amazon simple storage service - 開発者ガイド simple storage service 開発者ガイド amazon...

Amazon Simple Storage Service

API 2006-03-01


Amazon Simple Storage Service: Copyright 2018 Amazon Web Services, Inc. and/or its affiliates. All rights reserved.

Amazon's trademarks and trade dress may not be used in connection with any product or service that is not Amazon's, in any mannerthat is likely to cause confusion among customers, or in any manner that disparages or discredits Amazon. All other trademarks notowned by Amazon are the property of their respective owners, who may or may not be affiliated with, connected to, or sponsored byAmazon.


Table of ContentsAmazon S3 ................................................................................................................. 1

? ...................................................................................................................... 1 ............................................................................................................................................ 2

Amazon S3 ...................................................................................................... 2Amazon S3 ............................................................................................................... 2Amazon S3 ..................................................................................................................... 3

............................................................................................................................ 3 ..................................................................................................................... 3 .................................................................................................................................. 3 ........................................................................................................................ 4Amazon S3 ........................................................................................ 4

Amazon S3 ..................................................................................................................... 6 ............................................................................................................... 6 ............................................................................................................... 6AWS Identity and Access Management .................................................................................. 7 ................................................................................................ 7 .................................................................................................................. 7 .................................................................................................................................. 8

Amazon S3 (API) ................................................ 8REST ...................................................................................................... 8SOAP ...................................................................................................... 9

Amazon S3 ..................................................................................................................... 9 ............................................................................................................................. 9

.............................................................................................................................. 10 ............................................................................................................... 10

AWS ............................................................................................ 10IAM ................................................................................................. 10 .............................................................................................. 11

...................................................................................................... 11IPv6 ............................................................................................... 12

IPv6 ............................................................................................................... 12IAM IPv6 ............................................................................... 13IP ................................................................................................ 14 ...................................................................... 14

AWS SDK ....................................................................................... 18AWS IAM ......................................................... 18IAM .............................................................................. 25 ............................................................ 34

REST API ....................................................................................... 45 (REST API) .................................................................... 46 .............................................................................................. 46 REST API ............................................................................... 51

.......................................................................................................................................... 54 ......................................................................................................................... 54

....................................................................................................... 55 ............................................................................................................... 56 ............................................................................................................ 57 ............................................................................................................................... 58

.......................................................................................................................... 59 ............................................................................................................... 60

Amazon S3 ............................................................................................ 61AWS SDK for Java ................................................................................................. 61AWS SDK for .NET ................................................................................................. 62AWS SDK for Ruby 3 ............................................................................. 63

API 2006-03-01iii


AWS SDK ...................................................................................................... 63 .......................................................................................... 63

................................................................................................................. 63 .......................................................................................................... 66

...................................................................................................... 67Amazon S3 ........................................................ 68 ....................................... 69 ............................................. 69CloudTrail CloudWatch ........................ 70 ................................................................................................................................ 70

...................................................................................................... 70AWS .................................................................................. 71AWS SDK for Java ................................................................................................. 71AWS SDK for .NET ................................................................................................. 72PHP SDK .......................................................................................................... 73REST API ............................................................................................................. 74

Transfer Acceleration ................................................................................................................. 75Transfer Acceleration .................................................................................. 75 ....................................................................................................... 75Amazon S3 Transfer Acceleration ........................................................ 77Transfer Acceleration ................................................................................................. 77

......................................................................................................... 82 ....................................................................................................... 82REST API ....................................................................................................... 83 ....................................................................................................................... 85

............................................................................................................... 85 ...................................................................................................... 85

.................................................................................................................... 86 .............................................................................................................. 87 ..................................................................................... 89 ....................................................................................................... 94

.................................................................................................................................... 97 ................................................................................................... 98

.............................................................................................................. 98 ................................................................................................... 100

.................................................................................................................... 102 ........................................................... 103 ........................................................... 103GLACIER ............................................................................................. 104: ........................................................................... 105 ............................................................................. 106

.......................................................................................................................... 106 ....................................................................................................................... 107 ........................................................................................................... 109

API ....................................................... 111 ................................................................................... 112 ................................................................................................... 115

................................................................................................................. 118 .................................................................... 118 ........................................................... 119 ............................................................................................................... 119 ................................................................................................ 125 ................................................................................................... 131 ................................................................................................ 141

Cross-Origin Resource Sharing (CORS) ..................................................................................... 150Cross-Origin Resource Sharing: ...................................................... 150 CORS .................................................................................... 151

API 2006-03-01iv


Amazon S3 CORS .......................................................... 153CORS .............................................................................................................. 153CORS ...................................................................................... 159

........................................................................................ 159 ......................................................................................................... 160 ............................................................................................. 169 ...................................................................................................... 212 ................................................................................................ 222 ......................................................................................................... 229 ................................................................................ 247 ................................................................................ 250 ................................................................................ 254

...................................................................................................................... 258 ............................................................................ 258 .............................................................................................................. 259 ................................................................... 261

.................................................. 263Amazon S3 REST API .................................................................................................. 263

.................................................................................................................................. 264Amazon S3 ....................................................................... 264

Amazon S3 ................................................................................. 264Amazon S3 ........................................................................... 265

................................................................................................................. 266 ......................................................................................................... 267

........................................................................................................ 268 ......................................................................................... 269

........................................................................................................ 270>Athena ........................................................................................ 270Amazon S3 REST API ......................................................................................... 271

............................................................................................................................... 272 ................................................................................................................................ 272

.............................................................................................................................. 273Amazon S3 ........................................................................... 278 ............................................... 283: .................................................................................... 287

............................................................................... 316 ............................................................................................. 316 ...................................................................................................... 346 ...................................................................................................... 355

ACL .......................................................................................................... 379 (ACL) ......................................................................... 379ACL .................................................................................................................... 385

.................................................................................................................................. 391 ....................................................................................................................... 391

......................................................................................................... 392 ................................................................................................... 421

....................................................................................................................... 429 .......................................................................... 430MFA Delete .................................................................................................................... 431 .................................................................................................................. 432 ................................................................................................................................. 432 ..................................................... 434 ........................................... 449

...................................................................................................... 452 ..................................................................................................... 453

Amazon REST API .............................................. 454 ............................................................................ 454

API 2006-03-01v


................................................................................ 455 ....................................................................... 455 ....................................................................... 457() .............................................................. 457() ........................................................... 458() ...................................................................................... 459

.................................................................................................................... 466: ........................................................................... 466: .......................................... 468: Amazon CloudFront ........................................................... 477 ............................................................................................. 479

Notifications .................................................................................................................................... 481 ...................................................................................................................................... 481 ................................................................................................. 482 ........................................................................................... 484

......................................................................................... 484 ......................................................................................................... 484

................................................... 485 ............................... 485/ ........................................... 488

............................................. 489AWS Lambda ...................................................... 490SNS SQS ................ 490

1 ................................................................................................................. 492 ...................................................................................................... 492 1: Amazon SNS .................................................................... 492 2: Amazon SQS ....................................................................... 493 3: ........................................................................ 494 4: ..................................................................................... 497

2 ................................................................................................................. 497 ........................................................................................................ 497

(CRR) .......................................................................................... 500 ........................................................................................................... 501 ...................................................................................................................................... 501 .......................................................................................................................... 502 ........................................................................................ 502

...................................................................................................... 502 ................................................................................................... 503 .................................................................................................................. 504

CRR ............................................................................................................... 504 AWS . 505 AWS ................................................................................................................................. 510 .................................................................................................................. 511

