ColdFusion and Amazon S3

Introduction

Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface. Amazon S3 can be employed to store any type of object which allows for uses like storage for Internet applications, backup and recovery, disaster recovery, data archives, data lakes for analytics, and hybrid cloud storage.

Amazon S3 stores data as objects within buckets. An object consists of a file and optionally any metadata that describes that file.

To store an object in Amazon S3, you upload the file you want to store to a bucket. When you upload a file, you can set permissions on the object as well as any metadata.

Buckets are the roots for objects. You can have one or more buckets. For each bucket, you can control access to it (who can create, delete, and list objects in the bucket), view access logs for it and its objects, and choose the geographical region where Amazon S3 will store the bucket and its contents.

For more information, see Amazon S3 storage.

ColdFusion and S3

Amazon S3 storage service is used to store and retrieve any amount of data, at any time, from anywhere on the web. ColdFusion (2016 release) and ColdFusion (2018 release) supported this feature using tags and functions that take file or directory as input or output. In ColdFusion (2021 release), we’ve extended the feature further to support Multi-cloud service.

You can use S3 storage in the following scenarios:

  • Create storage in S3.
  • Perform root operations like create, upload, list and delete.
  • Set policies to the bucket.
  • Upload files in bulk.
  • Copy files from one bucket to another.
  • Create different versions of the file in the storage.
  • Set lifecycles rules to the objects.
  • Add tags to the objects.
  • Secure your S3 space.
  • Upload or download files in parallel.

Get started

Install awss3 package

Adobe ColdFusion (2021 release) is modularized, if you are only using the ZIP installer. By default, the module for AWS S3 is not installed. The first step is to install the S3 package in ColdFusion.

Note: If you are using the GUI installer, The package for S3 is called awss3.

The package for SNS is called awss3.

To install the package awss3, use the Package Manager page in the ColdFusion Administrator, or follow the steps below:

  1. Navigate to <CF_HOME>/cfusion/bin.

  2. Enter the command:

    • Windows: cfpm.bat
    • Linux: cfpm.sh
  3. Enter the command, install awss3.

    Wait for the AWS S3 package to get installed.

For more information, see ColdFusion Package Manager.

Get credentials to access AWS S3

When you interact with AWS, you specify your AWS security credentials to verify your credentials and check whether you have permission to access the resources that you are requesting.

AWS uses the security credentials to authenticate and authorize your requests.

You must get the AWS Access Key ID and the AWS Secret Access Key. For more information, see Access Keys.

Add cloud service credentials and configuration

In ColdFusion (2021 release), there is a method getCloudService() that gives you a handle to create objects for accessing various cloud services.

The syntax of the service handle is as follows:

service=getCloudService(cloudCred,cloudConfig), where:

  • cloudCred: Defines the credentials for the cloud service. It could either be a struct or a string (also known as credential alias).
  • cloudConfig: Defines the cloud service configuration details. It could either be a struct or a string (also known as config alias).

After you've acquired the AWS credentials, you must declare these credentials in one of the following ways. Only then you can use these credentials to create an S3 object, after which you can use the object to make calls to the various S3 methods.

Note:

You must store the result of getCloudService in a shared scope (for example, application scope) and re-use that object.

ColdFusion Administrator

Set credentials

In the ColdFusion Administrator, click Data & Services > Cloud Credentials

An alias is a named representation of a cloud service and its configuration details. You can set the config alias through ColdFusion Administrator.

Add cloud credentials
Add cloud credentials

After entering the details, click Add Credential.

Set configuration options

In the ColdFusion Administrator, click Data & Services > Cloud Configuration

Enter the following details, like configuration Alias, Vendor, and the name of the service.

Add cloud configuration options
Add cloud configuration options

After adding the configuration options, you may need to add a few more options. You can do so in the next screen. The following are a few options that you may need to add:

  • Request config
  • Client config
  • Proxy settings
  • Retry policy
  • Retry conditions

For more information, see Cloud configuration options.

Create the object

Once you've created the aliases for S3 credential and configuration options, you can create the object by using the getCloudService API, and include the following in your CFM. 

s3Object= getCloudService("s3Cred", "s3Conf")

Application.cfc

You can specify the S3 credentials and configuration options in Application.cfc. For example,

component 
{ 
    this.name="S3_app"; 
    void function onApplicationStart(){ 
        application.awsCred  = { 
                                "alias" : "aws_std_queue", 
                                "vendorName" : "AWS", 
                                "region" : "us-east-2", 
                                "secretAccessKey" : "xxxxxxxxxxxxxxxxx", 
                                "accessKeyId" : "xxxxxxxxxxxxxxxx" 
                             } 
              
        application.s3Conf  = { 
                                "serviceName" : "S3" 
                             } 
  
         
    } 
}

Create the object

s3Object = getCloudService(application.awsCred, application.s3Conf) 

On CFM page

On a CFM page, you can specify the S3 credentials and configuration options in one of the four methods, specified below:

Credential alias and configuration alias

After you've created the aliases for S3 credential and configuration options, you can use these aliases in the getCloudService
handle as shown below:

<cfscript> 
  // define the credential and the configuration aliases in the ColdFusion Admin 
  s3=getCloudService("awsCred","s3Conf") 
  // code below. 
  ........... 
</cfscript>

Credential Alias and Struct for configuration options

<cfscript> 
    // Using credential alias and struct for service config 
    s3Conf = { 
            "alias":"s3Conf", 
            "serviceName" : "S3", 
            "clientOverrideConfig":{ 
                "retryPolicy":{ 
                  "numRetries":4 
                } 
            }, 
            "httpClientConfig":{ 
                "maxConnections":50 
            } 
   
    } 
    s3= getCloudService("s3Cred", s3Conf) 
   
    // code below 
    ..................... 
</cfscript>

Configuration alias and struct for credentials

<cfscript> 
    // Using config alias and struct for service credentials 
    // s3 credentials 
    s3Creds={ 
      "vendorName":"AWS", 
      "alias": "s3Cred", 
      "region":"us-east-2", 
      "accessKeyId": "access key", 
      "secretAccessKey": "secret access" 
    } 
    s3= getCloudService(s3Creds, "s3Conf") 
    // code below 
    ..................................... 
</cfscript>

Structs for both credential and configuration options

<cfscript> 
  // Using Structs for both cloud credential and config 
  s3Cred={ 
    "vendorName":"AWS", 
    "alias": "s3_cred_alias", 
    "region":"us-east-2", 
    "accessKeyId": "access key", 
    "secretAccessKey": "secret access key" 
  } 
   
  s3Conf = { 
          "alias":"s3_conf_alias", 
          "serviceName" : "S3", 
          "clientOverrideConfig":{ 
              "retryPolicy":{ 
                "numRetries":4 
              } 
          }, 
          "httpClientConfig":{ 
              "maxConnections":50 
          } 
   
  } 
  sqs = getCloudService(s3Cred, s3Conf ) 
   
  // code below 
  ................................................................... 
</cfscript>

Admin API

You can also add SQS credentials and configuration options by using the Admin APIs. The methods to add credentials and configuration are available in cloud.cfc.

The examples below demonstrate the usage of the methods addCredential(struct credential) and addServiceConfig(struct config).

Add credentials

<cfscript> 
  // Create an object of administrator component and call the login method 
  adminObj = createObject("component","cfide.adminapi.administrator") 
  adminObj.login("admin") 
   
  // Create an object of cloud component 
  cloudObj = createObject("component","cfide.adminapi.cloud") 
   
  // define credentials struct 
  credentialStruct={ 
    "alias" : "CredS3", 
    "vendorName" : "AWS", 
    "region" : "us-east-2", 
    "secretAccessKey" : "secret access key", 
    "accessKeyId" : "access key" 
  } 
   
  // add credential credentialStruct 
  try{ 
    cloudObj.addCredential(credentialStruct) 
    writeOutput("Credentials added successfully") 
  } 
  catch(any e){ 
      writeDump(e) 
  } 
</cfscript>

Add configuration

<cfscript> 
  // Create an object of administrator component and call the login method 
  adminObj = createObject("component","cfide.adminapi.administrator") 
  adminObj.login("admin") 
   
  // Create an object of cloud component 
  cloudObj = createObject("component","cfide.adminapi.cloud") 
   
  // define configuration struct 
  configStruct={ 
      "alias":"ConfS3", 
      "serviceName":"S3", 
      "clientOverrideConfig":{ 
          "retryPolicy":{ 
              "numRetries":4 
          } 
      }, 
      "httpClientConfig":{ 
          "maxConnections":50 
      } 
  } 
   
  // add config configStruct 
  try{ 
    cloudObj.addServiceConfig(configStruct) 
    writeOutput("Configuration service added successfully") 
  } 
  catch(any e){ 
    writeDump(e) 
  } 
</cfscript>

CFSetup

You can also set up S3 credential and configuration via the CFSetup configuration utility.

Add cloud credential

  • add cloudcredential credentialAlias=s3cred accesskeyid=<access> secretaccesskey=<secret> region=ap-southeast-1 vendorname=AWS

Set credential

  • set cloudcredential s3cred secretaccesskey=awssecret

Add cloud configuration

  • add cloudconfiguration serviceName=S3 alias=s3Config

Set configuration

  • set cloudconfiguration conf1 alias=conf2

Create root

Get the root object. If the root doesn't exist, the root gets created.

  • Amazon S3- Yes
  • Azure- Yes
  • Multi-cloud- Yes

Syntax

root(bucketname, createIfNotExists)

Parameters

Parameter

Description

bucketName

The name of the bucket to be created.

createIfNotExists

True or False. If the bucket doesn't exist, it gets created.

Example

<cfscript> 
  storageService = getCloudService(application.awsCred,application.s3Conf) 
  try{ 
    storageService.root("bucket.001","true") 
    writeOutput("Bucket created successfully") 
  } 
  catch(any e){ 
    writeDump(e) 
  } 
</cfscript>

Create root- additional parameters

Get the root object with additional parameters.

  • Amazon S3- Yes
  • Azure- Yes
  • Multi-cloud- Yes

Syntax

createRoot(requestParameters)

Parameters

Parameter

Description

bucketName

The name of the bucket to be created.

objectLockEnabledForBucket

Yes or No. Identifies if object lock is enabled for the bucket. For more information, see Object locks.

acl

Amazon S3 access control lists (ACLs) enable you to manage access to buckets and objects.

Valid values are:

  • PRIVATE: Only owner of the bucket has full control of the bucket and its objects.
  • PUBLIC_READ: Owner of the bucket has full control. Members of AllUsers group have READ rights to the bucket and its objects.
  • PUBLIC_READ_WRITE: Owner gets FULL_CONTROL. The AllUsers group gets READ and WRITE access.
  • AUTHENTICATED_READ: Owner gets FULL_CONTROL. The AuthenticatedUsers group gets READ access.

For more information, see ACLs in AWS.

grant permission variables

Permissions that Amazon S3 supports in an ACL.

Valid values are:

  • grantFullControl: Allows the grantee full control of the bucket.
  • grantRead: Allows the grantee to view the objects in the bucket.
  • grantWrite: Allows the grantee to create, overwrite, and delete any object in the bucket.
  • grantWriteACP: Allows the grantee to write the ACL for the bucket.

For more information, see Permissions.

Example

<cfscript> 
  storageService = getCloudService(application.awsCred,application.s3Conf) 
   
  createBucketRequest = { 
      "acl":"PRIVATE", 
       "bucket" : "bucket.002", 
       "objectLockEnabledForBucket" : true 
  } 
  //  create a root 
  myobj=storageService.createRoot(createBucketRequest) 
  writeDump(myobj) 
</cfscript> 

Create bucket

To upload your data to Amazon S3, you must get the bucket object in one of the AWS Regions. You can then upload any number of objects to the bucket.

For more information, see S3 buckets.

Syntax

bucket(bucketName,createIfNotExists)

Parameters

Parameter

Description

bucketName

The name of the bucket to be created.

createIfNotExists

True or False. If the bucket doesn't exist, it gets created.

