.IOException;import java.util.List;
import com.amazonaws.AmazonServiceException;import com.amazonaws.SdkClientException;import com.amazonaws.auth.profile.ProfileCredentialsProvider;import com.amazonaws.services.s3.AmazonS3;import com.amazonaws.services.s3.AmazonS3ClientBuilder;import com.amazonaws.services.s3.model.ListObjectsRequest;import com.amazonaws.services.s3.model.ObjectListing;import com.amazonaws.services.s3.model.S3ObjectSummary;
public class MakingRequests {
public static void main(String[] args) throws IOException { String clientRegion = "*** Client region ***"; String bucketName = "*** Bucket name ***";
try { AmazonS3 s3Client = AmazonS3ClientBuilder.standard() .withCredentials(new ProfileCredentialsProvider()) .withRegion(clientRegion) .build(); // Get a list of objects in the bucket, two at a time, and
API 2006-03-0119
-
Amazon Simple Storage Service AWS IAM
// print the name and size of each object. ListObjectsRequest listRequest = new ListObjectsRequest().withBucketName(bucketName).withMaxKeys(2); ObjectListing objects = s3Client.listObjects(listRequest); while(true) { List summaries = objects.getObjectSummaries(); for(S3ObjectSummary summary : summaries) { System.out.printf("Object \"%s\" retrieved with size %d\n", summary.getKey(), summary.getSize()); } if(objects.isTruncated()) { objects = s3Client.listNextBatchOfObjects(objects); } else { break; } } } catch(AmazonServiceException e) { // The call was transmitted successfully, but Amazon S3 couldn't process // it, so it returned an error response. e.printStackTrace(); } catch(SdkClientException e) { // Amazon S3 couldn't be contacted for a response, or the client // couldn't parse the response from Amazon S3. e.printStackTrace(); } }}
AWS SDKCLIExplorer (p. 590)
AWS IAM AWS SDK for .NETAWS IAM
AmazonS3Client AmazonS3Client 1 Amazon S3
Amazon S3
C# .NET Amazon S3 .NET (p. 595)
Example
using Amazon.S3;using Amazon.S3.Model;using System;using System.Threading.Tasks;
namespace Amazon.DocSamples.S3{ class MakeS3RequestTest
API 2006-03-0120
-
Amazon Simple Storage Service AWS IAM
{ private const string bucketName = "*** bucket name ***"; // Specify your bucket region (an example region is shown). private static readonly RegionEndpoint bucketRegion = RegionEndpoint.USWest2; private static IAmazonS3 client;
public static void Main() { using (client = new AmazonS3Client(bucketRegion)) { Console.WriteLine("Listing objects stored in a bucket"); ListingObjectsAsync().Wait(); } }
static async Task ListingObjectsAsync() { try { ListObjectsRequest request = new ListObjectsRequest { BucketName = bucketName, MaxKeys = 2 }; do { ListObjectsResponse response = await client.ListObjectsAsync(request); // Process the response. foreach (S3Object entry in response.S3Objects) { Console.WriteLine("key = {0} size = {1}", entry.Key, entry.Size); }
// If the response is truncated, set the marker to get the next // set of keys. if (response.IsTruncated) { request.Marker = response.NextMarker; } else { request = null; } } while (request != null); } catch (AmazonS3Exception e) { Console.WriteLine("Error encountered on server. Message:'{0}' when writing an object", e.Message); } catch (Exception e) { Console.WriteLine("Unknown encountered on server. Message:'{0}' when writing an object", e.Message); } } }}
Note
AmazonS3Client Amazon S3
API 2006-03-0121
-
Amazon Simple Storage Service AWS IAM
Amazon S3 (p. 97)Amazon S3 (p. 54)AWS IAM
AWS SDK for .NET (p. 226)
AWS SDKCLIExplorer (p. 590)
AWS IAM AWS SDK for PHP 3 AWS SDK for PHP AWS IAM AWS SDK for PHP PHP (p. 595)AWS SDK for PHP
PHP
Example
-
Amazon Simple Storage Service AWS IAM
Note
S3Client Amazon S3
(p. 159)AWS IAM
AWS SDK for PHP (p. 227)
AWS SDK for PHP for Amazon S3 Aws\S3\S3Client AWS SDK for PHP
AWS IAM AWS SDK for RubyAWS SDK for Ruby 3 Amazon S3 SDK AWS AWS Ruby SDK 3 AWS IAM (p. 18)
Ruby AWS
1. Aws::S3::Resource 2. bucket Aws::S3::Resource
Amazon S3 AWS Amazon S3
3.