CRR .................................................................................................................... 511CRR: .......................................................................................... 511CRR: AWS KMS SSE ..................................................................................................................... 513

CRR .............................................................................................................................. 518 1: AWS ............................................................................ 518 2: AWS ......................................................................... 519CRR: ............................................................................................. 524 ...................................................................................................... 531AWS SDK for Java ............................................................................................... 531AWS SDK for .NET ............................................................................................... 533

CRR ............................................................................................................ 535 .................................................................................................................. 536

API 2006-03-01vi


CRR ................................................................................................... 536 .................................................................................................................. 537

CRR: .............................................................................................................. 537 .................................................................... 537 ....................................................................... 538 ................................................................................ 538CRR ........................................................................................... 538 ...................................................................................... 539 .................................................................................................................. 539

................................................................................................................... 540 REST API ..................................................................................... 540

.............................................................................................................................. 540DNS .......................................................................................................... 540 ................................................................................... 541 ................................................................................... 543

DNS ............................................................................................................ 543 ................................................................................................................... 545

................................................... 545 ............................................... 546 GET ................................................................................. 548

TCP ................................................................................................... 548TCP ................................................................................................................ 549

.................................................................................................................................. 550 ................................................................................................................. 550

.................................................................................................................. 550 ..................................................................................................................... 550

CloudWatch ...................................................................... 551 ............................................................................................. 552 Amazon S3 CloudWatch ............................................. 552Amazon S3 CloudWatch ................................................................... 552Amazon S3 CloudWatch ............................................................................ 554CloudWatch ................................................................................. 555 .................................................................................................................. 556

........................................................................................................ 556 CloudWatch ............................................................. 557 ...................................................................................... 557 ......................................................................................... 557

AWS CloudTrail API ................................................................... 558CloudTrail Amazon S3 ....................................................................................... 558Amazon S3 CloudWatch Logs CloudTrail .......... 563Amazon S3 ........................................................................... 563 .................................................................................................................. 565

BitTorrent ....................................................................................................................................... 566BitTorrent ..................................................................................................... 566BitTorrent Amazon S3 ............................................ 567Amazon S3 BitTorrent ................................................................. 568

..................................................................................................................................... 569REST ........................................................................................................... 569

......................................................................................................... 569 ............................................................................................................ 570

SOAP .......................................................................................................... 570Amazon S3 ....................................................................... 571

InternalError ....................................................................................... 571SlowDown .................................................... 571 ............................................................................................................ 572

Amazon S3 .............................................................................................. 573 Amazon S3 ......................................................................... 573

API 2006-03-01vii


HTTP 503 .............................................................................................................................. 573CORS ........................................ 574

AWS Amazon S3 ID ..................................................................... 574HTTP ID .............................................................................. 574 ID ................................................ 574AWS SDK ID ........................................................................ 575AWS CLI ID ......................................................................... 576

.......................................................................................................................... 576 ............................................................................................................. 577

...................................................................................................................................... 577 ................................................................................ 578 ............................................................................................................... 578 ............................................................................. 578 ............................ 578

.......................................................................................................................... 579 ..................................................................................... 579 ..................................................................................... 579

............................................................................................................ 579 WRITE READ_ACP ................................... 580: AWS SDK for .NET .................................................................................................... 580

............................................................................................................................. 582 ................................................................................................ 585 ............................ 586 ................................................................................ 586

................................................................................................................. 589AWS SDK Explorer ..................................................................................................................... 590

.................................................................................. 591AWS CLI ......................................................................................................... 592AWS SDK for Java ....................................................................................................... 593

Java API ............................................................................................................. 594Amazon S3 Java ................................................................................... 594

AWS SDK for .NET ....................................................................................................... 594.NET API ............................................................................................................. 595Amazon S3 .NET ...................................................................................... 595

AWS SDK for PHP PHP ....................................................................... 595AWS SDK for PHP ........................................................................................... 596PHP ....................................................................................................... 596 .................................................................................................................. 596

AWS SDK for Ruby 3 .................................................................................... 596Ruby API ............................................................................................................. 597Ruby ............................................................................................. 597

AWS SDK for Python (Boto) ........................................................................................... 598iOS Android AWS Mobile SDK ................................................................ 598

.............................................................................................................................. 598AWS Amplify JavaScript ........................................................................... 598

.............................................................................................................................. 599 .............................................................................................................................................. 600

A: SOAP API ........................................................................................................ 600 SOAP API ................................................................................................. 600SOAP ............................................................................................ 601SOAP ...................................................................................... 602

B: (AWS 2) ..................................................................... 603REST API ............................................................................. 604REST ......................................................................................... 606POST ................................................................. 616

........................................................................................................................................ 633

API 2006-03-01viii


SQL ........................................................................................................................... 634SELECT ................................................................................................................... 634

SELECT .............................................................................................................. 634FROM ....................................................................................................................... 634WHERE ..................................................................................................................... 635LIMIT (Amazon S3 Select ) .................................................................................... 635 .................................................................................................................. 635/ ............................................................................ 636 .............................................................. 637 ..................................................................................................................... 637

................................................................................................................................ 638 .................................................................................................................. 638 ...................................................................................... 638

................................................................................................................................... 638 ..................................................................................................................... 639 ..................................................................................................................... 639 ................................................................................................ 639 ..................................................................................................................... 639 ............................................................................................................ 639

....................................................................................................................... 640SQL ............................................................................................................................... 644

(Amazon S3 Select ) .................................................................................... 644 ........................................................................................................................ 645 ........................................................................................................................ 646 ........................................................................................................................ 646 ..................................................................................................................... 652

............................................................................................................................ 655AWS ................................................................................................................................ 670

API 2006-03-01ix

Amazon Simple Storage Service ?

Amazon S3 Amazon Simple Storage Service

Amazon S3 Amazon

Amazon S3 (API) Amazon S3

?

Amazon S3


Amazon S3 Amazon S3 (p. 2)

? Amazon S3 (p. 54)

Amazon S3 (p. 97)

(p. 10)

Amazon S3 (p. 272)

API 2006-03-011

https://aws.amazon.com/s3/http://docs.aws.amazon.com/AmazonS3/latest/gsg/

Amazon Simple Storage Service Amazon S3


Amazon S3 (p. 2) Amazon S3 (p. 2) Amazon S3 (p. 3) Amazon S3 (p. 6) Amazon S3 (API) (p. 8) Amazon S3 (p. 9) (p. 9)

Amazon S3 Amazon S3

Amazon S3 (READWRITE ) (AWS)

Amazon S3 Amazon S3 Amazon S3

Amazon S3

Amazon S3 5 TB

Amazon S3 3

REST SOAP

API 2006-03-012


Note

SOAP HTTP HTTPS SOAP Amazon S3 REST API AWSSDK

Amazon S3

(p. 3) (p. 3) (p. 3) (p. 4) Amazon S3 (p. 4)

Amazon S3

Amazon S3 photos/puppy.jpg johnsmith URL http://johnsmith.s3.amazonaws.com/photos/puppy.jpg

Amazon S3

Buckets andRegions (p. 56) Amazon S3 ID Versioning (p. 429)

Amazon S3 (p. 54)

Amazon S3 Amazon S3 Content-Type HTTP

() ID Keys (p. 3) Versioning (p. 429)

1 ID

API 2006-03-013


Amazon S3 + + Amazon S3 http://doc.s3.amazonaws.com/2006-03-01/AmazonS3.wsdl URL doc2006-03-01/AmazonS3.wsdl