Example

<cfscript> 
  storageService = getCloudService(application.awsCred,application.s3Conf) 
  try{ 
    storageService.bucket("bucket.002","true") 
    writeOutput("Bucket created successfully") 
  } 
  catch(any e){ 
    writeDump(e) 
  } 
</cfscript>

Create bucket- additional parameters

Create a bucket in S3 with additional parameters.

Syntax

createBucket(parameterStruct)

Parameters

Parameter

Description

bucketName

The name of the bucket to be created.

objectLockEnabledForBucket

Yes or No. Identifies if object lock is enabled for the bucket. For more information, see Object locks.

acl

Amazon S3 access control lists (ACLs) enable you to manage access to buckets and objects.

Valid values are:

  • PRIVATE: Only owner of the bucket has full control of the bucket and its objects.
  • PUBLIC_READ: Owner of the bucket has full control. Members of AllUsers group have READ rights to the bucket and its objects.
  • PUBLIC_READ_WRITE: Owner gets FULL_CONTROL. The AllUsers group gets READ and WRITE access.
  • AUTHENTICATED_READ: Owner gets FULL_CONTROL. The AuthenticatedUsers group gets READ access.

For more information, see ACLs in AWS.

grant permission variables

Permissions that Amazon S3 supports in an ACL.

Valid values are:

  • grantFullControl: Allows the grantee full control of the bucket.
  • grantRead: Allows the grantee to view the objects in the bucket.
  • grantWrite: Allows the grantee to create, overwrite, and delete any object in the bucket.
  • grantWriteACP: Allows the grantee to write the ACL for the bucket.

For more information, see Permissions.

Example

<cfscript> 
  storageService = getCloudService(application.awsCred,application.s3Conf) 
  // bucketList=storageService.listAll() // lists all buckets 
  // writeDump(bucketList) 
  // abort; 
  createBucketRequest = { 
       "acl":"PRIVATE", 
       "bucket" : "bucket.three.demo", 
       "objectLockEnabledForBucket" : true 
  } 
  //  create a bucket 
  try{ 
    myobj=storageService.createBucket(createBucketRequest) 
    writeOutput("Bucket created successfully") 
    writeDump(myobj) 
  } 
  catch (any e){ 
    writeOutput("Failed to create the bucket") 
    writeDump(e) 
  } 
</cfscript> 

Delete a bucket

You can delete an empty bucket, and when you're using the AWS Management Console, you can delete a bucket that contains objects. If you delete a bucket that contains objects, all the objects in the bucket are permanently deleted.

For more information, see DeleteObjects.

  • Amazon S3- Yes
  • Azure- Yes
  • Multi-cloud- Yes

Syntax

delete(parameterStruct)
delete(bucketName)

Parameters

Parameter

Description

bucketName

The name of the bucket to delete.

forcedDelete

True or False. Force deletes a bucket that has obejcts in it.

Example

<cfscript> 
  storageService = getCloudService(application.awsCred,application.s3Conf) 
  createBucketRequest = { 
    "acl":"PRIVATE", 
    "bucket" : "bucket.name", 
    "objectLockEnabledForBucket" : true 
  } 
  storageService.createBucket(createBucketRequest) 
  // delete the bucket 
  deleteBucketRequest = { 
      "bucket" : "bucket.name", 
      "forcedDelete" : "true" // default: false 
  } 
  try{ 
    myobj=storageService.delete(deleteBucketRequest) 
    writeOutput("Bucket deleted successfully") 
    writeDump(myobj) 
  } 
  catch (any e){ 
    writeOutput("Unable to delete the bucket") 
    writeDump(e) 
  } 
</cfscript> 

Delete an object

Here's how you'll delete an object in a bucket.

<cfscript> 
  storageService = getCloudService(application.awsCred,application.s3Conf) 
  rootObj=storageService.bucket("bucket001","true") 
  try{ 
    rootObj.delete("key") 
    writeOutput("Object created successfully") 
  } 
  catch(any e){ 
    writeDump(e) 
  } 
</cfscript>

Delete the key from a bucket

<cfscript> 
  storageService = getCloudService(application.awsCred,application.s3Conf) 
  //writeOutput(ExpandPath('./')) 
  // create a bucket 
  createBucketRequest = { 
    "acl":"PRIVATE", 
    "bucket" : "bucket.name", 
    "objectLockEnabledForBucket" : true 
  } 
  bucketObj=storageService.createBucket(createBucketRequest) 
  // upload an object 
  uploadStruct = { 
        "srcFile" : "#ExpandPath('./')#/file.txt", 
        "key" : "key12", 
        "metadata":{ 
          "place":"London", 
          "deployment":"Testing" 
        } 
  } 
  try{ 
    deleteResponse=bucketObj.delete("key12")
    writeOutput("Object deleted successfully") 
    writeDump(deleteResponse) 
  } 
  catch (any e){ 
    writeOutput("Could not delete the object") 
    writeDump(e) 
  } 
</cfscript>

Upload a file

You can upload a file to a bucket. In the function uploadFile, as argument, pass a struct with the following values:

For more information, see the official docs.

Syntax

uploadFile(parameterStruct)

Parameters

Parameter Description Required
srcFile
The path of the file that you want to upload in the bucket. Yes
key
Unique identifier of the object. Yes
acl

The ACL to apply to the object. For more information, see Canned ACL.The valid values are:

  • PRIVATE
  • PUBLIC_READ
  • PUBLIC_READ_WRITE
  • AUTHENTICATED_READ
  • AWS_EXEC_READ
  • BUCKET_OWNER_READ
  • BUCKET_OWNER_FULL_CONTROL
No
cacheControl
Specify the caching behavior as defined here. No
contentDisposition
Specify the content format of the object as defined here. No
contentEncoding
Specify the type of encoding on the object as defined here. No
contentLanguage
The language of the object that you want to upload. No
contentLength
The size of the object in bytes. No
validateContentMD5
True or False. The base64-encoded 128-bit MD5 digest of the message (without the headers).
No
contentType
The format of the content as defined here. No
expires
The date and time when the object cannot be cached any longer.
No
grantFullControl
Gives the grantee READ, READ_ACP, and WRITE_ACP permissions on the object.
No
grantRead
Allows grantee to only read the object data.
No
grantWrite
Allows grantee to write to the object data.
No
grantReadACP
Allows grantee to read the object ACL.
No
grantWriteACP
Allows grantee to write the ACL for the object.
No
metadata
The object metadata to use. No
serverSideEncryption
The server-side encryption algorithm to be used.
No
storageClass

Valid values are:

  • STANDARD
  • REDUCED_REDUNDANCY
  • STANDARD_IA
  • ONEZONE_IA
  • INTELLIGENT_TIERING
  • GLACIER
  • DEEP_ARCHIVE

For more information, see S3 storage class.

No
websiteRedirectLocation
If the bucket is configured as a website, specify the redirect request to another object in the same bucket or to an external URL.
No
sseCustomerAlgorithm
Specifies the algorithm to use to when encrypting the object.
No
sseCustomerKey
Specifies the customer-provided encryption key for S3 to use in encrypting data. 
No
ssekmsKeyId
Specifies the ID of the AWS Key Management Service (AWS KMS).
No
ssekmsEncryptionContext
Specifies the AWS KMS Encryption Context to use for object encryption. 
No
requestPayer
Confirms that the requester knows that they will be charged for the request.
No
tagging
The tag-set for the object. Must be a struct of key-value pairs.
No
objectLockMode

The Object locking mode that you want to apply to this object. Valid values are:

  • GOVERNANCE
  • COMPLIANCE
No
objectLockRetainUntilDate
The date and time when you want this object's Object Lock to expire.
No
objectLockLegalHoldStatus

Indicates whether the specified object has a Legal Hold in place.. Valid values are:

  • ON
  • OFF
No

Example

<cfscript> 
  storageService = getCloudService(application.awsCred,application.s3Conf) 
  //writeOutput(ExpandPath('./')) 
  // create a bucket 
  createBucketRequest = { 
    "acl":"PRIVATE", 
    "bucket" : "bucket.name", 
    "objectLockEnabledForBucket" : true 
  } 
  bucketObj=storageService.createBucket(createBucketRequest) 
  // upload an object 
  uploadStruct = { 
        "srcFile" : "#ExpandPath('./')#/file.txt", 
        "key" : "key12", 
        "metadata":{ 
          "place":"London", 
          "deployment":"Testing" 
        } 
  } 
  try{ 
    uploadResponse=bucketObj.uploadFile(uploadStruct) 
    writeOutput("Object uploaded successfully") 
    writeDump(uploadResponse) 
  } 
  catch (any e){ 
    writeOutput("Could not upload the object") 
    writeDump(e) 
  } 
</cfscript>

Download a file

You can download a file from an S3 bucket. To download a file, use the function downloadToFile. As an argument, pass a struct with the following values:

For more information, see the official docs.

Syntax

downloadToFile(parameterStruct)

Parameters

Parameter Description Required
destinationFile
The path of the file that that contains the object, which you want to download. Yes
key
Unique identifier of the object. Yes
cacheControl
Set the cache control header of the object, No
contentDisposition
Set the Content-Disposition header of the response.
No
contentEncoding
Set the Content-Encoding header of the response.
No
contentLanguage
Set the Content-Language header of the response.
No
contentType
Set the Content-Type header of the response.
No
expires
Sets the Response header of the response.
No
versionId
Refer to a specific version of the object. No
sseCustomerAlgorithm
Specify the algorithm to use to when encrypting the object.
No
sseCustomerKey
Specify the customer-provided encryption key for S3 to use in encrypting data.
No
requestPayer
Confirms that the requester knows that they will be charged for the request.
No

Example

<cfscript> 
  storageService = getCloudService(application.awsCred,application.s3Conf) 
  // create a bucket 
  createBucketRequest = { 
      "acl":"PRIVATE", 
      "bucket" : "bucket.demo.four", 
      "objectLockEnabledForBucket" : true 
  } 
  bucketObj=storageService.createBucket(createBucketRequest) 
  // upload an object 
  uploadStruct = { 
        "srcFile" : "#ExpandPath('./')#/file.txt", 
        "key" : "key22", 
        "metadata":{ 
          "filename":"file.txt", 
          "place":"bangalore", 
          "category":"finance" 
        } 
  } 
  bucketObj.uploadFile(uploadStruct) 
  // download the file 
  downloadStruct = { 
    "destinationFile" : "file.txt", 
    "key" : "key22" 
  } 
  try{ 
    downloadResponse=bucketObj.downloadToFile(downloadStruct) 
    writeOutput("Object downloaded successfully") 
    writeDump(downloadResponse) 
  } 
  catch (any e){ 
    writeOutput("Failed to download object") 
    writeDump(e) 
  } 
</cfscript>

List all objects

You can get a list of buckets in storage account. You can also retrieve a list of objects inside the bucket.

  • Amazon S3- Yes
  • Azure- Yes
  • Multi-cloud- Yes

Syntax

listAll(parameterStruct)
listAll()

Parameters

Parameter

Description

delimiter

Character to group keys.

encodingType

Encode the object keys in the response and specifies the encoding method to use.

marker

Key to start with when listing objects in a bucket.

maxKeys

The maximum number of keys returned in the response. 

prefix

Limits the response to keys that begin with the specified prefix.

requestpayer

Confirms that the requester knows that he/she will be charged for the request. Valid value is REQUESTER.

For more information, see request parameters.

Example

<cfscript> 
  storageService = getCloudService(application.awsCred,application.s3Conf) 
  // lists all buckets 
  bucketList=storageService.listAll() 
  writeOutput("List of buckets") 
  writeDump(bucketList) 
</cfscript>

Copy an object

You can copy an object from one bucket to another. All copy requests must be authenticated. Additionally, you must have read access to the source object and write access to the destination bucket. 

For more information, see Copy objects.

Syntax

copy(parameterStruct)

Parameters

Parameter

Description

Required

sourceBucket

The bucket from where you want to copy the object.

Yes

sourceKey

The key associated with the object.

Yes

sourceVersionId

The version id that was associated with the object.

No

key

The destination key of the object.

Yes

storageClass

For more information, see S3 storage class.. Valid value is: GLACIAR.

