Reference:
|
Legend |
| 🟢 |
Supported |
| 🟡 |
Partially supported |
| 🔵 |
Not supported yet, but will be in future |
| 🔴 |
Not applicable or will never be supported |
|
Method |
Comments |
| 🟢 |
CopyObject |
Done on gateway side |
| 🟢 |
DeleteObject |
|
| 🟢 |
DeleteObjects |
aka DeleteMultipleObjects |
| 🟢 |
GetObject |
|
| 🔴 |
GetObjectTorrent |
We don't plan implementing BT gateway |
| 🟢 |
HeadObject |
|
| 🟢 |
ListParts |
Parts loaded with MultipartUpload |
| 🟢 |
ListObjects |
|
| 🟢 |
ListObjectsV2 |
|
| 🟢 |
PutObject |
Content-MD5 header deprecated |
| 🔵 |
SelectObjectContent |
Need to have some Lambda to execute SQL |
| 🔵 |
WriteGetObjectResponse |
Waiting for Lambda to be developed |
| 🟢 |
GetObjectAttributes |
|
- DeleteObjects limited by max amount of objects which can be deleted per request. See
max_object_to_delete_per_request parameter.
- For calculating object ETag, we use SHA256 hash instead of MD5.
- PutObject into a container with public-write permissions as an anonymous user (for instance, with CLI option --no-sign-request) is impossible, if try to set custom ACL for the object. It happens because container ACL rules may be changed only by container owner.
- Header
X-Amz-Meta-Neofs-Copies-Number can be used with PutObject, CopyObject, CreateMultipartUpload methods to set object copies number. Otherwise, the default value from config will be used. See neofs section for more details.
- Use metadata
neofs-copies-number parameter for aws CLI. For instance:
aws s3api put-object --endpoint $S3HOST --bucket $BUCKET --key $OBJECT_KEY --body /path/to/file.txt --metadata neofs-copies-number=3
For now there are some limitations:
- Bucket policy supports only one
Principal per Statement.
Principal must be "AWS": "*" or "*" (to refer all users) or "CanonicalUser": "NiskPF9pfRMzg7V7PeB4d6ogLzu74a1L2Q" (base58 encoded address of desired user).
{
"Statement": [
{
"Principal": "*"
}
]
}{
"Statement": [
{
"Principal": {
"AWS": "*"
}
}
]
}
- Resource in bucket policy is a string value or array of strings. Each item MUST contain bucket name, CAN contain object name (wildcards are not supported):
{
"Statement": [
{
"Resource": "arn:aws:s3:::bucket"
}
]
}{
"Statement": [
{
"Resource": [
"arn:aws:s3:::bucket",
"arn:aws:s3:::bucket/some/object"
]
}
]
}
- Action is a string value or array of strings:
{
"Statement": [
{
"Action": "s3:PutObject"
}
]
}{
"Statement": [
{
"Action": ["s3:PutObject", "s3:PutObjectAcl"]
}
]
}
- AWS conditions and wildcard are not supported in resources
- Only
CanonicalUser (with hex encoded public key) and All Users Group are supported in ACL.
Authenticated Users group is not supported. It is a part of All Users Group and can't be separated from it.
- It is not possible to remove GRANTS from container owner. Using PutObjectAcl with empty grants has no effect to GRANTS for container owner, despite method completes without error.
{
"Owner": {"DisplayName": "NiskPF9pfRMzg7V7PeB4d6ogLzu74a1L2Q","ID": "NiskPF9pfRMzg7V7PeB4d6ogLzu74a1L2Q"},
"Grants": []
}
|
Method |
Comments |
| 🟡 |
GetObjectAcl |
See Limitations |
| 🟡 |
PutObjectAcl |
See Limitations |
For now there are some limitations:
- Retention period can't be shortened, only extended.
