AWS S3 Protocol Support Description
Overview
The S3 protocol is introduced by AWS and has become the de facto standard in the object storage industry. On the basis of its own standard, the US3 product has added compatibility support for the S3 v4 protocol standard.
Supported APIs
The current support status of the US3’s S3 protocol module for the standard S3 protocol is as follows:
| No. | API Name | Remark |
|---|---|---|
| 1 | HeadBucket | Detect whether the Bucket exists and whether you have permission to access it |
| 2 | ListBuckets | Get the Bucket list, can only get the Buckets created by the owner of the key or Token |
| 3 | GetBucketLocation | Returns the name of the region where you are located, it is not recommended to rely on this API |
| 4 | GetBucketAcl | Not very meaningful, mainly implemented for supporting S3 Browser. The Permission field in the response body is always FULL_CONTROL |
| 5 | GetBucketVersioning | Not very meaningful, mainly implemented for supporting S3 Browser. The Status field in the response body is always an empty string |
| 6 | PutBucketLifecycleConfiguration | Create a new lifecycle configuration for the Bucket or replace existing lifecycle configuration rules. Note that this will overwrite all existing lifecycle configuration rules |
| 7 | GetBucketLifecycleConfiguration | Get the lifecycle configuration rules set in the Bucket |
| 8 | DeleteBucketLifecycle | Delete all lifecycle configuration rules set in the Bucket. Note that it does not support the deletion of specific lifecycle configuration rules in the Bucket |
| 9 | GetObjectAcl | Get access permission information of the Object |
| 10 | PutObjectAcl | Set access permission information of the Object |
| 11 | HeadObject | Retrieve metadata from the object but not the object itself |
| 12 | PutObject | Place an object in the Bucket |
| 13 | PostObject | Add an object to the specified bucket using an HTML form |
| 14 | CopyObject | Create a copy of an object that is stored in the Bucket |
| 15 | GetObject | Retrieve an object from the Bucket and return it |
| 16 | ListObjects/ListObjectsV2 | Return some or all of the objects in the Bucket |
| 17 | DeleteObject/DeleteObjects | Remove object from the Bucket |
| 18 | CreateMultipartUpload | Start a multipart upload and return the upload ID |
| 19 | UploadPart | Upload a part in a multipart upload. Must start a multipart upload first. |
| 20 | UploadPartCopy | Upload a part by copying data from an existing object as a data source, must start a multipart upload first. |
| 21 | CompleteMultipartUpload | Complete a multipart upload by assembling previously uploaded parts. |
| 22 | AbortMultipartUpload | Abort a multipart upload. After the multipart upload is aborted, other parts cannot be uploaded with this upload ID. |
| 23 | ListMultipartUploads | Get the ID of ongoing multipart upload requests |
| 24 | ListParts | Get part information of ongoing multipart upload |
| 25 | RestoreObject | Unfreeze files in archive status |
Please note:
-
PutObject currently only supports 1GB file size, if you need to upload files larger than 1GB, please use the multipart upload API
-
PostObject currently only supports a maximum file upload of 32MB
-
CopyObject currently only supports a maximum file copy of 100MB
-
UploadPart currently only supports 8MB fixed-length part size (the last part is allowed to be less than 8MB). If there is a requirement for variable-length parts, please contact technical support
-
US3 S3 storage types compatible with AWS S3 and their conversion rules refer to Storage Type Conversion Rules
-
The ETag calculation method of US3 is slightly different from that of AWS S3, it is recommended not to rely on this ETag
-
S3 API’s MD5 verification is currently not supported, it is recommended to turn off:
For example, AWS S3 Java SDK: System.setProperty(SkipMd5CheckStrategy.DISABLEGETOBJECTMD5VALIDATION_PROPERTY,"");
System.setProperty(SkipMd5CheckStrategy.DISABLEPUTOBJECTMD5VALIDATION_PROPERTY,"");
-
The access control (ACL) definition of US3 is different from that of AWS S3, for details, please refer to Access Control Definition (ACL)
-
Currently, the file access control API (GetObjectAcl, PutObjectAcl) is only supported in some regions
-
Currently, the life cycle configuration rule control API (PutBucketLifecycleConfiguration, GetBucketLifecycleConfiguration, DeleteBucketLifecycle) is only supported in some regions
-