Example
# Use the Amazon S3 modularized gem for version 3 of the AWS Ruby SDK.require 'aws-sdk-s3'
# Get an Amazon S3 resource.s3 = Aws::S3::Resource.new(region: 'us-west-2')
# Create an array of up to the first 100 object keynames in the bucket.bucket = s3.bucket('example_bucket').objects.collect(&:key)
# Print the array to the terminal.puts bucket
AWS Aws::S3::Resource AmazonS3 Ruby SDK 3 Amazon S3
API 2006-03-0123
http://docs.aws.amazon.com/aws-sdk-php/v3/api/class-Aws.S3.S3Client.htmlhttp://aws.amazon.com/documentation/sdk-for-php/
-
Amazon Simple Storage Service AWS IAM
Ruby SDK AWS IAM
# auth_request_test.rb# Use the Amazon S3 modularized gem for version 3 of the AWS Ruby SDK.require 'aws-sdk-s3'
# Usage: ruby auth_request_test.rb list BUCKET
# Set the name of the bucket on which the operations are performed.# This argument is requiredbucket_name = nil
# The operation to perform on the bucket.operation = 'list' # defaultoperation = ARGV[0] if (ARGV.length > 0)
if ARGV.length > 1 bucket_name = ARGV[1]else exit 1end
# Get an Amazon S3 resource.s3 = Aws::S3::Resource.new(region: 'us-west-2')
# Get the bucket by name.bucket = s3.bucket(bucket_name)
case operation
when 'list' if bucket.exists? # Enumerate the bucket contents and object etags. puts "Contents of '%s':" % bucket_name puts ' Name => GUID'
bucket.objects.limit(50).each do |obj| puts " #{obj.key} => #{obj.etag}" end else puts "The bucket '%s' does not exist!" % bucket_name end
else puts "Unknown operation: '%s'! Only list is supported." % operationend
API 2006-03-0124
-
Amazon Simple Storage Service IAM
IAM
IAM AWS SDK for Java (p. 25) IAM AWS SDK for .NET (p. 27) AWS IAM AWS SDK
for PHP (p. 29) IAM AWS SDK for Ruby (p. 31)
AWS IAM Amazon S3 AWSSDK for JavaAWS SDK for .NET AWS SDK for PHP Amazon S3
IAM AWS SDK for JavaIAM AWS AWS SDK for Java ( (p. 10)) Amazon S3 IAM
1. AWSSecurityTokenServiceClient AWS SDKCLIExplorer (p. 590)
2. Security Token Service (STS) assumeRole()
3. STS getSessionToken() GetSessionTokenRequest
4. BasicSessionCredentials
Amazon S3
5. AmazonS3Client Amazon S3 Amazon S3
Note
AWS 1 IAM
2 Amazon S3
API 2006-03-0125
-
Amazon Simple Storage Service IAM
IAM AWS IAM IAM IAM IAM
Amazon S3 Java (p. 594)
import com.amazonaws.AmazonServiceException;import com.amazonaws.SdkClientException;import com.amazonaws.auth.AWSStaticCredentialsProvider;import com.amazonaws.auth.BasicSessionCredentials;import com.amazonaws.auth.profile.ProfileCredentialsProvider;import com.amazonaws.services.s3.AmazonS3;import com.amazonaws.services.s3.AmazonS3ClientBuilder;import com.amazonaws.services.s3.model.ObjectListing;import com.amazonaws.services.securitytoken.AWSSecurityTokenService;import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClientBuilder;import com.amazonaws.services.securitytoken.model.AssumeRoleRequest;import com.amazonaws.services.securitytoken.model.Credentials;import com.amazonaws.services.securitytoken.model.GetSessionTokenRequest;import com.amazonaws.services.securitytoken.model.GetSessionTokenResult;
public class MakingRequestsWithIAMTempCredentials { public static void main(String[] args) { String clientRegion = "*** Client region ***"; String roleARN = "*** ARN for role to be assumed ***"; String roleSessionName = "*** Role session name ***"; String bucketName = "*** Bucket name ***";