Amazon S3 ()

Amazon S3 AWS

Amazon S3 Amazon S3 S3 PUTS "" () HEAD GET Amazon S3

Amazon S3 PUT DELETE

PUT

Amazon S3 Amazon PUT Amazon S3

Amazon S3

Amazon S3

Amazon S3

Amazon S3

Note

Amazon S3 2 PUT

API 2006-03-014

http://docs.aws.amazon.com/general/latest/gr/rande.html#s3_regionhttp://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region


R1 ( 1) R2 ( 2) W1 ( 1) W2 ( 2) R1 R2 color = ruby R1 R2 color = red color = ruby

R1 W2 R1 color = ruby color = garnet

R2 color = garnet R2 color = ruby color = garnet

API 2006-03-015


2 Amazon S3 W1 W2 (color = garnet color = brick) ()

Amazon S3

(p. 6) (p. 6) AWS Identity and Access Management (p. 7) (p. 7) (p. 7) (p. 8)

Amazon S3

Amazon S3 Amazon S3 STANDARD Amazon S3 STANDARD_IA GLACIER

(p. 102)

Amazon S3 (: IP )

Amazon S3 () Amazon

API 2006-03-016

Amazon Simple Storage Service AWS Identity and Access Management

S3

1 1 IP (: Nevada/*Utah/*)

() () () 1 Amazon (ARN) () html

Amazon S3 (: PUT ?acl)) (PUTObjectGET Object )

GetObjectGetObjectVersionDeleteObjectDeleteBucket Amazon S3

IP CIDR IP HTTPReferrer (HTTP HTTPS)

(p. 316)

AWS Identity and Access ManagementIAM Amazon S3 AWS Amazon S3

IAM

AWS Identity and Access Management (IAM) IAM

ACL (p. 379)

(p. 107)

API 2006-03-017

https://aws.amazon.com/iam/http://docs.aws.amazon.com/IAM/latest/UserGuide/getting-started.htmlhttp://docs.aws.amazon.com/IAM/latest/UserGuide/


API

HTTP BitTorrent

Amazon S3 (API)

Amazon S3

Amazon S3 REST SOAP 2 REST HTTP 4 KB () HTTP

Note

SOAP HTTP HTTPS SOAP Amazon S3 REST API AWS SDK

REST REST API Amazon S3 HTTP REST HTTP

REST API HTTP

REST API HTTP HTTP () HTTP

API 2006-03-018

Amazon Simple Storage Service SOAP

SOAP Note

SOAP HTTP HTTPS SOAP Amazon S3 REST API AWS SDK

SOAP API SOAP 1.1 SOAP WSDL (http://doc.s3.amazonaws.com/2006-03-01/AmazonS3.wsdl )Apache Axis Microsoft .NET SOAP Amazon S3

Amazon S3 Amazon S3

Amazon S3 Amazon

Amazon S3

Amazon S3 Amazon S3

Amazon S3

Amazon Elastic Compute Cloud Amazon EC2

Amazon EMR Hadoop Hadoop Amazon EC2 AmazonS3 Amazon EMR

AWS Import/Export AWS Import/Export RAID Amazon Amazon S3 () AWS Import/Export Developer Guide

API 2006-03-019

http://doc.s3.amazonaws.com/2006-03-01/AmazonS3.wsdlhttp://doc.s3.amazonaws.com/2006-03-01/AmazonS3.wsdlhttps://aws.amazon.com/s3/pricing/https://aws.amazon.com/ec2/https://aws.amazon.com/elasticmapreduce/https://aws.amazon.com/elasticmapreduce/http://docs.aws.amazon.com/AWSImportExport/latest/DG/http://docs.aws.amazon.com/AWSImportExport/latest/DG/


(p. 10) (p. 11) IPv6 Amazon S3 (p. 12) AWS SDK (p. 18) REST API (p. 45)

Amazon S3 REST Amazon S3 REST API Amazon S3 REST API AWS SDK (Sample Code and Libraries)

Amazon S3 (AWS) ID AWS ( ID ) How Do I Get Security Credentials?(AWS General Reference)

AWS SDK REST API

AWS AWS

ID ( 20 ): AKIAIOSFODNN7EXAMPLE (40 ): wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

ID AWS Amazon S3

IAM 1 AWS AWS AWS AWS

AWS Identity and Access Management (IAM) AWS IAM IAM

API 2006-03-0110

https://aws.amazon.com/codehttp://docs.aws.amazon.com/general/latest/gr/getting-aws-sec-creds.html


AWS IAM AWS IAM AWS IAM Amazon S3 AWS AWS Identity and Access Management

IAM IAM IAM () AWSAWS AWS

IAM AWS Security Token Service API AWS STS API AWS SDK API ( ID ) ID AWS IAMAmazon S3

IAM IAM IAM

Amazon S3 API Amazon S3

REST API REST (p. 606) AWS SDK AWS SDK (p. 18)

IAM IAM

Amazon S3 (MFA) MFA (p. 351) Amazon S3 MFA MFA IAM AWS Multi-Factor Authentication() Configuring MFA-Protected API Access

REST AWS AWS General Reference

API 2006-03-0111

https://aws.amazon.com/iam/http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.htmlhttp://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.htmlhttps://aws.amazon.com/mfa/http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_configure-api-require.htmlhttp://docs.aws.amazon.com/general/latest/gr/rande.htmlhttp://docs.aws.amazon.com/general/latest/gr/rande.html

Amazon Simple Storage Service IPv6

IPv6 Amazon S3

Amazon Simple Storage Service (Amazon S3) IPv4 6IPv6 S3 Amazon S3IPv6 IPv4 S3 IPv6 Amazon S3 Amazon S3

IPv6 (p. 12) IAM IPv6 (p. 13) IP (p. 14) Amazon S3 (p. 14)

IPv6 IPv6 S3 IPv6

IPv6

IPv6 IPv6

Amazon S3 (p. 15) AWS Identity and Access Management (IAM) IP

IPv6 IAM IPv6 (p. 13)

IPv6 IPv6 IP IPv6 Remote IP Amazon S3 (p. 582) (p. 577)

Note

IPv6 AWS

IPv6 IPv6 Amazon S3 API Amazon S3 API IPv6 IPv4 AmazonS3

REST API (p. 15)

AWS Command Line Interface (AWS CLI) AWS SDK Amazon S3

API 2006-03-0112

https://aws.amazon.com/s3/pricing/https://aws.amazon.com/premiumsupport/

Amazon Simple Storage Service IAM IPv6

IPv6

AWS CLI AWS CLI (p. 15)

AWS SDK AWS SDK (p. 16)

REST API REST API (p. 46)

IPv6 IPv6 S3

S3 BitTorrent

IAM IPv6 IPv6 IP IAM S3 IPv6 IPv6 IP IPv6 IAM Amazon S3 (p. 272)

IP IAM IP 54.240.143 IP * IPv4 IP (examplebucket) IPv6 IPv6 examplebucket

{ "Version": "2012-10-17", "Statement": [ { "Sid": "IPAllow", "Effect": "Allow", "Principal": "*", "Action": "s3:*", "Resource": "arn:aws:s3:::examplebucket/*", "Condition": { "IpAddress": {"aws:SourceIp": "54.240.143.0/24"} } } ]}

Condition IPv4 (54.240.143.0/24) IPv6 (2001:DB8:1234:5678::/64) IAM Condition

"Condition": { "IpAddress": { "aws:SourceIp": [ "54.240.143.0/24",

API 2006-03-0113

http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements.html#Conditions_IPAddress