No

Example

<cfscript> 
  storageService = getCloudService(application.awsCred,application.s3Conf) 
  // create two buckets 
  createBucketRequest1 = { 
      "acl":"PRIVATE", 
       "bucket" : "cf.source.bucket.1", 
       "objectLockEnabledForBucket" : true 
  } 
  createBucketRequest2 = { 
      "acl":"PRIVATE", 
       "bucket" : "cf.dest.bucket.1", 
       "objectLockEnabledForBucket" : true 
  } 
  // source bucket 
  source_obj=storageService.createBucket(createBucketRequest1) 
  // destination bucket 
  dest_object=storageService.createBucket(createBucketRequest2) 
  // upload file struct 
  uploadStruct = { 
        "srcFile" : "#ExpandPath('./')#/file.txt", 
        "key" : "key12" 
    } 
  // upload file to source bucket 
  uploadResponse=source_obj.uploadFile(uploadStruct) 
  // copy file struct 
  copyRequest = { 
        "sourceBucket": "cf.source.bucket.1", 
        "sourceKey" : "key12", 
        "key" : "destKey" 
  } 
  copyResponse=dest_object.copy(copyRequest); 
  objList=dest_object.listAll() 
  writeDump(objList) 
 
</cfscript>

Apply policy to a bucket

Applies an Amazon S3 bucket policy to an Amazon S3 bucket.

For more information, see Put bucket policy.

Syntax

putPolicy(parameterStruct)

Parameters

Parameter

Description

Required

confirmRemoveSelfBucketAccess

True or False. Set this parameter to true to confirm that you want to remove your permissions to change this bucket policy in the future.

No

policy

The policy to be enforced for the bucket. For more information, see S3 policies.

No

Example

<cfscript> 
    storageService = getCloudService(application.awsCred,application.s3Conf) 
    bucketList=storageService.listAll() 
    //writeDump(bucketList) 
    rootObj=storageService.bucket("bucket.policy","true") 
    
    policy = {    
        "Id": "Policy1571390473326",  
        "Version": "2012-10-17", 
        "Statement": [ 
            { 
            "Sid": "Stmt1574139965216", 
            "Action": [ 
              "s3:GetBucketAcl" 
            ], 
            "Effect": "Allow", 
            "Resource": "bucket.policy", 
            "Principal": "*" 
          }  
         ] 
      }     
       
      policyRequest = { 
          "policy" : policy 
      } 
      
      rootObj.putPolicy(policyRequest); 
      writedump(rootObj.getPolicies()) 
</cfscript>

Delete a policy

Delete a policy that was applied on a bucket.

For more information, see Delete bucket policy.

Syntax

deletePolicies()

Example

<cfscript> 
    storageService = getCloudService(application.awsCred,application.s3Conf) 
    bucketList=storageService.listAll() 
    //writeDump(bucketList) 
    rootObj=storageService.bucket("bucket.policy","true")   
        
    policy = {    
        "Id": "Policy1571390473326",  
        "Version": "2012-10-17", 
        "Statement": [ 
            { 
            "Sid": "Stmt1574139965216", 
            "Action": [ 
              "s3:GetBucketAcl" 
            ], 
            "Effect": "Allow", 
            "Resource": "bucket.policy", 
            "Principal": "*" 
          }  
         ] 
      }     
       
      policyRequest = { 
          "policy" : policy 
      } 
      
      rootObj.putPolicy(policyRequest); 
      writedump(rootObj.getPolicies()) 
      // delete policy 
      deletePolicyResponse=rootObj.deletePolicies() 
      writeDump(deletePolicyResponse) 
</cfscript>

Retrieve a policy

Return the policy of a specified bucket.

For more information, see Get bucket policy.

Syntax

getPolicies()

Example

<cfscript> 
    storageService = getCloudService(application.awsCred,application.s3Conf) 
    bucketList=storageService.listAll() 
    //writeDump(bucketList) 
    rootObj=storageService.bucket("bucket.policy","true") 
    
   policy = {    
        "Id": "Policy1571390473326",  
        "Version": "2012-10-17", 
        "Statement": [ 
            { 
            "Sid": "Stmt1574139965216", 
            "Action": [ 
              "s3:GetBucketAcl" 
            ], 
            "Effect": "Allow", 
            "Resource": "bucket.policy", 
            "Principal": "*" 
          }  
         ] 
      }     
       
      policyRequest = { 
          "policy" : policy 
      } 
      
      rootObj.putPolicy(policyRequest); 
      writedump(rootObj.getPolicies()) 
      // delete policy 
      deletePolicyResponse=rootObj.deletePolicies() 
      writeDump(deletePolicyResponse) 
</cfscript>

Versioning

Versioning is a means of keeping multiple variants of an object in the same bucket. You can use versioning to preserve, retrieve, and restore every version of every object stored in your Amazon S3 bucket. With versioning, you can easily recover from both unintended user actions and application failures.

In one bucket, for example, you can have two objects with the same key, but different version IDs.

AWS S3 Version: uploading objects in non-versioned and versioning-enabled buckets are the same, although, in the case of versioning-enabled buckets, Amazon S3 assigns a version number. Otherwise, the version number is null. Enabling and suspending versioning is done at the bucket level.

Enable versioning

Set the versioning state of an existing bucket. To set the versioning state, you must be the bucket owner.

You can set the versioning state with one of the following values:

  • Enabled
  • Suspended

For more information, see Enable versioning.

Syntax

enableVersioning(parameterStruct)

Parameters

Parameter

Description

Required

mfa

The combination of the authentication device's serial number, a space, and the value that is displayed on your authentication device.

The format of the mfa is:

"mfa":"arn:aws:iam::0123456789:mfa/username"

No

mfaDelete

Specifies whether MFA delete is enabled in the bucket versioning configuration. Valid values are:

  • Enabled
  • Disabled

No

Example

<cfscript> 
  storageService = getCloudService(application.awsCred,application.s3Conf) 
  // create a bucket 
  createBucketRequest = { 
     "acl":"PRIVATE", 
     "bucket" : "bucket.demo.getstatus", 
     "objectLockEnabledForBucket" : true 
  } 
  //  create a bucket 
  bucketObj=storageService.createBucket(createBucketRequest) 
  // enable versioning 
  bucketObj.enableVersioning() 
  // get version status 
  versionStatus=bucketObj.getVersioningStatus() 
  writeDump(versionStatus) 
</cfscript> 

Get version status

Get the versioning state of a bucket.

Syntax

getVersioningStatus()

Example

<cfscript> 
  storageService = getCloudService(application.awsCred,application.s3Conf) 
  // create a bucket 
  createBucketRequest = { 
     "acl":"PRIVATE", 
     "bucket" : "bucket.demo.getstatus", 
     "objectLockEnabledForBucket" : true 
  } 
  //  create a bucket 
  bucketObj=storageService.createBucket(createBucketRequest) 
  // enable versioning 
  bucketObj.enableVersioning() 
  // get version status 
  versionStatus=bucketObj.getVersioningStatus() 
  writeDump(versionStatus) 
</cfscript>

List all versions

Return metadata about all versions of the objects in a bucket.

For more information, see List object versions.

Syntax

listAllVersions(parameterStruct)

Parameters

Parameter

Description

Required

delimiter

Character to group keys.

No

encodingType

Requests Amazon S3 to encode the object keys in the response and specifies the encoding method to use. 

No

marker

The object version you want to start listing from.

No

maxKeys

Sets the maximum number of keys returned in the response.

No

prefix

Select only those keys that begin with the specified prefix. 

No

keyMarker

The key to start with when listing objects in a bucket.

No

Example

<cfscript> 
  storageService = getCloudService(application.awsCred,application.s3Conf) 
  // create a bucket 
  createBucketRequest = { 
     "acl":"PRIVATE", 
     "bucket" : "bucket.demo.listversions", 
     "objectLockEnabledForBucket" : true 
  } 
  //  create a bucket 
  myobj=storageService.createBucket(createBucketRequest) 
  // define file upload structs 
  uploadStruct1 = { 
          "srcFile" : "#ExpandPath('./')#/file1.txt", 
          "key" : "key1" 
  } 
 
  uploadStruct2 = { 
        "srcFile" : "#ExpandPath('./')#/file2.txt", 
        "key" : "key122" 
  } 
 
  uploadStruct3 = { 
        "srcFile" : "#ExpandPath('./')#/file3.txt", 
        "key" : "key123" 
  } 
 
  uploadStruct4 = { 
          "srcFile" : "#ExpandPath('./')#/file1.txt", 
          "key" : "key124" 
  } 
   
  uploadResponse1=myobj.uploadFile(uploadStruct1); 
  uploadResponse2=myobj.uploadFile(uploadStruct2); 
  uploadResponse3=myobj.uploadFile(uploadStruct3); 
  uploadResponse4=myobj.uploadFile(uploadStruct4); 
   
  listAllVersionsRequest={ 
    "prefix" : "key12" 
  } 
 
   
  // list all versions 
  listVersion=myobj.listAllVersions(listAllVersionsRequest) 
  writeDump(listVersion) 
</cfscript>

Suspend versioning

Disable versioning for the objects in the bucket.

For more information, see Suspend versioning.

Syntax

suspendVersioning(parameterStruct)

Parameters

Parameter

Description

Required

mfa

The combination of the authentication device's serial number, a space, and the value that is displayed on your authentication device.

The format of the mfa is:

"mfa":"arn:aws:iam::0123456789:mfa/username"

No

mfaDelete

Specifies whether MFA delete is enabled or disabled.

No

Example

<cfscript> 
  storageService = getCloudService(application.awsCred,application.s3Conf) 
  // create a bucket 
  createBucketRequest = { 
    "acl":"PRIVATE", 
    "bucket" : "bucket.demo.suspendversioning", 
    // to suspend versioning, turn off object locking for the bucket 
    "objectLockEnabledForBucket" : false 
  } 
  //  create a bucket 
  myobj=storageService.createBucket(createBucketRequest) 
  // enable versioning on the bucket 
  myobj.enableVersioning(); 
  // get the version status 
  versionStatus1=myobj.getVersioningStatus(); 
  writeDump(versionStatus1) 
  // suspend the versioning 
  myobj.suspendVersioning(); 
  versionStatus2=myobj.getVersioningStatus(); 
  writeDump(versionStatus2) 
</cfscript> 

S3 ACL bucket operations

Amazon S3 access control lists (ACLs) enable you to manage access to buckets and objects. Each bucket and object have an ACL attached to it as a sub-resource. It defines which AWS accounts or groups are granted access and the type of access. When a request is received against a resource, Amazon S3 checks the corresponding ACL to verify that the requester has the necessary access permissions.

When you create a bucket or an object, Amazon S3 creates a default ACL that grants the resource owner full control over the resource.

For more information, see S3 ACL.

putBucketAcl

Set the permissions on an existing bucket using access control lists (ACL).

For more information, see Using ACLs.

To set the ACL of a bucket, you must have WRITE_ACP permission.

Syntax

putBucketAcl(parameterStruct)

Parameters

Parameter

Description

Required

acl

Amazon S3 access control lists (ACLs) enable you to manage access to buckets and objects.

Valid values are:

  • PRIVATE: Only owner of the bucket has full control of the bucket and its objects.
  • PUBLIC_READ: Owner of the bucket has full control. Members of AllUsers group have READ rights to the bucket and its objects.
  • PUBLIC_READ_WRITE: Owner gets FULL_CONTROL. The AllUsers group gets READ and WRITE access.
  • AUTHENTICATED_READ: Owner gets FULL_CONTROL. The AuthenticatedUsers group gets READ access.

For more information, see ACLs in AWS.

No

grant permission variables

Permissions that Amazon S3 supports in an ACL.

Valid values are:

  • grantFullControl: Allows the grantee full control of the bucket.
  • grantRead: Allows the grantee to view the objects in the bucket.
  • grantWrite: Allows the grantee to create, overwrite, and delete any object in the bucket.
  • grantWriteACP: Allows the grantee to write the ACL for the bucket.
  • grantReadACP: Allows the grantee to read the ACL permissions for the bucket.

For more information, see Permissions.