- You can't delete locks or object with unexpired lock. This means PutObjectLegalHold with OFF status raise Unsupported error.
|
Method |
Comments |
| 🟡 |
GetObjectLegalHold |
|
| 🟢 |
GetObjectLockConfiguration |
GetBucketObjectLockConfig |
| 🟡 |
GetObjectRetention |
|
| 🟡 |
PutObjectLegalHold |
|
| 🟢 |
PutObjectLockConfiguration |
PutBucketObjectLockConfig |
| 🟡 |
PutObjectRetention |
|
Should be supported soon.
|
Method |
Comments |
| 🟢 |
AbortMultipartUpload |
|
| 🟢 |
CompleteMultipartUpload |
|
| 🟢 |
CreateMultipartUpload |
|
| 🟢 |
ListMultipartUploads |
|
| 🟢 |
ListParts |
|
| 🟢 |
UploadPart |
|
| 🟢 |
UploadPartCopy |
|
|
Method |
Comments |
| 🟢 |
DeleteObjectTagging |
|
| 🟢 |
GetObjectTagging |
|
| 🟢 |
PutObjectTagging |
|
See also GetObject and other method parameters.
|
Method |
Comments |
| 🟢 |
ListObjectVersions |
ListBucketObjectVersions |
| 🔵 |
RestoreObject |
|
|
Method |
Comments |
| 🟢 |
CreateBucket |
PutBucket |
| 🟢 |
DeleteBucket |
|
| 🟢 |
GetBucketLocation |
|
| 🟢 |
HeadBucket |
|
| 🟢 |
ListBuckets |
|
| 🔵 |
PutPublicAccessBlock |
|
| 🔵 |
GetPublicAccessBlock |
|
CreateBucket method allows you to select a placement policy using the LocationConstraint parameter in the AWS CLI. The policy name should be passed as a value.
- Policies mapping can be defined via:
- Authmate during bucket creation. These policies are available only for generated credentials.
- Gate configuration. These policies are shared and available for all gate clients.
- Example: aws s3api create-bucket --bucket $BUCKET --endpoint $S3HOST --create-bucket-configuration LocationConstraint=$POLICY_NAME
|
Method |
Comments |
| 🔴 |
GetBucketAccelerateConfiguration |
GetBucketAccelerate |
| 🔴 |
PutBucketAccelerateConfiguration |
|
|
Method |
Comments |
| 🟡 |
GetBucketAcl |
See ACL limitations |
| 🟡 |
PutBucketAcl |
See ACL Limitations |
Bucket ACLs are disabled, by default. See details here.
See Ownership section for details.
|
Method |
Comments |
| 🔵 |
DeleteBucketAnalyticsConfiguration |
|
| 🔵 |
GetBucketAnalyticsConfiguration |
|
| 🔵 |
ListBucketAnalyticsConfigurations |
|
| 🔵 |
PutBucketAnalyticsConfiguration |
|
|
Method |
Comments |
| 🟢 |
DeleteBucketCors |
|
| 🟢 |
GetBucketCors |
|
| 🟢 |
PutBucketCors |
|
|
Method |
Comments |
| 🔵 |
DeleteBucketEncryption |
|
| 🔵 |
GetBucketEncryption |
|
| 🔵 |
PutBucketEncryption |
|
|
Method |
Comments |
| 🔵 |
DeleteBucketInventoryConfiguration |
|
| 🔵 |
GetBucketInventoryConfiguration |
|
| 🔵 |
ListBucketInventoryConfigurations |
|
| 🔵 |
PutBucketInventoryConfiguration |
|
|
Method |
Comments |
| 🔵 |
DeleteBucketLifecycle |
|
| 🔵 |
GetBucketLifecycle |
|
| 🔵 |
GetBucketLifecycleConfiguration |
|
| 🔵 |
PutBucketLifecycle |
|
| 🔵 |
PutBucketLifecycleConfiguration |
|
|
Method |
Comments |
| 🔵 |
GetBucketLogging |
|
| 🔵 |
PutBucketLogging |
|
|
Method |
Comments |
| 🔵 |
DeleteBucketMetricsConfiguration |
|
| 🔵 |
GetBucketMetricsConfiguration |
|
| 🔵 |
ListBucketMetricsConfigurations |
|
| 🔵 |