Amazon Simple Storage Service IP

"2001:DB8:1234:5678::/64" ] } }

IPv6 IPv6 IP IAM IPv4 IAM IPv6 IPv6 IPv4 IP (p. 348)

https://console.aws.amazon.com/iam/ IAM IAM IAM IAM S3 S3 (Amazon Simple Storage Service )

IP Linux/Unix Mac OS X curl IPv6

Example

curl -v http://s3.dualstack.us-west-2.amazonaws.com/

IPv6 IP IPv6

* About to connect() to s3-us-west-2.amazonaws.com port 80 (#0)* Trying IPv6 address... connected* Connected to s3.dualstack.us-west-2.amazonaws.com (IPv6 address) port 80 (#0)> GET / HTTP/1.1> User-Agent: curl/7.18.1 (x86_64-unknown-linux-gnu) libcurl/7.18.1 OpenSSL/1.0.1t zlib/1.2.3> Host: s3.dualstack.us-west-2.amazonaws.com

Microsoft Windows 7 ping IPv6 IPv4

ping ipv6.s3.dualstack.us-west-2.amazonaws.com

Amazon S3 Amazon S3 IPv6 IPv4 S3

Amazon S3 (p. 15) AWS CLI (p. 15) AWS SDK (p. 16) REST API (p. 17)

API 2006-03-0114

https://console.aws.amazon.com/iam/http://docs.aws.amazon.com/IAM/latest/UserGuide/http://docs.aws.amazon.com/AmazonS3/latest/user-guide/add-bucket-policy.html


Amazon S3 URL IPv6 IPv4 IPv6 IPv6 Amazon S3 (p. 12)

REST API (URI) Amazon S3 S3 Amazon S3

:

bucketname.s3.dualstack.aws-region.amazonaws.com

:

s3.dualstack.aws-region.amazonaws.com/bucketname

(p. 56)Amazon S3 AWS General Reference

Important

Transfer Acceleration Amazon S3 Transfer Acceleration (p. 75)

AWS Command Line Interface (AWS CLI) AWS SDK Amazon S3 AWS CLI AWS SDK

AWS CLI AWS CLIAWS CLI AWS CLI (p. 592)

AWS Config use_dualstack_endpoint true s3 s3api AWS CLI Amazon S3 --region

AWS CLI path virtual URL CLI AWS CLI Amazon S3 Configuration

use_dualstack_endpoint true addressing_style virtual

$ aws configure set default.s3.use_dualstack_endpoint true$ aws configure set default.s3.addressing_style virtual

API 2006-03-0115

http://docs.aws.amazon.com/general/latest/gr/rande.html#s3_regionhttp://docs.aws.amazon.com/general/latest/gr/rande.html#s3_regionhttp://docs.aws.amazon.com/cli/latest/topic/s3-config.html


AWS CLI

s3 s3api --endpoint-url https://s3.dualstack.aws-region.amazonaws.com http://s3.dualstack.aws-region.amazonaws.com

$ aws s3api list-objects --bucket bucketname --endpoint-url https://s3.dualstack.aws-region.amazonaws.com

AWS Config use_dualstack_endpoint true use_dualstack_endpoint

Note

AWS CLI TransferAcceleration AWS CLI AWS Command Line Interface (AWS CLI) Transfer Acceleration (p. 78)

AWS SDK AWS SDK

AWS SDK for Java AWS SDK for Java Amazon S3

Java Amazon S3 Java (p. 594)

import com.amazonaws.AmazonServiceException;import com.amazonaws.SdkClientException;import com.amazonaws.auth.profile.ProfileCredentialsProvider;import com.amazonaws.services.s3.AmazonS3;import com.amazonaws.services.s3.AmazonS3ClientBuilder;

public class DualStackEndpoints {

public static void main(String[] args) { String clientRegion = "*** Client region ***"; String bucketName = "*** Bucket name ***";

try { // Create an Amazon S3 client with dual-stack endpoints enabled. AmazonS3 s3Client = AmazonS3ClientBuilder.standard() .withCredentials(new ProfileCredentialsProvider()) .withRegion(clientRegion) .withDualstackEnabled(true) .build();

s3Client.listObjects(bucketName); } catch(AmazonServiceException e) { // The call was transmitted successfully, but Amazon S3 couldn't process

API 2006-03-0116


// it, so it returned an error response. e.printStackTrace(); } catch(SdkClientException e) { // Amazon S3 couldn't be contacted for a response, or the client // couldn't parse the response from Amazon S3. e.printStackTrace(); } }}

Windows AWS SDK for Java Java (JVM)

java.net.preferIPv6Addresses=true

AWS .NET SDK

AWS SDK for .NET AmazonS3Config

var config = new AmazonS3Config{ UseDualstackEndpoint = true, RegionEndpoint = RegionEndpoint.USWest2};

using (var s3Client = new AmazonS3Client(config)){ var request = new ListObjectsRequest { BucketName = myBucket };

var response = await s3Client.ListObjectsAsync(request);}

.NET AWS SDK for .NET (p. 226)

Note

Transfer Acceleration UseAccelerateEndpoint UseDualstackEndpoint .NET SDK AWS SDK for .NET Transfer Acceleration (p. 80)

.NET Amazon S3 .NET (p. 595)

REST API REST API REST API (p. 46)

API 2006-03-0117

Amazon Simple Storage Service AWS SDK

AWS SDK

AWS IAM (p. 18) IAM (p. 25) (p. 34)

Amazon S3 AWS SDK RESTAPI AWS SDK API REST API AWS SDK Sample Code & Libraries

AWS IAM AWS IAM Amazon S3 AWS SDK for JavaAWS SDK for .NETAWS SDK for PHP AWS SDK

AWS IAM AWS SDK for

Java (p. 19) AWS IAM AWS SDK

for .NET (p. 20) AWS IAM AWS SDK for

PHP (p. 22) AWS IAM AWS SDK for

Ruby (p. 23)

AWS SDK SDK AWS

AWS SDK AWS AWS Command Line Interface (AWS CLI) AWS

AWS

1. AWS IAM https://console.aws.amazon.com/iam/

2. IAM IAM () 8

3. AWS [.csv ] 4. .aws Linux OS X

Unix

~/.aws

API 2006-03-0118

https://aws.amazon.com/code/https://aws.amazon.com/code/https://console.aws.amazon.com/iam/https://console.aws.amazon.com/iam/http://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_create.html#id_users_create_consolehttp://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_create.html#id_users_create_console

Amazon Simple Storage Service AWS IAM

Windows

%HOMEPATH%\.aws

5. .aws credentials 6. IAM .csv

credentials

[default]aws_access_key_id = your_access_key_idaws_secret_access_key = your_secret_access_key

7. credentials 3 .csv

AWS SDK

AWS IAM AWS SDK for JavaAWS IAM Amazon S3

AmazonS3ClientBuilder AmazonS3Client AmazonS3Client 1 Amazon S3

Amazon S3Java (p. 594)

Example

import java.io.IOException;import java.util.List;

import com.amazonaws.AmazonServiceException;import com.amazonaws.SdkClientException;import com.amazonaws.auth.profile.ProfileCredentialsProvider;import com.amazonaws.services.s3.AmazonS3;import com.amazonaws.services.s3.AmazonS3ClientBuilder;import com.amazonaws.services.s3.model.ListObjectsRequest;import com.amazonaws.services.s3.model.ObjectListing;import com.amazonaws.services.s3.model.S3ObjectSummary;

public class MakingRequests {

public static void main(String[] args) throws IOException { String clientRegion = "*** Client region ***"; String bucketName = "*** Bucket name ***";

try { AmazonS3 s3Client = AmazonS3ClientBuilder.standard() .withCredentials(new ProfileCredentialsProvider()) .withRegion(clientRegion) .build(); // Get a list of objects in the bucket, two at a time, and

