Docs Home
Packages
AWS v6.54.0 published on Friday, Sep 27, 2024 by Pulumi
aws.s3.ObjectCopy
Explore with Pulumi AI
Provides a resource for copying an S3 object.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const test = new aws.s3.ObjectCopy("test", {
bucket: "destination_bucket",
key: "destination_key",
source: "source_bucket/source_key",
grants: [{
uri: "http://acs.amazonaws.com/groups/global/AllUsers",
type: "Group",
permissions: ["READ"],
}],
});
import pulumi
import pulumi_aws as aws
test = aws.s3.ObjectCopy("test",
bucket="destination_bucket",
key="destination_key",
source="source_bucket/source_key",
grants=[{
"uri": "http://acs.amazonaws.com/groups/global/AllUsers",
"type": "Group",
"permissions": ["READ"],
}])
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := s3.NewObjectCopy(ctx, "test", &s3.ObjectCopyArgs{
Bucket: pulumi.String("destination_bucket"),
Key: pulumi.String("destination_key"),
Source: pulumi.String("source_bucket/source_key"),
Grants: s3.ObjectCopyGrantArray{
&s3.ObjectCopyGrantArgs{
Uri: pulumi.String("http://acs.amazonaws.com/groups/global/AllUsers"),
Type: pulumi.String("Group"),
Permissions: pulumi.StringArray{
pulumi.String("READ"),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var test = new Aws.S3.ObjectCopy("test", new()
{
Bucket = "destination_bucket",
Key = "destination_key",
Source = "source_bucket/source_key",
Grants = new[]
{
new Aws.S3.Inputs.ObjectCopyGrantArgs
{
Uri = "http://acs.amazonaws.com/groups/global/AllUsers",
Type = "Group",
Permissions = new[]
{
"READ",
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.s3.ObjectCopy;
import com.pulumi.aws.s3.ObjectCopyArgs;
import com.pulumi.aws.s3.inputs.ObjectCopyGrantArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var test = new ObjectCopy("test", ObjectCopyArgs.builder()
.bucket("destination_bucket")
.key("destination_key")
.source("source_bucket/source_key")
.grants(ObjectCopyGrantArgs.builder()
.uri("http://acs.amazonaws.com/groups/global/AllUsers")
.type("Group")
.permissions("READ")
.build())
.build());
}
}
resources:
test:
type: aws:s3:ObjectCopy
properties:
bucket: destination_bucket
key: destination_key
source: source_bucket/source_key
grants:
- uri: http://acs.amazonaws.com/groups/global/AllUsers
type: Group
permissions:
- READ
Create ObjectCopy Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ObjectCopy(name: string, args: ObjectCopyArgs, opts?: CustomResourceOptions);@overload
def ObjectCopy(resource_name: str,
args: ObjectCopyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def ObjectCopy(resource_name: str,
opts: Optional[ResourceOptions] = None,
key: Optional[str] = None,
bucket: Optional[str] = None,
source: Optional[str] = None,
expires: Optional[str] = None,
content_encoding: Optional[str] = None,
force_destroy: Optional[bool] = None,
grants: Optional[Sequence[ObjectCopyGrantArgs]] = None,
content_language: Optional[str] = None,
content_type: Optional[str] = None,
copy_if_match: Optional[str] = None,
copy_if_modified_since: Optional[str] = None,
copy_if_none_match: Optional[str] = None,
copy_if_unmodified_since: Optional[str] = None,
customer_algorithm: Optional[str] = None,
customer_key: Optional[str] = None,
customer_key_md5: Optional[str] = None,
expected_bucket_owner: Optional[str] = None,
expected_source_bucket_owner: Optional[str] = None,
acl: Optional[str] = None,
content_disposition: Optional[str] = None,
cache_control: Optional[str] = None,
checksum_algorithm: Optional[str] = None,
kms_encryption_context: Optional[str] = None,
kms_key_id: Optional[str] = None,
metadata: Optional[Mapping[str, str]] = None,
metadata_directive: Optional[str] = None,
object_lock_legal_hold_status: Optional[str] = None,
object_lock_mode: Optional[str] = None,
object_lock_retain_until_date: Optional[str] = None,
request_payer: Optional[str] = None,
server_side_encryption: Optional[str] = None,
bucket_key_enabled: Optional[bool] = None,
source_customer_algorithm: Optional[str] = None,
source_customer_key: Optional[str] = None,
source_customer_key_md5: Optional[str] = None,
storage_class: Optional[str] = None,
tagging_directive: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None,
website_redirect: Optional[str] = None)func NewObjectCopy(ctx *Context, name string, args ObjectCopyArgs, opts ...ResourceOption) (*ObjectCopy, error)public ObjectCopy(string name, ObjectCopyArgs args, CustomResourceOptions? opts = null)
public ObjectCopy(String name, ObjectCopyArgs args)
public ObjectCopy(String name, ObjectCopyArgs args, CustomResourceOptions options)
type: aws:s3:ObjectCopy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ObjectCopyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ObjectCopyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ObjectCopyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ObjectCopyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ObjectCopyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var objectCopyResource = new Aws.S3.ObjectCopy("objectCopyResource", new()
{
Key = "string",
Bucket = "string",
Source = "string",
Expires = "string",
ContentEncoding = "string",
ForceDestroy = false,
Grants = new[]
{
new Aws.S3.Inputs.ObjectCopyGrantArgs
{
Permissions = new[]
{
"string",
},
Type = "string",
Email = "string",
Id = "string",
Uri = "string",
},
},
ContentLanguage = "string",
ContentType = "string",
CopyIfMatch = "string",
CopyIfModifiedSince = "string",
CopyIfNoneMatch = "string",
CopyIfUnmodifiedSince = "string",
CustomerAlgorithm = "string",
CustomerKey = "string",
CustomerKeyMd5 = "string",
ExpectedBucketOwner = "string",
ExpectedSourceBucketOwner = "string",
Acl = "string",
ContentDisposition = "string",
CacheControl = "string",
ChecksumAlgorithm = "string",
KmsEncryptionContext = "string",
KmsKeyId = "string",
Metadata =
{
{ "string", "string" },
},
MetadataDirective = "string",
ObjectLockLegalHoldStatus = "string",
ObjectLockMode = "string",
ObjectLockRetainUntilDate = "string",
RequestPayer = "string",
ServerSideEncryption = "string",
BucketKeyEnabled = false,
SourceCustomerAlgorithm = "string",
SourceCustomerKey = "string",
SourceCustomerKeyMd5 = "string",
StorageClass = "string",
TaggingDirective = "string",
Tags =
{
{ "string", "string" },
},
WebsiteRedirect = "string",
});
example, err := s3.NewObjectCopy(ctx, "objectCopyResource", &s3.ObjectCopyArgs{
Key: pulumi.String("string"),
Bucket: pulumi.String("string"),
Source: pulumi.String("string"),
Expires: pulumi.String("string"),
ContentEncoding: pulumi.String("string"),
ForceDestroy: pulumi.Bool(false),
Grants: s3.ObjectCopyGrantArray{
&s3.ObjectCopyGrantArgs{
Permissions: pulumi.StringArray{
pulumi.String("string"),
},
Type: pulumi.String("string"),
Email: pulumi.String("string"),
Id: pulumi.String("string"),
Uri: pulumi.String("string"),
},
},
ContentLanguage: pulumi.String("string"),
ContentType: pulumi.String("string"),
CopyIfMatch: pulumi.String("string"),
CopyIfModifiedSince: pulumi.String("string"),
CopyIfNoneMatch: pulumi.String("string"),
CopyIfUnmodifiedSince: pulumi.String("string"),
CustomerAlgorithm: pulumi.String("string"),
CustomerKey: pulumi.String("string"),
CustomerKeyMd5: pulumi.String("string"),
ExpectedBucketOwner: pulumi.String("string"),
ExpectedSourceBucketOwner: pulumi.String("string"),
Acl: pulumi.String("string"),
ContentDisposition: pulumi.String("string"),
CacheControl: pulumi.String("string"),
ChecksumAlgorithm: pulumi.String("string"),
KmsEncryptionContext: pulumi.String("string"),
KmsKeyId: pulumi.String("string"),
Metadata: pulumi.StringMap{
"string": pulumi.String("string"),
},
MetadataDirective: pulumi.String("string"),
ObjectLockLegalHoldStatus: pulumi.String("string"),
ObjectLockMode: pulumi.String("string"),
ObjectLockRetainUntilDate: pulumi.String("string"),
RequestPayer: pulumi.String("string"),
ServerSideEncryption: pulumi.String("string"),
BucketKeyEnabled: pulumi.Bool(false),
SourceCustomerAlgorithm: pulumi.String("string"),
SourceCustomerKey: pulumi.String("string"),
SourceCustomerKeyMd5: pulumi.String("string"),
StorageClass: pulumi.String("string"),
TaggingDirective: pulumi.String("string"),
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
WebsiteRedirect: pulumi.String("string"),
})
var objectCopyResource = new ObjectCopy("objectCopyResource", ObjectCopyArgs.builder()
.key("string")
.bucket("string")
.source("string")
.expires("string")
.contentEncoding("string")
.forceDestroy(false)
.grants(ObjectCopyGrantArgs.builder()
.permissions("string")
.type("string")
.email("string")
.id("string")
.uri("string")
.build())
.contentLanguage("string")
.contentType("string")
.copyIfMatch("string")
.copyIfModifiedSince("string")
.copyIfNoneMatch("string")
.copyIfUnmodifiedSince("string")
.customerAlgorithm("string")
.customerKey("string")
.customerKeyMd5("string")
.expectedBucketOwner("string")
.expectedSourceBucketOwner("string")
.acl("string")
.contentDisposition("string")
.cacheControl("string")
.checksumAlgorithm("string")
.kmsEncryptionContext("string")
.kmsKeyId("string")
.metadata(Map.of("string", "string"))
.metadataDirective("string")
.objectLockLegalHoldStatus("string")
.objectLockMode("string")
.objectLockRetainUntilDate("string")
.requestPayer("string")
.serverSideEncryption("string")
.bucketKeyEnabled(false)
.sourceCustomerAlgorithm("string")
.sourceCustomerKey("string")
.sourceCustomerKeyMd5("string")
.storageClass("string")
.taggingDirective("string")
.tags(Map.of("string", "string"))
.websiteRedirect("string")
.build());
object_copy_resource = aws.s3.ObjectCopy("objectCopyResource",
key="string",
bucket="string",
source="string",
expires="string",
content_encoding="string",
force_destroy=False,
grants=[{
"permissions": ["string"],
"type": "string",
"email": "string",
"id": "string",
"uri": "string",
}],
content_language="string",
content_type="string",
copy_if_match="string",
copy_if_modified_since="string",
copy_if_none_match="string",
copy_if_unmodified_since="string",
customer_algorithm="string",
customer_key="string",
customer_key_md5="string",
expected_bucket_owner="string",
expected_source_bucket_owner="string",
acl="string",
content_disposition="string",
cache_control="string",
checksum_algorithm="string",
kms_encryption_context="string",
kms_key_id="string",
metadata={
"string": "string",
},
metadata_directive="string",
object_lock_legal_hold_status="string",
object_lock_mode="string",
object_lock_retain_until_date="string",
request_payer="string",
server_side_encryption="string",
bucket_key_enabled=False,
source_customer_algorithm="string",
source_customer_key="string",
source_customer_key_md5="string",
storage_class="string",
tagging_directive="string",
tags={
"string": "string",
},
website_redirect="string")
const objectCopyResource = new aws.s3.ObjectCopy("objectCopyResource", {
key: "string",
bucket: "string",
source: "string",
expires: "string",
contentEncoding: "string",
forceDestroy: false,
grants: [{
permissions: ["string"],
type: "string",
email: "string",
id: "string",
uri: "string",
}],
contentLanguage: "string",
contentType: "string",
copyIfMatch: "string",
copyIfModifiedSince: "string",
copyIfNoneMatch: "string",
copyIfUnmodifiedSince: "string",
customerAlgorithm: "string",
customerKey: "string",
customerKeyMd5: "string",
expectedBucketOwner: "string",
expectedSourceBucketOwner: "string",
acl: "string",
contentDisposition: "string",
cacheControl: "string",
checksumAlgorithm: "string",
kmsEncryptionContext: "string",
kmsKeyId: "string",
metadata: {
string: "string",
},
metadataDirective: "string",
objectLockLegalHoldStatus: "string",
objectLockMode: "string",
objectLockRetainUntilDate: "string",
requestPayer: "string",
serverSideEncryption: "string",
bucketKeyEnabled: false,
sourceCustomerAlgorithm: "string",
sourceCustomerKey: "string",
sourceCustomerKeyMd5: "string",
storageClass: "string",
taggingDirective: "string",
tags: {
string: "string",
},
websiteRedirect: "string",
});
type: aws:s3:ObjectCopy
properties:
acl: string
bucket: string
bucketKeyEnabled: false
cacheControl: string
checksumAlgorithm: string
contentDisposition: string
contentEncoding: string
contentLanguage: string
contentType: string
copyIfMatch: string
copyIfModifiedSince: string
copyIfNoneMatch: string
copyIfUnmodifiedSince: string
customerAlgorithm: string
customerKey: string
customerKeyMd5: string
expectedBucketOwner: string
expectedSourceBucketOwner: string
expires: string
forceDestroy: false
grants:
- email: string
id: string
permissions:
- string
type: string
uri: string
key: string
kmsEncryptionContext: string
kmsKeyId: string
metadata:
string: string
metadataDirective: string
objectLockLegalHoldStatus: string
objectLockMode: string
objectLockRetainUntilDate: string
requestPayer: string
serverSideEncryption: string
source: string
sourceCustomerAlgorithm: string
sourceCustomerKey: string
sourceCustomerKeyMd5: string
storageClass: string
taggingDirective: string
tags:
string: string
websiteRedirect: string
ObjectCopy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The ObjectCopy resource accepts the following input properties:
- Bucket string
- Name of the bucket to put the file in.
