S3 API support
Reference:
|
Legend |
🟢 |
Supported |
🟡 |
Partially supported |
🔵 |
Not supported yet, but will be in future |
🔴 |
Not applicable or will never be supported |
Object
|
Method |
Comments |
🟢 |
CopyObject |
Done on gateway side |
🟢 |
DeleteObject |
|
🟢 |
DeleteObjects |
aka DeleteMultipleObjects |
🟢 |
GetObject |
|
🔴 |
GetObjectTorrent |
We don't plan implementing BT gateway |
🟢 |
HeadObject |
|
🟢 |
ListParts |
Parts loaded with MultipartUpload |
🟢 |
ListObjects |
|
🟢 |
ListObjectsV2 |
|
🟢 |
PutObject |
Content-MD5 header deprecated |
🔵 |
SelectObjectContent |
Need to have some Lambda to execute SQL |
🔵 |
WriteGetObjectResponse |
Waiting for Lambda to be developed |
🟢 |
GetObjectAttributes |
|
ACL
For now there are some limitations:
- Bucket policy supports only one
Principal
per Statement
.
Principal must be "AWS": "*"
(to refer all users) or "CanonicalUser": "0313b1ac3a8076e155a7e797b24f0b650cccad5941ea59d7cfd51a024a8b2a06bf"
(hex encoded public key of desired user).
- Resource in bucket policy is an array. Each item MUST contain bucket name, CAN contain object name (wildcards are not supported):
{
"Statement": [
{
"Resource": [
"arn:aws:s3:::bucket",
"arn:aws:s3:::bucket/some/object"
]
}
]
}
- AWS conditions and wildcard are not supported in resources
- Only
CanonicalUser
(with hex encoded public key) and All Users Group
are supported in ACL
|
Method |
Comments |
🟡 |
GetObjectAcl |
See Limitations |
🟡 |
PutObjectAcl |
See Limitations |
Locking
For now there are some limitations:
- Retention period can't be shortened, only extended.
- You can't delete locks or object with unexpired lock.
|
Method |
Comments |
🟡 |
GetObjectLegalHold |
|
🟢 |
GetObjectLockConfiguration |
GetBucketObjectLockConfig |
🟡 |
GetObjectRetention |
|
🟡 |
PutObjectLegalHold |
|
🟢 |
PutObjectLockConfiguration |
PutBucketObjectLockConfig |
🟡 |
PutObjectRetention |
|
Multipart
CompleteMultipartUpload operations may take long time to complete. Gateway
sends whitespace characters to keep connection with the client alive. In this
case, gateway is unable to set proper HTTP headers like X-Amz-Version-Id
.
|
Method |
Comments |
🟢 |
AbortMultipartUpload |
|
🟢 |
CompleteMultipartUpload |
|
🟢 |
CreateMultipartUpload |
|
🟢 |
ListMultipartUploads |
|
🟢 |
ListParts |
|
🟢 |
UploadPart |
|
🟢 |
UploadPartCopy |
|
Tagging
|
Method |
Comments |
🟢 |
DeleteObjectTagging |
|
🟢 |
GetObjectTagging |
|
🟢 |
PutObjectTagging |
|
Versioning
See also GetObject
and other method parameters.