Currently, UploadPartCopy is in the internal testing stage. If there is a usage requirement, please contact technical support
-
The versioning feature (Versioning) is currently not supported
-
The tagging feature (Tagging) is currently not supported
-
The max-keys parameter in ListObjects request (the maximum number of objects returned by the request) has a maximum value of 5000
Access Control Definition(ACL)
| US3 ACL | AWS S3 Canned ACL |
|---|---|
| private | private |
| public-read | public-read |
| public-read-write | public-read-write |
| Not Supported | aws-exec-read authenticated-read bucket-owner-read bucket-owner-full-control log-delivery-write |
Only Support Signature V4
Scenarios supporting V4 signatures:
-
Carry parameters in the URL (x-amz-credential field in the URL Query section);
-
POST (the x-amz-credential field in the form);
-
Carry parameters in the Header (Authorization field);
Explanation of S3 AccessKeyID and SecretAccessKey
The AccessKeyID (or AccessKey) and SecretAccessKey (or SecretKey) of S3 correspond to the public and private keys of the UCloud Global API, or the public and private keys of the Token provided by the US3 service;
Note: It is required that whether it is an API key or a Token key, the operation of the bucket must meet the following conditions:
-
The account that created the bucket must match the owner of the API key;
-
The account that created the bucket must match the account that created the Token;
S3 Part Size Description
- To achieve better transmission performance, 8M size parts are supported by default.
- Some regions have opened dynamic part function. If the fixed 8M part cannot meet the demand, customers can contact technical support to enable dynamic part function.
API Supports Path Style and Virtual Host Style
Path style format: http://\${Endpoint}/\${bucket name}/\${key name} , The bucket name is used as part of the path.
For example, the AWS S3 Java SDK uses the US3 S3 service in the UCloud Global Beijing region via the public network as follows:
“AWSCredential credentials = new BasicAWSCredentials(ACCESS_KEY, SECRET_KEY); ClientConfiguration clientConfig = new ClientConfiguration(); … S3ClientOptions clientOptions = S3ClientOptions.builder().build(); clientOptions.setPathStyleAccess(true); // Indicate to use the path style API AmazonS3 conn = new AmazonS3Client(credential, clientConfig); conn.setS3ClientOptions(clientOptions); conn.setEndpoint(“s3-cn-bj.example.com”);“
Virtual Host style: http://${bucket name}.${Endpoint}/${key name}, similar to the current URL format used by US3.
Access Domain Name (Endpoint)
The general syntax of the access domain name is as follows:
protocol://s3-<region_code>.<custom_domain>
For example, http://s3-cn-sh2.example.com is the public network access domain name of the S3 service in the Shanghai region of China provided by example. In which, s3 is the <service_code> of the AWS S3 service, cn-sh2 is the <region_code>, and .example.com is the <custom_domain>.
For intranet access domain names, you can use the following format:
protocol://internal.s3-<region_code>.<custom_domain>
The service_code for intranet access needs to be preceded by the intranet access identifier internal. That is, the access domain name in the above example is changed to http://internal.s3-cn-sh2.example.com
Note: Currently North China 1, Hong Kong, Ho Chi Minh, Seoul, Sao Paulo, Los Angeles, and Washington regions already support https protocol, other regions can support path style https, and virtual host style https will be supported in the future (https is not supported in all regions)
About region_code.custom_domain specifications
Enter the object storage module of the console, find the following label under the single region space management page <Bucket Domain>
The label is composed of <bucket name>.<region_code>.<custom_domain>
Callback Extension Function Support
| Request Form API Name | PUT Object | POST Object | Complete Multipart Upload |
|---|---|---|---|
| Carrying parameters in the URL | √ | × | √ |
| Carrying parameters in the Header | √ | × | √ |
| Carrying parameters in the body of the POST request using form fields | × | √ | × |
√:Supported ×:Not Supported
Storage Type Conversion Rules
| US3 Storage Type | S3 Storage Type | US3’s Default Storage Type Corresponding to S3 |
|---|---|---|
| STANDARD | STANDARD STANDARD_IA | STANDARD |
| IA | ONEZONE_IA INTELLIGENT_TIERING REDUCED_REDUNDANCY | ONEZONE_IA |
| ARCHIVE | GLACIER DEEP_ARCHIVE | GLACIER |