- Key string
- Name of the object once it is in the bucket.
- Source string
Specifies the source object for the copy operation. You specify the value in one of two formats. For objects not accessed through an access point, specify the name of the source bucket and the key of the source object, separated by a slash (
/). For example,testbucket/test1.json. For objects accessed through access points, specify the ARN of the object as accessed through the access point, in the formatarn:aws:s3:<Region>:<account-id>:accesspoint/<access-point-name>/object/<key>. For example,arn:aws:s3:us-west-2:9999912999:accesspoint/my-access-point/object/testbucket/test1.json.The following arguments are optional:
- Acl string
- Canned ACL to apply. Valid values are
private,public-read,public-read-write,authenticated-read,aws-exec-read,bucket-owner-read, andbucket-owner-full-control. Conflicts withgrant. - Bucket
Key boolEnabled - Cache
Control string - Specifies caching behavior along the request/reply chain Read w3c cache_control for further details.
- Checksum
Algorithm string - Indicates the algorithm used to create the checksum for the object. If a value is specified and the object is encrypted with KMS, you must have permission to use the
kms:Decryptaction. Valid values:CRC32,CRC32C,SHA1,SHA256. - Content
Disposition string - Specifies presentational information for the object. Read w3c content_disposition for further information.
- Content
Encoding string - Specifies what content encodings have been applied to the object and thus what decoding mechanisms must be applied to obtain the media-type referenced by the Content-Type header field. Read w3c content encoding for further information.
- Content
Language string - Language the content is in e.g., en-US or en-GB.
- Content
Type string - Standard MIME type describing the format of the object data, e.g.,
application/octet-stream. All Valid MIME Types are valid for this input. - Copy
If stringMatch - Copies the object if its entity tag (ETag) matches the specified tag.
- Copy
If stringModified Since - Copies the object if it has been modified since the specified time, in RFC3339 format.
- Copy
If stringNone Match - Copies the object if its entity tag (ETag) is different than the specified ETag.
- Copy
If stringUnmodified Since - Copies the object if it hasn't been modified since the specified time, in RFC3339 format.
- Customer
Algorithm string - Specifies the algorithm to use to when encrypting the object (for example, AES256).
- Customer
Key string - Specifies the customer-provided encryption key for Amazon S3 to use in encrypting data. This value is used to store the object and then it is discarded; Amazon S3 does not store the encryption key. The key must be appropriate for use with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm header.
- Customer
Key stringMd5 - Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. Amazon S3 uses this header for a message integrity check to ensure that the encryption key was transmitted without error.
- Expected
Bucket stringOwner - Account id of the expected destination bucket owner. If the destination bucket is owned by a different account, the request will fail with an HTTP 403 (Access Denied) error.
- Expected
Source stringBucket Owner - Account id of the expected source bucket owner. If the source bucket is owned by a different account, the request will fail with an HTTP 403 (Access Denied) error.
- Expires string
- Date and time at which the object is no longer cacheable, in RFC3339 format.
- Force
Destroy bool - Allow the object to be deleted by removing any legal hold on any object version. Default is
false. This value should be set totrueonly if the bucket has S3 object lock enabled. - Grants
List<Object
Copy Grant> - Configuration block for header grants. Documented below. Conflicts with
acl. - Kms
Encryption stringContext - Specifies the AWS KMS Encryption Context to use for object encryption. The value is a base64-encoded UTF-8 string holding JSON with the encryption context key-value pairs.
- Kms
Key stringId - Specifies the AWS KMS Key ARN to use for object encryption. This value is a fully qualified ARN of the KMS Key. If using
aws.kms.Key, use the exportedarnattribute:kms_key_id = aws_kms_key.foo.arn - Metadata Dictionary<string, string>
- Map of keys/values to provision metadata (will be automatically prefixed by
x-amz-meta-, note that only lowercase label are currently supported by the AWS Go API). - Metadata
Directive string - Specifies whether the metadata is copied from the source object or replaced with metadata provided in the request. Valid values are
COPYandREPLACE. - Object
Lock stringLegal Hold Status - The legal hold status that you want to apply to the specified object. Valid values are
ONandOFF. - Object
Lock stringMode - Object lock retention mode that you want to apply to this object. Valid values are
GOVERNANCEandCOMPLIANCE. - Object
Lock stringRetain Until Date - Date and time, in RFC3339 format, when this object's object lock will expire.
- Request
Payer string - Confirms that the requester knows that they will be charged for the request. Bucket owners need not specify this parameter in their requests. For information about downloading objects from requester pays buckets, see Downloading Objects in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) in the Amazon S3 Developer Guide. If included, the only valid value is
requester. - Server
Side stringEncryption - Specifies server-side encryption of the object in S3. Valid values are
AES256andaws:kms. - Source
Customer stringAlgorithm - Specifies the algorithm to use when decrypting the source object (for example, AES256).
- Source
Customer stringKey - Specifies the customer-provided encryption key for Amazon S3 to use to decrypt the source object. The encryption key provided in this header must be one that was used when the source object was created.
- Source
Customer stringKey Md5 - Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. Amazon S3 uses this header for a message integrity check to ensure that the encryption key was transmitted without error.
- Storage
Class string - Specifies the desired storage class for the object. Defaults to
STANDARD. - Tagging
Directive string - Specifies whether the object tag-set are copied from the source object or replaced with tag-set provided in the request. Valid values are
COPYandREPLACE. - Dictionary<string, string>
- Map of tags to assign to the object. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Website
Redirect string - Specifies a target URL for website redirect.
- Bucket string
- Name of the bucket to put the file in.
- Key string
- Name of the object once it is in the bucket.
- Source string
Specifies the source object for the copy operation. You specify the value in one of two formats. For objects not accessed through an access point, specify the name of the source bucket and the key of the source object, separated by a slash (
/). For example,testbucket/test1.json. For objects accessed through access points, specify the ARN of the object as accessed through the access point, in the formatarn:aws:s3:<Region>:<account-id>:accesspoint/<access-point-name>/object/<key>. For example,arn:aws:s3:us-west-2:9999912999:accesspoint/my-access-point/object/testbucket/test1.json.The following arguments are optional:
- Acl string
- Canned ACL to apply. Valid values are
private,public-read,public-read-write,authenticated-read,aws-exec-read,bucket-owner-read, andbucket-owner-full-control. Conflicts withgrant. - Bucket
Key boolEnabled - Cache
Control string - Specifies caching behavior along the request/reply chain Read w3c cache_control for further details.
- Checksum
Algorithm string - Indicates the algorithm used to create the checksum for the object. If a value is specified and the object is encrypted with KMS, you must have permission to use the
kms:Decryptaction. Valid values:CRC32,CRC32C,SHA1,SHA256. - Content
Disposition string - Specifies presentational information for the object. Read w3c content_disposition for further information.
- Content
Encoding string - Specifies what content encodings have been applied to the object and thus what decoding mechanisms must be applied to obtain the media-type referenced by the Content-Type header field. Read w3c content encoding for further information.
- Content
Language string - Language the content is in e.g., en-US or en-GB.
- Content
Type string - Standard MIME type describing the format of the object data, e.g.,
application/octet-stream. All Valid MIME Types are valid for this input. - Copy
If stringMatch - Copies the object if its entity tag (ETag) matches the specified tag.
- Copy
If stringModified Since - Copies the object if it has been modified since the specified time, in RFC3339 format.
- Copy
If stringNone Match - Copies the object if its entity tag (ETag) is different than the specified ETag.
- Copy
If stringUnmodified Since - Copies the object if it hasn't been modified since the specified time, in RFC3339 format.
- Customer
Algorithm string - Specifies the algorithm to use to when encrypting the object (for example, AES256).
- Customer
Key string - Specifies the customer-provided encryption key for Amazon S3 to use in encrypting data. This value is used to store the object and then it is discarded; Amazon S3 does not store the encryption key. The key must be appropriate for use with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm header.
- Customer
Key stringMd5 - Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. Amazon S3 uses this header for a message integrity check to ensure that the encryption key was transmitted without error.
- Expected
Bucket stringOwner - Account id of the expected destination bucket owner. If the destination bucket is owned by a different account, the request will fail with an HTTP 403 (Access Denied) error.
- Expected
Source stringBucket Owner - Account id of the expected source bucket owner. If the source bucket is owned by a different account, the request will fail with an HTTP 403 (Access Denied) error.
- Expires string
- Date and time at which the object is no longer cacheable, in RFC3339 format.
- Force
Destroy bool - Allow the object to be deleted by removing any legal hold on any object version. Default is
false. This value should be set totrueonly if the bucket has S3 object lock enabled. - Grants
[]Object
Copy Grant Args - Configuration block for header grants. Documented below. Conflicts with
acl. - Kms
Encryption stringContext - Specifies the AWS KMS Encryption Context to use for object encryption. The value is a base64-encoded UTF-8 string holding JSON with the encryption context key-value pairs.
- Kms
Key stringId - Specifies the AWS KMS Key ARN to use for object encryption. This value is a fully qualified ARN of the KMS Key. If using
aws.kms.Key, use the exportedarnattribute:kms_key_id = aws_kms_key.foo.arn - Metadata map[string]string
- Map of keys/values to provision metadata (will be automatically prefixed by
x-amz-meta-, note that only lowercase label are currently supported by the AWS Go API). - Metadata
Directive string - Specifies whether the metadata is copied from the source object or replaced with metadata provided in the request. Valid values are
COPYandREPLACE. - Object
Lock stringLegal Hold Status - The legal hold status that you want to apply to the specified object. Valid values are
ONandOFF. - Object
Lock stringMode - Object lock retention mode that you want to apply to this object. Valid values are
GOVERNANCEandCOMPLIANCE. - Object
Lock stringRetain Until Date - Date and time, in RFC3339 format, when this object's object lock will expire.
- Request
Payer string - Confirms that the requester knows that they will be charged for the request. Bucket owners need not specify this parameter in their requests. For information about downloading objects from requester pays buckets, see Downloading Objects in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) in the Amazon S3 Developer Guide. If included, the only valid value is
requester. - Server
Side stringEncryption - Specifies server-side encryption of the object in S3. Valid values are
AES256andaws:kms. - Source
Customer stringAlgorithm - Specifies the algorithm to use when decrypting the source object (for example, AES256).
- Source
Customer stringKey - Specifies the customer-provided encryption key for Amazon S3 to use to decrypt the source object. The encryption key provided in this header must be one that was used when the source object was created.
- Source
Customer stringKey Md5 - Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. Amazon S3 uses this header for a message integrity check to ensure that the encryption key was transmitted without error.
- Storage
Class string - Specifies the desired storage class for the object. Defaults to
STANDARD. - Tagging
Directive string - Specifies whether the object tag-set are copied from the source object or replaced with tag-set provided in the request. Valid values are
COPYandREPLACE. - map[string]string
- Map of tags to assign to the object. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Website
Redirect string - Specifies a target URL for website redirect.