|
Method |
Comments |
🟢 |
ListObjectVersions |
ListBucketObjectVersions |
🔵 |
RestoreObject |
|
Bucket
|
Method |
Comments |
🟢 |
CreateBucket |
PutBucket |
🟢 |
DeleteBucket |
|
🟢 |
GetBucketLocation |
|
🟢 |
HeadBucket |
|
🟢 |
ListBuckets |
|
🔵 |
PutPublicAccessBlock |
|
Acceleration
|
Method |
Comments |
🔴 |
GetBucketAccelerateConfiguration |
GetBucketAccelerate |
🔴 |
PutBucketAccelerateConfiguration |
|
ACL
|
Method |
Comments |
🟡 |
GetBucketAcl |
See ACL limitations |
🟡 |
PutBucketAcl |
See ACL Limitations |
Analytics
|
Method |
Comments |
🔵 |
DeleteBucketAnalyticsConfiguration |
|
🔵 |
GetBucketAnalyticsConfiguration |
|
🔵 |
ListBucketAnalyticsConfigurations |
|
🔵 |
PutBucketAnalyticsConfiguration |
|
CORS
|
Method |
Comments |
🟢 |
DeleteBucketCors |
|
🟢 |
GetBucketCors |
|
🟢 |
PutBucketCors |
|
Encryption
|
Method |
Comments |
🔵 |
DeleteBucketEncryption |
|
🔵 |
GetBucketEncryption |
|
🔵 |
PutBucketEncryption |
|
Inventory
|
Method |
Comments |
🔵 |
DeleteBucketInventoryConfiguration |
|
🔵 |
GetBucketInventoryConfiguration |
|
🔵 |
ListBucketInventoryConfigurations |
|
🔵 |
PutBucketInventoryConfiguration |
|
Lifecycle
|
Method |
Comments |
🔵 |
DeleteBucketLifecycle |
|
🔵 |
GetBucketLifecycle |
|
🔵 |
GetBucketLifecycleConfiguration |
|
🔵 |
PutBucketLifecycle |
|
🔵 |
PutBucketLifecycleConfiguration |
|
Logging
|
Method |
Comments |
🔵 |
GetBucketLogging |
|
🔵 |
PutBucketLogging |
|
Metrics
|
Method |
Comments |
🔵 |
DeleteBucketMetricsConfiguration |
|
🔵 |
GetBucketMetricsConfiguration |
|
🔵 |
ListBucketMetricsConfigurations |
|
🔵 |
PutBucketMetricsConfiguration |
|
Notifications
|
Method |
Comments |
🔵 |
GetBucketNotification |
|
🔵 |
GetBucketNotificationConfiguration |
|
🔵 |
ListenBucketNotification |
non-standard? |
🔵 |
PutBucketNotification |
|
🔵 |
PutBucketNotificationConfiguration |
|
Ownership controls
|
Method |
Comments |
🔵 |
DeleteBucketOwnershipControls |
|
🔵 |
GetBucketOwnershipControls |
|
🔵 |
PutBucketOwnershipControls |
|
Policy and replication
Bucket policy has the following limitations
- Supports only AWS principals in format
arn:aws:iam::<namespace>:user/<user>
or wildcard *
.
- No complex conditions (only conditions for groups now supported)
Simple valid policy example:
{
"Version": "2012-10-17",
"Statement": [{
"Principal": {"AWS": ["arn:aws:iam::111122223333:role/JohnDoe"]},
"Effect": "Allow",
"Action": ["s3:GetObject","s3:GetObjectVersion"],
"Resource": ["arn:aws:s3:::DOC-EXAMPLE-BUCKET/*"]
}]
}
Bucket policy status determines using the following scheme:
- If policy has statement with principal that is wildcard (
*
) then policy is considered as public
|
Method |
Comments |
🟡 |
DeleteBucketPolicy |
See Policy limitations |
🔵 |
DeleteBucketReplication |
|
🔵 |
DeletePublicAccessBlock |
|
🟡 |
GetBucketPolicy |
See Policy limitations |
🟡 |
GetBucketPolicyStatus |
|
🔵 |
GetBucketReplication |
|
🟢 |
PostPolicyBucket |
Upload file using POST form |
🟡 |
PutBucketPolicy |
See Policy limitations |
🔵 |
PutBucketReplication |
|
Request payment
|
Method |
Comments |
🔴 |
GetBucketRequestPayment |
|
🔴 |
PutBucketRequestPayment |
|
Tagging
|
Method |
Comments |
🟢 |
DeleteBucketTagging |
|
🟢 |
GetBucketTagging |
|
🟢 |
PutBucketTagging |
|
Tiering
|
Method |
Comments |
🔵 |
DeleteBucketIntelligentTieringConfiguration |
|
🔵 |
GetBucketIntelligentTieringConfiguration |
|
🔵 |
ListBucketIntelligentTieringConfigurations |
|
🔵 |
PutBucketIntelligentTieringConfiguration |
|
Versioning
|
Method |
Comments |
🟢 |
GetBucketVersioning |
|
🟢 |
PutBucketVersioning |
|
Website
|
Method |
Comments |
🔵 |
DeleteBucketWebsite |
|
🔵 |
GetBucketWebsite |
|
🔵 |
PutBucketWebsite |
|