No

Example

<cfscript> 
  storageService = getCloudService(this.s3Cred,this.s3Conf) 
  createBucketRequest1 = { 
       "bucket" : "cfqa.003" 
       } 
  rootObj = storageService.createRoot(createBucketRequest1); 
  putBucketAclRequest = { 
      "acl" : "PRIVATE" 
  } 
  putBucketAclResponse=rootObj.putBucketAcl(putBucketAclRequest); 
  writeDump(putBucketAclResponse) 
</cfscript> 

Example with grant permissions.

<cfscript> 
    storageService = getCloudService(application.awsCred,application.s3Conf) 
    createBucketRequest1 = { 
       "bucket" : "cfqa.003" 
       } 
    rootObj = storageService.createRoot(createBucketRequest1) 
    putBucketAclRequest = { 
        "grantFullControl": "emailAddress=john@example.com", 
        // "grantFullControl": "id=f1db27629293ee8354a2874de1959b39bec20ffe98417b931fb381f97007cf97" 
        "grantReadACP" : "uri=http://acs.amazonaws.com/groups/s3/LogDelivery" 
    } 
    putBucketAclResponse=rootObj.putBucketAcl(putBucketAclRequest); 
    writeDump(putBucketAclResponse) 
</cfscript>

getBucketAcl

Use this function to get a list of ACLs in a bucket.

For more information, see the getBucketAcl official docs.

Syntax

getBucketAcl()

Example

<cfscript> 
  storageService = getCloudService(this.s3Cred,this.s3Conf) 
  createBucketRequest1 = { 
     "bucket" : "cfqa.004", 
     "grantFullControl": "uri=http://acs.amazonaws.com/groups/global/AuthenticatedUsers" 
     } 
  rootObj = storageService.createRoot(createBucketRequest1); 
  getBucketAclResponse=rootObj.getBucketAcl() 
  writeDump(getBucketAclResponse) 
</cfscript>

putObjectAcl

The function uses the ACL sub-resource to set the access control list (ACL) permissions for an object that already exists in a bucket.

In putObjectAcl, there is an extra attribute “key”: ”object_key” in the struct.

For more information, see the official docs.

Syntax

putObjectAcl(parameterStruct)

Parameters

Parameter

Description

Required

acl

Amazon S3 access control lists (ACLs) enable you to manage access to buckets and objects.

Valid values are:

  • PRIVATE: Only owner of the bucket has full control of the bucket and its objects.
  • PUBLIC_READ: Owner of the bucket has full control. Members of AllUsers group have READ rights to the bucket and its objects.
  • PUBLIC_READ_WRITE: Owner gets FULL_CONTROL. The AllUsers group gets READ and WRITE access.
  • AUTHENTICATED_READ: Owner gets FULL_CONTROL. The AuthenticatedUsers group gets READ access.

For more information, see ACLs in AWS.

No

grant permission variables

Permissions that Amazon S3 supports in an ACL.

Valid values are:

  • grantFullControl: Allows the grantee full control of the bucket.
  • grantRead: Allows the grantee to view the objects in the bucket.
  • grantWrite: Allows the grantee to create, overwrite, and delete any object in the bucket.
  • grantWriteACP: Allows the grantee to write the ACL for the bucket.

For more information, see Permissions.

No

key

The key for the operation.

Yes

Example

<cfscript> 
    storageService = getCloudService(application.awsCred,application.s3Conf) 
    // create a bucket 
    createBucketRequest = { 
        "bucket" : "bucket.putobjectacl.demo" 
    } 
    bucketObj = storageService.createBucket(createBucketRequest) 
    // upload an object 
    uploadStruct = { 
        "srcFile" : "#ExpandPath('./')#/s3-notes.pdf", 
        "key" : "key12" 
    } 
    bucketObj.uploadFile(uploadStruct) 
    // put ACL on the object 
    putObjectAclRequest = { 
        "key" : "key12", 
        "acl" : "PRIVATE" 
    } 
    try{ 
        objectAclResponse=bucketObj.putObjectAcl(putObjectAclRequest) 
        writeOutput("ACL applied successfully on the object") 
        writeDump(objectAclResponse) 
    } 
    catch(any e){ 
        writeOutput("Unable to apply ACL on the object") 
        writeDump(e) 
    } 
    putObjectAclResponse=bucketObj.GetObjectAcl("key12") 
    writeDump(putObjectAclResponse) 
</cfscript>

getObjectAcl

Return the access control list (ACL) of an object.

To use this operation, you must have READ_ACP access to the object.

Syntax

getObjectAcl(parameterStruct)

Parameters

Parameter

Description

Required

key

The key of the object for which to get the ACL information.

Yes

versionId

Refer to a specific version of the object.

No

Example

<cfscript> 
    storageService = getCloudService(application.awsCred,application.s3Conf) 
    // create a bucket 
    createBucketRequest = { 
        "bucket" : "bucket.putobjectacl.demo" 
    } 
    bucketObj = storageService.createBucket(createBucketRequest) 
    // upload an object 
    uploadStruct = { 
        "srcFile" : "#ExpandPath('./')#/s3-notes.pdf", 
        "key" : "key12" 
    } 
    bucketObj.uploadFile(uploadStruct) 
    // put ACL on the object 
    putObjectAclRequest = { 
        "key" : "key12", 
        "acl" : "PRIVATE" 
    } 
    try{ 
        objectAclResponse=bucketObj.putObjectAcl(putObjectAclRequest) 
        writeOutput("ACL applied successfully on the object") 
        writeDump(objectAclResponse) 
    } 
    catch(any e){ 
        writeOutput("Unable to apply ACL on the object") 
        writeDump(e) 
    } 
    putObjectAclResponse=bucketObj.getObjectAcl("key12") 
    writeDump(putObjectAclResponse) 
</cfscript>

Lifecycle rules

Lifecycle rule that defines how AWS s3 manages objects during their lifetime. There are two types of actions:

  1. Transition actions—Define when objects transition to another storage class.
  2. Expiration actions—Define when objects expire. Amazon S3 deletes expired objects on your behalf.

 Define lifecycle configuration rules for objects that have a well-defined lifecycle. For example:

  • Some documents are frequently accessed for a limited period. After that, they are infrequently accessed. At some point, you might not need real-time access to them, but your organization or regulations might require you to archive them for a specific period. After that, you can delete them.
  • You might upload some types of data to Amazon S3 primarily for archival purposes. For example, you might archive digital media, financial and healthcare records, raw genomic sequence data, long-term database backups, and data that must be retained for regulatory compliance.
  • If you upload periodic logs to a bucket, your application might need them for a week or a month. After that, you might want to delete them.

setRules

You can use setRules function to set lifecycle rules to objects in the bucket. The function accepts the following struct as argument.

"rules" :  
    [ 
        { 
            "id" : "rule1", 
            "prefix" : "a/b", 
            "lifecycleRuleFilter" :  
            { 
                "prefix" : "", 
                "tagging" :  
                { 
                    "key": "", 
                    "value" : "" 
                }, 
                "lifecycleRuleAndOperator" :  
                { 
                    "prefix" : "", 
                    "tagging" :  
                    [{ 
                        "key": "", 
                        "value" : "" 
                    }] 
                } 
            }, 
 
            "status" : "ENABLED", 
            "expiration" :  
            { 
                "date" : "YYYY-MM-DD", 
                "days" : 3 
            }, 
            "noncurrentVersionExpirationDays" : 30, 
            "noncurrentVersionTransitions" : 
            [ { 
                "days" : 35, 
                "storageClass" : "GLACIER" 
            }], 
            "abortIncompleteMultipartUploadInDays" : 7, 
            "transitions" : [ 
                { 
                    "days" : 90, 
                    "storageClass" : "ONEZONE_IA" 
                } 
            ] 
        } 
    ]

The following is not supported in ColdFusion (2021 release). It will be supported in a future update.

"lifecycleRuleFilter" :  
            { 
                "prefix" : "", 
                "tagging" :  
                { 
                    "key": "", 
                    "value" : "" 
                }, 
                "lifecycleRuleAndOperator" :  
                { 
                    "prefix" : "", 
                    "tagging" :  
                    [{ 
                        "key": "", 
                        "value" : "" 
                    }] 
                } 
            }

Example 1

<cfscript> 
    storageService = getCloudService(application.awsCred,application.s3Conf) 
    deleteStruct = { 
        "bucket" : "bucket.rule.append1", 
        "forcedDelete" : "true" 
    } 
     
    // Adding lifecycle rules by specifying date 
     
    // create a bucket 
    createBucketRequest = { 
        "acl":"PRIVATE", 
        "bucket" : "bucket.rule.four", 
        "objectLockEnabledForBucket" : true 
    } 
    bucketObj=storageService.createBucket(createBucketRequest) 
    // upload an object to the bucket 
    uploadStruct={ 
        "srcFile":"#ExpandPath('./')#/s3-notes.pdf", 
        "key":"key114" 
    } 
    bucketObj.uploadFile(uploadStruct) 
    exp_date=DateFormat(DateAdd("d",8,now()),"yyyy-mm-dd") 
 trans_date=DateFormat(DateAdd("d",2,now()),"yyyy-mm-dd") 
     
 ruleStruct = { 
     "rules" :  
         [{ 
             "id" : "rule1", 
             "prefix":"key", 
             "status" : "ENABLED", 
             "expiration" : { 
                 "date":exp_date 
             }, 
             "transitions" :  
                     [{ 
              "date":trans_date, 
                  "storageClass" : "ONEZONE_IA" 
                     }] 
                      
         }] 
    } 
    try{ 
        bucketObj.setRules(ruleStruct) 
        writeOutput("Lifecycle rule set successfully") 
        rules=bucketObj.getRules().rules 
  writedump(rules) 
    } 
    catch(any e){ 
        writeOutput("Unable to set lifecycle") 
        writeDump(e) 
    } 
</cfscript>

Example 2

<cfscript> 
    storageService = getCloudService(application.awsCred,application.s3Conf) 
     
    createBucketRequest = { 
        "acl":"PRIVATE", 
        "bucket" : "bucket.rule.three", 
        "objectLockEnabledForBucket" : true 
    } 
    bucketObj=storageService.createBucket(createBucketRequest) 
    // upload an object to the bucket 
    uploadStruct={ 
        "srcFile":"#ExpandPath('./')#/s3-notes.pdf", 
        "key":"key112" 
    } 
    bucketObj.uploadFile(uploadStruct) 
    ruleStruct={ 
        "rules":[{ 
            "id" : "rule1", 
         "prefix":"key", 
         "status" : "ENABLED", 
         "noncurrentVersionTransitions" :  
          [{ 
       "days":30, 
       "storageClass" : "INTELLIGENT_TIERING" 
          }] 
        }] 
    } 
    try{ 
        bucketObj.setRules(ruleStruct) 
        writeOutput("Lifecycle rule set successfully") 
        //writeDump(setRuleResponse) 
        // rules=bucketObj.getRules().rules 
  // writedump(rules) 
    } 
    catch(any e){ 
        writeOutput("Unable to set lifecycle") 
        writeDump(e) 
    } 
</cfscript>

appendRules

You can use the method appendRules to add the rules to the existing set of rules. The function accepts the following struct as argument.

"rules" :  
    [ 
        { 
            "id" : "rule1", 
            "prefix" : "a/b", 
            "lifecycleRuleFilter" :  
            { 
                "prefix" : "", 
                "tagging" :  
                { 
                    "key": "", 
                    "value" : "" 
                }, 
                "lifecycleRuleAndOperator" :  
                { 
                    "prefix" : "", 
                    "tagging" :  
                    [{ 
                        "key": "", 
                        "value" : "" 
                    }] 
                } 
            }, 
  
            "status" : "ENABLED", 
            "expiration" :  
            { 
                "date" : "YYYY-MM-DD", 
                "days" : 3 
            }, 
            "noncurrentVersionExpirationDays" : 30, 
            "noncurrentVersionTransitions" : 
            [ { 
                "days" : 35, 
                "storageClass" : "GLACIER" 
            }], 
            "abortIncompleteMultipartUploadInDays" : 7, 
            "transitions" : [ 
                { 
                    "days" : 90, 
                    "storageClass" : "ONEZONE_IA" 
                } 
            ] 
        } 
    ]

The following is not supported in ColdFusion (2021 release). It will be supported in a future update.