- bucket String
- Name of the bucket to put the file in.
- key String
- Name of the object once it is in the bucket.
- source String
Specifies the source object for the copy operation. You specify the value in one of two formats. For objects not accessed through an access point, specify the name of the source bucket and the key of the source object, separated by a slash (
/). For example,testbucket/test1.json. For objects accessed through access points, specify the ARN of the object as accessed through the access point, in the formatarn:aws:s3:<Region>:<account-id>:accesspoint/<access-point-name>/object/<key>. For example,arn:aws:s3:us-west-2:9999912999:accesspoint/my-access-point/object/testbucket/test1.json.The following arguments are optional:
- acl String
- Canned ACL to apply. Valid values are
private,public-read,public-read-write,authenticated-read,aws-exec-read,bucket-owner-read, andbucket-owner-full-control. Conflicts withgrant. - bucket
Key BooleanEnabled - cache
Control String - Specifies caching behavior along the request/reply chain Read w3c cache_control for further details.
- checksum
Algorithm String - Indicates the algorithm used to create the checksum for the object. If a value is specified and the object is encrypted with KMS, you must have permission to use the
kms:Decryptaction. Valid values:CRC32,CRC32C,SHA1,SHA256. - content
Disposition String - Specifies presentational information for the object. Read w3c content_disposition for further information.
- content
Encoding String - Specifies what content encodings have been applied to the object and thus what decoding mechanisms must be applied to obtain the media-type referenced by the Content-Type header field. Read w3c content encoding for further information.
- content
Language String - Language the content is in e.g., en-US or en-GB.
- content
Type String - Standard MIME type describing the format of the object data, e.g.,
application/octet-stream. All Valid MIME Types are valid for this input. - copy
If StringMatch - Copies the object if its entity tag (ETag) matches the specified tag.
- copy
If StringModified Since - Copies the object if it has been modified since the specified time, in RFC3339 format.
- copy
If StringNone Match - Copies the object if its entity tag (ETag) is different than the specified ETag.
- copy
If StringUnmodified Since - Copies the object if it hasn't been modified since the specified time, in RFC3339 format.
- customer
Algorithm String - Specifies the algorithm to use to when encrypting the object (for example, AES256).
- customer
Key String - Specifies the customer-provided encryption key for Amazon S3 to use in encrypting data. This value is used to store the object and then it is discarded; Amazon S3 does not store the encryption key. The key must be appropriate for use with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm header.
- customer
Key StringMd5 - Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. Amazon S3 uses this header for a message integrity check to ensure that the encryption key was transmitted without error.
- expected
Bucket StringOwner - Account id of the expected destination bucket owner. If the destination bucket is owned by a different account, the request will fail with an HTTP 403 (Access Denied) error.
- expected
Source StringBucket Owner - Account id of the expected source bucket owner. If the source bucket is owned by a different account, the request will fail with an HTTP 403 (Access Denied) error.
- expires String
- Date and time at which the object is no longer cacheable, in RFC3339 format.
- force
Destroy Boolean - Allow the object to be deleted by removing any legal hold on any object version. Default is
false. This value should be set totrueonly if the bucket has S3 object lock enabled. - grants
List<Object
Copy Grant> - Configuration block for header grants. Documented below. Conflicts with
acl. - kms
Encryption StringContext - Specifies the AWS KMS Encryption Context to use for object encryption. The value is a base64-encoded UTF-8 string holding JSON with the encryption context key-value pairs.
- kms
Key StringId - Specifies the AWS KMS Key ARN to use for object encryption. This value is a fully qualified ARN of the KMS Key. If using
aws.kms.Key, use the exportedarnattribute:kms_key_id = aws_kms_key.foo.arn - metadata Map<String,String>
- Map of keys/values to provision metadata (will be automatically prefixed by
x-amz-meta-, note that only lowercase label are currently supported by the AWS Go API). - metadata
Directive String - Specifies whether the metadata is copied from the source object or replaced with metadata provided in the request. Valid values are
COPYandREPLACE. - object
Lock StringLegal Hold Status - The legal hold status that you want to apply to the specified object. Valid values are
ONandOFF. - object
Lock StringMode - Object lock retention mode that you want to apply to this object. Valid values are
GOVERNANCEandCOMPLIANCE. - object
Lock StringRetain Until Date - Date and time, in RFC3339 format, when this object's object lock will expire.
- request
Payer String - Confirms that the requester knows that they will be charged for the request. Bucket owners need not specify this parameter in their requests. For information about downloading objects from requester pays buckets, see Downloading Objects in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) in the Amazon S3 Developer Guide. If included, the only valid value is
requester. - server
Side StringEncryption - Specifies server-side encryption of the object in S3. Valid values are
AES256andaws:kms. - source
Customer StringAlgorithm - Specifies the algorithm to use when decrypting the source object (for example, AES256).
- source
Customer StringKey - Specifies the customer-provided encryption key for Amazon S3 to use to decrypt the source object. The encryption key provided in this header must be one that was used when the source object was created.
- source
Customer StringKey Md5 - Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. Amazon S3 uses this header for a message integrity check to ensure that the encryption key was transmitted without error.
- storage
Class String - Specifies the desired storage class for the object. Defaults to
STANDARD. - tagging
Directive String - Specifies whether the object tag-set are copied from the source object or replaced with tag-set provided in the request. Valid values are
COPYandREPLACE. - Map<String,String>
- Map of tags to assign to the object. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - website
Redirect String - Specifies a target URL for website redirect.
- bucket string
- Name of the bucket to put the file in.
- key string
- Name of the object once it is in the bucket.
- source string
Specifies the source object for the copy operation. You specify the value in one of two formats. For objects not accessed through an access point, specify the name of the source bucket and the key of the source object, separated by a slash (
/). For example,testbucket/test1.json. For objects accessed through access points, specify the ARN of the object as accessed through the access point, in the formatarn:aws:s3:<Region>:<account-id>:accesspoint/<access-point-name>/object/<key>. For example,arn:aws:s3:us-west-2:9999912999:accesspoint/my-access-point/object/testbucket/test1.json.The following arguments are optional:
- acl string
- Canned ACL to apply. Valid values are
private,public-read,public-read-write,authenticated-read,aws-exec-read,bucket-owner-read, andbucket-owner-full-control. Conflicts withgrant. - bucket
Key booleanEnabled - cache
Control string - Specifies caching behavior along the request/reply chain Read w3c cache_control for further details.
- checksum
Algorithm string - Indicates the algorithm used to create the checksum for the object. If a value is specified and the object is encrypted with KMS, you must have permission to use the
kms:Decryptaction. Valid values:CRC32,CRC32C,SHA1,SHA256. - content
Disposition string - Specifies presentational information for the object. Read w3c content_disposition for further information.
- content
Encoding string - Specifies what content encodings have been applied to the object and thus what decoding mechanisms must be applied to obtain the media-type referenced by the Content-Type header field. Read w3c content encoding for further information.
- content
Language string - Language the content is in e.g., en-US or en-GB.
- content
Type string - Standard MIME type describing the format of the object data, e.g.,
application/octet-stream. All Valid MIME Types are valid for this input. - copy
If stringMatch - Copies the object if its entity tag (ETag) matches the specified tag.
- copy
If stringModified Since - Copies the object if it has been modified since the specified time, in RFC3339 format.
- copy
If stringNone Match - Copies the object if its entity tag (ETag) is different than the specified ETag.
- copy
If stringUnmodified Since - Copies the object if it hasn't been modified since the specified time, in RFC3339 format.
- customer
Algorithm string - Specifies the algorithm to use to when encrypting the object (for example, AES256).
- customer
Key string - Specifies the customer-provided encryption key for Amazon S3 to use in encrypting data. This value is used to store the object and then it is discarded; Amazon S3 does not store the encryption key. The key must be appropriate for use with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm header.
- customer
Key stringMd5 - Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. Amazon S3 uses this header for a message integrity check to ensure that the encryption key was transmitted without error.
- expected
Bucket stringOwner - Account id of the expected destination bucket owner. If the destination bucket is owned by a different account, the request will fail with an HTTP 403 (Access Denied) error.
- expected
Source stringBucket Owner - Account id of the expected source bucket owner. If the source bucket is owned by a different account, the request will fail with an HTTP 403 (Access Denied) error.
- expires string
- Date and time at which the object is no longer cacheable, in RFC3339 format.
- force
Destroy boolean - Allow the object to be deleted by removing any legal hold on any object version. Default is
false. This value should be set totrueonly if the bucket has S3 object lock enabled. - grants
Object
Copy Grant[] - Configuration block for header grants. Documented below. Conflicts with
acl. - kms
Encryption stringContext - Specifies the AWS KMS Encryption Context to use for object encryption. The value is a base64-encoded UTF-8 string holding JSON with the encryption context key-value pairs.
- kms
Key stringId - Specifies the AWS KMS Key ARN to use for object encryption. This value is a fully qualified ARN of the KMS Key. If using
aws.kms.Key, use the exportedarnattribute:kms_key_id = aws_kms_key.foo.arn - metadata {[key: string]: string}
- Map of keys/values to provision metadata (will be automatically prefixed by
x-amz-meta-, note that only lowercase label are currently supported by the AWS Go API). - metadata
Directive string - Specifies whether the metadata is copied from the source object or replaced with metadata provided in the request. Valid values are
COPYandREPLACE. - object
Lock stringLegal Hold Status - The legal hold status that you want to apply to the specified object. Valid values are
ONandOFF. - object
Lock stringMode - Object lock retention mode that you want to apply to this object. Valid values are
GOVERNANCEandCOMPLIANCE. - object
Lock stringRetain Until Date - Date and time, in RFC3339 format, when this object's object lock will expire.
- request
Payer string - Confirms that the requester knows that they will be charged for the request. Bucket owners need not specify this parameter in their requests. For information about downloading objects from requester pays buckets, see Downloading Objects in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) in the Amazon S3 Developer Guide. If included, the only valid value is
requester. - server
Side stringEncryption - Specifies server-side encryption of the object in S3. Valid values are
AES256andaws:kms. - source
Customer stringAlgorithm - Specifies the algorithm to use when decrypting the source object (for example, AES256).
- source
Customer stringKey - Specifies the customer-provided encryption key for Amazon S3 to use to decrypt the source object. The encryption key provided in this header must be one that was used when the source object was created.
- source
Customer stringKey Md5 - Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. Amazon S3 uses this header for a message integrity check to ensure that the encryption key was transmitted without error.
- storage
Class string - Specifies the desired storage class for the object. Defaults to
STANDARD. - tagging
Directive string - Specifies whether the object tag-set are copied from the source object or replaced with tag-set provided in the request. Valid values are
COPYandREPLACE. - {[key: string]: string}
- Map of tags to assign to the object. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - website
Redirect string - Specifies a target URL for website redirect.
- bucket str
- Name of the bucket to put the file in.
- key str
- Name of the object once it is in the bucket.
- source str
Specifies the source object for the copy operation. You specify the value in one of two formats. For objects not accessed through an access point, specify the name of the source bucket and the key of the source object, separated by a slash (
/). For example,testbucket/test1.json. For objects accessed through access points, specify the ARN of the object as accessed through the access point, in the formatarn:aws:s3:<Region>:<account-id>:accesspoint/<access-point-name>/object/<key>. For example,arn:aws:s3:us-west-2:9999912999:accesspoint/my-access-point/object/testbucket/test1.json.The following arguments are optional:
- acl str
- Canned ACL to apply. Valid values are
private,public-read,public-read-write,authenticated-read,aws-exec-read,bucket-owner-read, andbucket-owner-full-control. Conflicts withgrant. - bucket_
key_ boolenabled - cache_
control str - Specifies caching behavior along the request/reply chain Read w3c cache_control for further details.
- checksum_
algorithm str - Indicates the algorithm used to create the checksum for the object. If a value is specified and the object is encrypted with KMS, you must have permission to use the
kms:Decryptaction. Valid values:CRC32,CRC32C,SHA1,SHA256. - content_
disposition str - Specifies presentational information for the object. Read w3c content_disposition for further information.
- content_
encoding str - Specifies what content encodings have been applied to the object and thus what decoding mechanisms must be applied to obtain the media-type referenced by the Content-Type header field. Read w3c content encoding for further information.