PutBucketMetricsConfiguration |
|
|
Method |
Comments |
| 🔵 |
GetBucketNotification |
|
| 🔵 |
GetBucketNotificationConfiguration |
|
| 🔵 |
ListenBucketNotification |
non-standard? |
| 🔵 |
PutBucketNotification |
|
| 🔵 |
PutBucketNotificationConfiguration |
|
|
Method |
Comments |
| 🟢 |
DeleteBucketOwnershipControls |
|
| 🟢 |
GetBucketOwnershipControls |
|
| 🟢 |
PutBucketOwnershipControls |
|
In case you need to disable ACLs manually (for instance your bucket has ACLs enabled) you should use PutBucketOwnershipControls command:
$ aws s3api put-bucket-ownership-controls --endpoint $S3HOST --bucket $BUCKET --ownership-controls "Rules=[{ObjectOwnership=BucketOwnerEnforced}]"Switch to Preferred mode with the next command:
$ aws s3api put-bucket-ownership-controls --endpoint $S3HOST --bucket $BUCKET --ownership-controls "Rules=[{ObjectOwnership=BucketOwnerPreferred}]"Switch to ObjectWriter mode with the next command:
$ aws s3api put-bucket-ownership-controls --endpoint $S3HOST --bucket $BUCKET --ownership-controls "Rules=[{ObjectOwnership=ObjectWriter}]"Note: ObjectWriter mode means fully enabled ACL.
Pay attention to the fact that object owner in NeoFS is bucket owner in any case.
|
Method |
Comments |
| 🔵 |
DeleteBucketPolicy |
|
| 🔵 |
DeleteBucketReplication |
|
| 🔵 |
DeletePublicAccessBlock |
|
| 🟡 |
GetBucketPolicy |
See ACL limitations |
| 🔵 |
GetBucketPolicyStatus |
|
| 🔵 |
GetBucketReplication |
|
| 🟢 |
PostPolicyBucket |
Upload file using POST form |
| 🟡 |
PutBucketPolicy |
See ACL limitations |
| 🔵 |
PutBucketReplication |
|
You may set requiring the bucket-owner-full-control canned ACL for Amazon S3 PUT operations (bucket owner preferred):
$ aws s3api put-bucket-policy --endpoint $S3HOST --bucket $BUCKET --policy file://policy.json
policy.json:
Note that S3 gate supports only wildcard for Principal parameter see ACL section for
details.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Only allow writes to my bucket with bucket owner full control",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": [
"s3:PutObject"
],
"Resource": "arn:aws:s3:::$BUCKET/*",
"Condition": {
"StringEquals": {
"s3:x-amz-acl": "bucket-owner-full-control"
}
}
}
]
}
|
Method |
Comments |
| 🔴 |
GetBucketRequestPayment |
|
| 🔴 |
PutBucketRequestPayment |
|
|
Method |
Comments |
| 🟢 |
DeleteBucketTagging |
|
| 🟢 |
GetBucketTagging |
|
| 🟢 |
PutBucketTagging |
|
|
Method |
Comments |
| 🔵 |
DeleteBucketIntelligentTieringConfiguration |
|
| 🔵 |
GetBucketIntelligentTieringConfiguration |
|
| 🔵 |
ListBucketIntelligentTieringConfigurations |
|
| 🔵 |
PutBucketIntelligentTieringConfiguration |
|
|
Method |
Comments |
| 🟢 |
GetBucketVersioning |
|
| 🟢 |
PutBucketVersioning |
|
|
Method |
Comments |
| 🔵 |
DeleteBucketWebsite |
|
| 🔵 |
GetBucketWebsite |
|
| 🔵 |
PutBucketWebsite |
|
Each meta parameter value must be non-empty. If any parameter value is an empty,
then "Your metadata headers are not supported." error will be returned on the object put operation.