try { // Creating the STS client is part of your trusted code. It has // the security credentials you use to obtain temporary security credentials. AWSSecurityTokenService stsClient = AWSSecurityTokenServiceClientBuilder.standard() .withCredentials(new ProfileCredentialsProvider()) .withRegion(clientRegion) .build();
// Assume the IAM role. Note that you cannot assume the role of an AWS root account; // Amazon S3 will deny access. You must use credentials for an IAM user or an IAM role. AssumeRoleRequest roleRequest = new AssumeRoleRequest() .withRoleArn(roleARN) .withRoleSessionName(roleSessionName); stsClient.assumeRole(roleRequest);
// Start a session. GetSessionTokenRequest getSessionTokenRequest = new GetSessionTokenRequest(); // The duration can be set to more than 3600 seconds only if temporary // credentials are requested by an IAM user rather than an account owner. getSessionTokenRequest.setDurationSeconds(7200); GetSessionTokenResult sessionTokenResult = stsClient.getSessionToken(getSessionTokenRequest); Credentials sessionCredentials = sessionTokenResult.getCredentials();
// Package the temporary security credentials as a BasicSessionCredentials object // for an Amazon S3 client object to use. BasicSessionCredentials basicSessionCredentials = new BasicSessionCredentials( sessionCredentials.getAccessKeyId(), sessionCredentials.getSecretAccessKey(), sessionCredentials.getSessionToken());
API 2006-03-0126
http://docs.aws.amazon.com/IAM/latest/UserGuide/getting-started_create-admin-group.htmlhttp://docs.aws.amazon.com/IAM/latest/UserGuide/getting-started_create-admin-group.html
-
Amazon Simple Storage Service IAM
// Provide temporary security credentials so that the Amazon S3 client // can send authenticated requests to Amazon S3. You create the client // using the basicSessionCredentials object. AmazonS3 s3Client = AmazonS3ClientBuilder.standard() .withCredentials(new AWSStaticCredentialsProvider(basicSessionCredentials)) .withRegion(clientRegion) .build();
// Verify that assuming the role worked and the permissions are set correctly // by getting a set of object keys from the bucket. ObjectListing objects = s3Client.listObjects(bucketName); System.out.println("No. of Objects: " + objects.getObjectSummaries().size()); } catch(AmazonServiceException e) { // The call was transmitted successfully, but Amazon S3 couldn't process // it, so it returned an error response. e.printStackTrace(); } catch(SdkClientException e) { // Amazon S3 couldn't be contacted for a response, or the client // couldn't parse the response from Amazon S3. e.printStackTrace(); } }}
AWS SDKCLIExplorer (p. 590)
IAM AWS SDK for .NETIAM AWS AWS SDK for .NET Amazon S3 Amazon S3
1. AWS Security Token Service AmazonSecurityTokenServiceClient AWS SDKCLIExplorer (p. 590)
2. STS GetSessionToken GetSessionTokenRequest
3. SessionAWSCredentials
Amazon S3
4. AmazonS3Client Amazon S3 Amazon S3
API 2006-03-0127
-
Amazon Simple Storage Service IAM
Note
AWS 1 IAM
C# 1 Amazon S3
IAM AWS IAM IAM IAM IAM (p. 10)
Amazon S3 .NET (p. 595)
using Amazon.Runtime;using Amazon.S3;using Amazon.S3.Model;using Amazon.SecurityToken;using Amazon.SecurityToken.Model;using System;using System.Collections.Generic;using System.Threading.Tasks;