"lifecycleRuleFilter" :  
            { 
                "prefix" : "", 
                "tagging" :  
                { 
                    "key": "", 
                    "value" : "" 
                }, 
                "lifecycleRuleAndOperator" :  
                { 
                    "prefix" : "", 
                    "tagging" :  
                    [{ 
                        "key": "", 
                        "value" : "" 
                    }] 
                } 
            }

Example

<cfscript> 
  storageService = getCloudService(this.s3Cred,this.s3Conf) 
  rules={ 
  "rules" : [ 
                              { 
                                  "id" : "rule1", 
                                  "prefix" : "a/b", 
                                  "status" : "ENABLED", 
                                  "expiration" : { 
                                      //"date" : "DD/MM/YYY", 
                                      "days" : 3 
                                  }, 
                                  "noncurrentVersionExpirationDays" : 30, 
                                  "noncurrentVersionTransitions" :[ { 
                                      "days" : 35, 
                                      "storageClass" : "GLACIER" 
                                   }], 
                                   "abortIncompleteMultipartUploadInDays" : 7, 
                                   "transitions" : [ 
                                      { 
                                          "days" : 90, 
                                          "storageClass" : "ONEZONE_IA" 
                                      } 
                                   ] 
                              } 
                          ] 
  } 
  createBucketRequest = { 
      "acl":"PRIVATE", 
       "bucket" : "cf.bucket", 
       "objectLockEnabledForBucket" : true 
  } 
  rootObj=storageService.createBucket(createBucketRequest) 
  appendRulesResponse=rootObj.appendRules(rules) 
  writeDump(appendRulesResponse) 
</cfscript>

getRules

You can use the getRules function to retrieve all lifecycle rules for the bucket. This function does not accept any argument.

Example

<cfscript> 
    storageService = getCloudService(application.awsCred,application.s3Conf) 
    // create a bucket 
    createBucketRequest = { 
        "acl":"PRIVATE", 
        "bucket" : "bucket.rule.delete", 
        "objectLockEnabledForBucket" : true 
    } 
    bucketObj=storageService.createBucket(createBucketRequest) 
    // upload an object to the bucket 
    uploadStruct={ 
        "srcFile":"#ExpandPath('./')#/s3-notes.pdf", 
        "key":"key100" 
    } 
    bucketObj.uploadFile(uploadStruct) 
    // create rule 
    ruleStruct={ 
        "rules":[{ 
            "id" : "rule1", 
         "prefix":"key", 
         "status" : "ENABLED", 
         "noncurrentVersionTransitions" :  
          [{ 
       "days":30, 
       "storageClass" : "INTELLIGENT_TIERING" 
          }] 
        }] 
    } 
    // set the rule 
    bucketObj.setRules(ruleStruct) 
    // get the rule 
    rules=bucketObj.getRules().rules 
    writeDump(rules) 
</cfscript>

Add tags to a bucket

Object tagging gives you a way to categorize storage.

For more information, see the official docs.

Syntax

addTags(parameterStruct)

Parameters

Parameter

Description

Required

key

Unique identifier of the object.

Yes

versionId

Refer to a specific version of the object.

No

tags

Array of tag structs.

Yes

Example

<cfscript> 
  storageService = getCloudService(application.awsCred,application.s3Conf) 
  // create bucket 
  createBucketRequest = { 
       "acl":"PRIVATE", 
       "bucket" : "bucket.demoaddtagstest", 
       "objectLockEnabledForBucket" : true 
  } 
  bucketobj=storageService.createBucket(createBucketRequest) 
  // upload a file 
  uploadStruct = { 
      "srcFile" : "#ExpandPath('./')#/s3-notes.pdf", 
      "key" : "key12" 
  } 
  bucketobj.uploadFile(uploadStruct) 
  // add tags to the object 
  addTagStruct={ 
    "key" : "key12", 
    "tags" : [ 
            { 
            "key" : "label", 
            "value" : "red" 
            }, 
            { 
                "key": "category", 
                "value": "important" 
            } 
    ] 
  } 
  try{ 
      addTagResponse=bucketobj.addTags(addTagStruct) 
      writeOutput("Tags added successfully") 
      writeDump(addTagResponse) 
  } 
  catch(any e){ 
      writeOutput("Failed to add tags") 
      writeDump(e) 
  } 
</cfscript>

Get tags of an object

Retrieve the list of tags that you’d added to the bucket. Use the getTagObjects function.

This function accepts the key that you’d specified while adding the tags.

Syntax

getTagObjects(parameterStruct)

Parameters

Parameter

Description

Required

key

Unique identifier of the object.

Yes

versionId

Refer to a specific version of the object.

No

Example

<cfscript> 
  storageService = getCloudService(application.awsCred,application.s3Conf) 
  // create bucket 
  createBucketRequest = { 
      "acl":"PRIVATE", 
      "bucket" : "bucket.demoaddtagstest", 
      "objectLockEnabledForBucket" : true 
  } 
  bucketobj=storageService.createBucket(createBucketRequest) 
  // upload a file 
  uploadStruct = { 
    "srcFile" : "#ExpandPath('./')#/s3-notes.pdf", 
    "key" : "key12" 
  } 
  bucketobj.uploadFile(uploadStruct) 
// add tags to the object 
  addTagStruct={ 
 "key" : "key12", 
 "versionId":"v1", 
 "tags" : [ 
         { 
         "key" : "label", 
         "value" : "red" 
         }, 
         { 
             "key": "category", 
             "value": "important" 
         } 
 ] 
} 
  getTagResponse=bucketobj.GettagObjects("key12") 
  writeDump(getTagResponse) 
</cfscript> 

Get object details

Get details of an object that was uploaded in a bucket.

Syntax

getObjectDetails(parameterStruct)

Parameters

Parameter Description Required
srcFile
The path of the file that you want to upload in the bucket. Yes
key
Unique identifier of the object. Yes
acl

The ACL to apply to the object. For more information, see Canned ACL.The valid values are:

  • PRIVATE
  • PUBLIC_READ
  • PUBLIC_READ_WRITE
  • AUTHENTICATED_READ
  • AWS_EXEC_READ
  • BUCKET_OWNER_READ
  • BUCKET_OWNER_FULL_CONTROL
No
cacheControl
Specify the caching behavior as defined here. No
contentDisposition
Specify the content format of the object as defined here. No
contentEncoding
Specify the type of encoding on the object as defined here. No
contentLanguage
The language of the object that you want to upload. No
contentLength
The size of the object in bytes. No
validateContentMD5
True or False. The base64-encoded 128-bit MD5 digest of the message (without the headers).
No
contentType
The format of the content as defined here. No
expires
The date and time when the object cannot be cached any longer.
No
grantFullControl
Gives the grantee READ, READ_ACP, and WRITE_ACP permissions on the object.
No
grantRead
Allows grantee to only read the object data.
No
grantWrite
Allows grantee to write to the object data.
No
grantReadACP
Allows grantee to read the object ACL.
No
grantWriteACP
Allows grantee to write the ACL for the object.
No
metadata
The object metadata to use. No
serverSideEncryption
The server-side encryption algorithm to be used.
No
storageClass

Valid values are:

  • STANDARD
  • REDUCED_REDUNDANCY
  • STANDARD_IA
  • ONEZONE_IA
  • INTELLIGENT_TIERING
  • GLACIER
  • DEEP_ARCHIVE

For more information, see S3 storage class.

No
websiteRedirectLocation
If the bucket is configured as a website, specify the redirect request to another object in the same bucket or to an external URL.
No
sseCustomerAlgorithm
Specifies the algorithm to use to when encrypting the object.
No
sseCustomerKey
Specifies the customer-provided encryption key for S3 to use in encrypting data. 
No
ssekmsKeyId
Specifies the ID of the AWS Key Management Service (AWS KMS).
No
ssekmsEncryptionContext
Specifies the AWS KMS Encryption Context to use for object encryption. 
No
requestPayer
Confirms that the requester knows that they will be charged for the request.
No
tagging
The tag-set for the object. Must be a struct of key-value pairs.
No
objectLockMode

The Object locking mode that you want to apply to this object. Valid values are:

  • GOVERNANCE
  • COMPLIANCE
No
objectLockRetainUntilDate
The date and time when you want this object's Object Lock to expire.
No
objectLockLegalHoldStatus

Indicates whether the specified object has a Legal Hold in place.. Valid values are:

  • ON
  • OFF
No

Example

<cfscript> 
    storageService = getcloudService(application.awsCred,application.s3Conf) 
    // create a bucket 
    bucketStruct={ 
        "acl":"PRIVATE", 
        "bucket" : "bucket.demo.objectdetailsdemo", 
        "objectLockEnabledForBucket" : true 
    } 
    bucketObj=storageService.createBucket(bucketStruct) 
    // upload an object into the bucket 
    uploadStruct = { 
             "srcFile" : "#ExpandPath('./')#/Colors.jpg", 
        "key" : "key001", 
             "metadata": { 
                        "filename": "Colors.jpg", 
                        "creator":"john", 
                        "place":"london", 
                        "creation_date":"2020/04/20", 
                        "filetype":"image" 
        }, 
             "contentLanguage":"en", 
             "websiteRedirectLocation":"http://bucket", 
             "expires":"2020-05-28"  
         } 
    bucketObj.uploadFile(uploadStruct) 
    // get object details 
    objectDetailsResponse=bucketObj.getObjectDetails("key001") 
    writeDump(objectDetailsResponse) 
</cfscript>

Upload file parallelly

You can upload objects in a bucket in parts, or parallelly. You can use parallel uploads for objects from 5 MB to 5 TB in size. If you're uploading large objects over a stable high-bandwidth network, use parallel uploading to make better use of your available bandwidth by uploading object parts in parallel for multi-threaded performance.

Syntax

parallelUploadFile(parameterStruct)

Parameters

Parameter Description Required
srcFile The location of the file that you want to upload. Yes
chunkLengthInBytes Size of the content chunk. No
timeOutInSeconds The time out of the upload operation. No
acl

Amazon S3 access control lists (ACLs) enable you to manage access to buckets and objects.

Valid values are:

  • PRIVATE
  • PUBLIC_READ
  • PUBLIC_READ_WRITE
  • AUTHENTICATED_READ
  • AWS_EXEC_READ
  • BUCKET_OWNER_READ
  • BUCKET_OWNER_FULL_CONTROL
No
cacheControl Specify the caching behavior as defined here. No
contentDisposition Specify the content format of the object as defined here. No
contentEncoding Specify the type of encoding on the object as defined here. No
contentLanguage The language of the object that you want to upload. No
contentLength The size of the object in bytes. No
validateContentMD5 :  True | False. The base64-encoded 128-bit MD5 digest of the message (without the headers). No
contentType The format of the content as defined here. No
expires The date and time when the object cannot be cached any longer. No
grantFullControl Gives the grantee READ, READ_ACP, and WRITE_ACP permissions on the object. No
grantRead Allows grantee to read the object ACL. No
grantReadACP Allows grantee to read the object ACL. No
grantWriteACP Allows grantee to write the ACL for the object. No
metadata The object metadata to use. No
serverSideEncryption The server-side encryption algorithm to be used. No
storageClass

Valid values are:

  • STANDARD
  • REDUCED_REDUNDANCY
  • STANDARD_IA
  • ONEZONE_IA
  • INTELLIGENT_TIERING
  • GLACIER
  • DEEP_ARCHIVE

For more information, see S3 storage class.