- content_
language str - Language the content is in e.g., en-US or en-GB.
- content_
type str - Standard MIME type describing the format of the object data, e.g.,
application/octet-stream. All Valid MIME Types are valid for this input. - copy_
if_ strmatch - Copies the object if its entity tag (ETag) matches the specified tag.
- copy_
if_ strmodified_ since - Copies the object if it has been modified since the specified time, in RFC3339 format.
- copy_
if_ strnone_ match - Copies the object if its entity tag (ETag) is different than the specified ETag.
- copy_
if_ strunmodified_ since - Copies the object if it hasn't been modified since the specified time, in RFC3339 format.
- customer_
algorithm str - Specifies the algorithm to use to when encrypting the object (for example, AES256).
- customer_
key str - Specifies the customer-provided encryption key for Amazon S3 to use in encrypting data. This value is used to store the object and then it is discarded; Amazon S3 does not store the encryption key. The key must be appropriate for use with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm header.
- customer_
key_ strmd5 - Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. Amazon S3 uses this header for a message integrity check to ensure that the encryption key was transmitted without error.
- expected_
bucket_ strowner - Account id of the expected destination bucket owner. If the destination bucket is owned by a different account, the request will fail with an HTTP 403 (Access Denied) error.
- expected_
source_ strbucket_ owner - Account id of the expected source bucket owner. If the source bucket is owned by a different account, the request will fail with an HTTP 403 (Access Denied) error.
- expires str
- Date and time at which the object is no longer cacheable, in RFC3339 format.
- force_
destroy bool - Allow the object to be deleted by removing any legal hold on any object version. Default is
false. This value should be set totrueonly if the bucket has S3 object lock enabled. - grants
Sequence[Object
Copy Grant Args] - Configuration block for header grants. Documented below. Conflicts with
acl. - kms_
encryption_ strcontext - Specifies the AWS KMS Encryption Context to use for object encryption. The value is a base64-encoded UTF-8 string holding JSON with the encryption context key-value pairs.
- kms_
key_ strid - Specifies the AWS KMS Key ARN to use for object encryption. This value is a fully qualified ARN of the KMS Key. If using
aws.kms.Key, use the exportedarnattribute:kms_key_id = aws_kms_key.foo.arn - metadata Mapping[str, str]
- Map of keys/values to provision metadata (will be automatically prefixed by
x-amz-meta-, note that only lowercase label are currently supported by the AWS Go API). - metadata_
directive str - Specifies whether the metadata is copied from the source object or replaced with metadata provided in the request. Valid values are
COPYandREPLACE. - object_
lock_ strlegal_ hold_ status - The legal hold status that you want to apply to the specified object. Valid values are
ONandOFF. - object_
lock_ strmode - Object lock retention mode that you want to apply to this object. Valid values are
GOVERNANCEandCOMPLIANCE. - object_
lock_ strretain_ until_ date - Date and time, in RFC3339 format, when this object's object lock will expire.
- request_
payer str - Confirms that the requester knows that they will be charged for the request. Bucket owners need not specify this parameter in their requests. For information about downloading objects from requester pays buckets, see Downloading Objects in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) in the Amazon S3 Developer Guide. If included, the only valid value is
requester. - server_
side_ strencryption - Specifies server-side encryption of the object in S3. Valid values are
AES256andaws:kms. - source_
customer_ stralgorithm - Specifies the algorithm to use when decrypting the source object (for example, AES256).
- source_
customer_ strkey - Specifies the customer-provided encryption key for Amazon S3 to use to decrypt the source object. The encryption key provided in this header must be one that was used when the source object was created.
- source_
customer_ strkey_ md5 - Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. Amazon S3 uses this header for a message integrity check to ensure that the encryption key was transmitted without error.
- storage_
class str - Specifies the desired storage class for the object. Defaults to
STANDARD. - tagging_
directive str - Specifies whether the object tag-set are copied from the source object or replaced with tag-set provided in the request. Valid values are
COPYandREPLACE. - Mapping[str, str]
- Map of tags to assign to the object. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - website_
redirect str - Specifies a target URL for website redirect.
- bucket String
- Name of the bucket to put the file in.
- key String
- Name of the object once it is in the bucket.
- source String
Specifies the source object for the copy operation. You specify the value in one of two formats. For objects not accessed through an access point, specify the name of the source bucket and the key of the source object, separated by a slash (
/). For example,testbucket/test1.json. For objects accessed through access points, specify the ARN of the object as accessed through the access point, in the formatarn:aws:s3:<Region>:<account-id>:accesspoint/<access-point-name>/object/<key>. For example,arn:aws:s3:us-west-2:9999912999:accesspoint/my-access-point/object/testbucket/test1.json.The following arguments are optional:
- acl String
- Canned ACL to apply. Valid values are
private,public-read,public-read-write,authenticated-read,aws-exec-read,bucket-owner-read, andbucket-owner-full-control. Conflicts withgrant. - bucket
Key BooleanEnabled - cache
Control String - Specifies caching behavior along the request/reply chain Read w3c cache_control for further details.
- checksum
Algorithm String - Indicates the algorithm used to create the checksum for the object. If a value is specified and the object is encrypted with KMS, you must have permission to use the
kms:Decryptaction. Valid values:CRC32,CRC32C,SHA1,SHA256. - content
Disposition String - Specifies presentational information for the object. Read w3c content_disposition for further information.
- content
Encoding String - Specifies what content encodings have been applied to the object and thus what decoding mechanisms must be applied to obtain the media-type referenced by the Content-Type header field. Read w3c content encoding for further information.
- content
Language String - Language the content is in e.g., en-US or en-GB.
- content
Type String - Standard MIME type describing the format of the object data, e.g.,
application/octet-stream. All Valid MIME Types are valid for this input. - copy
If StringMatch - Copies the object if its entity tag (ETag) matches the specified tag.
- copy
If StringModified Since - Copies the object if it has been modified since the specified time, in RFC3339 format.
- copy
If StringNone Match - Copies the object if its entity tag (ETag) is different than the specified ETag.
- copy
If StringUnmodified Since - Copies the object if it hasn't been modified since the specified time, in RFC3339 format.
- customer
Algorithm String - Specifies the algorithm to use to when encrypting the object (for example, AES256).
- customer
Key String - Specifies the customer-provided encryption key for Amazon S3 to use in encrypting data. This value is used to store the object and then it is discarded; Amazon S3 does not store the encryption key. The key must be appropriate for use with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm header.
- customer
Key StringMd5 - Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. Amazon S3 uses this header for a message integrity check to ensure that the encryption key was transmitted without error.
- expected
Bucket StringOwner - Account id of the expected destination bucket owner. If the destination bucket is owned by a different account, the request will fail with an HTTP 403 (Access Denied) error.
- expected
Source StringBucket Owner - Account id of the expected source bucket owner. If the source bucket is owned by a different account, the request will fail with an HTTP 403 (Access Denied) error.
- expires String
- Date and time at which the object is no longer cacheable, in RFC3339 format.
- force
Destroy Boolean - Allow the object to be deleted by removing any legal hold on any object version. Default is
false. This value should be set totrueonly if the bucket has S3 object lock enabled. - grants List<Property Map>
- Configuration block for header grants. Documented below. Conflicts with
acl. - kms
Encryption StringContext - Specifies the AWS KMS Encryption Context to use for object encryption. The value is a base64-encoded UTF-8 string holding JSON with the encryption context key-value pairs.
- kms
Key StringId - Specifies the AWS KMS Key ARN to use for object encryption. This value is a fully qualified ARN of the KMS Key. If using
aws.kms.Key, use the exportedarnattribute:kms_key_id = aws_kms_key.foo.arn - metadata Map<String>
- Map of keys/values to provision metadata (will be automatically prefixed by
x-amz-meta-, note that only lowercase label are currently supported by the AWS Go API). - metadata
Directive String - Specifies whether the metadata is copied from the source object or replaced with metadata provided in the request. Valid values are
COPYandREPLACE. - object
Lock StringLegal Hold Status - The legal hold status that you want to apply to the specified object. Valid values are
ONandOFF. - object
Lock StringMode - Object lock retention mode that you want to apply to this object. Valid values are
GOVERNANCEandCOMPLIANCE. - object
Lock StringRetain Until Date - Date and time, in RFC3339 format, when this object's object lock will expire.
- request
Payer String - Confirms that the requester knows that they will be charged for the request. Bucket owners need not specify this parameter in their requests. For information about downloading objects from requester pays buckets, see Downloading Objects in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) in the Amazon S3 Developer Guide. If included, the only valid value is
requester. - server
Side StringEncryption - Specifies server-side encryption of the object in S3. Valid values are
AES256andaws:kms. - source
Customer StringAlgorithm - Specifies the algorithm to use when decrypting the source object (for example, AES256).
- source
Customer StringKey - Specifies the customer-provided encryption key for Amazon S3 to use to decrypt the source object. The encryption key provided in this header must be one that was used when the source object was created.
- source
Customer StringKey Md5 - Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. Amazon S3 uses this header for a message integrity check to ensure that the encryption key was transmitted without error.
- storage
Class String - Specifies the desired storage class for the object. Defaults to
STANDARD. - tagging
Directive String - Specifies whether the object tag-set are copied from the source object or replaced with tag-set provided in the request. Valid values are
COPYandREPLACE. - Map<String>
- Map of tags to assign to the object. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - website
Redirect String - Specifies a target URL for website redirect.
Outputs
All input properties are implicitly available as output properties. Additionally, the ObjectCopy resource produces the following output properties:
- Arn string
- ARN of the object.
- Checksum
Crc32 string - The base64-encoded, 32-bit CRC32 checksum of the object.
- Checksum
Crc32c string - The base64-encoded, 32-bit CRC32C checksum of the object.
- Checksum
Sha1 string - The base64-encoded, 160-bit SHA-1 digest of the object.
- Checksum
Sha256 string - The base64-encoded, 256-bit SHA-256 digest of the object.
- Etag string
- ETag generated for the object (an MD5 sum of the object content). For plaintext objects or objects encrypted with an AWS-managed key, the hash is an MD5 digest of the object data. For objects encrypted with a KMS key or objects created by either the Multipart Upload or Part Copy operation, the hash is not an MD5 digest, regardless of the method of encryption. More information on possible values can be found on Common Response Headers.
- Expiration string
- If the object expiration is configured, this attribute will be set.
- Id string
- The provider-assigned unique ID for this managed resource.
- Last
Modified string - Returns the date that the object was last modified, in RFC3339 format.
- Request
Charged bool - If present, indicates that the requester was successfully charged for the request.
- Source
Version stringId - Version of the copied object in the source bucket.
- Dictionary<string, string>
- Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - Version
Id string - Version ID of the newly created copy.
- Arn string
- ARN of the object.
- Checksum
Crc32 string - The base64-encoded, 32-bit CRC32 checksum of the object.
- Checksum
Crc32c string - The base64-encoded, 32-bit CRC32C checksum of the object.
- Checksum
Sha1 string - The base64-encoded, 160-bit SHA-1 digest of the object.
- Checksum
Sha256 string - The base64-encoded, 256-bit SHA-256 digest of the object.
- Etag string
- ETag generated for the object (an MD5 sum of the object content). For plaintext objects or objects encrypted with an AWS-managed key, the hash is an MD5 digest of the object data. For objects encrypted with a KMS key or objects created by either the Multipart Upload or Part Copy operation, the hash is not an MD5 digest, regardless of the method of encryption. More information on possible values can be found on Common Response Headers.
- Expiration string
- If the object expiration is configured, this attribute will be set.
- Id string
- The provider-assigned unique ID for this managed resource.
- Last
Modified string - Returns the date that the object was last modified, in RFC3339 format.
- Request
Charged bool - If present, indicates that the requester was successfully charged for the request.
- Source
Version stringId - Version of the copied object in the source bucket.
- map[string]string
- Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - Version
Id string - Version ID of the newly created copy.
- arn String
- ARN of the object.
- checksum
Crc32 String - The base64-encoded, 32-bit CRC32 checksum of the object.
- checksum
Crc32c String - The base64-encoded, 32-bit CRC32C checksum of the object.
- checksum
Sha1 String - The base64-encoded, 160-bit SHA-1 digest of the object.
- checksum
Sha256 String - The base64-encoded, 256-bit SHA-256 digest of the object.