namespace Amazon.DocSamples.S3{ class TempCredExplicitSessionStartTest { private const string bucketName = "*** bucket name ***"; // Specify your bucket region (an example region is shown). private static readonly RegionEndpoint bucketRegion = RegionEndpoint.USWest2; private static IAmazonS3 s3Client; public static void Main() { ListObjectsAsync().Wait(); }
private static async Task ListObjectsAsync() { try { // Credentials use the default AWS SDK for .NET credential search chain. // On local development machines, this is your default profile. Console.WriteLine("Listing objects stored in a bucket"); SessionAWSCredentials tempCredentials = await GetTemporaryCredentialsAsync();
// Create a client by providing temporary security credentials. using (s3Client = new AmazonS3Client(tempCredentials, bucketRegion)) { var listObjectRequest = new ListObjectsRequest { BucketName = bucketName }; // Send request to Amazon S3. ListObjectsResponse response = await s3Client.ListObjectsAsync(listObjectRequest); List objects = response.S3Objects; Console.WriteLine("Object count = {0}", objects.Count); }
API 2006-03-0128
http://docs.aws.amazon.com/IAM/latest/UserGuide/getting-started_create-admin-group.html
-
Amazon Simple Storage Service IAM
} catch (AmazonS3Exception s3Exception) { Console.WriteLine(s3Exception.Message, s3Exception.InnerException); } catch (AmazonSecurityTokenServiceException stsException) { Console.WriteLine(stsException.Message, stsException.InnerException); } }
private static async Task GetTemporaryCredentialsAsync() { using (var stsClient = new AmazonSecurityTokenServiceClient()) { var getSessionTokenRequest = new GetSessionTokenRequest { DurationSeconds = 7200 // seconds };
GetSessionTokenResponse sessionTokenResponse = await stsClient.GetSessionTokenAsync(getSessionTokenRequest);
Credentials credentials = sessionTokenResponse.Credentials;
var sessionCredentials = new SessionAWSCredentials(credentials.AccessKeyId, credentials.SecretAccessKey, credentials.SessionToken); return sessionCredentials; } } }}
AWS SDKCLIExplorer (p. 590)
AWS IAM AWS SDK for PHP 3 AWS SDK for PHP Amazon S3 AWS SDK for PHP PHP (p. 595)AWS SDK for PHP
IAM AWS 3 AWS SDK for PHP Amazon S3 1 IAM (136 ) IAM (p. 10)
Note
AWS 1 IAM
API 2006-03-0129
http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html
-
Amazon Simple Storage Service IAM
Example
PHP 1 Amazon S3 PHP PHP (p. 596)
IAM AWS IAM IAM IAM IAM IAM AWS SDK for PHP (p. 40)
-
Amazon Simple Storage Service IAM
IAM AWS SDK for RubyIAM AWS AWS SDK for Ruby Amazon S3 1 IAM (136 ) (p. 10)
Note
AWS 1 IAM
Ruby 1 AWS Security Token Service (AWS STS) Amazon S3 AWS
require 'aws-sdk-core'require 'aws-sdk-s3'require 'aws-sdk-iam'
USAGE =
-
Amazon Simple Storage Service IAM
end
# mainregion = 'us-west-2'user_name = ''bucket_name = ''
i = 0
while i < ARGV.length case ARGV[i]
when '-b' i += 1 bucket_name = ARGV[i]
when '-u' i += 1 user_name = ARGV[i]
when '-r' i += 1
region = ARGV[i]
when '-d' puts 'Debugging enabled' $debug = true
when '-h' puts USAGE exit 0
else puts 'Unrecognized option: ' + ARGV[i] puts USAGE exit 1
end
i += 1end
if bucket_name == '' puts 'You must supply a bucket name' puts USAGE exit 1end
if user_name == '' puts 'You must supply a user name' puts USAGE exit 1end
#Identify the IAM user that is allowed to list Amazon S3 bucket items for an hour.user = get_user(region, user_name, true)
# Create a new Amazon STS client and get temporary credentials. This uses a role that was already created.creds = Aws::AssumeRoleCredentials.new( client: Aws::STS::Client.new(region: region), role_arn: "arn:aws:iam::111122223333:role/assumedrolelist", role_session_name: "assumerole-s3-list")
API 2006-03-0132