No
websiteRedirectLocation If the bucket is configured as a website, specify the redirect request to another object in the same bucket or to an external URL. No
sseCustomerAlgorithm Specifies the algorithm to use to when encrypting the object. No
sseCustomerKey Specifies the customer-provided encryption key for S3 to use in encrypting data.  No
sseCustomerKeyMD5 Specifies the MD5 of the key. No
ssekmsKeyId Specifies the ID of the AWS Key Management Service (AWS KMS). No
ssekmsEncryptionContext Specifies the AWS KMS Encryption Context to use for object encryption.  No
requestPayer Confirms that the requester knows that they will be charged for the request. No
tagging  NOTE: This will be supported from s3 sdk 2.10.46 onwards. No
objectLockMode

The Object locking mode that you want to apply to this object. Valid values are:

  • GOVERNANCE
  • COMPLIANCE
 
objectLockRetainUntilDate The date and time when you want this object's Object Lock to expire. No
          objectLockLegalHoldStatus

Indicates whether the specified object has a Legal Hold in place.. Valid values are:

  • ON
  • OFF
No

Example

<cfscript> 
    storageService = getCloudService(application.awsCred,application.s3Conf) 
    // create a bucket 
     
 createBucketRequest = { 
  "bucket" : "bucket.parallel.upload" 
    } 
    rootObj = storageService.createBucket(createBucketRequest) 
    // parallel upload struct 
    parallelUploadRequest = { 
        "srcFile" : "#ExpandPath('..')#/files/file.txt", 
        "chunkLengthInBytes": "5e+6", 
        "timeOutInSeconds": "60", 
        "key": "key1"         
    } 
    try{ 
        uploadResponse = rootObj.parallelUploadFile(parallelUploadRequest) 
        writeOutput("Parallel upload successful") 
        writeDump(uploadResponse) 
    } 
    catch(any e){ 
        writeDump(e) 
    } 
</cfscript>

Download file parallelly

Once you’ve uploaded a large object in a bucket, you can then download the object parallelly, in parts.

Syntax

parallelDownloadFile(parameterStruct)

Parameters

Parameter Description Required
key The key with which an object was uploaded. Yes
destinationFile The location where you want to download the file to. Yes
chunkLengthInBytes Size of the content chunk. No
cacheControl
Set the cache control header of the object, No
contentDisposition
Set the Content-Disposition header of the response.
No
contentEncoding
Set the Content-Encoding header of the response.
No
contentLanguage
Set the Content-Language header of the response.
No
contentType
Set the Content-Type header of the response.
No
expires
Sets the Response header of the response.
No
versionId
Refer to a specific version of the object. No
sseCustomerAlgorithm
Specify the algorithm to use to when encrypting the object.
No
sseCustomerKey
Specify the customer-provided encryption key for S3 to use in encrypting data.
No
requestPayer
Confirms that the requester knows that they will be charged for the request.
No

Example

<cfscript> 
    storageService = cloudService(application.awsCred,application.s3Conf) 
    // create a bucket 
     
 createBucketRequest = { 
  "bucket" : "bucket.parallel.download" 
    } 
    rootObj = storageService.createBucket(createBucketRequest) 
     
    // parallel upload struct 
    parallelUploadRequest = { 
        "srcFile" : "#ExpandPath('..')#/files/file.txt", 
        "chunkLengthInBytes": "5e+6", 
        "timeOutInSeconds": "60", 
        "key": "key1"         
    } 
    // upload object parallelly 
    rootObj.parallelUploadFile(parallelUploadRequest) 
    // parallel download struct 
    parallelDownloadRequest = { 
        "key" : "key1", 
        "destinationFile" : "file.txt", 
        "chunkLengthInBytes": "5e+6" 
    } 
    downloadResponse=rootObj.parallelDownloadFile(parallelDownloadRequest) 
    writeDump(downloadResponse) 
</cfscript>

Multi-part upload of files

Multipart upload allows you to upload a single object as a set of parts. Each part is a contiguous portion of the object's data.

You can upload these object parts independently and in any order.

For more information, see Multi-part uploads in AWS.

Syntax

multipartUpload(parameterStruct)

Parameters

Parameter Description Required
srcFile The location of the file that you want to upload. Yes
chunkLengthInBytes Size of the content chunk. No
timeOutInSeconds The time out of the upload operation. No
acl

Amazon S3 access control lists (ACLs) enable you to manage access to buckets and objects.

Valid values are:

  • PRIVATE
  • PUBLIC_READ
  • PUBLIC_READ_WRITE
  • AUTHENTICATED_READ
  • AWS_EXEC_READ
  • BUCKET_OWNER_READ
  • BUCKET_OWNER_FULL_CONTROL
No
cacheControl Specify the caching behavior as defined here. No
contentDisposition Specify the content format of the object as defined here. No
contentEncoding Specify the type of encoding on the object as defined here. No
contentLanguage The language of the object that you want to upload. No
contentLength The size of the object in bytes. No
validateContentMD5 :  True | False. The base64-encoded 128-bit MD5 digest of the message (without the headers). No
contentType The format of the content as defined here. No
expires The date and time when the object cannot be cached any longer. No
grantFullControl Gives the grantee READ, READ_ACP, and WRITE_ACP permissions on the object. No
grantRead Allows grantee to read the object ACL. No
grantReadACP Allows grantee to read the object ACL. No
grantWriteACP Allows grantee to write the ACL for the object. No
metadata The object metadata to use. No
serverSideEncryption The server-side encryption algorithm to be used. No
storageClass

Valid values are:

  • STANDARD
  • REDUCED_REDUNDANCY
  • STANDARD_IA
  • ONEZONE_IA
  • INTELLIGENT_TIERING
  • GLACIER
  • DEEP_ARCHIVE

For more information, see S3 storage class.

No
websiteRedirectLocation If the bucket is configured as a website, specify the redirect request to another object in the same bucket or to an external URL. No
sseCustomerAlgorithm Specifies the algorithm to use to when encrypting the object. No
sseCustomerKey Specifies the customer-provided encryption key for S3 to use in encrypting data.  No
sseCustomerKeyMD5 Specifies the MD5 of the key. No
ssekmsKeyId Specifies the ID of the AWS Key Management Service (AWS KMS). No
ssekmsEncryptionContext Specifies the AWS KMS Encryption Context to use for object encryption.  No
requestPayer Confirms that the requester knows that they will be charged for the request. No
tagging  NOTE: This will be supported from s3 sdk 2.10.46 onwards. No
objectLockMode

The Object locking mode that you want to apply to this object. Valid values are:

  • GOVERNANCE
  • COMPLIANCE
 
objectLockRetainUntilDate The date and time when you want this object's Object Lock to expire. No
          objectLockLegalHoldStatus

Indicates whether the specified object has a Legal Hold in place.. Valid values are:

  • ON
  • OFF
No

Example

<cfscript> 
    storageService = cloudService(application.awsCred,application.s3Conf) 
    // create a bucket 
     
 createBucketRequest = { 
  "bucket" : "bucket.parallel.multipartupload" 
    } 
    rootObj = storageService.createBucket(createBucketRequest) 
    // multi part upload struct 
    mulitipartUploadRequest = { 
        "srcFile" : "#ExpandPath('..')#/files/file.mp4", 
        "chunkLengthInBytes": "5e+6", 
        "timeOutInSeconds": "2", 
        "key": "key1"         
    } 
    try{ 
        uploadResponse = rootObj.multipartUpload(mulitipartUploadRequest) 
        writeOutput("File uploaded sucessfully in multiple parts") 
        writeDump(uploadResponse) 
    } 
    catch(any e){ 
        writeDump(e) 
    } 
</cfscript>

Upload an object

Upload an object to a bucket.

Syntax

uploadObject(parameterStruct)

Parameters

Parameter Description Required
key
Unique identifier of the object. Yes
acl

The ACL to apply to the object. For more information, see Canned ACL.The valid values are:

  • PRIVATE
  • PUBLIC_READ
  • PUBLIC_READ_WRITE
  • AUTHENTICATED_READ
  • AWS_EXEC_READ
  • BUCKET_OWNER_READ
  • BUCKET_OWNER_FULL_CONTROL
No
cacheControl
Specify the caching behavior as defined here. No
contentDisposition
Specify the content format of the object as defined here. No
contentEncoding
Specify the type of encoding on the object as defined here. No
contentLanguage
The language of the object that you want to upload. No
contentLength
The size of the object in bytes. No
validateContentMD5
The base64-encoded 128-bit MD5 digest of the message (without the headers).
No
contentType
The format of the content as defined here. No
expires
The date and time when the object cannot be cached any longer.
No
grantFullControl
Gives the grantee READ, READ_ACP, and WRITE_ACP permissions on the object.
No
grantRead
Allows grantee to only read the object data.
No
grantWrite
Allows grantee to write to the object data.
No
grantReadACP
Allows grantee to read the object ACL.
No
grantWriteACP
Allows grantee to write the ACL for the object.
No
metadata
The object metadata to use. No
serverSideEncryption
The server-side encryption algorithm to be used.
No
storageClass

Valid values are:

  • STANDARD
  • REDUCED_REDUNDANCY
  • STANDARD_IA
  • ONEZONE_IA
  • INTELLIGENT_TIERING
  • GLACIER
  • DEEP_ARCHIVE

For more information, see S3 storage class.

No
websiteRedirectLocation
If the bucket is configured as a website, specify the redirect request to another object in the same bucket or to an external URL.
No
sseCustomerAlgorithm
Specifies the algorithm to use to when encrypting the object.
No
sseCustomerKey
Specifies the customer-provided encryption key for S3 to use in encrypting data. 
No
ssekmsKeyId
Specifies the ID of the AWS Key Management Service (AWS KMS).
No
ssekmsEncryptionContext
Specifies the AWS KMS Encryption Context to use for object encryption. 
No
requestPayer
Confirms that the requester knows that they will be charged for the request.
No
tagging
The tag-set for the object. Must be a struct of key-value pairs.
No
objectLockMode

The Object locking mode that you want to apply to this object. Valid values are:

  • GOVERNANCE
  • COMPLIANCE
No
objectLockRetainUntilDate
The date and time when you want this object's Object Lock to expire.
No
object Object to be uploaded. No
type Object type- json No
useCustomSerializer

True or False. Whether to use the custom serializer or not. The default value is true. The custom serializer will be always used for XML deserialization. If false, the XML/JSON deserialization will be done using the default ColdFusion behavior. If any other type is passed with useCustomSerializer as false, then TypeNotSupportedException will be thrown.

For more information, see Serialize.

No
objectLockLegalHoldStatus

Indicates whether the specified object has a Legal Hold in place.. Valid values are:

  • ON
  • OFF

Example

<cfscript> 
    storageService = getCloudService(application.awsCred,application.s3Conf) 
    // create the bucket 
    rootObj=storageService.bucket("bucket.download.object","true") 
    key = "key12" 
 a=["a","b","c","d"]; 
    // define upload struct 
    uploadStruct = { 
     "type": "json", 
     "object" : a, 
     "key" : key 
    } 
    // upload an object 
    try{ 
        rootObj.uploadObject(uploadStruct) 
        writeOutput("Object uploaded successfully") 
    } 
    catch(any e){ 
        writeOutput("Failed to upload object") 
        writeDump(e) 
    } 
    // define download struct 
    downloadStruct = { 
        "type": "json", 
        "key" : key 
    } 
    // download the object 
    try{ 
        rootObj.downloadObject(downloadStruct) 
        writeOutput("Object downloaded successfully") 
    } 
    catch(any e){ 
        writeOutput("Failed to download object") 
        writeDump(e) 
    } 
</cfscript>

Download an object

Download an object that was uploaded previously.

Syntax

downloadObject(parameterStruct)

Parameters

Parameter Description Required
key
Unique identifier of the object. Yes
cacheControl
Set the cache control header of the object, No
contentDisposition
Set the Content-Disposition header of the response.
No
contentEncoding
Set the Content-Encoding header of the response.
No
contentLanguage
Set the Content-Language header of the response.
No
contentType
Set the Content-Type header of the response.
No
expires
Sets the Response header of the response.
No
versionId
Refer to a specific version of the object. No
sseCustomerAlgorithm
Specify the algorithm to use to when encrypting the object.
No
sseCustomerKey
Specify the customer-provided encryption key for S3 to use in encrypting data.
No
requestPayer
Confirms that the requester knows that they will be charged for the request.
No
type Object type- json No
useCustomSerializer True or False No

Example

<cfscript> 
    storageService = getCloudService(application.awsCred,application.s3Conf) 
    // create the bucket 
    rootObj=storageService.bucket("bucket.download.object","true") 
    key = "key12" 
 a=["a","b","c","d"]; 
    // define upload struct 
    uploadStruct = { 
     "type": "json", 
     "object" : a, 
     "key" : key 
    } 
    // upload an object 
    try{ 
        rootObj.uploadObject(uploadStruct) 
        writeOutput("Object uploaded successfully") 
    } 
    catch(any e){ 
        writeOutput("Failed to upload object") 
        writeDump(e) 
    } 
    // define download struct 
    downloadStruct = { 
        "type": "json", 
        "key" : key 
    } 
    // download the object 
    try{ 
        rootObj.downloadObject(downloadStruct) 
        writeOutput("Object downloaded successfully") 
    } 
    catch(any e){ 
        writeOutput("Failed to download object") 
        writeDump(e) 
    } 
</cfscript>

Upload a directory

Upload a directory in a bucket. You can also perform a bulk upload.

