Navigate to <CF_HOME>/cfusion/bin.
Last updated on
Feb 16, 2024
Introduction
Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface. Amazon S3 can be employed to store any type of object which allows for uses like storage for Internet applications, backup and recovery, disaster recovery, data archives, data lakes for analytics, and hybrid cloud storage.
Amazon S3 stores data as objects within buckets. An object consists of a file and optionally any metadata that describes that file.
To store an object in Amazon S3, you upload the file you want to store to a bucket. When you upload a file, you can set permissions on the object as well as any metadata.
Buckets are the roots for objects. You can have one or more buckets. For each bucket, you can control access to it (who can create, delete, and list objects in the bucket), view access logs for it and its objects, and choose the geographical region where Amazon S3 will store the bucket and its contents.
For more information, see Amazon S3 storage.
ColdFusion and S3
Amazon S3 storage service is used to store and retrieve any amount of data, at any time, from anywhere on the web. ColdFusion (2016 release) and ColdFusion (2018 release) supported this feature using tags and functions that take file or directory as input or output. In ColdFusion (2021 release), we’ve extended the feature further to support Multi-cloud service.
You can use S3 storage in the following scenarios:
- Create storage in S3.
- Perform root operations like create, upload, list and delete.
- Set policies to the bucket.
- Upload files in bulk.
- Copy files from one bucket to another.
- Create different versions of the file in the storage.
- Set lifecycles rules to the objects.
- Add tags to the objects.
- Secure your S3 space.
- Upload or download files in parallel.
Get started
Install awss3 package
Adobe ColdFusion (2021 release) is modularized, if you are only using the ZIP installer. By default, the module for AWS S3 is not installed. The first step is to install the S3 package in ColdFusion.
Note: If you are using the GUI installer, The package for S3 is called awss3.
The package for SNS is called awss3.
To install the package awss3, use the Package Manager page in the ColdFusion Administrator, or follow the steps below:
-
-
Enter the command:
- Windows: cfpm.bat
- Linux: cfpm.sh
-
Enter the command, install awss3.
Wait for the AWS S3 package to get installed.
For more information, see ColdFusion Package Manager.
Get credentials to access AWS S3
When you interact with AWS, you specify your AWS security credentials to verify your credentials and check whether you have permission to access the resources that you are requesting.
AWS uses the security credentials to authenticate and authorize your requests.
You must get the AWS Access Key ID and the AWS Secret Access Key. For more information, see Access Keys.
Add cloud service credentials and configuration
In ColdFusion (2021 release), there is a method getCloudService() that gives you a handle to create objects for accessing various cloud services.
The syntax of the service handle is as follows:
service=getCloudService(cloudCred,cloudConfig), where:
- cloudCred: Defines the credentials for the cloud service. It could either be a struct or a string (also known as credential alias).
- cloudConfig: Defines the cloud service configuration details. It could either be a struct or a string (also known as config alias).
After you've acquired the AWS credentials, you must declare these credentials in one of the following ways. Only then you can use these credentials to create an S3 object, after which you can use the object to make calls to the various S3 methods.
Note:
You must store the result of getCloudService in a shared scope (for example, application scope) and re-use that object.
ColdFusion Administrator
Set credentials
In the ColdFusion Administrator, click Data & Services > Cloud Credentials.
An alias is a named representation of a cloud service and its configuration details. You can set the config alias through ColdFusion Administrator.
After entering the details, click Add Credential.
Set configuration options
In the ColdFusion Administrator, click Data & Services > Cloud Configuration.
Enter the following details, like configuration Alias, Vendor, and the name of the service.
After adding the configuration options, you may need to add a few more options. You can do so in the next screen. The following are a few options that you may need to add:
- Request config
- Client config
- Proxy settings
- Retry policy
- Retry conditions
For more information, see Cloud configuration options.
Create the object
Once you've created the aliases for S3 credential and configuration options, you can create the object by using the getCloudService API, and include the following in your CFM.
s3Object= getCloudService("s3Cred", "s3Conf")
Application.cfc
You can specify the S3 credentials and configuration options in Application.cfc. For example,
component
{
this.name="S3_app";
void function onApplicationStart(){
application.awsCred = {
"alias" : "aws_std_queue",
"vendorName" : "AWS",
"region" : "us-east-2",
"secretAccessKey" : "xxxxxxxxxxxxxxxxx",
"accessKeyId" : "xxxxxxxxxxxxxxxx"
}
application.s3Conf = {
"serviceName" : "S3"
}
}
}
Create the object
s3Object = getCloudService(application.awsCred, application.s3Conf)
On CFM page
On a CFM page, you can specify the S3 credentials and configuration options in one of the four methods, specified below:
Credential alias and configuration alias
After you've created the aliases for S3 credential and configuration options, you can use these aliases in the getCloudService
handle as shown below:
<cfscript>
// define the credential and the configuration aliases in the ColdFusion Admin
s3=getCloudService("awsCred","s3Conf")
// code below.
...........
</cfscript>
Credential Alias and Struct for configuration options
<cfscript>
// Using credential alias and struct for service config
s3Conf = {
"alias":"s3Conf",
"serviceName" : "S3",
"clientOverrideConfig":{
"retryPolicy":{
"numRetries":4
}
},
"httpClientConfig":{
"maxConnections":50
}
}
s3= getCloudService("s3Cred", s3Conf)
// code below
.....................
</cfscript>
Configuration alias and struct for credentials
<cfscript>
// Using config alias and struct for service credentials
// s3 credentials
s3Creds={
"vendorName":"AWS",
"alias": "s3Cred",
"region":"us-east-2",
"accessKeyId": "access key",
"secretAccessKey": "secret access"
}
s3= getCloudService(s3Creds, "s3Conf")
// code below
.....................................