- etag String
- ETag generated for the object (an MD5 sum of the object content). For plaintext objects or objects encrypted with an AWS-managed key, the hash is an MD5 digest of the object data. For objects encrypted with a KMS key or objects created by either the Multipart Upload or Part Copy operation, the hash is not an MD5 digest, regardless of the method of encryption. More information on possible values can be found on Common Response Headers.
- expiration String
- If the object expiration is configured, this attribute will be set.
- id String
- The provider-assigned unique ID for this managed resource.
- last
Modified String - Returns the date that the object was last modified, in RFC3339 format.
- request
Charged Boolean - If present, indicates that the requester was successfully charged for the request.
- source
Version StringId - Version of the copied object in the source bucket.
- Map<String,String>
- Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - version
Id String - Version ID of the newly created copy.
- arn string
- ARN of the object.
- checksum
Crc32 string - The base64-encoded, 32-bit CRC32 checksum of the object.
- checksum
Crc32c string - The base64-encoded, 32-bit CRC32C checksum of the object.
- checksum
Sha1 string - The base64-encoded, 160-bit SHA-1 digest of the object.
- checksum
Sha256 string - The base64-encoded, 256-bit SHA-256 digest of the object.
- etag string
- ETag generated for the object (an MD5 sum of the object content). For plaintext objects or objects encrypted with an AWS-managed key, the hash is an MD5 digest of the object data. For objects encrypted with a KMS key or objects created by either the Multipart Upload or Part Copy operation, the hash is not an MD5 digest, regardless of the method of encryption. More information on possible values can be found on Common Response Headers.
- expiration string
- If the object expiration is configured, this attribute will be set.
- id string
- The provider-assigned unique ID for this managed resource.
- last
Modified string - Returns the date that the object was last modified, in RFC3339 format.
- request
Charged boolean - If present, indicates that the requester was successfully charged for the request.
- source
Version stringId - Version of the copied object in the source bucket.
- {[key: string]: string}
- Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - version
Id string - Version ID of the newly created copy.
- arn str
- ARN of the object.
- checksum_
crc32 str - The base64-encoded, 32-bit CRC32 checksum of the object.
- checksum_
crc32c str - The base64-encoded, 32-bit CRC32C checksum of the object.
- checksum_
sha1 str - The base64-encoded, 160-bit SHA-1 digest of the object.
- checksum_
sha256 str - The base64-encoded, 256-bit SHA-256 digest of the object.
- etag str
- ETag generated for the object (an MD5 sum of the object content). For plaintext objects or objects encrypted with an AWS-managed key, the hash is an MD5 digest of the object data. For objects encrypted with a KMS key or objects created by either the Multipart Upload or Part Copy operation, the hash is not an MD5 digest, regardless of the method of encryption. More information on possible values can be found on Common Response Headers.
- expiration str
- If the object expiration is configured, this attribute will be set.
- id str
- The provider-assigned unique ID for this managed resource.
- last_
modified str - Returns the date that the object was last modified, in RFC3339 format.
- request_
charged bool - If present, indicates that the requester was successfully charged for the request.
- source_
version_ strid - Version of the copied object in the source bucket.
- Mapping[str, str]
- Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - version_
id str - Version ID of the newly created copy.
- arn String
- ARN of the object.
- checksum
Crc32 String - The base64-encoded, 32-bit CRC32 checksum of the object.
- checksum
Crc32c String - The base64-encoded, 32-bit CRC32C checksum of the object.
- checksum
Sha1 String - The base64-encoded, 160-bit SHA-1 digest of the object.
- checksum
Sha256 String - The base64-encoded, 256-bit SHA-256 digest of the object.
- etag String
- ETag generated for the object (an MD5 sum of the object content). For plaintext objects or objects encrypted with an AWS-managed key, the hash is an MD5 digest of the object data. For objects encrypted with a KMS key or objects created by either the Multipart Upload or Part Copy operation, the hash is not an MD5 digest, regardless of the method of encryption. More information on possible values can be found on Common Response Headers.
- expiration String
- If the object expiration is configured, this attribute will be set.
- id String
- The provider-assigned unique ID for this managed resource.
- last
Modified String - Returns the date that the object was last modified, in RFC3339 format.
- request
Charged Boolean - If present, indicates that the requester was successfully charged for the request.
- source
Version StringId - Version of the copied object in the source bucket.
- Map<String>
- Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - version
Id String - Version ID of the newly created copy.
Look up Existing ObjectCopy Resource
Get an existing ObjectCopy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ObjectCopyState, opts?: CustomResourceOptions): ObjectCopy@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
acl: Optional[str] = None,
arn: Optional[str] = None,
bucket: Optional[str] = None,
bucket_key_enabled: Optional[bool] = None,
cache_control: Optional[str] = None,
checksum_algorithm: Optional[str] = None,
checksum_crc32: Optional[str] = None,
checksum_crc32c: Optional[str] = None,
checksum_sha1: Optional[str] = None,
checksum_sha256: Optional[str] = None,
content_disposition: Optional[str] = None,
content_encoding: Optional[str] = None,
content_language: Optional[str] = None,
content_type: Optional[str] = None,
copy_if_match: Optional[str] = None,
copy_if_modified_since: Optional[str] = None,
copy_if_none_match: Optional[str] = None,
copy_if_unmodified_since: Optional[str] = None,
customer_algorithm: Optional[str] = None,
customer_key: Optional[str] = None,
customer_key_md5: Optional[str] = None,
etag: Optional[str] = None,
expected_bucket_owner: Optional[str] = None,
expected_source_bucket_owner: Optional[str] = None,
expiration: Optional[str] = None,
expires: Optional[str] = None,
force_destroy: Optional[bool] = None,
grants: Optional[Sequence[ObjectCopyGrantArgs]] = None,
key: Optional[str] = None,
kms_encryption_context: Optional[str] = None,
kms_key_id: Optional[str] = None,
last_modified: Optional[str] = None,
metadata: Optional[Mapping[str, str]] = None,
metadata_directive: Optional[str] = None,
object_lock_legal_hold_status: Optional[str] = None,
object_lock_mode: Optional[str] = None,
object_lock_retain_until_date: Optional[str] = None,
request_charged: Optional[bool] = None,
request_payer: Optional[str] = None,
server_side_encryption: Optional[str] = None,
source: Optional[str] = None,
source_customer_algorithm: Optional[str] = None,
source_customer_key: Optional[str] = None,
source_customer_key_md5: Optional[str] = None,
source_version_id: Optional[str] = None,
storage_class: Optional[str] = None,
tagging_directive: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None,
tags_all: Optional[Mapping[str, str]] = None,
version_id: Optional[str] = None,
website_redirect: Optional[str] = None) -> ObjectCopyfunc GetObjectCopy(ctx *Context, name string, id IDInput, state *ObjectCopyState, opts ...ResourceOption) (*ObjectCopy, error)public static ObjectCopy Get(string name, Input<string> id, ObjectCopyState? state, CustomResourceOptions? opts = null)public static ObjectCopy get(String name, Output<String> id, ObjectCopyState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Acl string
- Canned ACL to apply. Valid values are
private,public-read,public-read-write,authenticated-read,aws-exec-read,bucket-owner-read, andbucket-owner-full-control. Conflicts withgrant. - Arn string
- ARN of the object.
- Bucket string
- Name of the bucket to put the file in.
- Bucket
Key boolEnabled - Cache
Control string - Specifies caching behavior along the request/reply chain Read w3c cache_control for further details.
- Checksum
Algorithm string - Indicates the algorithm used to create the checksum for the object. If a value is specified and the object is encrypted with KMS, you must have permission to use the
kms:Decryptaction. Valid values:CRC32,CRC32C,SHA1,SHA256. - Checksum
Crc32 string - The base64-encoded, 32-bit CRC32 checksum of the object.
- Checksum
Crc32c string - The base64-encoded, 32-bit CRC32C checksum of the object.
- Checksum
Sha1 string - The base64-encoded, 160-bit SHA-1 digest of the object.
- Checksum
Sha256 string - The base64-encoded, 256-bit SHA-256 digest of the object.
- Content
Disposition string - Specifies presentational information for the object. Read w3c content_disposition for further information.
- Content
Encoding string - Specifies what content encodings have been applied to the object and thus what decoding mechanisms must be applied to obtain the media-type referenced by the Content-Type header field. Read w3c content encoding for further information.
- Content
Language string - Language the content is in e.g., en-US or en-GB.
- Content
Type string - Standard MIME type describing the format of the object data, e.g.,
application/octet-stream. All Valid MIME Types are valid for this input. - Copy
If stringMatch - Copies the object if its entity tag (ETag) matches the specified tag.
- Copy
If stringModified Since - Copies the object if it has been modified since the specified time, in RFC3339 format.
- Copy
If stringNone Match - Copies the object if its entity tag (ETag) is different than the specified ETag.
- Copy
If stringUnmodified Since - Copies the object if it hasn't been modified since the specified time, in RFC3339 format.
- Customer
Algorithm string - Specifies the algorithm to use to when encrypting the object (for example, AES256).
- Customer
Key string - Specifies the customer-provided encryption key for Amazon S3 to use in encrypting data. This value is used to store the object and then it is discarded; Amazon S3 does not store the encryption key. The key must be appropriate for use with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm header.
- Customer
Key stringMd5 - Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. Amazon S3 uses this header for a message integrity check to ensure that the encryption key was transmitted without error.
- Etag string
- ETag generated for the object (an MD5 sum of the object content). For plaintext objects or objects encrypted with an AWS-managed key, the hash is an MD5 digest of the object data. For objects encrypted with a KMS key or objects created by either the Multipart Upload or Part Copy operation, the hash is not an MD5 digest, regardless of the method of encryption. More information on possible values can be found on Common Response Headers.
- Expected
Bucket stringOwner - Account id of the expected destination bucket owner. If the destination bucket is owned by a different account, the request will fail with an HTTP 403 (Access Denied) error.
- Expected
Source stringBucket Owner - Account id of the expected source bucket owner. If the source bucket is owned by a different account, the request will fail with an HTTP 403 (Access Denied) error.
- Expiration string
- If the object expiration is configured, this attribute will be set.
- Expires string
- Date and time at which the object is no longer cacheable, in RFC3339 format.
- Force
Destroy bool - Allow the object to be deleted by removing any legal hold on any object version. Default is
false. This value should be set totrueonly if the bucket has S3 object lock enabled. - Grants
List<Object
Copy Grant> - Configuration block for header grants. Documented below. Conflicts with
acl. - Key string
- Name of the object once it is in the bucket.
- Kms
Encryption stringContext - Specifies the AWS KMS Encryption Context to use for object encryption. The value is a base64-encoded UTF-8 string holding JSON with the encryption context key-value pairs.
- Kms
Key stringId - Specifies the AWS KMS Key ARN to use for object encryption. This value is a fully qualified ARN of the KMS Key. If using
aws.kms.Key, use the exportedarnattribute:kms_key_id = aws_kms_key.foo.arn - Last
Modified string - Returns the date that the object was last modified, in RFC3339 format.
- Metadata Dictionary<string, string>
- Map of keys/values to provision metadata (will be automatically prefixed by
x-amz-meta-, note that only lowercase label are currently supported by the AWS Go API). - Metadata
Directive string - Specifies whether the metadata is copied from the source object or replaced with metadata provided in the request. Valid values are
COPYandREPLACE. - Object
Lock stringLegal Hold Status - The legal hold status that you want to apply to the specified object. Valid values are
ONandOFF. - Object
Lock stringMode - Object lock retention mode that you want to apply to this object. Valid values are
GOVERNANCEandCOMPLIANCE. - Object
Lock stringRetain Until Date - Date and time, in RFC3339 format, when this object's object lock will expire.
- Request
Charged bool - If present, indicates that the requester was successfully charged for the request.
- Request
Payer string - Confirms that the requester knows that they will be charged for the request. Bucket owners need not specify this parameter in their requests. For information about downloading objects from requester pays buckets, see Downloading Objects in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) in the Amazon S3 Developer Guide. If included, the only valid value is
requester. - Server
Side stringEncryption - Specifies server-side encryption of the object in S3. Valid values are
AES256andaws:kms. - Source string
Specifies the source object for the copy operation. You specify the value in one of two formats. For objects not accessed through an access point, specify the name of the source bucket and the key of the source object, separated by a slash (
/). For example,testbucket/test1.json. For objects accessed through access points, specify the ARN of the object as accessed through the access point, in the formatarn:aws:s3:<Region>:<account-id>:accesspoint/<access-point-name>/object/<key>. For example,arn:aws:s3:us-west-2:9999912999:accesspoint/my-access-point/object/testbucket/test1.json.The following arguments are optional:
- Source
Customer stringAlgorithm - Specifies the algorithm to use when decrypting the source object (for example, AES256).