-
Amazon Simple Storage Service IAM
# Create an Amazon S3 resource with temporary credentials.s3 = Aws::S3::Resource.new(region: region, credentials: creds)
puts "Contents of '%s':" % bucket_nameputs ' Name => GUID'
s3.bucket(bucket_name).objects.limit(50).each do |obj| puts " #{obj.key} => #{obj.etag}"end
API 2006-03-0133
-
Amazon Simple Storage Service
AWS AWS SDK Amazon S3 AWS SDK
Note
AWS IAM IAM IAM IAM
AWS SDK for Java AWS IAM 1
Note
IAM IAM AWS Identity and Access Management
AWSSecurityTokenServiceClient AWS SDK for Java (p. 593)
Security Token Service (STS) getFederationToken() IAM
BasicSessionCredentials Amazon S3
AmazonS3Client Amazon S3 Amazon S3
API 2006-03-0134
https://aws.amazon.com/code/https://aws.amazon.com/iam/faqs/#What_are_the_best_practices_for_using_temporary_security_credentials
-
Amazon Simple Storage Service
Example
S3 2 Amazon S3 AWS IAM
{ "Statement":[{ "Action":["s3:ListBucket", "sts:GetFederationToken*" ], "Effect":"Allow", "Resource":"*" } ]}
IAM IAM IAM
IAM Amazon S3 Java (p. 594)
import java.io.IOException;
import com.amazonaws.AmazonServiceException;import com.amazonaws.SdkClientException;import com.amazonaws.auth.AWSStaticCredentialsProvider;import com.amazonaws.auth.BasicSessionCredentials;import com.amazonaws.auth.policy.Policy;import com.amazonaws.auth.policy.Resource;import com.amazonaws.auth.policy.Statement;import com.amazonaws.auth.policy.Statement.Effect;import com.amazonaws.auth.policy.actions.S3Actions;import com.amazonaws.auth.profile.ProfileCredentialsProvider;import com.amazonaws.services.s3.AmazonS3;import com.amazonaws.services.s3.AmazonS3ClientBuilder;import com.amazonaws.services.securitytoken.AWSSecurityTokenService;import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClientBuilder;import com.amazonaws.services.securitytoken.model.Credentials;import com.amazonaws.services.securitytoken.model.GetFederationTokenRequest;import com.amazonaws.services.securitytoken.model.GetFederationTokenResult;import com.amazonaws.services.s3.model.ObjectListing;
public class MakingRequestsWithFederatedTempCredentials {
public static void main(String[] args) throws IOException { String clientRegion = "*** Client region ***"; String bucketName = "*** Specify bucket name ***"; String federatedUser = "*** Federated user name ***"; String resourceARN = "arn:aws:s3:::" + bucketName;
try { AWSSecurityTokenService stsClient = AWSSecurityTokenServiceClientBuilder .standard() .withCredentials(new ProfileCredentialsProvider()) .withRegion(clientRegion) .build();
API 2006-03-0135
http://docs.aws.amazon.com/IAM/latest/UserGuide/getting-started_create-admin-group.htmlhttp://docs.aws.amazon.com/IAM/latest/UserGuide/getting-started_create-admin-group.html
-
Amazon Simple Storage Service