</cfscript>
Structs for both credential and configuration options
<cfscript>
// Using Structs for both cloud credential and config
s3Cred={
"vendorName":"AWS",
"alias": "s3_cred_alias",
"region":"us-east-2",
"accessKeyId": "access key",
"secretAccessKey": "secret access key"
}
s3Conf = {
"alias":"s3_conf_alias",
"serviceName" : "S3",
"clientOverrideConfig":{
"retryPolicy":{
"numRetries":4
}
},
"httpClientConfig":{
"maxConnections":50
}
}
sqs = getCloudService(s3Cred, s3Conf )
// code below
...................................................................
</cfscript>
Admin API
You can also add SQS credentials and configuration options by using the Admin APIs. The methods to add credentials and configuration are available in cloud.cfc.
The examples below demonstrate the usage of the methods addCredential(struct credential) and addServiceConfig(struct config).
Add credentials
<cfscript>
// Create an object of administrator component and call the login method
adminObj = createObject("component","cfide.adminapi.administrator")
adminObj.login("admin")
// Create an object of cloud component
cloudObj = createObject("component","cfide.adminapi.cloud")
// define credentials struct
credentialStruct={
"alias" : "CredS3",
"vendorName" : "AWS",
"region" : "us-east-2",
"secretAccessKey" : "secret access key",
"accessKeyId" : "access key"
}
// add credential credentialStruct
try{
cloudObj.addCredential(credentialStruct)
writeOutput("Credentials added successfully")
}
catch(any e){
writeDump(e)
}
</cfscript>
Add configuration
<cfscript>
// Create an object of administrator component and call the login method
adminObj = createObject("component","cfide.adminapi.administrator")
adminObj.login("admin")
// Create an object of cloud component
cloudObj = createObject("component","cfide.adminapi.cloud")
// define configuration struct
configStruct={
"alias":"ConfS3",
"serviceName":"S3",
"clientOverrideConfig":{
"retryPolicy":{
"numRetries":4
}
},
"httpClientConfig":{
"maxConnections":50
}
}
// add config configStruct
try{
cloudObj.addServiceConfig(configStruct)
writeOutput("Configuration service added successfully")
}
catch(any e){
writeDump(e)
}
</cfscript>
CFSetup
You can also set up S3 credential and configuration via the CFSetup configuration utility.
Add cloud credential
- add cloudcredential credentialAlias=s3cred accesskeyid=<access> secretaccesskey=<secret> region=ap-southeast-1 vendorname=AWS
Set credential
- set cloudcredential s3cred secretaccesskey=awssecret
Add cloud configuration
- add cloudconfiguration serviceName=S3 alias=s3Config
Set configuration
- set cloudconfiguration conf1 alias=conf2
Create root
Get the root object. If the root doesn't exist, the root gets created.
- Amazon S3- Yes
- Azure- Yes
- Multi-cloud- Yes
Syntax
root(bucketname, createIfNotExists)
Parameters
|
Parameter |
Description |
|---|---|
|
bucketName |
The name of the bucket to be created. |
|
createIfNotExists |
True or False. If the bucket doesn't exist, it gets created. |
Example
<cfscript>
storageService = getCloudService(application.awsCred,application.s3Conf)
try{
storageService.root("bucket.001","true")
writeOutput("Bucket created successfully")
}
catch(any e){
writeDump(e)
}
</cfscript>
Create root- additional parameters
Get the root object with additional parameters.
- Amazon S3- Yes
- Azure- Yes
- Multi-cloud- Yes
Syntax
createRoot(requestParameters)
Parameters
|
Parameter |
Description |
|---|---|
|
bucketName |
The name of the bucket to be created. |
|
objectLockEnabledForBucket |
Yes or No. Identifies if object lock is enabled for the bucket. For more information, see Object locks. |
|
acl |
Amazon S3 access control lists (ACLs) enable you to manage access to buckets and objects. Valid values are:
For more information, see ACLs in AWS. |
|
grant permission variables |
Permissions that Amazon S3 supports in an ACL. Valid values are:
For more information, see Permissions. |
Example
<cfscript>
storageService = getCloudService(application.awsCred,application.s3Conf)
createBucketRequest = {
"acl":"PRIVATE",
"bucket" : "bucket.002",
"objectLockEnabledForBucket" : true
}
// create a root
myobj=storageService.createRoot(createBucketRequest)
writeDump(myobj)
</cfscript>
Create bucket
To upload your data to Amazon S3, you must get the bucket object in one of the AWS Regions. You can then upload any number of objects to the bucket.
For more information, see S3 buckets.
Syntax
bucket(bucketName,createIfNotExists)
Parameters
|
Parameter |
Description |
|---|---|
|
bucketName |
The name of the bucket to be created. |
|
createIfNotExists |
True or False. If the bucket doesn't exist, it gets created. |
Example
<cfscript>
storageService = getCloudService(application.awsCred,application.s3Conf)
try{
storageService.bucket("bucket.002","true")
writeOutput("Bucket created successfully")
}
catch(any e){
writeDump(e)
}
</cfscript>
Create bucket- additional parameters
Create a bucket in S3 with additional parameters.