API 2006-03-0119


// print the name and size of each object. ListObjectsRequest listRequest = new ListObjectsRequest().withBucketName(bucketName).withMaxKeys(2); ObjectListing objects = s3Client.listObjects(listRequest); while(true) { List summaries = objects.getObjectSummaries(); for(S3ObjectSummary summary : summaries) { System.out.printf("Object \"%s\" retrieved with size %d\n", summary.getKey(), summary.getSize()); } if(objects.isTruncated()) { objects = s3Client.listNextBatchOfObjects(objects); } else { break; } } } catch(AmazonServiceException e) { // The call was transmitted successfully, but Amazon S3 couldn't process // it, so it returned an error response. e.printStackTrace(); } catch(SdkClientException e) { // Amazon S3 couldn't be contacted for a response, or the client // couldn't parse the response from Amazon S3. e.printStackTrace(); } }}

AWS SDKCLIExplorer (p. 590)

AWS IAM AWS SDK for .NETAWS IAM

AmazonS3Client AmazonS3Client 1 Amazon S3

Amazon S3

C# .NET Amazon S3 .NET (p. 595)

Example

using Amazon.S3;using Amazon.S3.Model;using System;using System.Threading.Tasks;

namespace Amazon.DocSamples.S3{ class MakeS3RequestTest

API 2006-03-0120


{ private const string bucketName = "*** bucket name ***"; // Specify your bucket region (an example region is shown). private static readonly RegionEndpoint bucketRegion = RegionEndpoint.USWest2; private static IAmazonS3 client;

public static void Main() { using (client = new AmazonS3Client(bucketRegion)) { Console.WriteLine("Listing objects stored in a bucket"); ListingObjectsAsync().Wait(); } }

static async Task ListingObjectsAsync() { try { ListObjectsRequest request = new ListObjectsRequest { BucketName = bucketName, MaxKeys = 2 }; do { ListObjectsResponse response = await client.ListObjectsAsync(request); // Process the response. foreach (S3Object entry in response.S3Objects) { Console.WriteLine("key = {0} size = {1}", entry.Key, entry.Size); }

// If the response is truncated, set the marker to get the next // set of keys. if (response.IsTruncated) { request.Marker = response.NextMarker; } else { request = null; } } while (request != null); } catch (AmazonS3Exception e) { Console.WriteLine("Error encountered on server. Message:'{0}' when writing an object", e.Message); } catch (Exception e) { Console.WriteLine("Unknown encountered on server. Message:'{0}' when writing an object", e.Message); } } }}

Note

AmazonS3Client Amazon S3

API 2006-03-0121


Amazon S3 (p. 97)Amazon S3 (p. 54)AWS IAM

AWS SDK for .NET (p. 226)


AWS IAM AWS SDK for PHP 3 AWS SDK for PHP AWS IAM AWS SDK for PHP PHP (p. 595)AWS SDK for PHP

PHP

Example


Note

S3Client Amazon S3

(p. 159)AWS IAM

AWS SDK for PHP (p. 227)

AWS SDK for PHP for Amazon S3 Aws\S3\S3Client AWS SDK for PHP

AWS IAM AWS SDK for RubyAWS SDK for Ruby 3 Amazon S3 SDK AWS AWS Ruby SDK 3 AWS IAM (p. 18)

Ruby AWS

1. Aws::S3::Resource 2. bucket Aws::S3::Resource

Amazon S3 AWS Amazon S3

3.

Example

# Use the Amazon S3 modularized gem for version 3 of the AWS Ruby SDK.require 'aws-sdk-s3'

# Get an Amazon S3 resource.s3 = Aws::S3::Resource.new(region: 'us-west-2')

# Create an array of up to the first 100 object keynames in the bucket.bucket = s3.bucket('example_bucket').objects.collect(&:key)

# Print the array to the terminal.puts bucket

AWS Aws::S3::Resource AmazonS3 Ruby SDK 3 Amazon S3

API 2006-03-0123

http://docs.aws.amazon.com/aws-sdk-php/v3/api/class-Aws.S3.S3Client.htmlhttp://aws.amazon.com/documentation/sdk-for-php/


Ruby SDK AWS IAM

# auth_request_test.rb# Use the Amazon S3 modularized gem for version 3 of the AWS Ruby SDK.require 'aws-sdk-s3'

# Usage: ruby auth_request_test.rb list BUCKET

# Set the name of the bucket on which the operations are performed.# This argument is requiredbucket_name = nil

# The operation to perform on the bucket.operation = 'list' # defaultoperation = ARGV[0] if (ARGV.length > 0)

if ARGV.length > 1 bucket_name = ARGV[1]else exit 1end

# Get an Amazon S3 resource.s3 = Aws::S3::Resource.new(region: 'us-west-2')

# Get the bucket by name.bucket = s3.bucket(bucket_name)

case operation

when 'list' if bucket.exists? # Enumerate the bucket contents and object etags. puts "Contents of '%s':" % bucket_name puts ' Name => GUID'

bucket.objects.limit(50).each do |obj| puts " #{obj.key} => #{obj.etag}" end else puts "The bucket '%s' does not exist!" % bucket_name end

else puts "Unknown operation: '%s'! Only list is supported." % operationend

API 2006-03-0124

Amazon Simple Storage Service IAM

IAM

IAM AWS SDK for Java (p. 25) IAM AWS SDK for .NET (p. 27) AWS IAM AWS SDK

for PHP (p. 29) IAM AWS SDK for Ruby (p. 31)

AWS IAM Amazon S3 AWSSDK for JavaAWS SDK for .NET AWS SDK for PHP Amazon S3

IAM AWS SDK for JavaIAM AWS AWS SDK for Java ( (p. 10)) Amazon S3 IAM

1. AWSSecurityTokenServiceClient AWS SDKCLIExplorer (p. 590)

2. Security Token Service (STS) assumeRole()

3. STS getSessionToken() GetSessionTokenRequest

4. BasicSessionCredentials

Amazon S3

5. AmazonS3Client Amazon S3 Amazon S3

Note

AWS 1 IAM

2 Amazon S3

API 2006-03-0125


IAM AWS IAM IAM IAM IAM

Amazon S3 Java (p. 594)

import com.amazonaws.AmazonServiceException;import com.amazonaws.SdkClientException;import com.amazonaws.auth.AWSStaticCredentialsProvider;import com.amazonaws.auth.BasicSessionCredentials;import com.amazonaws.auth.profile.ProfileCredentialsProvider;import com.amazonaws.services.s3.AmazonS3;import com.amazonaws.services.s3.AmazonS3ClientBuilder;import com.amazonaws.services.s3.model.ObjectListing;import com.amazonaws.services.securitytoken.AWSSecurityTokenService;import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClientBuilder;import com.amazonaws.services.securitytoken.model.AssumeRoleRequest;import com.amazonaws.services.securitytoken.model.Credentials;import com.amazonaws.services.securitytoken.model.GetSessionTokenRequest;import com.amazonaws.services.securitytoken.model.GetSessionTokenResult;

public class MakingRequestsWithIAMTempCredentials { public static void main(String[] args) { String clientRegion = "*** Client region ***"; String roleARN = "*** ARN for role to be assumed ***"; String roleSessionName = "*** Role session name ***"; String bucketName = "*** Bucket name ***";

try { // Creating the STS client is part of your trusted code. It has // the security credentials you use to obtain temporary security credentials. AWSSecurityTokenService stsClient = AWSSecurityTokenServiceClientBuilder.standard() .withCredentials(new ProfileCredentialsProvider()) .withRegion(clientRegion) .build();