GetFederationTokenRequest getFederationTokenRequest = new GetFederationTokenRequest(); getFederationTokenRequest.setDurationSeconds(7200); getFederationTokenRequest.setName(federatedUser); // Define the policy and add it to the request. Policy policy = new Policy(); policy.withStatements(new Statement(Effect.Allow) .withActions(S3Actions.ListObjects) .withResources(new Resource(resourceARN))); getFederationTokenRequest.setPolicy(policy.toJson()); // Get the temporary security credentials. GetFederationTokenResult federationTokenResult = stsClient.getFederationToken(getFederationTokenRequest); Credentials sessionCredentials = federationTokenResult.getCredentials(); // Package the session credentials as a BasicSessionCredentials // object for an Amazon S3 client object to use. BasicSessionCredentials basicSessionCredentials = new BasicSessionCredentials( sessionCredentials.getAccessKeyId(), sessionCredentials.getSecretAccessKey(), sessionCredentials.getSessionToken()); AmazonS3 s3Client = AmazonS3ClientBuilder.standard() .withCredentials(new AWSStaticCredentialsProvider(basicSessionCredentials)) .withRegion(clientRegion) .build(); // To verify that the client works, send a listObjects request using // the temporary security credentials. ObjectListing objects = s3Client.listObjects(bucketName); System.out.println("No. of Objects = " + objects.getObjectSummaries().size()); } catch(AmazonServiceException e) { // The call was transmitted successfully, but Amazon S3 couldn't process // it, so it returned an error response. e.printStackTrace(); } catch(SdkClientException e) { // Amazon S3 couldn't be contacted for a response, or the client // couldn't parse the response from Amazon S3. e.printStackTrace(); } }}
AWS SDKCLIExplorer (p. 590)
AWS SDK for .NET AWS IAM
API 2006-03-0136
-
Amazon Simple Storage Service
1 (p. 10)
Note
IAM IAM AWS Identity and Access Management
AWS Security Token Service AmazonSecurityTokenServiceClient AWS SDK for .NET (p. 594)
STS GetFederationToken IAM
SessionAWSCredentials Amazon S3
AmazonS3Client Amazon S3 Amazon S3
Example
C# (User1) 2 Amazon S3
IAM IAM IAM
{ "Statement":[{ "Action":["s3:ListBucket", "sts:GetFederationToken*" ], "Effect":"Allow", "Resource":"*" } ]}
IAM AWS IAM IAM IAM
IAM Amazon S3 (User1) (YourBucketName)
API 2006-03-0137
https://aws.amazon.com/iam/faqs/#What_are_the_best_practices_for_using_temporary_security_credentialshttp://docs.aws.amazon.com/IAM/latest/UserGuide/getting-started_create-admin-group.html
-
Amazon Simple Storage Service
{ "Statement":[ { "Sid":"1", "Action":["s3:ListBucket"], "Effect":"Allow", "Resource":"arn:aws:s3:::YourBucketName" } ]}
Example
Amazon S3 .NET (p. 595)
using Amazon.Runtime;using Amazon.S3;using Amazon.S3.Model;using Amazon.SecurityToken;using Amazon.SecurityToken.Model;using System;using System.Collections.Generic;using System.Threading.Tasks;
namespace Amazon.DocSamples.S3{ class TempFederatedCredentialsTest { private const string bucketName = "*** bucket name ***"; // Specify your bucket region (an example region is shown). private static readonly RegionEndpoint bucketRegion = RegionEndpoint.USWest2; private static IAmazonS3 client;
public static void Main() { ListObjectsAsync().Wait(); }
private static async Task ListObjectsAsync() { try { Console.WriteLine("Listing objects stored in a bucket"); // Credentials use the default AWS SDK for .NET credential search chain. // On local development machines, this is your default profile. SessionAWSCredentials tempCredentials = await GetTemporaryFederatedCredentialsAsync();
// Create a client by providing temporary security credentials. using (client = new AmazonS3Client(bucketRegion)) { ListObjectsRequest listObjectRequest = new ListObjectsRequest(); listObjectRequest.BucketName = bucketName;
