Copy Object

Copy an object into a specified bucket in AWS S3.

Objects can't be copied between buckets that are created in different regions.

Options

Field Definition Type Required

Region

Region for your AWS S3 bucket. Choose a region for your AWS S3 bucket.

Dropdown

TRUE

Canned ACL

From the dropdown menu, choose a type of Canned Access Control List (ACL) to apply to the object.

If you select None from the dropdown menu, the card generates the following input fields:

  • Grant Full Control

  • Grant Read

  • Grant Read ACP

  • Grant Write ACP

If you select an option other than None, the card doesn't generate those input fields. Instead, the selected Canned ACL option is applied to the uploaded object.

Dropdown

TRUE

Input

Field Definition Type Required

Source

Bucket

Name of the source bucket.

Text

TRUE

Key

Key of the source object.

Text

TRUE

Version ID

A unique version ID of the current version of an object to copy.

If left empty, the most recent object version is copied.

If the version ID value is null, enter the string null as input.

Text

FALSE

Server Side Encryption Customer Algorithm

Specifies the algorithm to use to when encrypting the object.

For example, AES256.

Text

FALSE

Server Side Encryption Customer Key

Specifies the customer-provided encryption key for AWS S3 to use to decrypt the source object.

The encryption key provided in this header must be one that was used when the source object was created.

Text

FALSE

Server Side Encryption Customer Key MD5

Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321.

Text

FALSE

Expected Bucket Owner

Account ID of the expected source bucket owner.

If a different account owns the source bucket, the request fails with an HTTP 403 (Access Denied) error.

Text

FALSE

If Match

Copies the object if its entity tag (ETag) matches the specified tag.

Text

FALSE

If Modified Since

Copies the object if it has been modified since the specified time.

For example, Fri, 14 Jan 2022 23:34:36 GMT.

Text

FALSE

If None Match

Copies object if its ETag is different than the specified ETag.

Text

FALSE

If Unmodified Since

Copies the object if it hasn't been modified since the specified time.

For example, Fri, 14 Jan 2022 23:34:36 GMT.

Text

FALSE

Destination

Bucket

Name of the destination bucket.

Text

TRUE

Key

Key of the destination object. Minimum length of 1.

Text

TRUE

Grant Full Control

Grants the listed accounts read, write, read ACP, and write ACP permissions on the object.

Specify each grantee as a key and value pair, where the key is one of the following:

  • ID: Use if the value specified is the canonical user ID of an AWS account.
  • URI: Use if you're granting permissions to a predefined group.

  • Email address: Use if the value specified is the email address of an AWS account.

For example, ID=11112222333.

This field is automatically generated if you select None for the Canned ACL field.

List of Text

FALSE

Grant Read

Grants the listed accounts the permission to read the object data and metadata.

Specify each grantee as a key and value pair, where the key is one of the following:

  • ID: Use if the value specified is the canonical user ID of an AWS account.
  • URI: Use if you're granting permissions to a predefined group.

  • Email address: Use if the value specified is the email address of an AWS account.

For example, ID=11112222333.

This field is automatically generated if you select None for the Canned ACL field.

List of Text

FALSE

Grant Read ACP

Grants the listed accounts the permission to read the ACL for the object.

Specify each grantee as a key and value pair, where the key is one of the following:

  • ID: Use if the value specified is the canonical user ID of an AWS account.
  • URI: Use if you're granting permissions to a predefined group.

  • Email address: Use if the value specified is the email address of an AWS account.

For example, ID=11112222333.

This field is automatically generated if you select None for the Canned ACL field.

List of Text

FALSE

Grant Write ACP

Grants the listed accounts the permission to write the ACL for the object.

Specify each grantee as a key and value pair, where the key is one of the following:

  • ID: Use if the value specified is the canonical user ID of an AWS account.
  • URI: Use if you're granting permissions to a predefined group.

  • Email address: Use if the value specified is the email address of an AWS account.

For example, ID=11112222333.

This field is automatically generated if you select None for the Canned ACL field.

List of Text

FALSE

Metadata Directive

Specifies whether the metadata is copied from the source object or replaced with metadata provided in the request.

  • Copy
  • Replace

Dropdown

FALSE

Object Lock Legal Hold

Specifies whether you want to apply a Legal Hold to the copied object.

  • On
  • Off

Dropdown

FALSE

Content MD5

Base64-encoded 128-bit MD5 digest of the message, without the headers, according to RFC 1864. Input is used as a message integrity check to verify that the data is the same data that was originally sent.