- Source
Customer stringKey - Specifies the customer-provided encryption key for Amazon S3 to use to decrypt the source object. The encryption key provided in this header must be one that was used when the source object was created.
- Source
Customer stringKey Md5 - Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. Amazon S3 uses this header for a message integrity check to ensure that the encryption key was transmitted without error.
- Source
Version stringId - Version of the copied object in the source bucket.
- Storage
Class string - Specifies the desired storage class for the object. Defaults to
STANDARD. - Tagging
Directive string - Specifies whether the object tag-set are copied from the source object or replaced with tag-set provided in the request. Valid values are
COPYandREPLACE. - Dictionary<string, string>
- Map of tags to assign to the object. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Dictionary<string, string>
- Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - Version
Id string - Version ID of the newly created copy.
- Website
Redirect string - Specifies a target URL for website redirect.
- Acl string
- Canned ACL to apply. Valid values are
private,public-read,public-read-write,authenticated-read,aws-exec-read,bucket-owner-read, andbucket-owner-full-control. Conflicts withgrant. - Arn string
- ARN of the object.
- Bucket string
- Name of the bucket to put the file in.
- Bucket
Key boolEnabled - Cache
Control string - Specifies caching behavior along the request/reply chain Read w3c cache_control for further details.
- Checksum
Algorithm string - Indicates the algorithm used to create the checksum for the object. If a value is specified and the object is encrypted with KMS, you must have permission to use the
kms:Decryptaction. Valid values:CRC32,CRC32C,SHA1,SHA256. - Checksum
Crc32 string - The base64-encoded, 32-bit CRC32 checksum of the object.
- Checksum
Crc32c string - The base64-encoded, 32-bit CRC32C checksum of the object.
- Checksum
Sha1 string - The base64-encoded, 160-bit SHA-1 digest of the object.
- Checksum
Sha256 string - The base64-encoded, 256-bit SHA-256 digest of the object.
- Content
Disposition string - Specifies presentational information for the object. Read w3c content_disposition for further information.
- Content
Encoding string - Specifies what content encodings have been applied to the object and thus what decoding mechanisms must be applied to obtain the media-type referenced by the Content-Type header field. Read w3c content encoding for further information.
- Content
Language string - Language the content is in e.g., en-US or en-GB.
- Content
Type string - Standard MIME type describing the format of the object data, e.g.,
application/octet-stream. All Valid MIME Types are valid for this input. - Copy
If stringMatch - Copies the object if its entity tag (ETag) matches the specified tag.
- Copy
If stringModified Since - Copies the object if it has been modified since the specified time, in RFC3339 format.
- Copy
If stringNone Match - Copies the object if its entity tag (ETag) is different than the specified ETag.
- Copy
If stringUnmodified Since - Copies the object if it hasn't been modified since the specified time, in RFC3339 format.
- Customer
Algorithm string - Specifies the algorithm to use to when encrypting the object (for example, AES256).
- Customer
Key string - Specifies the customer-provided encryption key for Amazon S3 to use in encrypting data. This value is used to store the object and then it is discarded; Amazon S3 does not store the encryption key. The key must be appropriate for use with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm header.
- Customer
Key stringMd5 - Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. Amazon S3 uses this header for a message integrity check to ensure that the encryption key was transmitted without error.
- Etag string
- ETag generated for the object (an MD5 sum of the object content). For plaintext objects or objects encrypted with an AWS-managed key, the hash is an MD5 digest of the object data. For objects encrypted with a KMS key or objects created by either the Multipart Upload or Part Copy operation, the hash is not an MD5 digest, regardless of the method of encryption. More information on possible values can be found on Common Response Headers.
- Expected
Bucket stringOwner - Account id of the expected destination bucket owner. If the destination bucket is owned by a different account, the request will fail with an HTTP 403 (Access Denied) error.
- Expected
Source stringBucket Owner - Account id of the expected source bucket owner. If the source bucket is owned by a different account, the request will fail with an HTTP 403 (Access Denied) error.
- Expiration string
- If the object expiration is configured, this attribute will be set.
- Expires string
- Date and time at which the object is no longer cacheable, in RFC3339 format.
- Force
Destroy bool - Allow the object to be deleted by removing any legal hold on any object version. Default is
false. This value should be set totrueonly if the bucket has S3 object lock enabled. - Grants
[]Object
Copy Grant Args - Configuration block for header grants. Documented below. Conflicts with
acl. - Key string
- Name of the object once it is in the bucket.
- Kms
Encryption stringContext - Specifies the AWS KMS Encryption Context to use for object encryption. The value is a base64-encoded UTF-8 string holding JSON with the encryption context key-value pairs.
- Kms
Key stringId - Specifies the AWS KMS Key ARN to use for object encryption. This value is a fully qualified ARN of the KMS Key. If using
aws.kms.Key, use the exportedarnattribute:kms_key_id = aws_kms_key.foo.arn - Last
Modified string - Returns the date that the object was last modified, in RFC3339 format.
- Metadata map[string]string
- Map of keys/values to provision metadata (will be automatically prefixed by
x-amz-meta-, note that only lowercase label are currently supported by the AWS Go API). - Metadata
Directive string - Specifies whether the metadata is copied from the source object or replaced with metadata provided in the request. Valid values are
COPYandREPLACE. - Object
Lock stringLegal Hold Status - The legal hold status that you want to apply to the specified object. Valid values are
ONandOFF. - Object
Lock stringMode - Object lock retention mode that you want to apply to this object. Valid values are
GOVERNANCEandCOMPLIANCE. - Object
Lock stringRetain Until Date - Date and time, in RFC3339 format, when this object's object lock will expire.
- Request
Charged bool - If present, indicates that the requester was successfully charged for the request.
- Request
Payer string - Confirms that the requester knows that they will be charged for the request. Bucket owners need not specify this parameter in their requests. For information about downloading objects from requester pays buckets, see Downloading Objects in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) in the Amazon S3 Developer Guide. If included, the only valid value is
requester. - Server
Side stringEncryption - Specifies server-side encryption of the object in S3. Valid values are
AES256andaws:kms. - Source string
Specifies the source object for the copy operation. You specify the value in one of two formats. For objects not accessed through an access point, specify the name of the source bucket and the key of the source object, separated by a slash (
/). For example,testbucket/test1.json. For objects accessed through access points, specify the ARN of the object as accessed through the access point, in the formatarn:aws:s3:<Region>:<account-id>:accesspoint/<access-point-name>/object/<key>. For example,arn:aws:s3:us-west-2:9999912999:accesspoint/my-access-point/object/testbucket/test1.json.The following arguments are optional:
- Source
Customer stringAlgorithm - Specifies the algorithm to use when decrypting the source object (for example, AES256).
- Source
Customer stringKey - Specifies the customer-provided encryption key for Amazon S3 to use to decrypt the source object. The encryption key provided in this header must be one that was used when the source object was created.
- Source
Customer stringKey Md5 - Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. Amazon S3 uses this header for a message integrity check to ensure that the encryption key was transmitted without error.
- Source
Version stringId - Version of the copied object in the source bucket.
- Storage
Class string - Specifies the desired storage class for the object. Defaults to
STANDARD. - Tagging
Directive string - Specifies whether the object tag-set are copied from the source object or replaced with tag-set provided in the request. Valid values are
COPYandREPLACE. - map[string]string
- Map of tags to assign to the object. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - map[string]string
- Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - Version
Id string - Version ID of the newly created copy.
- Website
Redirect string - Specifies a target URL for website redirect.
- acl String
- Canned ACL to apply. Valid values are
private,public-read,public-read-write,authenticated-read,aws-exec-read,bucket-owner-read, andbucket-owner-full-control. Conflicts withgrant. - arn String
- ARN of the object.
- bucket String
- Name of the bucket to put the file in.
- bucket
Key BooleanEnabled - cache
Control String - Specifies caching behavior along the request/reply chain Read w3c cache_control for further details.
- checksum
Algorithm String - Indicates the algorithm used to create the checksum for the object. If a value is specified and the object is encrypted with KMS, you must have permission to use the
kms:Decryptaction. Valid values:CRC32,CRC32C,SHA1,SHA256. - checksum
Crc32 String - The base64-encoded, 32-bit CRC32 checksum of the object.
- checksum
Crc32c String - The base64-encoded, 32-bit CRC32C checksum of the object.
- checksum
Sha1 String - The base64-encoded, 160-bit SHA-1 digest of the object.
- checksum
Sha256 String - The base64-encoded, 256-bit SHA-256 digest of the object.
- content
Disposition String - Specifies presentational information for the object. Read w3c content_disposition for further information.
- content
Encoding String - Specifies what content encodings have been applied to the object and thus what decoding mechanisms must be applied to obtain the media-type referenced by the Content-Type header field. Read w3c content encoding for further information.
- content
Language String - Language the content is in e.g., en-US or en-GB.
- content
Type String - Standard MIME type describing the format of the object data, e.g.,
application/octet-stream. All Valid MIME Types are valid for this input. - copy
If StringMatch - Copies the object if its entity tag (ETag) matches the specified tag.
- copy
If StringModified Since - Copies the object if it has been modified since the specified time, in RFC3339 format.
- copy
If StringNone Match - Copies the object if its entity tag (ETag) is different than the specified ETag.
- copy
If StringUnmodified Since - Copies the object if it hasn't been modified since the specified time, in RFC3339 format.
- customer
Algorithm String - Specifies the algorithm to use to when encrypting the object (for example, AES256).
- customer
Key String - Specifies the customer-provided encryption key for Amazon S3 to use in encrypting data. This value is used to store the object and then it is discarded; Amazon S3 does not store the encryption key. The key must be appropriate for use with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm header.
- customer
Key StringMd5 - Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. Amazon S3 uses this header for a message integrity check to ensure that the encryption key was transmitted without error.
- etag String
- ETag generated for the object (an MD5 sum of the object content). For plaintext objects or objects encrypted with an AWS-managed key, the hash is an MD5 digest of the object data. For objects encrypted with a KMS key or objects created by either the Multipart Upload or Part Copy operation, the hash is not an MD5 digest, regardless of the method of encryption. More information on possible values can be found on Common Response Headers.
- expected
Bucket StringOwner - Account id of the expected destination bucket owner. If the destination bucket is owned by a different account, the request will fail with an HTTP 403 (Access Denied) error.
- expected
Source StringBucket Owner - Account id of the expected source bucket owner. If the source bucket is owned by a different account, the request will fail with an HTTP 403 (Access Denied) error.
- expiration String
- If the object expiration is configured, this attribute will be set.
- expires String
- Date and time at which the object is no longer cacheable, in RFC3339 format.
- force
Destroy Boolean - Allow the object to be deleted by removing any legal hold on any object version. Default is
false. This value should be set totrueonly if the bucket has S3 object lock enabled. - grants
List<Object
Copy Grant> - Configuration block for header grants. Documented below. Conflicts with
acl. - key String
- Name of the object once it is in the bucket.
- kms
Encryption StringContext - Specifies the AWS KMS Encryption Context to use for object encryption. The value is a base64-encoded UTF-8 string holding JSON with the encryption context key-value pairs.
- kms
Key StringId - Specifies the AWS KMS Key ARN to use for object encryption. This value is a fully qualified ARN of the KMS Key. If using
aws.kms.Key, use the exportedarnattribute:kms_key_id = aws_kms_key.foo.arn - last
Modified String - Returns the date that the object was last modified, in RFC3339 format.
- metadata Map<String,String>
- Map of keys/values to provision metadata (will be automatically prefixed by
x-amz-meta-, note that only lowercase label are currently supported by the AWS Go API). - metadata
Directive String - Specifies whether the metadata is copied from the source object or replaced with metadata provided in the request. Valid values are
COPYandREPLACE. - object
Lock StringLegal Hold Status - The legal hold status that you want to apply to the specified object. Valid values are
ONandOFF. - object
Lock StringMode - Object lock retention mode that you want to apply to this object. Valid values are
GOVERNANCEandCOMPLIANCE. - object
Lock StringRetain Until Date - Date and time, in RFC3339 format, when this object's object lock will expire.