// Assume the IAM role. Note that you cannot assume the role of an AWS root account; // Amazon S3 will deny access. You must use credentials for an IAM user or an IAM role. AssumeRoleRequest roleRequest = new AssumeRoleRequest() .withRoleArn(roleARN) .withRoleSessionName(roleSessionName); stsClient.assumeRole(roleRequest);

// Start a session. GetSessionTokenRequest getSessionTokenRequest = new GetSessionTokenRequest(); // The duration can be set to more than 3600 seconds only if temporary // credentials are requested by an IAM user rather than an account owner. getSessionTokenRequest.setDurationSeconds(7200); GetSessionTokenResult sessionTokenResult = stsClient.getSessionToken(getSessionTokenRequest); Credentials sessionCredentials = sessionTokenResult.getCredentials();

// Package the temporary security credentials as a BasicSessionCredentials object // for an Amazon S3 client object to use. BasicSessionCredentials basicSessionCredentials = new BasicSessionCredentials( sessionCredentials.getAccessKeyId(), sessionCredentials.getSecretAccessKey(), sessionCredentials.getSessionToken());

API 2006-03-0126

http://docs.aws.amazon.com/IAM/latest/UserGuide/getting-started_create-admin-group.htmlhttp://docs.aws.amazon.com/IAM/latest/UserGuide/getting-started_create-admin-group.html


// Provide temporary security credentials so that the Amazon S3 client // can send authenticated requests to Amazon S3. You create the client // using the basicSessionCredentials object. AmazonS3 s3Client = AmazonS3ClientBuilder.standard() .withCredentials(new AWSStaticCredentialsProvider(basicSessionCredentials)) .withRegion(clientRegion) .build();

// Verify that assuming the role worked and the permissions are set correctly // by getting a set of object keys from the bucket. ObjectListing objects = s3Client.listObjects(bucketName); System.out.println("No. of Objects: " + objects.getObjectSummaries().size()); } catch(AmazonServiceException e) { // The call was transmitted successfully, but Amazon S3 couldn't process // it, so it returned an error response. e.printStackTrace(); } catch(SdkClientException e) { // Amazon S3 couldn't be contacted for a response, or the client // couldn't parse the response from Amazon S3. e.printStackTrace(); } }}


IAM AWS SDK for .NETIAM AWS AWS SDK for .NET Amazon S3 Amazon S3

1. AWS Security Token Service AmazonSecurityTokenServiceClient AWS SDKCLIExplorer (p. 590)

2. STS GetSessionToken GetSessionTokenRequest

3. SessionAWSCredentials

Amazon S3

4. AmazonS3Client Amazon S3 Amazon S3

API 2006-03-0127


Note

AWS 1 IAM

C# 1 Amazon S3

IAM AWS IAM IAM IAM IAM (p. 10)

Amazon S3 .NET (p. 595)

using Amazon.Runtime;using Amazon.S3;using Amazon.S3.Model;using Amazon.SecurityToken;using Amazon.SecurityToken.Model;using System;using System.Collections.Generic;using System.Threading.Tasks;

namespace Amazon.DocSamples.S3{ class TempCredExplicitSessionStartTest { private const string bucketName = "*** bucket name ***"; // Specify your bucket region (an example region is shown). private static readonly RegionEndpoint bucketRegion = RegionEndpoint.USWest2; private static IAmazonS3 s3Client; public static void Main() { ListObjectsAsync().Wait(); }

private static async Task ListObjectsAsync() { try { // Credentials use the default AWS SDK for .NET credential search chain. // On local development machines, this is your default profile. Console.WriteLine("Listing objects stored in a bucket"); SessionAWSCredentials tempCredentials = await GetTemporaryCredentialsAsync();

// Create a client by providing temporary security credentials. using (s3Client = new AmazonS3Client(tempCredentials, bucketRegion)) { var listObjectRequest = new ListObjectsRequest { BucketName = bucketName }; // Send request to Amazon S3. ListObjectsResponse response = await s3Client.ListObjectsAsync(listObjectRequest); List objects = response.S3Objects; Console.WriteLine("Object count = {0}", objects.Count); }

API 2006-03-0128

http://docs.aws.amazon.com/IAM/latest/UserGuide/getting-started_create-admin-group.html


} catch (AmazonS3Exception s3Exception) { Console.WriteLine(s3Exception.Message, s3Exception.InnerException); } catch (AmazonSecurityTokenServiceException stsException) { Console.WriteLine(stsException.Message, stsException.InnerException); } }

private static async Task GetTemporaryCredentialsAsync() { using (var stsClient = new AmazonSecurityTokenServiceClient()) { var getSessionTokenRequest = new GetSessionTokenRequest { DurationSeconds = 7200 // seconds };

GetSessionTokenResponse sessionTokenResponse = await stsClient.GetSessionTokenAsync(getSessionTokenRequest);

Credentials credentials = sessionTokenResponse.Credentials;

var sessionCredentials = new SessionAWSCredentials(credentials.AccessKeyId, credentials.SecretAccessKey, credentials.SessionToken); return sessionCredentials; } } }}


AWS IAM AWS SDK for PHP 3 AWS SDK for PHP Amazon S3 AWS SDK for PHP PHP (p. 595)AWS SDK for PHP

IAM AWS 3 AWS SDK for PHP Amazon S3 1 IAM (136 ) IAM (p. 10)

Note

AWS 1 IAM

API 2006-03-0129

http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html


Example

PHP 1 Amazon S3 PHP PHP (p. 596)

IAM AWS IAM IAM IAM IAM IAM AWS SDK for PHP (p. 40)


IAM AWS SDK for RubyIAM AWS AWS SDK for Ruby Amazon S3 1 IAM (136 ) (p. 10)

Note

AWS 1 IAM

Ruby 1 AWS Security Token Service (AWS STS) Amazon S3 AWS

require 'aws-sdk-core'require 'aws-sdk-s3'require 'aws-sdk-iam'

USAGE =


end

# mainregion = 'us-west-2'user_name = ''bucket_name = ''

i = 0

while i < ARGV.length case ARGV[i]

when '-b' i += 1 bucket_name = ARGV[i]

when '-u' i += 1 user_name = ARGV[i]

when '-r' i += 1

region = ARGV[i]

when '-d' puts 'Debugging enabled' $debug = true

when '-h' puts USAGE exit 0

else puts 'Unrecognized option: ' + ARGV[i] puts USAGE exit 1

end

i += 1end

if bucket_name == '' puts 'You must supply a bucket name' puts USAGE exit 1end

if user_name == '' puts 'You must supply a user name' puts USAGE exit 1end

#Identify the IAM user that is allowed to list Amazon S3 bucket items for an hour.user = get_user(region, user_name, true)

# Create a new Amazon STS client and get temporary credentials. This uses a role that was already created.creds = Aws::AssumeRoleCredentials.new( client: Aws::STS::Client.new(region: region), role_arn: "arn:aws:iam::111122223333:role/assumedrolelist", role_session_name: "assumerole-s3-list")