Syntax

uploadDirectory(parameterStruct)

Parameters

Parameter

Description

Required

prefix

It is the prefix that will be added to the object key while uploading.

Yes

sourceDirectory

The location of the directory to upload.

Yes

uploadNestedDirectory

True or False. Specify if you want to include sub-directories inside the main folder.

No

Example

<cfscript> 
    storageService = getCloudService(application.awsCred,application.s3Conf) 
    // create a bucket 
    createBucketRequest = { 
        "acl":"PRIVATE", 
        "bucket" : "bucket.b.four", 
        "objectLockEnabledForBucket" : true 
    } 
    bucketObj=storageService.createBucket(createBucketRequest) 
    // define request parameters for upload 
    dirUploadReq = { 
        "prefix" : "test_bulk\", 
        "sourceDirectory" : "../files", 
        "uploadNestedDirectory" : true 
    } 
    try{ 
        uploadResponse=storageService.uploadDirectory(dirUploadReq) 
        writeOutput("Directory uploaded successfully") 
        writeDump(uploadResponse) 
    } 
    catch(any e){ 
        writeDump(e) 
    } 
  </cfscript>

PutObjectLockConfiguration

Place an Object Lock configuration on the specified bucket.

For more information, see the official docs.

Syntax

putObjectLockConfiguration(parameterStruct)

Parameters

Parameter

Description

Required

objectLockConfiguration

The root level tag for the ObjectLockConfiguration parameters.

Yes

objectLockEnabled

Whether this bucket has an Object Lock configuration enabled. Valid values are: ENABLED

No

defaultRetention

Struct containing the following:

mode: The Object locking mode that you want to apply to this object. Valid values are:

  • GOVERNANCE
  • COMPLIANCE

days: Number of days to lock the object for.

years: Number of years to lock the object for.

Note: Specify either days or years, not both.

No

Example

<cfscript> 
    storageService = getCloudService(application.awsCred,application.s3Conf) 
    
    // create a bucket 
    createBucketRequest = { 
        "acl":"PRIVATE", 
        "bucket" : "bucket.demo.getobjectlock", 
        "objectLockEnabledForBucket" : true 
    } 
    // create a bucket 
    bucketObj=storageService.createBucket(createBucketRequest) 
    // upload an object to the bucket 
    uploadStruct={ 
        "srcFile":"#ExpandPath('./')#/s3-notes.pdf", 
        "key":"key161" 
    } 
    bucketObj.uploadFile(uploadStruct) 
    // put object lock 
    putObjectLockRequest = { 
        "objectLockConfiguration" : { 
            "objectLockEnabled" : "ENABLED", 
            "defaultRetention" : { 
                "mode" : "GOVERNANCE", 
                "days" : 31 
            } 
        } 
    } 
    bucketObj.putObjectLockConfiguration(putObjectLockRequest) 
    // get object lock 
    objectLockResponse=bucketObj.getObjectLockConfiguration() 
    writeDump(objectLockResponse) 
</cfscript>

getObjectLockConfiguration

Get the Object Lock configuration for a bucket.

For more information, see the official docs.

Syntax

getObjectLockConfiguration()

Example

<cfscript> 
    storageService = getCloudService(application.awsCred,application.s3Conf) 
    
    // create a bucket 
    createBucketRequest = { 
        "acl":"PRIVATE", 
        "bucket" : "bucket.demo.getobjectlock", 
        "objectLockEnabledForBucket" : true 
    } 
    // create a bucket 
    bucketObj=storageService.createBucket(createBucketRequest) 
    // upload an object to the bucket 
    uploadStruct={ 
        "srcFile":"#ExpandPath('./')#/s3-notes.pdf", 
        "key":"key161" 
    } 
    bucketObj.uploadFile(uploadStruct) 
    // put object lock 
    putObjectLockRequest = { 
        "objectLockConfiguration" : { 
            "objectLockEnabled" : "ENABLED", 
            "defaultRetention" : { 
                "mode" : "GOVERNANCE", 
                "days" : 31 
            } 
        } 
    } 
    bucketObj.putObjectLockConfiguration(putObjectLockRequest) 
    // get object lock 
    objectLockResponse=bucketObj.getObjectLockConfiguration() 
    writeDump(objectLockResponse) 
</cfscript>

acquireLegalHold

Apply a Legal Hold to object.

For more information, see Locking Objects and the official doc.

Syntax

acquireLegalHold(parameterStruct)

Parameters

Parameter

Description

Required

key

The key name for the object that you want to place a Legal Hold on.

Yes

versionId

The version ID of the object that you want to place a Legal Hold on.

No

legalHold

The root level tag for the LegalHold parameters. Struct containing the following:

status: ON or OFF

No

requestPayer

Confirms that the requester knows that they will be charged for the request. Valid value is: REQUESTER

No

Example

<cfscript> 
    storageService = getCloudService(application.awsCred,application.s3Conf) 
     
    // create a bucket 
    createBucketRequest = { 
        "acl":"PRIVATE", 
        "bucket" : "bucket.demo.acquirelegalhold", 
        "objectLockEnabledForBucket" : true 
    } 
    // create a bucket 
    bucketObj=storageService.createBucket(createBucketRequest) 
    // upload an object to the bucket 
    uploadStruct={ 
        "srcFile":"#ExpandPath('./')#/s3-notes.pdf", 
        "key":"key121" 
    } 
    bucketObj.uploadFile(uploadStruct) 
    // enable versioning 
    bucketObj.enableVersioning() 
    // list all versions 
    list=bucketObj.listAllVersions() 
    // get version Id 
    v_id=list.response[1].versionId 
    // acquire legal hold request 
    acquireLegalHoldRequest = { 
        "key" : "key121", 
        "versionId" : "#v_id#", 
        "legalHold" : { 
            "status" : "ON" 
        }, 
        "requestPayer" : "REQUESTER" 
    } 
    try{ 
        acquireHoldResponse=bucketObj.acquireLegalHold(acquireLegalHoldRequest) 
        writeDump(acquireHoldResponse) 
    } 
    catch (any e){ 
        writeDump(e) 
    } 
</cfscript>

getLegalHold

Apply a Legal Hold to object.

For more information, see Locking Objects.

Syntax

getLegalHold(parameterStruct)

Parameters

Parameter

Description

Required

key

The key name for the object whose Legal Hold status you want to get.

Yes

versionId

The version ID of the object whose Legal Hold status you want to get.

No

requestPayer

Confirms that the requester knows that they will be charged for the request. Valid value is: REQUESTER

No

Example

<cfscript> 
    storageService = getCloudService(application.awsCred,application.s3Conf) 
    createBucketRequest = { 
        "acl":"PRIVATE", 
        "bucket" : "bucket.demo.getlegalhold", 
        "objectLockEnabledForBucket" : true 
    } 
    // create a bucket 
    bucketObj=storageService.createBucket(createBucketRequest) 
    // upload an object to the bucket 
    uploadStruct={ 
        "srcFile":"#ExpandPath('./')#/s3-notes.pdf", 
        "key":"key141" 
    } 
    bucketObj.uploadFile(uploadStruct) 
    // enable versioning 
    bucketObj.enableVersioning() 
    // list all versions 
    list=bucketObj.listAllVersions() 
    // get version Id 
    v_id=list.response[1].versionId 
    // get legal hold status on the object 
    getLegalHoldRequest = { 
        "key" : "key141", 
        "versionId" : "#v_id#", 
        "requestPayer" : "REQUESTER" 
    } 
    getLegalHoldResponse=bucketObj.getLegalHold(getLegalHoldRequest) 
    writeDump(getLegalHoldResponse) 
</cfscript>

Acquire retention lock

Place an Object Retention configuration on an object.

For more information, see the official docs.

Syntax

acquireRetentionLock(parameterStruct)

Parameters

Parameter

Description

Required

key

The key name for the object that you want to apply this Object Retention configuration to.

Yes

versionID

The version ID for the object that you want to apply this Object Retention configuration to.

No

retention

Struct containing the following:

  • mode: Retention mode for the specified object. Values are GOVERNANCE or COMPLIANCE.
  • retainUntilDate: The date on which this Object Lock Retention will expire.

No

requestPayer

Confirms that the requester knows that he/she will be charged for the request.

No

bypassGovernanceRetention

Whether this operation must bypass Governance-mode restrictions.

 

Example

<cfscript> 
    storageService = getCloudService(application.awsCred,application.s3Conf) 
    createBucketRequest = { 
        "acl":"PRIVATE", 
        "bucket" : "bucket.demo.acquireretentionlock", 
        "objectLockEnabledForBucket" : true 
    } 
    // create a bucket 
    bucketObj=storageService.createBucket(createBucketRequest) 
    // upload an object to the bucket 
    uploadStruct={ 
        "srcFile":"#ExpandPath('./')#/s3-notes.pdf", 
        "key":"key131" 
    } 
    bucketObj.uploadFile(uploadStruct) 
    // enable versioning 
    bucketObj.enableVersioning() 
    // list all versions 
    list=bucketObj.listAllVersions() 
    // get version Id 
    v_id=list.response[1].versionId 
    retainDate=DateFormat(DateAdd("d",8,now()),"yyyy-mm-dd") 
    retentionRequestStruct = { 
       "key" : "key131", 
       "versionId" : "#v_id#", 
       "retention" : { 
            "mode" : "GOVERNANCE", 
            "retainUntilDate" : "#retainDate#" 
       }, 
       "requestPayer" : "REQUESTER", 
       "bypassGovernanceRetention" : false 
    } 
    try{ 
        acquireRetentionLockResponse=bucketObj.acquireRetentionLock(retentionRequestStruct) 
        writeDump(acquireRetentionLockResponse) 
    } 
    catch(any e){ 
        writeDump(e) 
    } 
</cfscript>

Get retention lock

Retrieve an object's retention settings.

Syntax

getRetentionLock(parameterStruct)

Parameters

Parameter

Description

Required

key

The key name for the object for which you want to retrieve this Object Retention configuration.

Yes

versionId

The version id for the object for which you want to retrieve this Object Retention configuration.

No

requestPayer

Confirms that the requester knows that he/she will be charged for the request. Valid value is: REQUESTER

No

Example

<cfscript> 
    storageService = getCloudService(application.awsCred, application.s3Conf) 
     
    createBucketRequest = { 
         "bucket" : "bucket.demo.lock", 
         "objectLockEnabledForBucket" : "true"  
        } 
    rootObj=storageService.createBucket(createBucketRequest) 
    //rootObj=storageService.bucket("cfqa2.test123456",true); 
     
    rootObj.enableVersioning() 
    // upload a file 
    uploadRequest = { 
            "srcFile" : "test.txt",  
            "key" : "test", 
            "validateContentMD5":"true", 
            "objectLockMode" : "GOVERNANCE", 
            "objectLockRetainUntilDate" : "2019-12-11", 
            "objectLockLegalHoldStatus" : "ON" 
    } 
    rootObj.uploadFile(uploadRequest); 
    //writedump(uploadResponse) 
 
  
    request1 = { 
        "objectLockConfiguration" : { 
        "objectLockEnabled" : "ENABLED", 
        "defaultRetention" : { 
                "mode" : "GOVERNANCE", 
                "days" : "2", 
                "years": "1" 
            } 
        } 
    } 
    
    rootObj.putObjectLockConfiguration(request1) 
    retentionRequest = { 
        "key" : "test", 
         "retention" : { 
            "mode" : "GOVERNANCE", 
            "retainUntilDate" : "{ts '2019-11-27 12:13:50'}" 
    }, 
    "bypassGovernanceRetention" :"true" 
    } 
    rootObj.acquireRetentionLock(retentionRequest) 
    getRetentionRequest={ 
        "key" : "test" 
    } 
    writedump(rootObj.getRetentionLock(getRetentionRequest)) 
</cfscript>

Requester Pay

In general, bucket owners pay for the storage and data transfer costs associated with their bucket. A bucket owner can configure a bucket to be a Requester Pays bucket. With Requester Pays buckets, the requester instead of the bucket owner pays the cost of the request and the data download from the bucket. The bucket owner always pays the cost of storing data.