Syntax
createBucket(parameterStruct)
Parameters
|
Parameter |
Description |
|---|---|
|
bucketName |
The name of the bucket to be created. |
|
objectLockEnabledForBucket |
Yes or No. Identifies if object lock is enabled for the bucket. For more information, see Object locks. |
|
acl |
Amazon S3 access control lists (ACLs) enable you to manage access to buckets and objects. Valid values are:
For more information, see ACLs in AWS. |
|
grant permission variables |
Permissions that Amazon S3 supports in an ACL. Valid values are:
For more information, see Permissions. |
Example
<cfscript>
storageService = getCloudService(application.awsCred,application.s3Conf)
// bucketList=storageService.listAll() // lists all buckets
// writeDump(bucketList)
// abort;
createBucketRequest = {
"acl":"PRIVATE",
"bucket" : "bucket.three.demo",
"objectLockEnabledForBucket" : true
}
// create a bucket
try{
myobj=storageService.createBucket(createBucketRequest)
writeOutput("Bucket created successfully")
writeDump(myobj)
}
catch (any e){
writeOutput("Failed to create the bucket")
writeDump(e)
}
</cfscript>
Delete a bucket
You can delete an empty bucket, and when you're using the AWS Management Console, you can delete a bucket that contains objects. If you delete a bucket that contains objects, all the objects in the bucket are permanently deleted.
For more information, see DeleteObjects.
- Amazon S3- Yes
- Azure- Yes
- Multi-cloud- Yes
Syntax
delete(parameterStruct)
delete(bucketName)
Parameters
|
Parameter |
Description |
|---|---|
|
bucketName |
The name of the bucket to delete. |
|
forcedDelete |
True or False. Force deletes a bucket that has obejcts in it. |
Example
<cfscript>
storageService = getCloudService(application.awsCred,application.s3Conf)
createBucketRequest = {
"acl":"PRIVATE",
"bucket" : "bucket.name",
"objectLockEnabledForBucket" : true
}
storageService.createBucket(createBucketRequest)
// delete the bucket
deleteBucketRequest = {
"bucket" : "bucket.name",
"forcedDelete" : "true" // default: false
}
try{
myobj=storageService.delete(deleteBucketRequest)
writeOutput("Bucket deleted successfully")
writeDump(myobj)
}
catch (any e){
writeOutput("Unable to delete the bucket")
writeDump(e)
}
</cfscript>
Delete an object
Here's how you'll delete an object in a bucket.
<cfscript>
storageService = getCloudService(application.awsCred,application.s3Conf)
rootObj=storageService.bucket("bucket001","true")
try{
rootObj.delete("key")
writeOutput("Object created successfully")
}
catch(any e){
writeDump(e)
}
</cfscript>
Delete the key from a bucket
<cfscript>
storageService = getCloudService(application.awsCred,application.s3Conf)
//writeOutput(ExpandPath('./'))
// create a bucket
createBucketRequest = {
"acl":"PRIVATE",
"bucket" : "bucket.name",
"objectLockEnabledForBucket" : true
}
bucketObj=storageService.createBucket(createBucketRequest)
// upload an object
uploadStruct = {
"srcFile" : "#ExpandPath('./')#/file.txt",
"key" : "key12",
"metadata":{
"place":"London",
"deployment":"Testing"
}
}
try{
deleteResponse=bucketObj.delete("key12")
writeOutput("Object deleted successfully")
writeDump(deleteResponse)
}
catch (any e){
writeOutput("Could not delete the object")
writeDump(e)
}
</cfscript>
Upload a file
You can upload a file to a bucket. In the function uploadFile, as argument, pass a struct with the following values:
For more information, see the official docs.
Syntax
uploadFile(parameterStruct)
Parameters
| Parameter | Description | Required |
|---|---|---|
| srcFile |
The path of the file that you want to upload in the bucket. | Yes |
| key |
Unique identifier of the object. | Yes |
| acl |
The ACL to apply to the object. For more information, see Canned ACL.The valid values are:
|
No |
| cacheControl |
Specify the caching behavior as defined here. | No |
| contentDisposition |
Specify the content format of the object as defined here. | No |
| contentEncoding |
Specify the type of encoding on the object as defined here. | No |
| contentLanguage |
The language of the object that you want to upload. | No |
| contentLength |
The size of the object in bytes. | No |
| validateContentMD5 |
True or False. The base64-encoded 128-bit MD5 digest of the message (without the headers). |
No |
| contentType |
The format of the content as defined here. | No |
| expires |
The date and time when the object cannot be cached any longer. |
No |
| grantFullControl |
Gives the grantee READ, READ_ACP, and WRITE_ACP permissions on the object. |
No |
| grantRead |
Allows grantee to only read the object data. |
No |
| grantWrite |
Allows grantee to write to the object data. |
No |
| grantReadACP |
Allows grantee to read the object ACL. |
No |
| grantWriteACP |
Allows grantee to write the ACL for the object. |
No |
| metadata |
The object metadata to use. | No |
| serverSideEncryption |
The server-side encryption algorithm to be used. |
No |
| storageClass |
Valid values are:
For more information, see S3 storage class. |
No |
| websiteRedirectLocation |
If the bucket is configured as a website, specify the redirect request to another object in the same bucket or to an external URL. |
No |
| sseCustomerAlgorithm |
Specifies the algorithm to use to when encrypting the object. |
No |
| sseCustomerKey |
Specifies the customer-provided encryption key for S3 to use in encrypting data. |
No |
| ssekmsKeyId |
Specifies the ID of the AWS Key Management Service (AWS KMS). |
No |
| ssekmsEncryptionContext |
Specifies the AWS KMS Encryption Context to use for object encryption. |
No |
| requestPayer |
Confirms that the requester knows that they will be charged for the request. |
No |
| tagging |
The tag-set for the object. Must be a struct of key-value pairs. |
No |
| objectLockMode |
The Object locking mode that you want to apply to this object. Valid values are:
|
No |
| objectLockRetainUntilDate |
The date and time when you want this object's Object Lock to expire. |
No |
| objectLockLegalHoldStatus |
Indicates whether the specified object has a Legal Hold in place.. Valid values are:
|
No |
Example
<cfscript>
storageService = getCloudService(application.awsCred,application.s3Conf)
//writeOutput(ExpandPath('./'))
// create a bucket
createBucketRequest = {
"acl":"PRIVATE",
"bucket" : "bucket.name",
"objectLockEnabledForBucket" : true
}
bucketObj=storageService.createBucket(createBucketRequest)
// upload an object
uploadStruct = {
"srcFile" : "#ExpandPath('./')#/file.txt",
"key" : "key12",
"metadata":{
"place":"London",
"deployment":"Testing"
}
}
try{
uploadResponse=bucketObj.uploadFile(uploadStruct)
writeOutput("Object uploaded successfully")
writeDump(uploadResponse)
}
catch (any e){
writeOutput("Could not upload the object")
writeDump(e)
}
</cfscript>
Download a file
You can download a file from an S3 bucket. To download a file, use the function downloadToFile. As an argument, pass a struct with the following values:
For more information, see the official docs.