API 2006-03-0132


# Create an Amazon S3 resource with temporary credentials.s3 = Aws::S3::Resource.new(region: region, credentials: creds)

puts "Contents of '%s':" % bucket_nameputs ' Name => GUID'

s3.bucket(bucket_name).objects.limit(50).each do |obj| puts " #{obj.key} => #{obj.etag}"end

API 2006-03-0133


AWS AWS SDK Amazon S3 AWS SDK

Note

AWS IAM IAM IAM IAM

AWS SDK for Java AWS IAM 1

Note

IAM IAM AWS Identity and Access Management

AWSSecurityTokenServiceClient AWS SDK for Java (p. 593)

Security Token Service (STS) getFederationToken() IAM

BasicSessionCredentials Amazon S3

AmazonS3Client Amazon S3 Amazon S3

API 2006-03-0134

https://aws.amazon.com/code/https://aws.amazon.com/iam/faqs/#What_are_the_best_practices_for_using_temporary_security_credentials


Example

S3 2 Amazon S3 AWS IAM

{ "Statement":[{ "Action":["s3:ListBucket", "sts:GetFederationToken*" ], "Effect":"Allow", "Resource":"*" } ]}

IAM IAM IAM

IAM Amazon S3 Java (p. 594)

import java.io.IOException;

import com.amazonaws.AmazonServiceException;import com.amazonaws.SdkClientException;import com.amazonaws.auth.AWSStaticCredentialsProvider;import com.amazonaws.auth.BasicSessionCredentials;import com.amazonaws.auth.policy.Policy;import com.amazonaws.auth.policy.Resource;import com.amazonaws.auth.policy.Statement;import com.amazonaws.auth.policy.Statement.Effect;import com.amazonaws.auth.policy.actions.S3Actions;import com.amazonaws.auth.profile.ProfileCredentialsProvider;import com.amazonaws.services.s3.AmazonS3;import com.amazonaws.services.s3.AmazonS3ClientBuilder;import com.amazonaws.services.securitytoken.AWSSecurityTokenService;import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClientBuilder;import com.amazonaws.services.securitytoken.model.Credentials;import com.amazonaws.services.securitytoken.model.GetFederationTokenRequest;import com.amazonaws.services.securitytoken.model.GetFederationTokenResult;import com.amazonaws.services.s3.model.ObjectListing;

public class MakingRequestsWithFederatedTempCredentials {

public static void main(String[] args) throws IOException { String clientRegion = "*** Client region ***"; String bucketName = "*** Specify bucket name ***"; String federatedUser = "*** Federated user name ***"; String resourceARN = "arn:aws:s3:::" + bucketName;

try { AWSSecurityTokenService stsClient = AWSSecurityTokenServiceClientBuilder .standard() .withCredentials(new ProfileCredentialsProvider()) .withRegion(clientRegion) .build();

API 2006-03-0135

http://docs.aws.amazon.com/IAM/latest/UserGuide/getting-started_create-admin-group.htmlhttp://docs.aws.amazon.com/IAM/latest/UserGuide/getting-started_create-admin-group.html


GetFederationTokenRequest getFederationTokenRequest = new GetFederationTokenRequest(); getFederationTokenRequest.setDurationSeconds(7200); getFederationTokenRequest.setName(federatedUser); // Define the policy and add it to the request. Policy policy = new Policy(); policy.withStatements(new Statement(Effect.Allow) .withActions(S3Actions.ListObjects) .withResources(new Resource(resourceARN))); getFederationTokenRequest.setPolicy(policy.toJson()); // Get the temporary security credentials. GetFederationTokenResult federationTokenResult = stsClient.getFederationToken(getFederationTokenRequest); Credentials sessionCredentials = federationTokenResult.getCredentials(); // Package the session credentials as a BasicSessionCredentials // object for an Amazon S3 client object to use. BasicSessionCredentials basicSessionCredentials = new BasicSessionCredentials( sessionCredentials.getAccessKeyId(), sessionCredentials.getSecretAccessKey(), sessionCredentials.getSessionToken()); AmazonS3 s3Client = AmazonS3ClientBuilder.standard() .withCredentials(new AWSStaticCredentialsProvider(basicSessionCredentials)) .withRegion(clientRegion) .build(); // To verify that the client works, send a listObjects request using // the temporary security credentials. ObjectListing objects = s3Client.listObjects(bucketName); System.out.println("No. of Objects = " + objects.getObjectSummaries().size()); } catch(AmazonServiceException e) { // The call was transmitted successfully, but Amazon S3 couldn't process // it, so it returned an error response. e.printStackTrace(); } catch(SdkClientException e) { // Amazon S3 couldn't be contacted for a response, or the client // couldn't parse the response from Amazon S3. e.printStackTrace(); } }}


AWS SDK for .NET AWS IAM

API 2006-03-0136


1 (p. 10)

Note

IAM IAM AWS Identity and Access Management

AWS Security Token Service AmazonSecurityTokenServiceClient AWS SDK for .NET (p. 594)

STS GetFederationToken IAM

SessionAWSCredentials Amazon S3

AmazonS3Client Amazon S3 Amazon S3

Example

C# (User1) 2 Amazon S3

IAM IAM IAM


IAM AWS IAM IAM IAM

IAM Amazon S3 (User1) (YourBucketName)

API 2006-03-0137

https://aws.amazon.com/iam/faqs/#What_are_the_best_practices_for_using_temporary_security_credentialshttp://docs.aws.amazon.com/IAM/latest/UserGuide/getting-started_create-admin-group.html


{ "Statement":[ { "Sid":"1", "Action":["s3:ListBucket"], "Effect":"Allow", "Resource":"arn:aws:s3:::YourBucketName" } ]}

Example

Amazon S3 .NET (p. 595)

using Amazon.Runtime;using Amazon.S3;using Amazon.S3.Model;using Amazon.SecurityToken;using Amazon.SecurityToken.Model;using System;using System.Collections.Generic;using System.Threading.Tasks;

namespace Amazon.DocSamples.S3{ class TempFederatedCredentialsTest { private const string bucketName = "*** bucket name ***"; // Specify your bucket region (an example region is shown). private static readonly RegionEndpoint bucketRegion = RegionEndpoint.USWest2; private static IAmazonS3 client;

public static void Main() { ListObjectsAsync().Wait(); }

private static async Task ListObjectsAsync() { try { Console.WriteLine("Listing objects stored in a bucket"); // Credentials use the default AWS SDK for .NET credential search chain. // On local development machines, this is your default profile. SessionAWSCredentials tempCredentials = await GetTemporaryFederatedCredentialsAsync();

// Create a client by providing temporary security credentials. using (client = new AmazonS3Client(bucketRegion)) { ListObjectsRequest listObjectRequest = new ListObjectsRequest(); listObjectRequest.BucketName = bucketName;

ListObjectsResponse response = await client.ListObjectsAsync(listObjectRequest); List objects = response.S3Objects; Console.WriteLine("Object count = {0}", objects.Count);

API 2006-03-0138


Console.WriteLine("Press any key to continue..."); Console.ReadKey(); } } catch (AmazonS3Exception e) { Console.WriteLine("Error encountered ***. Message:'{0}' when writing an object", e.Message); } catch (Exception e) { Console.WriteLine("Unknown encountered on server. Message:'{0}' when writing an object", e.Message); } }

private static async Task GetTemporaryFederatedCredentialsAsync() { AmazonSecurityTokenServiceConfig config = new AmazonSecurityTokenServiceConfig(); AmazonSecurityTokenServiceClient stsClient = new AmazonSecurityTokenServiceClient( config);

