Upload Object

File Content

Pointer to the file to upload.

File

Bucket

Name of the destination bucket for the object.

Text

Key

Key to associate to the uploaded object.

Text

Storage Class

Select the purpose-built storage type to use for the object you want to upload.

Consider the workload requirements for performance, data access, resiliency, and cost.

• Standard

• Reduced Redundancy

• Standard IA

• Onezone IA

• Intelligent Tiering

• Glacier

• Deep Archive

• Outposts

• Glacier IR

• Snow

• Express Onezone

By default, AWS S3 uses the Standard storage class to store newly created objects.

Dropdown

Tagging

The tag set to apply to the object.

The tag set must be formatted as a URL query parameter.

For example, Key1=Value1&Key2=Value2

Text

Grant Full Control

Grants the listed accounts read, write, read ACP, and write ACP permissions on the object.

Specify each grantee as a key and value pair, where the key is one of the following:

• ID: Use if the value specified is the canonical user ID of an AWS account.

• URI: Use if you're granting permissions to a predefined group.

• Email address: Use if the value specified is the email address of an AWS account.

For example, ID=11112222333.

This field is automatically generated if you select None for the Canned ACL field.

List of Text

Grant Read

Grants the listed accounts the permission to read the object data and metadata.

Specify each grantee as a key and value pair, where the key is one of the following:

• ID: Use if the value specified is the canonical user ID of an AWS account.

• URI: Use if you're granting permissions to a predefined group.

• Email address: Use if the value specified is the email address of an AWS account.

For example, ID=11112222333.

This field is automatically generated if you select None for the Canned ACL field.

List of Text

Grant Read ACP

Grants the listed accounts the permission to read the ACL for the object.

Specify each grantee as a key and value pair, where the key is one of the following:

• ID: Use if the value specified is the canonical user ID of an AWS account.

• URI: Use if you're granting permissions to a predefined group.

• Email address: Use if the value specified is the email address of an AWS account.

For example, ID=11112222333.

This field is automatically generated if you select None for the Canned ACL field.

List of Text

Grant Write ACP

Grants the listed accounts the permission to write the ACL for the object.

Specify each grantee as a key and value pair, where the key is one of the following:

• ID: Use if the value specified is the canonical user ID of an AWS account.

• URI: Use if you're granting permissions to a predefined group.

• Email address: Use if the value specified is the email address of an AWS account.

For example, ID=11112222333.

This field is automatically generated if you select None for the Canned ACL field.

List of Text

Object Lock Legal Hold

Specifies whether you want to apply a legal hold to this object.

Dropdown

Content MD5

A Base64-encoded 128-bit MD5 digest of the message, without the headers, according to RFC 1864.

The input is used as a message integrity check to verify that the data is the same as the original data.

For more information about REST request authentication, see REST Authentication.

Used in conjunction with the Object Lock Legal Hold input field.

Text

Object Lock Mode

The Object Lock mode that you want to apply to this object.

• Governance
• Compliance

Dropdown

Object Lock Retain Until Date

Date and time for the copied object's Object Lock to expire.

For example 2024-06-23T11:30:00Z.

Text

Request Payer

Confirms that the requester knows that there is a charge for the request.

Dropdown

Server Side Encryption

Select the server-side encryption algorithm to use when storing this object in AWS S3.

• AES 256
• AWS KMS
• AWS KMS DSSE

Dropdown

SSE AWS KMS Key ID

Specifies the AWS KMS Key ID to use for object encryption.

Text

SSE Bucket Key Enabled

Setting this field to True if AWS S3 to use an S3 Bucket Key for object encryption with server-side encryption that use AWS Key Management Service (AWS KMS) keys (SSE-KMS).

Dropdown

SSE Context

Specifies the AWS KMS Encryption Context to use for object encryption.

The value of this field is a Base64-encoded UTF-8 string containing JSON with the encryption context as key and value pairs.

Text

SSE Customer Algorithm

Specifies the algorithm to use to when encrypting the object.

For example, AES256.

Text

SSE Customer Key

Specifies the customer-provided encryption key for AWS S3 to use in encrypting data.

This value is used to store the object and is then discarded.

Text

SSE Customer Key MD5

Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321.

AWS S3 uses this field for a message integrity check to ensure that the encryption key transmitted without error.

Text

Checksum CRC-32

This field can be used as a data integrity check to verify that the data received is the same data that was originally sent.

This field specifies the Base64-encoded, 32-bit CRC32 checksum of the object.

Text

Checksum CRC-32C

This field can be used as a data integrity check to verify that the data received is the same data that was originally sent.

This field specifies the Base64-encoded, 32-bit CRC32C checksum of the object.

Text

Checksum SHA-1

This field can be used as a data integrity check to verify that the data received is the same data that was originally sent.

This field specifies the Base64-encoded, 160-bit SHA-1 digest of the object.

Text

Checksum SHA-256

This field can be used as a data integrity check to verify that the data received is the same data that was originally sent.

This field specifies the Base64-encoded, 256-bit SHA-256 digest of the object.

Text

Expected Bucket Owner

Account ID of the expected source bucket owner.

If a different account owns the source bucket, the request fails with an HTTP 403 (Access Denied) error.

Text

Server Side Encryption

The server-side encryption algorithm used when storing this object in AWS S3.

SSE Customer Algorithm

If server-side encryption with a customer-provided encryption key was requested, the response includes this header to confirm the encryption algorithm used.

SSE Customer Key MD5

If server-side encryption with a customer-provided encryption key was requested, the response includes this header to provide the round-trip message integrity verification of the customer-provided encryption key.

SSE Bucket Key Enabled

Indicates whether the uploaded object uses an S3 Bucket Key for server-side encryption with AWS Key Management Service (AWS KMS) keys (SSE-KMS).

SSE AWS KMS Key ID

This field indicates the ID of the AWS Key Management Service (AWS KMS) symmetric encryption customer managed key that was used for the object.

SSE Context

If present, indicates the AWS KMS Encryption Context used for object encryption.

Checksum CRC-32

The Base64-encoded, 32-bit CRC32 checksum of the object.

This is only present if it was uploaded with the object.

Checksum CRC-32C

The Base64-encoded, 32-bit CRC32C checksum of the object.

This is only present if it was uploaded with the object.

Checksum SHA-1

The Base64-encoded, 160-bit SHA-1 digest of the object.

This is only present if it was uploaded with the object.

Checksum SHA-256

The Base64-encoded, 256-bit SHA-256 digest of the object.

This is only present if it was uploaded with the object.

Version ID

If you enable versioning for a bucket, AWS S3 automatically generates a unique version ID for the object being stored.

AWS S3 returns this ID in the response.

Request Charged

If present, indicates that the requester was successfully charged for the request.

Expiration

If the expiration is configured for the object in the AWS S3 User Guide, the response includes this field.