Syntax
downloadToFile(parameterStruct)
Parameters
| Parameter | Description | Required |
|---|---|---|
| destinationFile |
The path of the file that that contains the object, which you want to download. | Yes |
| key |
Unique identifier of the object. | Yes |
| cacheControl |
Set the cache control header of the object, | No |
| contentDisposition |
Set the Content-Disposition header of the response. |
No |
| contentEncoding |
Set the Content-Encoding header of the response. |
No |
| contentLanguage |
Set the Content-Language header of the response. |
No |
| contentType |
Set the Content-Type header of the response. |
No |
| expires |
Sets the Response header of the response. |
No |
| versionId |
Refer to a specific version of the object. | No |
| sseCustomerAlgorithm |
Specify the algorithm to use to when encrypting the object. |
No |
| sseCustomerKey |
Specify the customer-provided encryption key for S3 to use in encrypting data. |
No |
| requestPayer |
Confirms that the requester knows that they will be charged for the request. |
No |
Example
<cfscript>
storageService = getCloudService(application.awsCred,application.s3Conf)
// create a bucket
createBucketRequest = {
"acl":"PRIVATE",
"bucket" : "bucket.demo.four",
"objectLockEnabledForBucket" : true
}
bucketObj=storageService.createBucket(createBucketRequest)
// upload an object
uploadStruct = {
"srcFile" : "#ExpandPath('./')#/file.txt",
"key" : "key22",
"metadata":{
"filename":"file.txt",
"place":"bangalore",
"category":"finance"
}
}
bucketObj.uploadFile(uploadStruct)
// download the file
downloadStruct = {
"destinationFile" : "file.txt",
"key" : "key22"
}
try{
downloadResponse=bucketObj.downloadToFile(downloadStruct)
writeOutput("Object downloaded successfully")
writeDump(downloadResponse)
}
catch (any e){
writeOutput("Failed to download object")
writeDump(e)
}
</cfscript>
List all objects
You can get a list of buckets in storage account. You can also retrieve a list of objects inside the bucket.
- Amazon S3- Yes
- Azure- Yes
- Multi-cloud- Yes
Syntax
listAll(parameterStruct)
listAll()
Parameters
|
Parameter |
Description |
|---|---|
|
delimiter |
Character to group keys. |
|
encodingType |
Encode the object keys in the response and specifies the encoding method to use. |
|
marker |
Key to start with when listing objects in a bucket. |
|
maxKeys |
The maximum number of keys returned in the response. |
|
prefix |
Limits the response to keys that begin with the specified prefix. |
|
requestpayer |
Confirms that the requester knows that he/she will be charged for the request. Valid value is REQUESTER. |
For more information, see request parameters.
Example
<cfscript>
storageService = getCloudService(application.awsCred,application.s3Conf)
// lists all buckets
bucketList=storageService.listAll()
writeOutput("List of buckets")
writeDump(bucketList)
</cfscript>
Copy an object
You can copy an object from one bucket to another. All copy requests must be authenticated. Additionally, you must have read access to the source object and write access to the destination bucket.
For more information, see Copy objects.
Syntax
copy(parameterStruct)
Parameters
|
Parameter |
Description |
Required |
|---|---|---|
|
sourceBucket |
The bucket from where you want to copy the object. |
Yes |
|
sourceKey |
The key associated with the object. |
Yes |
|
sourceVersionId |
The version id that was associated with the object. |
No |
|
key |
The destination key of the object. |
Yes |
|
storageClass |
For more information, see S3 storage class.. Valid value is: GLACIAR. |
No |
Example
<cfscript>
storageService = getCloudService(application.awsCred,application.s3Conf)
// create two buckets
createBucketRequest1 = {
"acl":"PRIVATE",
"bucket" : "cf.source.bucket.1",
"objectLockEnabledForBucket" : true
}
createBucketRequest2 = {
"acl":"PRIVATE",
"bucket" : "cf.dest.bucket.1",
"objectLockEnabledForBucket" : true
}
// source bucket
source_obj=storageService.createBucket(createBucketRequest1)
// destination bucket
dest_object=storageService.createBucket(createBucketRequest2)
// upload file struct
uploadStruct = {
"srcFile" : "#ExpandPath('./')#/file.txt",
"key" : "key12"
}
// upload file to source bucket
uploadResponse=source_obj.uploadFile(uploadStruct)
// copy file struct
copyRequest = {
"sourceBucket": "cf.source.bucket.1",
"sourceKey" : "key12",
"key" : "destKey"
}
copyResponse=dest_object.copy(copyRequest);
objList=dest_object.listAll()
writeDump(objList)
</cfscript>
Apply policy to a bucket
Applies an Amazon S3 bucket policy to an Amazon S3 bucket.