For more information about REST request authentication, see REST Authentication.

Used in conjunction with input field Object Lock Legal Hold.

Text

FALSE

Object Lock Mode

Object Lock mode that you want to apply to the copied object.

  • Governance
  • Compliance

Dropdown

FALSE

Object Lock Retain Until Date

Date and time when you want the copied object's Object Lock to expire.

Text

FALSE

Request Payer

Confirms that the requester knows that they will be charged for the request.

Dropdown

FALSE

Server Side Encryption

Server-side encryption algorithm used when storing this object in AWS S3.

  • AES256

  • aws:kms

Dropdown

FALSE

Server Side Encryption AWS KMS Key ID

Specifies the AWS KMS key ID to use for object encryption.

Text

FALSE

Server Side Encryption Bucket Key Enabled

True if AWS S3 should use an S3 Bucket Key for object encryption with server-side encryption using AWS KMS (SSE-KMS); otherwise False.

Setting this header to true causes AWS S3 to use an S3 Bucket Key for object encryption with SSE-KMS.

True/False

FALSE

Server Side Encryption Context

Specifies the AWS KMS Encryption Context to use for object encryption.

The value of this header is a Base64-encoded UTF-8 string holding JSON with the encryption context key-value pairs.

Text

FALSE

Server Side Encryption Customer Algorithm

Specifies the algorithm to use to when encrypting the object.

For example, AES256.

Text

FALSE

Server Side Encryption Customer Key

Specifies the customer-provided encryption key for AWS S3 to use in encrypting data.

This value is used to store the object and then it is discarded; AWS S3 does not store the encryption key.

Text

FALSE

Server Side Encryption Customer Key MD5

Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321.

Text

FALSE

Expected Bucket Owner

Account ID of the expected source bucket owner.

If a different account owns the source bucket, the request fails with an HTTP 403 (Access Denied) error.

Text

FALSE

Storage Class

By default, AWS S3 uses the Standard Storage Class to store newly created objects. The Standard storage class provides high durability and high availability.

  • Standard: Default storage class.

  • Reduced Redundancy: designed for noncritical, reproducible data that can be stored with less redundancy than the S3 Standard storage class.

  • Standard IA: AWS S3 stores the object data redundantly across multiple geographically separated Availability Zones.

  • Onezone IA: Recreatable, infrequently accessed data (once a month) with millisecond access.

  • Intelligent Tiering: Data with unknown, changing, or unpredictable access patterns

  • Glacier: Long-lived, archive data accessed once a quarter with millisecond access.

  • Deep Archive: Long-lived archive data accessed less than once a year with retrieval times of hours.

  • Outposts: Use the same APIs and features on AWS Outposts as you do on AWS S3, including access policies, encryption, and tagging.

Dropdown

FALSE

Tagging Directive

Specifies whether the object tag-set are copied from the source object or replaced with tag-set provided in the request.

  • Copy

  • Replace

Dropdown

FALSE

Tagging

Tag-set for the object destination object this value must be used in conjunction with the Tagging Directive.

Text

FALSE

Website Redirect Location

If the bucket is configured as a website, redirects requests for this object to another object in the same bucket or to an external URL

Text

FALSE

Output

Field Definition Type

Response

Version ID

Unique version ID of the newly created copy.

Text

Source Version ID

Version of the copied object in the destination bucket.

Text

Server Side Encryption

Server-side encryption algorithm used when storing this object in AWS S3.

Text

Server Side Encryption AWS KMS Key ID

Specifies the he ID of the AWS Key Management Service (AWS KMS) symmetric customer managed key that was used for the object.

Text

Server Side Encryption Bucket Key Enabled

Indicates whether the copied object uses an S3 Bucket Key for server-side encryption with AWS KMS (SSE-KMS).

Text

Server Side Encryption Context

Specifies the AWS KMS Encryption Context to use for object encryption.

Text

Server Side Encryption Customer Algorithm

If server-side encryption with a customer-provided encryption key was requested, the response will include this header confirming the encryption algorithm used.

Text

Server Side Encryption Customer Key MD5

If server-side encryption with a customer-provided encryption key was requested, the response will include this header to provide round-trip message integrity verification of the customer-provided encryption key.

Text

Request Charged

Indicates that the requester was successfully charged for the request.

Text

Last Modified

Creation date of the object.

Number

ETag

Returns the ETag of the new object. The ETag reflects only changes to the contents of an object, not its metadata.

Text

Related topics

AWS S3 connector

Workflow elements

AWS S3 Rest API overview