GetFederationTokenRequest federationTokenRequest = new GetFederationTokenRequest(); federationTokenRequest.DurationSeconds = 7200; federationTokenRequest.Name = "User1"; federationTokenRequest.Policy = @"{ ""Statement"": [ { ""Sid"":""Stmt1311212314284"", ""Action"":[""s3:ListBucket""], ""Effect"":""Allow"", ""Resource"":""arn:aws:s3:::" + bucketName + @""" } ] } ";

GetFederationTokenResponse federationTokenResponse = await stsClient.GetFederationTokenAsync(federationTokenRequest); Credentials credentials = federationTokenResponse.Credentials;

SessionAWSCredentials sessionCredentials = new SessionAWSCredentials(credentials.AccessKeyId, credentials.SecretAccessKey, credentials.SessionToken); return sessionCredentials; } }}


API 2006-03-0139


AWS SDK for PHP 3 AWS SDK for PHP Amazon S3 AWS SDK forPHP PHP (p. 595) AWS SDK for PHP

AWS IAM 1 IAM (p. 10)

IAM IAM ID AWS IAM

PHP PHP (p. 596)

Example

PHP (User1) 1 Amazon S3

IAM IAM IAM IAM


IAM AWS IAM IAM IAM

IAM Amazon S3 (User1)

API 2006-03-0140

http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.htmlhttps://aws.amazon.com/iam/faqs/#What_are_the_best_practices_for_using_temporary_security_credentialshttps://aws.amazon.com/iam/faqs/#What_are_the_best_practices_for_using_temporary_security_credentialshttp://docs.aws.amazon.com/IAM/latest/UserGuide/getting-started_create-admin-group.html


{ "Statement":[ { "Sid":"1", "Action":["s3:ListBucket"], "Effect":"Allow", "Resource":"arn:aws:s3:::YourBucketName" } ]}

YourBucketName


'Bucket' => $bucket ]);} catch (S3Exception $e) { echo $e->getMessage() . PHP_EOL;}

AWS SDK for PHP for Amazon S3 Aws\S3\S3Client AWS SDK for PHP

API 2006-03-0142

http://docs.aws.amazon.com/aws-sdk-php/v3/api/class-Aws.S3.S3Client.htmlhttp://aws.amazon.com/documentation/sdk-for-php/


AWS SDK for Ruby AWS IAM IAM 1 IAM (p. 10)

Note

IAM IAM AWSIdentity and Access Management

Example

Ruby

require 'aws-sdk-s3'require 'aws-sdk-iam'

USAGE =


print_debug("Created new user #{user_name}")rescue Aws::IAM::Errors::EntityAlreadyExists print_debug("Found user #{user_name} in region #{region}")endend

# mainregion = 'us-west-2'user_name = ''bucket_name = ''

i = 0

while i < ARGV.length case ARGV[i]

when '-b' i += 1 bucket_name = ARGV[i]

when '-u' i += 1 user_name = ARGV[i]

when '-r' i += 1

region = ARGV[i]

when '-d' puts 'Debugging enabled' $debug = true

when '-h' puts USAGE exit 0

else puts 'Unrecognized option: ' + ARGV[i] puts USAGE exit 1

end

i += 1end

if bucket_name == '' puts 'You must supply a bucket name' puts USAGE exit 1end

if user_name == '' puts 'You must supply a user name' puts USAGE exit 1end

#Identify the IAM user we allow to list Amazon S3 bucket items for an hour.user = get_user(region, user_name, true)

# Create a new STS client and get temporary credentials.sts = Aws::STS::Client.new(region: region)

creds = sts.get_federation_token({

API 2006-03-0144

Amazon Simple Storage Service REST API

duration_seconds: 3600, name: user_name, policy: "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"Stmt1\",\"Effect\":\"Allow\",\"Action\":\"s3:ListBucket\",\"Resource\":\"arn:aws:s3:::#{bucket_name}\"}]}",})

# Create an Amazon S3 resource with temporary credentials.s3 = Aws::S3::Resource.new(region: region, credentials: creds)

puts "Contents of '%s':" % bucket_nameputs ' Name => GUID'

s3.bucket(bucket_name).objects.limit(50).each do |obj| puts " #{obj.key} => #{obj.etag}"end

REST API REST API Amazon S3 Amazon S3 AWS General Reference

REST API (p. 46) (p. 46) REST API (p. 51)

REST API Amazon S3 URI Amazon S3 (p. 54)

Example

examplebucket puppy.jpg

DELETE /puppy.jpg HTTP/1.1Host: examplebucket.s3-us-west-2.amazonaws.comDate: Mon, 11 Apr 2016 12:00:00 GMTx-amz-date: Mon, 11 Apr 2016 12:00:00 GMTAuthorization: authorization string

Example

DELETE /examplebucket/puppy.jpg HTTP/1.1Host: s3-us-west-2.amazonaws.comDate: Mon, 11 Apr 2016 12:00:00 GMTx-amz-date: Mon, 11 Apr 2016 12:00:00 GMTAuthorization: authorization string

Amazon S3

API 2006-03-0145

http://docs.aws.amazon.com/general/latest/gr/rande.html#s3_regionhttp://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region

Amazon Simple Storage Service (REST API)

() mybucket puppy.jpg URI http://s3-eu-west-1.amazonaws.com/mybucket/puppy.jpg

() HTTP 307 Temporary Redirect URI

http://s3.amazonaws.com (

) http://s3-eu-west-1.amazonaws.com

REST API REST API (URI) Amazon S3 IPv4

Example

puppy.jpg examplebucket REST

GET /puppy.jpg HTTP/1.1Host: examplebucket.s3.dualstack.us-west-2.amazonaws.comDate: Mon, 11 Apr 2016 12:00:00 GMTx-amz-date: Mon, 11 Apr 2016 12:00:00 GMTAuthorization: authorization string

Example

GET /examplebucket/puppy.jpg HTTP/1.1Host: s3.dualstack.us-west-2.amazonaws.comDate: Mon, 11 Apr 2016 12:00:00 GMTx-amz-date: Mon, 11 Apr 2016 12:00:00 GMTAuthorization: authorization string

Amazon S3 (p. 14)

HTTP (p. 47) (p. 48) CNAME Amazon S3 URL (p. 49) (p. 50) (p. 51)

API 2006-03-0146


1 URI Amazon S3 REST URI Amazon S3 HTTP Host REST API Amazon S3 Host http://bucketname.s3.amazonaws.com () Amazon S3 DNS Amazon S3 URL (: http://my.bucketname.com//)

URL 2 favicon.icorobots.txtcrossdomain.xml

Important

Amazon S3 () mybucket puppy.jpg URI http://s3-eu-west-1.amazonaws.com/mybucket/puppy.jpg () HTTP 307 Temporary Redirect URI

http://s3.amazonaws.com

() http://s3-eu-west-1.amazonaws.com

Note

(s3-eu-west-1) () (s3.amazonaws.com)amazonaws.com) Amazon S3 () Amazon S3 DNS () Amazon S3 HTTP 307 REST API (p. 540)SSL SSL HTTP

HTTP GET SSL HTTP Host REST Host

Host s3.amazonaws.com URI URI 2 HTTP 1.0

API 2006-03-0147


Host ".s3.amazonaws.com" Host ".s3.amazonaws.com" URI 3 4 s3.amazonaws.com

Host URI DNS Amazon S3 CNAME DNS

URL

Example

amazon simple storage service - 開発者ガイド simple storage service 開発者ガイド amazon...

Documents