For more information, see Put bucket policy.
Syntax
putPolicy(parameterStruct)
Parameters
|
Parameter |
Description |
Required |
|---|---|---|
|
confirmRemoveSelfBucketAccess |
True or False. Set this parameter to true to confirm that you want to remove your permissions to change this bucket policy in the future. |
No |
|
policy |
The policy to be enforced for the bucket. For more information, see S3 policies. |
No |
Example
<cfscript>
storageService = getCloudService(application.awsCred,application.s3Conf)
bucketList=storageService.listAll()
//writeDump(bucketList)
rootObj=storageService.bucket("bucket.policy","true")
policy = {
"Id": "Policy1571390473326",
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1574139965216",
"Action": [
"s3:GetBucketAcl"
],
"Effect": "Allow",
"Resource": "bucket.policy",
"Principal": "*"
}
]
}
policyRequest = {
"policy" : policy
}
rootObj.putPolicy(policyRequest);
writedump(rootObj.getPolicies())
</cfscript>
Delete a policy
Delete a policy that was applied on a bucket.
For more information, see Delete bucket policy.
Syntax
deletePolicies()
Example
<cfscript>
storageService = getCloudService(application.awsCred,application.s3Conf)
bucketList=storageService.listAll()
//writeDump(bucketList)
rootObj=storageService.bucket("bucket.policy","true")
policy = {
"Id": "Policy1571390473326",
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1574139965216",
"Action": [
"s3:GetBucketAcl"
],
"Effect": "Allow",
"Resource": "bucket.policy",
"Principal": "*"
}
]
}
policyRequest = {
"policy" : policy
}
rootObj.putPolicy(policyRequest);
writedump(rootObj.getPolicies())
// delete policy
deletePolicyResponse=rootObj.deletePolicies()
writeDump(deletePolicyResponse)
</cfscript>
Retrieve a policy
Return the policy of a specified bucket.
For more information, see Get bucket policy.
Syntax
getPolicies()
Example
<cfscript>
storageService = getCloudService(application.awsCred,application.s3Conf)
bucketList=storageService.listAll()
//writeDump(bucketList)
rootObj=storageService.bucket("bucket.policy","true")
policy = {
"Id": "Policy1571390473326",
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1574139965216",
"Action": [
"s3:GetBucketAcl"
],
"Effect": "Allow",
"Resource": "bucket.policy",
"Principal": "*"
}
]
}
policyRequest = {
"policy" : policy
}
rootObj.putPolicy(policyRequest);
writedump(rootObj.getPolicies())
// delete policy
deletePolicyResponse=rootObj.deletePolicies()
writeDump(deletePolicyResponse)
</cfscript>
Versioning
Versioning is a means of keeping multiple variants of an object in the same bucket. You can use versioning to preserve, retrieve, and restore every version of every object stored in your Amazon S3 bucket. With versioning, you can easily recover from both unintended user actions and application failures.
In one bucket, for example, you can have two objects with the same key, but different version IDs.
AWS S3 Version: uploading objects in non-versioned and versioning-enabled buckets are the same, although, in the case of versioning-enabled buckets, Amazon S3 assigns a version number. Otherwise, the version number is null. Enabling and suspending versioning is done at the bucket level.
Enable versioning
Set the versioning state of an existing bucket. To set the versioning state, you must be the bucket owner.
You can set the versioning state with one of the following values:
- Enabled
- Suspended
For more information, see Enable versioning.
Syntax
enableVersioning(parameterStruct)
Parameters
|
Parameter |
Description |
Required |
|---|---|---|
|
mfa |
The combination of the authentication device's serial number, a space, and the value that is displayed on your authentication device. The format of the mfa is: "mfa":"arn:aws:iam::0123456789:mfa/username" |
No |
|
mfaDelete |
Specifies whether MFA delete is enabled in the bucket versioning configuration. Valid values are:
|
No |
Example
<cfscript>
storageService = getCloudService(application.awsCred,application.s3Conf)
// create a bucket
createBucketRequest = {
"acl":"PRIVATE",
"bucket" : "bucket.demo.getstatus",
"objectLockEnabledForBucket" : true
}
// create a bucket
bucketObj=storageService.createBucket(createBucketRequest)
// enable versioning
bucketObj.enableVersioning()
// get version status
versionStatus=bucketObj.getVersioningStatus()
writeDump(versionStatus)
</cfscript>
Get version status
Get the versioning state of a bucket.
Syntax
getVersioningStatus()
Example
<cfscript>
storageService = getCloudService(application.awsCred,application.s3Conf)
// create a bucket
createBucketRequest = {
"acl":"PRIVATE",
"bucket" : "bucket.demo.getstatus",
"objectLockEnabledForBucket" : true
}
// create a bucket
bucketObj=storageService.createBucket(createBucketRequest)
// enable versioning
bucketObj.enableVersioning()
// get version status
versionStatus=bucketObj.getVersioningStatus()
writeDump(versionStatus)
</cfscript>
List all versions
Return metadata about all versions of the objects in a bucket.
For more information, see List object versions.
