Skip to main content

s3

Amazon S3

Project#

https://github.com/beyondstorage/go-service-s3

Config#

Servicer#

NameRequiredComments
credentialYsupport hmac and env protocol
force_path_styleNvirtual hosting of buckets
disable_100_continueNto disable the SDK adding the Expect: 100-Continue header to PUT requests over 2MB of content
use_accelerateNs3 accelerate feature
use_arn_regionNuse the region specified in the ARN

Storager#

NameRequiredComments
nameYbucket name
work_dirNwork dir
locationYbucket location

Example#

Init servicer (see this page for details)

import (    _ "github.com/beyondstorage/go-service-s3/v3"    "github.com/beyondstorage/go-storage/v4/services")
srv, err := services.NewServicerFromString("s3://?credential=hmac:<account_name>:<account_key>")

Init storager (see this page for details)

import (    _ "github.com/beyondstorage/go-service-s3/v3"    "github.com/beyondstorage/go-storage/v4/services")
store, err := services.NewStoragerFromString("s3://<container_name>/<work_dir>?credential=hmac:<account_name>:<account_key>&location=<bucket_location>")

Implementation#

This service implements following interfaces:

Pairs#

Server-Side Encryption (SSE)#

S3 supports three options for Server-Side Encryption:

  • Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3)
  • Server-Side Encryption with Customer Master Keys (CMKs) Stored in AWS Key Management Service (SSE-KMS)
  • Server-Side Encryption with Customer-Provided Keys (SSE-C)

Refer to https://docs.aws.amazon.com/AmazonS3/latest/userguide/serv-side-encryption.html for more details.

SSE-S3#

Server-Side Encryption with Amazon S3-Management Keys

NameComments
server-side-encryptionthe encryption algorithm. should be AES256
Supported Operations#

SSE-KMS#

Server-Side Encryption with Customer Master Keys Stored in AWS Key Management Services

NameComments
server-side-encryptionthe server-side encryption algorithm used when storing this object in Amazon. Should be aws:kms.
server-side-encryption-aws-kms-key-idspecify the ID of the customer managed CMK used to protect the data
server-side-encryption-contextan optional set of key-value pairs that can contain additional contextual information about the data.The value of this header is a base64-encoded UTF-8 string holding JSON with the encryption context key-value pairs.
server-side-encryption-bucket-key-enabledenable or disable an S3 Bucket Key at the object-level. S3 Bucket Keys can reduce your AWS KMS request s3ts by decreasing the request traffic from Amazon S3 to AWS KMS.
Supported Operations#

SSE-C#

Server-Side Encryption with Customer-Provided Keys

NameComments
server-side-encryption-customer-algorithmUse this header to specify the encryption algorithm. The header value must be "AES256".
server-side-encryption-customer-keya 32-byte customer-provided AES256 key
Supported Operations#