ListObjectsResponse response = await client.ListObjectsAsync(listObjectRequest); List objects = response.S3Objects; Console.WriteLine("Object count = {0}", objects.Count);
API 2006-03-0138
-
Amazon Simple Storage Service
Console.WriteLine("Press any key to continue..."); Console.ReadKey(); } } catch (AmazonS3Exception e) { Console.WriteLine("Error encountered ***. Message:'{0}' when writing an object", e.Message); } catch (Exception e) { Console.WriteLine("Unknown encountered on server. Message:'{0}' when writing an object", e.Message); } }
private static async Task GetTemporaryFederatedCredentialsAsync() { AmazonSecurityTokenServiceConfig config = new AmazonSecurityTokenServiceConfig(); AmazonSecurityTokenServiceClient stsClient = new AmazonSecurityTokenServiceClient( config);
GetFederationTokenRequest federationTokenRequest = new GetFederationTokenRequest(); federationTokenRequest.DurationSeconds = 7200; federationTokenRequest.Name = "User1"; federationTokenRequest.Policy = @"{ ""Statement"": [ { ""Sid"":""Stmt1311212314284"", ""Action"":[""s3:ListBucket""], ""Effect"":""Allow"", ""Resource"":""arn:aws:s3:::" + bucketName + @""" } ] } ";
GetFederationTokenResponse federationTokenResponse = await stsClient.GetFederationTokenAsync(federationTokenRequest); Credentials credentials = federationTokenResponse.Credentials;
SessionAWSCredentials sessionCredentials = new SessionAWSCredentials(credentials.AccessKeyId, credentials.SecretAccessKey, credentials.SessionToken); return sessionCredentials; } }}
AWS SDKCLIExplorer (p. 590)
API 2006-03-0139
-
Amazon Simple Storage Service
AWS SDK for PHP 3 AWS SDK for PHP Amazon S3 AWS SDK forPHP PHP (p. 595) AWS SDK for PHP
AWS IAM 1 IAM (p. 10)
IAM IAM ID AWS IAM
PHP PHP (p. 596)
Example
PHP (User1) 1 Amazon S3
IAM IAM IAM IAM
{ "Statement":[{ "Action":["s3:ListBucket", "sts:GetFederationToken*" ], "Effect":"Allow", "Resource":"*" } ]}
IAM AWS IAM IAM IAM
IAM Amazon S3 (User1)
API 2006-03-0140
http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.htmlhttps://aws.amazon.com/iam/faqs/#What_are_the_best_practices_for_using_temporary_security_credentialshttps://aws.amazon.com/iam/faqs/#What_are_the_best_practices_for_using_temporary_security_credentialshttp://docs.aws.amazon.com/IAM/latest/UserGuide/getting-started_create-admin-group.html
-
Amazon Simple Storage Service
{ "Statement":[ { "Sid":"1", "Action":["s3:ListBucket"], "Effect":"Allow", "Resource":"arn:aws:s3:::YourBucketName" } ]}
YourBucketName
-
Amazon Simple Storage Service
'Bucket' => $bucket ]);} catch (S3Exception $e) { echo $e->getMessage() . PHP_EOL;}
AWS SDK for PHP for Amazon S3 Aws\S3\S3Client AWS SDK for PHP
API 2006-03-0142
http://docs.aws.amazon.com/aws-sdk-php/v3/api/class-Aws.S3.S3Client.htmlhttp://aws.amazon.com/documentation/sdk-for-php/
-
Amazon Simple Storage Service
AWS SDK for Ruby AWS IAM IAM 1 IAM (p. 10)
Note
IAM IAM AWSIdentity and Access Management
Example
Ruby
require 'aws-sdk-s3'require 'aws-sdk-iam'
USAGE =
-
Amazon Simple Storage Service
print_debug("Created new user #{user_name}")rescue Aws::IAM::Errors::EntityAlreadyExists print_debug("Found user #{user_name} in region #{region}")endend
# mainregion = 'us-west-2'user_name = ''bucket_name = ''
i = 0
while i < ARGV.length case ARGV[i]
when '-b' i += 1 bucket_name = ARGV[i]
when '-u' i += 1 user_name = ARGV[i]
when '-r' i += 1
region = ARGV[i]
when '-d' puts 'Debugging enabled' $debug = true