Syntax
listAllVersions(parameterStruct)
Parameters
|
Parameter |
Description |
Required |
|---|---|---|
|
delimiter |
Character to group keys. |
No |
|
encodingType |
Requests Amazon S3 to encode the object keys in the response and specifies the encoding method to use. |
No |
|
marker |
The object version you want to start listing from. |
No |
|
maxKeys |
Sets the maximum number of keys returned in the response. |
No |
|
prefix |
Select only those keys that begin with the specified prefix. |
No |
|
keyMarker |
The key to start with when listing objects in a bucket. |
No |
Example
<cfscript>
storageService = getCloudService(application.awsCred,application.s3Conf)
// create a bucket
createBucketRequest = {
"acl":"PRIVATE",
"bucket" : "bucket.demo.listversions",
"objectLockEnabledForBucket" : true
}
// create a bucket
myobj=storageService.createBucket(createBucketRequest)
// define file upload structs
uploadStruct1 = {
"srcFile" : "#ExpandPath('./')#/file1.txt",
"key" : "key1"
}
uploadStruct2 = {
"srcFile" : "#ExpandPath('./')#/file2.txt",
"key" : "key122"
}
uploadStruct3 = {
"srcFile" : "#ExpandPath('./')#/file3.txt",
"key" : "key123"
}
uploadStruct4 = {
"srcFile" : "#ExpandPath('./')#/file1.txt",
"key" : "key124"
}
uploadResponse1=myobj.uploadFile(uploadStruct1);
uploadResponse2=myobj.uploadFile(uploadStruct2);
uploadResponse3=myobj.uploadFile(uploadStruct3);
uploadResponse4=myobj.uploadFile(uploadStruct4);
listAllVersionsRequest={
"prefix" : "key12"
}
// list all versions
listVersion=myobj.listAllVersions(listAllVersionsRequest)
writeDump(listVersion)
</cfscript>
Suspend versioning
Disable versioning for the objects in the bucket.
For more information, see Suspend versioning.
Syntax
suspendVersioning(parameterStruct)
Parameters
|
Parameter |
Description |
Required |
|---|---|---|
|
mfa |
The combination of the authentication device's serial number, a space, and the value that is displayed on your authentication device. The format of the mfa is: "mfa":"arn:aws:iam::0123456789:mfa/username" |
No |
|
mfaDelete |
Specifies whether MFA delete is enabled or disabled. |
No |
Example
<cfscript>
storageService = getCloudService(application.awsCred,application.s3Conf)
// create a bucket
createBucketRequest = {
"acl":"PRIVATE",
"bucket" : "bucket.demo.suspendversioning",
// to suspend versioning, turn off object locking for the bucket
"objectLockEnabledForBucket" : false
}
// create a bucket
myobj=storageService.createBucket(createBucketRequest)
// enable versioning on the bucket
myobj.enableVersioning();
// get the version status
versionStatus1=myobj.getVersioningStatus();
writeDump(versionStatus1)
// suspend the versioning
myobj.suspendVersioning();
versionStatus2=myobj.getVersioningStatus();
writeDump(versionStatus2)
</cfscript>
S3 ACL bucket operations
Amazon S3 access control lists (ACLs) enable you to manage access to buckets and objects. Each bucket and object have an ACL attached to it as a sub-resource. It defines which AWS accounts or groups are granted access and the type of access. When a request is received against a resource, Amazon S3 checks the corresponding ACL to verify that the requester has the necessary access permissions.
When you create a bucket or an object, Amazon S3 creates a default ACL that grants the resource owner full control over the resource.
For more information, see S3 ACL.
putBucketAcl
Set the permissions on an existing bucket using access control lists (ACL).
For more information, see Using ACLs.
To set the ACL of a bucket, you must have WRITE_ACP permission.
Syntax
putBucketAcl(parameterStruct)
Parameters
|
Parameter |
Description |
Required |
|---|---|---|
|
acl |
Amazon S3 access control lists (ACLs) enable you to manage access to buckets and objects. Valid values are:
For more information, see ACLs in AWS. |
No |
|
grant permission variables |
Permissions that Amazon S3 supports in an ACL. Valid values are:
For more information, see Permissions. |
No |
Example
<cfscript>
storageService = getCloudService(this.s3Cred,this.s3Conf)
createBucketRequest1 = {
"bucket" : "cfqa.003"
}
rootObj = storageService.createRoot(createBucketRequest1);
putBucketAclRequest = {
"acl" : "PRIVATE"
}
putBucketAclResponse=rootObj.putBucketAcl(putBucketAclRequest);
writeDump(putBucketAclResponse)
</cfscript>
Example with grant permissions.
<cfscript>
storageService = getCloudService(application.awsCred,application.s3Conf)
createBucketRequest1 = {
"bucket" : "cfqa.003"
}
rootObj = storageService.createRoot(createBucketRequest1)
putBucketAclRequest = {
"grantFullControl": "emailAddress=john@example.com",
// "grantFullControl": "id=f1db27629293ee8354a2874de1959b39bec20ffe98417b931fb381f97007cf97"
"grantReadACP" : "uri=http://acs.amazonaws.com/groups/s3/LogDelivery"
}
putBucketAclResponse=rootObj.putBucketAcl(putBucketAclRequest);
writeDump(putBucketAclResponse)
</cfscript>
getBucketAcl
Use this function to get a list of ACLs in a bucket.
For more information, see the getBucketAcl official docs.