- request
Charged Boolean - If present, indicates that the requester was successfully charged for the request.
- request
Payer String - Confirms that the requester knows that they will be charged for the request. Bucket owners need not specify this parameter in their requests. For information about downloading objects from requester pays buckets, see Downloading Objects in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) in the Amazon S3 Developer Guide. If included, the only valid value is
requester. - server
Side StringEncryption - Specifies server-side encryption of the object in S3. Valid values are
AES256andaws:kms. - source String
Specifies the source object for the copy operation. You specify the value in one of two formats. For objects not accessed through an access point, specify the name of the source bucket and the key of the source object, separated by a slash (
/). For example,testbucket/test1.json. For objects accessed through access points, specify the ARN of the object as accessed through the access point, in the formatarn:aws:s3:<Region>:<account-id>:accesspoint/<access-point-name>/object/<key>. For example,arn:aws:s3:us-west-2:9999912999:accesspoint/my-access-point/object/testbucket/test1.json.The following arguments are optional:
- source
Customer StringAlgorithm - Specifies the algorithm to use when decrypting the source object (for example, AES256).
- source
Customer StringKey - Specifies the customer-provided encryption key for Amazon S3 to use to decrypt the source object. The encryption key provided in this header must be one that was used when the source object was created.
- source
Customer StringKey Md5 - Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. Amazon S3 uses this header for a message integrity check to ensure that the encryption key was transmitted without error.
- source
Version StringId - Version of the copied object in the source bucket.
- storage
Class String - Specifies the desired storage class for the object. Defaults to
STANDARD. - tagging
Directive String - Specifies whether the object tag-set are copied from the source object or replaced with tag-set provided in the request. Valid values are
COPYandREPLACE. - Map<String,String>
- Map of tags to assign to the object. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Map<String,String>
- Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - version
Id String - Version ID of the newly created copy.
- website
Redirect String - Specifies a target URL for website redirect.
- acl string
- Canned ACL to apply. Valid values are
private,public-read,public-read-write,authenticated-read,aws-exec-read,bucket-owner-read, andbucket-owner-full-control. Conflicts withgrant. - arn string
- ARN of the object.
- bucket string
- Name of the bucket to put the file in.
- bucket
Key booleanEnabled - cache
Control string - Specifies caching behavior along the request/reply chain Read w3c cache_control for further details.
- checksum
Algorithm string - Indicates the algorithm used to create the checksum for the object. If a value is specified and the object is encrypted with KMS, you must have permission to use the
kms:Decryptaction. Valid values:CRC32,CRC32C,SHA1,SHA256. - checksum
Crc32 string - The base64-encoded, 32-bit CRC32 checksum of the object.
- checksum
Crc32c string - The base64-encoded, 32-bit CRC32C checksum of the object.
- checksum
Sha1 string - The base64-encoded, 160-bit SHA-1 digest of the object.
- checksum
Sha256 string - The base64-encoded, 256-bit SHA-256 digest of the object.
- content
Disposition string - Specifies presentational information for the object. Read w3c content_disposition for further information.
- content
Encoding string - Specifies what content encodings have been applied to the object and thus what decoding mechanisms must be applied to obtain the media-type referenced by the Content-Type header field. Read w3c content encoding for further information.
- content
Language string - Language the content is in e.g., en-US or en-GB.
- content
Type string - Standard MIME type describing the format of the object data, e.g.,
application/octet-stream. All Valid MIME Types are valid for this input. - copy
If stringMatch - Copies the object if its entity tag (ETag) matches the specified tag.
- copy
If stringModified Since - Copies the object if it has been modified since the specified time, in RFC3339 format.
- copy
If stringNone Match - Copies the object if its entity tag (ETag) is different than the specified ETag.
- copy
If stringUnmodified Since - Copies the object if it hasn't been modified since the specified time, in RFC3339 format.
- customer
Algorithm string - Specifies the algorithm to use to when encrypting the object (for example, AES256).
- customer
Key string - Specifies the customer-provided encryption key for Amazon S3 to use in encrypting data. This value is used to store the object and then it is discarded; Amazon S3 does not store the encryption key. The key must be appropriate for use with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm header.
- customer
Key stringMd5 - Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. Amazon S3 uses this header for a message integrity check to ensure that the encryption key was transmitted without error.
- etag string
- ETag generated for the object (an MD5 sum of the object content). For plaintext objects or objects encrypted with an AWS-managed key, the hash is an MD5 digest of the object data. For objects encrypted with a KMS key or objects created by either the Multipart Upload or Part Copy operation, the hash is not an MD5 digest, regardless of the method of encryption. More information on possible values can be found on Common Response Headers.
- expected
Bucket stringOwner - Account id of the expected destination bucket owner. If the destination bucket is owned by a different account, the request will fail with an HTTP 403 (Access Denied) error.
- expected
Source stringBucket Owner - Account id of the expected source bucket owner. If the source bucket is owned by a different account, the request will fail with an HTTP 403 (Access Denied) error.
- expiration string
- If the object expiration is configured, this attribute will be set.
- expires string
- Date and time at which the object is no longer cacheable, in RFC3339 format.
- force
Destroy boolean - Allow the object to be deleted by removing any legal hold on any object version. Default is
false. This value should be set totrueonly if the bucket has S3 object lock enabled. - grants
Object
Copy Grant[] - Configuration block for header grants. Documented below. Conflicts with
acl. - key string
- Name of the object once it is in the bucket.
- kms
Encryption stringContext - Specifies the AWS KMS Encryption Context to use for object encryption. The value is a base64-encoded UTF-8 string holding JSON with the encryption context key-value pairs.
- kms
Key stringId - Specifies the AWS KMS Key ARN to use for object encryption. This value is a fully qualified ARN of the KMS Key. If using
aws.kms.Key, use the exportedarnattribute:kms_key_id = aws_kms_key.foo.arn - last
Modified string - Returns the date that the object was last modified, in RFC3339 format.
- metadata {[key: string]: string}
- Map of keys/values to provision metadata (will be automatically prefixed by
x-amz-meta-, note that only lowercase label are currently supported by the AWS Go API). - metadata
Directive string - Specifies whether the metadata is copied from the source object or replaced with metadata provided in the request. Valid values are
COPYandREPLACE. - object
Lock stringLegal Hold Status - The legal hold status that you want to apply to the specified object. Valid values are
ONandOFF. - object
Lock stringMode - Object lock retention mode that you want to apply to this object. Valid values are
GOVERNANCEandCOMPLIANCE. - object
Lock stringRetain Until Date - Date and time, in RFC3339 format, when this object's object lock will expire.
- request
Charged boolean - If present, indicates that the requester was successfully charged for the request.
- request
Payer string - Confirms that the requester knows that they will be charged for the request. Bucket owners need not specify this parameter in their requests. For information about downloading objects from requester pays buckets, see Downloading Objects in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) in the Amazon S3 Developer Guide. If included, the only valid value is
requester. - server
Side stringEncryption - Specifies server-side encryption of the object in S3. Valid values are
AES256andaws:kms. - source string
Specifies the source object for the copy operation. You specify the value in one of two formats. For objects not accessed through an access point, specify the name of the source bucket and the key of the source object, separated by a slash (
/). For example,testbucket/test1.json. For objects accessed through access points, specify the ARN of the object as accessed through the access point, in the formatarn:aws:s3:<Region>:<account-id>:accesspoint/<access-point-name>/object/<key>. For example,arn:aws:s3:us-west-2:9999912999:accesspoint/my-access-point/object/testbucket/test1.json.The following arguments are optional:
- source
Customer stringAlgorithm - Specifies the algorithm to use when decrypting the source object (for example, AES256).
- source
Customer stringKey - Specifies the customer-provided encryption key for Amazon S3 to use to decrypt the source object. The encryption key provided in this header must be one that was used when the source object was created.
- source
Customer stringKey Md5 - Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. Amazon S3 uses this header for a message integrity check to ensure that the encryption key was transmitted without error.
- source
Version stringId - Version of the copied object in the source bucket.
- storage
Class string - Specifies the desired storage class for the object. Defaults to
STANDARD. - tagging
Directive string - Specifies whether the object tag-set are copied from the source object or replaced with tag-set provided in the request. Valid values are
COPYandREPLACE. - {[key: string]: string}
- Map of tags to assign to the object. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - {[key: string]: string}
- Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - version
Id string - Version ID of the newly created copy.
- website
Redirect string - Specifies a target URL for website redirect.
- acl str
- Canned ACL to apply. Valid values are
private,public-read,public-read-write,authenticated-read,aws-exec-read,bucket-owner-read, andbucket-owner-full-control. Conflicts withgrant. - arn str
- ARN of the object.
- bucket str
- Name of the bucket to put the file in.
- bucket_
key_ boolenabled - cache_
control str - Specifies caching behavior along the request/reply chain Read w3c cache_control for further details.
- checksum_
algorithm str - Indicates the algorithm used to create the checksum for the object. If a value is specified and the object is encrypted with KMS, you must have permission to use the
kms:Decryptaction. Valid values:CRC32,CRC32C,SHA1,SHA256. - checksum_
crc32 str - The base64-encoded, 32-bit CRC32 checksum of the object.
- checksum_
crc32c str - The base64-encoded, 32-bit CRC32C checksum of the object.
- checksum_
sha1 str - The base64-encoded, 160-bit SHA-1 digest of the object.
- checksum_
sha256 str - The base64-encoded, 256-bit SHA-256 digest of the object.
- content_
disposition str - Specifies presentational information for the object. Read w3c content_disposition for further information.
- content_
encoding str - Specifies what content encodings have been applied to the object and thus what decoding mechanisms must be applied to obtain the media-type referenced by the Content-Type header field. Read w3c content encoding for further information.
- content_
language str - Language the content is in e.g., en-US or en-GB.
- content_
type str - Standard MIME type describing the format of the object data, e.g.,
application/octet-stream. All Valid MIME Types are valid for this input. - copy_
if_ strmatch - Copies the object if its entity tag (ETag) matches the specified tag.
- copy_
if_ strmodified_ since - Copies the object if it has been modified since the specified time, in RFC3339 format.
- copy_
if_ strnone_ match - Copies the object if its entity tag (ETag) is different than the specified ETag.
- copy_
if_ strunmodified_ since - Copies the object if it hasn't been modified since the specified time, in RFC3339 format.
- customer_
algorithm str - Specifies the algorithm to use to when encrypting the object (for example, AES256).
- customer_
key str - Specifies the customer-provided encryption key for Amazon S3 to use in encrypting data. This value is used to store the object and then it is discarded; Amazon S3 does not store the encryption key. The key must be appropriate for use with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm header.
- customer_
key_ strmd5 - Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. Amazon S3 uses this header for a message integrity check to ensure that the encryption key was transmitted without error.
- etag str
- ETag generated for the object (an MD5 sum of the object content). For plaintext objects or objects encrypted with an AWS-managed key, the hash is an MD5 digest of the object data. For objects encrypted with a KMS key or objects created by either the Multipart Upload or Part Copy operation, the hash is not an MD5 digest, regardless of the method of encryption. More information on possible values can be found on Common Response Headers.
- expected_
bucket_ strowner - Account id of the expected destination bucket owner. If the destination bucket is owned by a different account, the request will fail with an HTTP 403 (Access Denied) error.
- expected_
source_ strbucket_ owner - Account id of the expected source bucket owner. If the source bucket is owned by a different account, the request will fail with an HTTP 403 (Access Denied) error.
- expiration str
- If the object expiration is configured, this attribute will be set.
- expires str
- Date and time at which the object is no longer cacheable, in RFC3339 format.
- force_
destroy bool - Allow the object to be deleted by removing any legal hold on any object version. Default is
false. This value should be set totrueonly if the bucket has S3 object lock enabled. - grants
Sequence[Object
Copy Grant Args] - Configuration block for header grants. Documented below. Conflicts with
acl. - key str
- Name of the object once it is in the bucket.
- kms_
encryption_ strcontext - Specifies the AWS KMS Encryption Context to use for object encryption. The value is a base64-encoded UTF-8 string holding JSON with the encryption context key-value pairs.
- kms_
key_ strid - Specifies the AWS KMS Key ARN to use for object encryption. This value is a fully qualified ARN of the KMS Key. If using
aws.kms.Key, use the exportedarnattribute:kms_key_id = aws_kms_key.foo.arn - last_
modified str - Returns the date that the object was last modified, in RFC3339 format.