when '-h' puts USAGE exit 0
else puts 'Unrecognized option: ' + ARGV[i] puts USAGE exit 1
end
i += 1end
if bucket_name == '' puts 'You must supply a bucket name' puts USAGE exit 1end
if user_name == '' puts 'You must supply a user name' puts USAGE exit 1end
#Identify the IAM user we allow to list Amazon S3 bucket items for an hour.user = get_user(region, user_name, true)
# Create a new STS client and get temporary credentials.sts = Aws::STS::Client.new(region: region)
creds = sts.get_federation_token({
API 2006-03-0144
-
Amazon Simple Storage Service REST API
duration_seconds: 3600, name: user_name, policy: "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"Stmt1\",\"Effect\":\"Allow\",\"Action\":\"s3:ListBucket\",\"Resource\":\"arn:aws:s3:::#{bucket_name}\"}]}",})
# Create an Amazon S3 resource with temporary credentials.s3 = Aws::S3::Resource.new(region: region, credentials: creds)
puts "Contents of '%s':" % bucket_nameputs ' Name => GUID'
s3.bucket(bucket_name).objects.limit(50).each do |obj| puts " #{obj.key} => #{obj.etag}"end
REST API REST API Amazon S3 Amazon S3 AWS General Reference
REST API (p. 46) (p. 46) REST API (p. 51)
REST API Amazon S3 URI Amazon S3 (p. 54)
Example
examplebucket puppy.jpg
DELETE /puppy.jpg HTTP/1.1Host: examplebucket.s3-us-west-2.amazonaws.comDate: Mon, 11 Apr 2016 12:00:00 GMTx-amz-date: Mon, 11 Apr 2016 12:00:00 GMTAuthorization: authorization string
Example
DELETE /examplebucket/puppy.jpg HTTP/1.1Host: s3-us-west-2.amazonaws.comDate: Mon, 11 Apr 2016 12:00:00 GMTx-amz-date: Mon, 11 Apr 2016 12:00:00 GMTAuthorization: authorization string
Amazon S3
API 2006-03-0145
http://docs.aws.amazon.com/general/latest/gr/rande.html#s3_regionhttp://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region
-
Amazon Simple Storage Service (REST API)
() mybucket puppy.jpg URI http://s3-eu-west-1.amazonaws.com/mybucket/puppy.jpg
() HTTP 307 Temporary Redirect URI
http://s3.amazonaws.com (
) http://s3-eu-west-1.amazonaws.com
REST API REST API (URI) Amazon S3 IPv4
Example
puppy.jpg examplebucket REST
GET /puppy.jpg HTTP/1.1Host: examplebucket.s3.dualstack.us-west-2.amazonaws.comDate: Mon, 11 Apr 2016 12:00:00 GMTx-amz-date: Mon, 11 Apr 2016 12:00:00 GMTAuthorization: authorization string
Example
GET /examplebucket/puppy.jpg HTTP/1.1Host: s3.dualstack.us-west-2.amazonaws.comDate: Mon, 11 Apr 2016 12:00:00 GMTx-amz-date: Mon, 11 Apr 2016 12:00:00 GMTAuthorization: authorization string
Amazon S3 (p. 14)
HTTP (p. 47) (p. 48) CNAME Amazon S3 URL (p. 49) (p. 50) (p. 51)
API 2006-03-0146
-
Amazon Simple Storage Service
1 URI Amazon S3 REST URI Amazon S3 HTTP Host REST API Amazon S3 Host http://bucketname.s3.amazonaws.com () Amazon S3 DNS Amazon S3 URL (: http://my.bucketname.com//)
URL 2 favicon.icorobots.txtcrossdomain.xml
Important
Amazon S3 () mybucket puppy.jpg URI http://s3-eu-west-1.amazonaws.com/mybucket/puppy.jpg () HTTP 307 Temporary Redirect URI
http://s3.amazonaws.com
() http://s3-eu-west-1.amazonaws.com
Note
(s3-eu-west-1) () (s3.amazonaws.com)amazonaws.com) Amazon S3 () Amazon S3 DNS () Amazon S3 HTTP 307 REST API (p. 540)SSL SSL HTTP
HTTP GET SSL HTTP Host REST Host
Host s3.amazonaws.com URI URI 2 HTTP 1.0
API 2006-03-0147
-
Amazon Simple Storage Service
Host ".s3.amazonaws.com" Host ".s3.amazonaws.com" URI 3 4 s3.amazonaws.com
Host URI DNS Amazon S3 CNAME DNS
URL
Example