Syntax
getBucketAcl()
Example
<cfscript>
storageService = getCloudService(this.s3Cred,this.s3Conf)
createBucketRequest1 = {
"bucket" : "cfqa.004",
"grantFullControl": "uri=http://acs.amazonaws.com/groups/global/AuthenticatedUsers"
}
rootObj = storageService.createRoot(createBucketRequest1);
getBucketAclResponse=rootObj.getBucketAcl()
writeDump(getBucketAclResponse)
</cfscript>
putObjectAcl
The function uses the ACL sub-resource to set the access control list (ACL) permissions for an object that already exists in a bucket.
In putObjectAcl, there is an extra attribute “key”: ”object_key” in the struct.
For more information, see the official docs.
Syntax
putObjectAcl(parameterStruct)
Parameters
|
Parameter |
Description |
Required |
|---|---|---|
|
acl |
Amazon S3 access control lists (ACLs) enable you to manage access to buckets and objects. Valid values are:
For more information, see ACLs in AWS. |
No |
|
grant permission variables |
Permissions that Amazon S3 supports in an ACL. Valid values are:
For more information, see Permissions. |
No |
|
key |
The key for the operation. |
Yes |
Example
<cfscript>
storageService = getCloudService(application.awsCred,application.s3Conf)
// create a bucket
createBucketRequest = {
"bucket" : "bucket.putobjectacl.demo"
}
bucketObj = storageService.createBucket(createBucketRequest)
// upload an object
uploadStruct = {
"srcFile" : "#ExpandPath('./')#/s3-notes.pdf",
"key" : "key12"
}
bucketObj.uploadFile(uploadStruct)
// put ACL on the object
putObjectAclRequest = {
"key" : "key12",
"acl" : "PRIVATE"
}
try{
objectAclResponse=bucketObj.putObjectAcl(putObjectAclRequest)
writeOutput("ACL applied successfully on the object")
writeDump(objectAclResponse)
}
catch(any e){
writeOutput("Unable to apply ACL on the object")
writeDump(e)
}
putObjectAclResponse=bucketObj.GetObjectAcl("key12")
writeDump(putObjectAclResponse)
</cfscript>
getObjectAcl
Return the access control list (ACL) of an object.
To use this operation, you must have READ_ACP access to the object.
Syntax
getObjectAcl(parameterStruct)
Parameters
|
Parameter |
Description |
Required |
|---|---|---|
|
key |
The key of the object for which to get the ACL information. |
Yes |
|
versionId |
Refer to a specific version of the object. |
No |
Example
<cfscript>
storageService = getCloudService(application.awsCred,application.s3Conf)
// create a bucket
createBucketRequest = {
"bucket" : "bucket.putobjectacl.demo"
}
bucketObj = storageService.createBucket(createBucketRequest)
// upload an object
uploadStruct = {
"srcFile" : "#ExpandPath('./')#/s3-notes.pdf",
"key" : "key12"
}
bucketObj.uploadFile(uploadStruct)
// put ACL on the object
putObjectAclRequest = {
"key" : "key12",
"acl" : "PRIVATE"
}
try{
objectAclResponse=bucketObj.putObjectAcl(putObjectAclRequest)
writeOutput("ACL applied successfully on the object")
writeDump(objectAclResponse)
}
catch(any e){
writeOutput("Unable to apply ACL on the object")
writeDump(e)
}
putObjectAclResponse=bucketObj.getObjectAcl("key12")
writeDump(putObjectAclResponse)
</cfscript>
Lifecycle rules
Lifecycle rule that defines how AWS s3 manages objects during their lifetime. There are two types of actions:
- Transition actions—Define when objects transition to another storage class.
- Expiration actions—Define when objects expire. Amazon S3 deletes expired objects on your behalf.
Define lifecycle configuration rules for objects that have a well-defined lifecycle. For example:
- Some documents are frequently accessed for a limited period. After that, they are infrequently accessed. At some point, you might not need real-time access to them, but your organization or regulations might require you to archive them for a specific period. After that, you can delete them.
- You might upload some types of data to Amazon S3 primarily for archival purposes. For example, you might archive digital media, financial and healthcare records, raw genomic sequence data, long-term database backups, and data that must be retained for regulatory compliance.
- If you upload periodic logs to a bucket, your application might need them for a week or a month. After that, you might want to delete them.
setRules
You can use setRules function to set lifecycle rules to objects in the bucket. The function accepts the following struct as argument.
"rules" :
[
{
"id" : "rule1",
"prefix" : "a/b",
"lifecycleRuleFilter" :
{
"prefix" : "",
"tagging" :
{
"key": "",
"value" : ""
},
"lifecycleRuleAndOperator" :
{
"prefix" : "",
"tagging" :
[{
"key": "",
"value" : ""
}]
}
},
"status" : "ENABLED",
"expiration" :
{
"date" : "YYYY-MM-DD",
"days" : 3
},
"noncurrentVersionExpirationDays" : 30,
"noncurrentVersionTransitions" :
[ {
"days" : 35,
"storageClass" : "GLACIER"
}],
"abortIncompleteMultipartUploadInDays" : 7,
"transitions" : [
{
"days" : 90,
"storageClass" : "ONEZONE_IA"
}
]
}
]
The following is not supported in ColdFusion (2021 release). It will be supported in a future update.