- metadata Mapping[str, str]
- Map of keys/values to provision metadata (will be automatically prefixed by
x-amz-meta-, note that only lowercase label are currently supported by the AWS Go API). - metadata_
directive str - Specifies whether the metadata is copied from the source object or replaced with metadata provided in the request. Valid values are
COPYandREPLACE. - object_
lock_ strlegal_ hold_ status - The legal hold status that you want to apply to the specified object. Valid values are
ONandOFF. - object_
lock_ strmode - Object lock retention mode that you want to apply to this object. Valid values are
GOVERNANCEandCOMPLIANCE. - object_
lock_ strretain_ until_ date - Date and time, in RFC3339 format, when this object's object lock will expire.
- request_
charged bool - If present, indicates that the requester was successfully charged for the request.
- request_
payer str - Confirms that the requester knows that they will be charged for the request. Bucket owners need not specify this parameter in their requests. For information about downloading objects from requester pays buckets, see Downloading Objects in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) in the Amazon S3 Developer Guide. If included, the only valid value is
requester. - server_
side_ strencryption - Specifies server-side encryption of the object in S3. Valid values are
AES256andaws:kms. - source str
Specifies the source object for the copy operation. You specify the value in one of two formats. For objects not accessed through an access point, specify the name of the source bucket and the key of the source object, separated by a slash (
/). For example,testbucket/test1.json. For objects accessed through access points, specify the ARN of the object as accessed through the access point, in the formatarn:aws:s3:<Region>:<account-id>:accesspoint/<access-point-name>/object/<key>. For example,arn:aws:s3:us-west-2:9999912999:accesspoint/my-access-point/object/testbucket/test1.json.The following arguments are optional:
- source_
customer_ stralgorithm - Specifies the algorithm to use when decrypting the source object (for example, AES256).
- source_
customer_ strkey - Specifies the customer-provided encryption key for Amazon S3 to use to decrypt the source object. The encryption key provided in this header must be one that was used when the source object was created.
- source_
customer_ strkey_ md5 - Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. Amazon S3 uses this header for a message integrity check to ensure that the encryption key was transmitted without error.
- source_
version_ strid - Version of the copied object in the source bucket.
- storage_
class str - Specifies the desired storage class for the object. Defaults to
STANDARD. - tagging_
directive str - Specifies whether the object tag-set are copied from the source object or replaced with tag-set provided in the request. Valid values are
COPYandREPLACE. - Mapping[str, str]
- Map of tags to assign to the object. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Mapping[str, str]
- Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - version_
id str - Version ID of the newly created copy.
- website_
redirect str - Specifies a target URL for website redirect.
- acl String
- Canned ACL to apply. Valid values are
private,public-read,public-read-write,authenticated-read,aws-exec-read,bucket-owner-read, andbucket-owner-full-control. Conflicts withgrant. - arn String
- ARN of the object.
- bucket String
- Name of the bucket to put the file in.
- bucket
Key BooleanEnabled - cache
Control String - Specifies caching behavior along the request/reply chain Read w3c cache_control for further details.
- checksum
Algorithm String - Indicates the algorithm used to create the checksum for the object. If a value is specified and the object is encrypted with KMS, you must have permission to use the
kms:Decryptaction. Valid values:CRC32,CRC32C,SHA1,SHA256. - checksum
Crc32 String - The base64-encoded, 32-bit CRC32 checksum of the object.
- checksum
Crc32c String - The base64-encoded, 32-bit CRC32C checksum of the object.
- checksum
Sha1 String - The base64-encoded, 160-bit SHA-1 digest of the object.
- checksum
Sha256 String - The base64-encoded, 256-bit SHA-256 digest of the object.
- content
Disposition String - Specifies presentational information for the object. Read w3c content_disposition for further information.
- content
Encoding String - Specifies what content encodings have been applied to the object and thus what decoding mechanisms must be applied to obtain the media-type referenced by the Content-Type header field. Read w3c content encoding for further information.
- content
Language String - Language the content is in e.g., en-US or en-GB.
- content
Type String - Standard MIME type describing the format of the object data, e.g.,
application/octet-stream. All Valid MIME Types are valid for this input. - copy
If StringMatch - Copies the object if its entity tag (ETag) matches the specified tag.
- copy
If StringModified Since - Copies the object if it has been modified since the specified time, in RFC3339 format.
- copy
If StringNone Match - Copies the object if its entity tag (ETag) is different than the specified ETag.
- copy
If StringUnmodified Since - Copies the object if it hasn't been modified since the specified time, in RFC3339 format.
- customer
Algorithm String - Specifies the algorithm to use to when encrypting the object (for example, AES256).
- customer
Key String - Specifies the customer-provided encryption key for Amazon S3 to use in encrypting data. This value is used to store the object and then it is discarded; Amazon S3 does not store the encryption key. The key must be appropriate for use with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm header.
- customer
Key StringMd5 - Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. Amazon S3 uses this header for a message integrity check to ensure that the encryption key was transmitted without error.
- etag String
- ETag generated for the object (an MD5 sum of the object content). For plaintext objects or objects encrypted with an AWS-managed key, the hash is an MD5 digest of the object data. For objects encrypted with a KMS key or objects created by either the Multipart Upload or Part Copy operation, the hash is not an MD5 digest, regardless of the method of encryption. More information on possible values can be found on Common Response Headers.
- expected
Bucket StringOwner - Account id of the expected destination bucket owner. If the destination bucket is owned by a different account, the request will fail with an HTTP 403 (Access Denied) error.
- expected
Source StringBucket Owner - Account id of the expected source bucket owner. If the source bucket is owned by a different account, the request will fail with an HTTP 403 (Access Denied) error.
- expiration String
- If the object expiration is configured, this attribute will be set.
- expires String
- Date and time at which the object is no longer cacheable, in RFC3339 format.
- force
Destroy Boolean - Allow the object to be deleted by removing any legal hold on any object version. Default is
false. This value should be set totrueonly if the bucket has S3 object lock enabled. - grants List<Property Map>
- Configuration block for header grants. Documented below. Conflicts with
acl. - key String
- Name of the object once it is in the bucket.
- kms
Encryption StringContext - Specifies the AWS KMS Encryption Context to use for object encryption. The value is a base64-encoded UTF-8 string holding JSON with the encryption context key-value pairs.
- kms
Key StringId - Specifies the AWS KMS Key ARN to use for object encryption. This value is a fully qualified ARN of the KMS Key. If using
aws.kms.Key, use the exportedarnattribute:kms_key_id = aws_kms_key.foo.arn - last
Modified String - Returns the date that the object was last modified, in RFC3339 format.
- metadata Map<String>
- Map of keys/values to provision metadata (will be automatically prefixed by
x-amz-meta-, note that only lowercase label are currently supported by the AWS Go API). - metadata
Directive String - Specifies whether the metadata is copied from the source object or replaced with metadata provided in the request. Valid values are
COPYandREPLACE. - object
Lock StringLegal Hold Status - The legal hold status that you want to apply to the specified object. Valid values are
ONandOFF. - object
Lock StringMode - Object lock retention mode that you want to apply to this object. Valid values are
GOVERNANCEandCOMPLIANCE. - object
Lock StringRetain Until Date - Date and time, in RFC3339 format, when this object's object lock will expire.
- request
Charged Boolean - If present, indicates that the requester was successfully charged for the request.
- request
Payer String - Confirms that the requester knows that they will be charged for the request. Bucket owners need not specify this parameter in their requests. For information about downloading objects from requester pays buckets, see Downloading Objects in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) in the Amazon S3 Developer Guide. If included, the only valid value is
requester. - server
Side StringEncryption - Specifies server-side encryption of the object in S3. Valid values are
AES256andaws:kms. - source String
Specifies the source object for the copy operation. You specify the value in one of two formats. For objects not accessed through an access point, specify the name of the source bucket and the key of the source object, separated by a slash (
/). For example,testbucket/test1.json. For objects accessed through access points, specify the ARN of the object as accessed through the access point, in the formatarn:aws:s3:<Region>:<account-id>:accesspoint/<access-point-name>/object/<key>. For example,arn:aws:s3:us-west-2:9999912999:accesspoint/my-access-point/object/testbucket/test1.json.The following arguments are optional:
- source
Customer StringAlgorithm - Specifies the algorithm to use when decrypting the source object (for example, AES256).
- source
Customer StringKey - Specifies the customer-provided encryption key for Amazon S3 to use to decrypt the source object. The encryption key provided in this header must be one that was used when the source object was created.
- source
Customer StringKey Md5 - Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. Amazon S3 uses this header for a message integrity check to ensure that the encryption key was transmitted without error.
- source
Version StringId - Version of the copied object in the source bucket.
- storage
Class String - Specifies the desired storage class for the object. Defaults to
STANDARD. - tagging
Directive String - Specifies whether the object tag-set are copied from the source object or replaced with tag-set provided in the request. Valid values are
COPYandREPLACE. - Map<String>
- Map of tags to assign to the object. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Map<String>
- Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - version
Id String - Version ID of the newly created copy.
- website
Redirect String - Specifies a target URL for website redirect.
Supporting Types
ObjectCopyGrant, ObjectCopyGrantArgs
- Permissions List<string>
- List of permissions to grant to grantee. Valid values are
READ,READ_ACP,WRITE_ACP,FULL_CONTROL. - Type string
Type of grantee. Valid values are
CanonicalUser,Group, andAmazonCustomerByEmail.This configuration block has the following optional arguments (one of the three is required):
- Email string
- Email address of the grantee. Used only when
typeisAmazonCustomerByEmail. - Id string
- Canonical user ID of the grantee. Used only when
typeisCanonicalUser. - Uri string
- URI of the grantee group. Used only when
typeisGroup.
- Permissions []string
- List of permissions to grant to grantee. Valid values are
READ,READ_ACP,WRITE_ACP,FULL_CONTROL. - Type string
Type of grantee. Valid values are
CanonicalUser,Group, andAmazonCustomerByEmail.This configuration block has the following optional arguments (one of the three is required):
- Email string
- Email address of the grantee. Used only when
typeisAmazonCustomerByEmail. - Id string
- Canonical user ID of the grantee. Used only when
typeisCanonicalUser. - Uri string
- URI of the grantee group. Used only when
typeisGroup.
- permissions List<String>
- List of permissions to grant to grantee. Valid values are
READ,READ_ACP,WRITE_ACP,FULL_CONTROL. - type String
Type of grantee. Valid values are
CanonicalUser,Group, andAmazonCustomerByEmail.This configuration block has the following optional arguments (one of the three is required):
- email String
- Email address of the grantee. Used only when
typeisAmazonCustomerByEmail. - id String
- Canonical user ID of the grantee. Used only when
typeisCanonicalUser. - uri String
- URI of the grantee group. Used only when
typeisGroup.
- permissions string[]
- List of permissions to grant to grantee. Valid values are
READ,READ_ACP,WRITE_ACP,FULL_CONTROL. - type string
Type of grantee. Valid values are
CanonicalUser,Group, andAmazonCustomerByEmail.This configuration block has the following optional arguments (one of the three is required):
- email string
- Email address of the grantee. Used only when
typeisAmazonCustomerByEmail. - id string
- Canonical user ID of the grantee. Used only when
typeisCanonicalUser. - uri string
- URI of the grantee group. Used only when
typeisGroup.
- permissions Sequence[str]
- List of permissions to grant to grantee. Valid values are
READ,READ_ACP,WRITE_ACP,FULL_CONTROL. - type str
Type of grantee. Valid values are
CanonicalUser,Group, andAmazonCustomerByEmail.This configuration block has the following optional arguments (one of the three is required):
- email str
- Email address of the grantee. Used only when
typeisAmazonCustomerByEmail. - id str
- Canonical user ID of the grantee. Used only when
typeisCanonicalUser. - uri str
- URI of the grantee group. Used only when
typeisGroup.
- permissions List<String>
- List of permissions to grant to grantee. Valid values are
READ,READ_ACP,WRITE_ACP,FULL_CONTROL. - type String
Type of grantee. Valid values are
CanonicalUser,Group, andAmazonCustomerByEmail.This configuration block has the following optional arguments (one of the three is required):
- email String
- Email address of the grantee. Used only when
typeisAmazonCustomerByEmail. - id String
- Canonical user ID of the grantee. Used only when
typeisCanonicalUser. - uri String
- URI of the grantee group. Used only when
typeisGroup.
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
awsTerraform Provider.