Typically, you configure buckets to be Requester Pays when you want to share data but not incur charges associated with others accessing the data. You might, for example, use Requester Pays buckets when making available large datasets, such as zip code directories, reference data, geospatial information, or web crawling data.

If you enable Requester Pays on a bucket, anonymous access to that bucket is not allowed.

You must authenticate all requests involving Requester Pays buckets. The request authentication enables Amazon S3 to identify and charge the requester for their use of the Requester Pays bucket.

enableRequesterPay

Enable requester pay on a bucket.

Syntax

enableRequesterpay()

Example

<cfscript> 
  storageService = getCloudService(application.awsCred,application.s3Conf) 
  // create a bucket 
  createBucketRequest = { 
    "acl":"PRIVATE", 
    "bucket" : "sg.bucket", 
    "objectLockEnabledForBucket" : true 
  } 
  // create a bucket 
  myobj=storageService.createBucket(createBucketRequest) 
  // Enabling "Requester Pays" on bucket: 
  myobj.enableRequesterpay() 
  // Get Requester Pay status: 
  getResponse=myobj.getRequesterPayStatus() 
  writeDump(getResponse) 
</cfscript> 

disableRequesterPay

Disable requester pay on a bucket.

Syntax

disableRequesterPay()

Example

<cfscript> 
    storageService = getCloudService(application.awsCred,application.s3Conf) 
    // create a bucket 
    createBucketRequest = { 
        "acl":"PRIVATE", 
        "bucket" : "bucket.demo.disablerequester", 
        "objectLockEnabledForBucket" : true 
    } 
    // create a bucket 
    bucketObj=storageService.createBucket(createBucketRequest) 
    // Enabling "Requester Pays" on bucket 
    bucketObj.enableRequesterpay() 
    // Disable requester pay status on the bucket 
    try{ 
        disableRequesterPayResponse=bucketObj.disableRequesterPay() 
        writeOutput("Requester pay disabled") 
        writeDump(disableRequesterPayResponse) 
    } 
    catch (any e){ 
        writeOutput("Unable to disable requester pay") 
        writeDUmp(e) 
    } 
</cfscript>

getRequesterPayStatus

Check if requester pay is enabled on bucket.

Syntax

getRequesterPayStatus()

Example

<cfscript> 
    storageService = cloudService(application.awsCred,application.s3Conf) 
    // create a bucket 
    createBucketRequest = { 
        "acl":"PRIVATE", 
        "bucket" : "bucket.demo.getrequester", 
        "objectLockEnabledForBucket" : true 
    } 
    // create a bucket 
    bucketObj=storageService.createBucket(createBucketRequest) 
    // Enabling "Requester Pays" on bucket 
    bucketObj.enableRequesterpay() 
    // Get the requester pay details 
    getRequesterPayResponse=bucketObj.getRequesterPayStatus() 
    writeDump(getRequesterPayResponse) 
</cfscript>

Security

AWS provides Identity and Access Management (IAM) user policies that specify the users that can access specific buckets and objects.

AWS S3 provides writing bucket policies that define access to specific buckets and objects. You can use a bucket policy to grant access across AWS accounts, grant public or anonymous permissions, and allow or block access based on conditions.

Using Amazon S3 Block Public Access as a centralized way to limit public access. Block Public Access settings override bucket policies and object permissions. Be sure to enable Block Public Access for all accounts and buckets that you don't want publicly accessible.

Amazon S3 block public access provides four settings. You can apply these settings in any combination to individual buckets or to entire AWS accounts. If you apply a setting to an account, it applies to all buckets that are owned by that account.

putSecurityAccessBlock

Block public access on bucket. For more information, see Public access block.

Syntax

putSecurityAccessBlock(parameterStruct)

Parameters

Parameter

Description

Required

blockPublicAcls

TRUE or FALSE. Whether S3 must block public access control lists (ACLs) for this bucket and objects in this bucket.

No

ignorePublicAcls

TRUE or FALSE. Whether S3 must ignore public access control lists (ACLs) for this bucket and objects in this bucket.

No

blockPublicPolicy

TRUE or FALSE. Whether S3 must block public bucket policies for this bucket.

No

restrictPublicBuckets

TRUE or FALSE. Whether S3 must restrict public bucket policies for this bucket.

No

Example

<cfscript> 
    storageService = getCloudService(application.awsCred,application.s3Conf) 
    // create a bucket 
    createBucketRequest = { 
        "acl":"PRIVATE", 
        "bucket" : "bucket.demo.getpublicaccess", 
        "objectLockEnabledForBucket" : true 
    } 
    bucketobj=storageService.createBucket(createBucketRequest) 
    pubAccessReq = { 
        "publicAccessBlockConfiguration" : { 
            "blockPublicAcls" : true, 
            "ignorePublicAcls" : true, 
            "blockPublicPolicy" : true, 
            "restrictPublicBuckets" : true 
        } 
    } 
    try{ 
        accessBlockResponse=bucketobj.putSecurityAccessBlock(pubAccessReq) 
        writeOutput("Block to public access enforced successfully") 
        writeDump(accessBlockResponse) 
    } 
    catch(any e){ 
        writeOutput("Failed to block public access") 
        writeDump(e) 
    } 
    // get the block details 
    getBlockResponse=bucketobj.getSecurityAccessBlock() 
    writeDump(getBlockResponse) 
</cfscript>

getSecurityAccessBlock

Get public access configuration on bucket. For more information, see Get public access block.

Syntax

getSecurityAccessBlock()

Example

<cfscript> 
    storageService = getCloudService(application.awsCred,application.s3Conf) 
    // create a bucket 
    createBucketRequest = { 
        "acl":"PRIVATE", 
        "bucket" : "bucket.demo.getpublicaccess", 
        "objectLockEnabledForBucket" : true 
    } 
    bucketobj=storageService.createBucket(createBucketRequest) 
    pubAccessReq = { 
        "publicAccessBlockConfiguration" : { 
            "blockPublicAcls" : true, 
            "ignorePublicAcls" : true, 
            "blockPublicPolicy" : true, 
            "restrictPublicBuckets" : true 
        } 
    } 
    try{ 
        accessBlockResponse=bucketobj.putSecurityAccessBlock(pubAccessReq) 
        writeOutput("Block to public access enforced successfully") 
        writeDump(accessBlockResponse) 
    } 
    catch(any e){ 
        writeOutput("Failed to block public access") 
        writeDump(e) 
    } 
    // get the block details 
    getBlockResponse=bucketobj.getSecurityAccessBlock() 
    writeDump(getBlockResponse) 
</cfscript>

Get location of an S3 bucket

Get the region that contains a bucket.

For more information, see Get bucket location.

Syntax

getLocation()

Example

<cfscript> 
    storageService = getCloudService(application.awsCred, application.s3Conf) 
    // create a bucket 
    createBucketRequest = { 
        "acl":"PRIVATE", 
        "bucket" : "bucket.demo.loc", 
        "objectLockEnabledForBucket" : true 
    } 
    // create a bucket 
    bucketObj=storageService.createBucket(createBucketRequest) 
    // get bucket location 
    bucketLoc=bucketObj.getLocation() 
    writeDump(bucketLoc) 
</cfscript>

Get metadata of an object

Get the metadata of an object in a bucket. While uploading an object, you'd have already set the object's metadata.

Syntax

getObjectMetadata(parameterStruct)

Parameters

Parameter

Description

Required

key

The key with which the object was uploaded.

Yes

versionId

The version id associated with the object.

No

Example

<cfscript> 
    storageService = cloudService(application.awsCred,application.s3Conf) 
    // create a bucket 
    bucketStruct={ 
        "acl":"PRIVATE", 
        "bucket" : "bucket.demo.objectmetadatademo", 
        "objectLockEnabledForBucket" : true 
    } 
    bucketObj=storageService.createBucket(bucketStruct) 
    // upload an object into the bucket 
    uploadStruct={ 
        "srcFile" : "#ExpandPath('./')#/Colors.jpg", 
        "key" : "key001", 
        "metadata": { 
                        "filename": "Colors.jpg", 
                        "creator":"john", 
                        "place":"london", 
                        "creation_date":"2020/04/20", 
                        "filetype":"image" 
        } 
    } 
    bucketObj.uploadFile(uploadStruct) 
    // get object metadata 
    objectMetadataResponse=bucketObj.getObjectMetadata("key001") 
    writeDump(objectMetadataResponse) 
</cfscript>

Pre-signed URL

A pre-signed URL gives you access to the object identified in the URL, provided that the creator of the pre-signed URL has permissions to access that object. If you receive a pre-signed URL to upload an object, you can upload the object only if the creator of the pre-signed URL has the necessary permissions to upload that object.

For more information, see Uploading objects using pre-signed urls.

generateGetPresignedUrl

Generate a url to get an object.

Syntax

generateGetPresignedUrl(parameterStruct)

Parameters

Parameter Description Required
duration Duration of the url in days. No
key The key associated with the object. Yes
cacheControl
Specify the caching behavior as defined here. No
contentDisposition
Specify the content format of the object as defined here. No
contentEncoding
Specify the type of encoding on the object as defined here. No
contentLanguage
The language of the object that you want to upload. No
contentType
The format of the content as defined here. No
expires
The date and time when the object cannot be cached any longer.
No
versionId The version id of the object. No
sseCustomerAlgorithm
Specifies the algorithm to use to when encrypting the object.
No
sseCustomerKey
Specifies the customer-provided encryption key for S3 to use in encrypting data. 
No
sseCustomerKeyMD5 Specifies the MD5 of the key. No
requestPayer Confirms that the requester knows that they will be charged for the request. No

Example

<cfscript> 
    storageService = getCloudService(application.awsCred,application.s3Conf) 
    // create a bucket 
     
 createBucketRequest = { 
  "bucket" : "bucket.parallel.getpresignedurl" 
    } 
    rootObj = storageService.createBucket(createBucketRequest) 
    // upload a file 
    src = "#ExpandPath('..')#/files/file.txt" 
 key = "key12" 
       
 uploadStruct = { 
     "srcFile" : src, 
     "key" : key  
    } 
    rootObj.uploadFile(uploadStruct) 
    // Pre signed url struct 
    getPresignedUrlRequest = { 
        "duration": "1d", // 1 day 
        "key":key 
    } 
    getPresignedUrlResp = rootObj.generateGetPresignedUrl(getPresignedUrlRequest) 
    writeDump(getPresignedUrlResp) 
</cfscript>

generatePutPresignedUrl

Generates a url to put an object.

Syntax

generatePutPresignedUrl(parameterStruct)

Parameters

Parameter

Description

Required

duration

Duration of the url in days.

No

key

The key associated with the object.

Yes

Example

<cfscript> 
    storageService = getCloudService(application.awsCred,application.s3Conf) 
    // create a bucket 
     
 createBucketRequest = { 
  "bucket" : "bucket.parallel.putpresignedurl" 
    } 
    rootObj = storageService.createBucket(createBucketRequest) 
    putPresignedReq = { 
        "duration": "1d", // 1 day 
        "key" : "key12" 
     } 
    putPresignedUrlResp = rootObj.generatePutPresignedUrl(putPresignedReq);  
    writedump(putPresignedUrlResp) 
</cfscript>

 Adobe

Get help faster and easier

New user?