"lifecycleRuleFilter" :
{
"prefix" : "",
"tagging" :
{
"key": "",
"value" : ""
},
"lifecycleRuleAndOperator" :
{
"prefix" : "",
"tagging" :
[{
"key": "",
"value" : ""
}]
}
}
Example 1
<cfscript>
storageService = getCloudService(application.awsCred,application.s3Conf)
deleteStruct = {
"bucket" : "bucket.rule.append1",
"forcedDelete" : "true"
}
// Adding lifecycle rules by specifying date
// create a bucket
createBucketRequest = {
"acl":"PRIVATE",
"bucket" : "bucket.rule.four",
"objectLockEnabledForBucket" : true
}
bucketObj=storageService.createBucket(createBucketRequest)
// upload an object to the bucket
uploadStruct={
"srcFile":"#ExpandPath('./')#/s3-notes.pdf",
"key":"key114"
}
bucketObj.uploadFile(uploadStruct)
exp_date=DateFormat(DateAdd("d",8,now()),"yyyy-mm-dd")
trans_date=DateFormat(DateAdd("d",2,now()),"yyyy-mm-dd")
ruleStruct = {
"rules" :
[{
"id" : "rule1",
"prefix":"key",
"status" : "ENABLED",
"expiration" : {
"date":exp_date
},
"transitions" :
[{
"date":trans_date,
"storageClass" : "ONEZONE_IA"
}]
}]
}
try{
bucketObj.setRules(ruleStruct)
writeOutput("Lifecycle rule set successfully")
rules=bucketObj.getRules().rules
writedump(rules)
}
catch(any e){
writeOutput("Unable to set lifecycle")
writeDump(e)
}
</cfscript>
Example 2
<cfscript>
storageService = getCloudService(application.awsCred,application.s3Conf)
createBucketRequest = {
"acl":"PRIVATE",
"bucket" : "bucket.rule.three",
"objectLockEnabledForBucket" : true
}
bucketObj=storageService.createBucket(createBucketRequest)
// upload an object to the bucket
uploadStruct={
"srcFile":"#ExpandPath('./')#/s3-notes.pdf",
"key":"key112"
}
bucketObj.uploadFile(uploadStruct)
ruleStruct={
"rules":[{
"id" : "rule1",
"prefix":"key",
"status" : "ENABLED",
"noncurrentVersionTransitions" :
[{
"days":30,
"storageClass" : "INTELLIGENT_TIERING"
}]
}]
}
try{
bucketObj.setRules(ruleStruct)
writeOutput("Lifecycle rule set successfully")
//writeDump(setRuleResponse)
// rules=bucketObj.getRules().rules
// writedump(rules)
}
catch(any e){
writeOutput("Unable to set lifecycle")
writeDump(e)
}
</cfscript>
appendRules
You can use the method appendRules to add the rules to the existing set of rules. The function accepts the following struct as argument.
"rules" :
[
{
"id" : "rule1",
"prefix" : "a/b",
"lifecycleRuleFilter" :
{
"prefix" : "",
"tagging" :
{
"key": "",
"value" : ""
},
"lifecycleRuleAndOperator" :
{
"prefix" : "",
"tagging" :
[{
"key": "",
"value" : ""
}]
}
},
"status" : "ENABLED",
"expiration" :
{
"date" : "YYYY-MM-DD",
"days" : 3
},
"noncurrentVersionExpirationDays" : 30,
"noncurrentVersionTransitions" :
[ {
"days" : 35,
"storageClass" : "GLACIER"
}],
"abortIncompleteMultipartUploadInDays" : 7,
"transitions" : [
{
"days" : 90,
"storageClass" : "ONEZONE_IA"
}
]
}
]
The following is not supported in ColdFusion (2021 release). It will be supported in a future update.
"lifecycleRuleFilter" :
{
"prefix" : "",
"tagging" :
{
"key": "",
"value" : ""
},
"lifecycleRuleAndOperator" :
{
"prefix" : "",
"tagging" :
[{
"key": "",
"value" : ""
}]
}
}
Example
<cfscript>
storageService = getCloudService(this.s3Cred,this.s3Conf)
rules={
"rules" : [
{
"id" : "rule1",
"prefix" : "a/b",
"status" : "ENABLED",
"expiration" : {
//"date" : "DD/MM/YYY",
"days" : 3
},
"noncurrentVersionExpirationDays" : 30,
"noncurrentVersionTransitions" :[ {
"days" : 35,
"storageClass" : "GLACIER"
}],
"abortIncompleteMultipartUploadInDays" : 7,
"transitions" : [
{
"days" : 90,
"storageClass" : "ONEZONE_IA"
}
]
}
]
}
createBucketRequest = {
"acl":"PRIVATE",
"bucket" : "cf.bucket",
"objectLockEnabledForBucket" : true
}
rootObj=storageService.createBucket(createBucketRequest)
appendRulesResponse=rootObj.appendRules(rules)
writeDump(appendRulesResponse)
</cfscript>
getRules
You can use the getRules function to retrieve all lifecycle rules for the bucket. This function does not accept any argument.
Example
<cfscript>
storageService = getCloudService(application.awsCred,application.s3Conf)
// create a bucket
createBucketRequest = {
"acl":"PRIVATE",
"bucket" : "bucket.rule.delete",
"objectLockEnabledForBucket" : true
}
bucketObj=storageService.createBucket(createBucketRequest)
// upload an object to the bucket
uploadStruct={
"srcFile":"#ExpandPath('./')#/s3-notes.pdf",
"key":"key100"
}
bucketObj.uploadFile(uploadStruct)
// create rule
ruleStruct={
"rules":[{
"id" : "rule1",
"prefix":"key",
"status" : "ENABLED",
"noncurrentVersionTransitions" :
[{
"days":30,
"storageClass" : "INTELLIGENT_TIERING"
}]
}]
}
// set the rule
bucketObj.setRules(ruleStruct)
// get the rule
rules=bucketObj.getRules().rules
writeDump(rules)
</cfscript>
Add tags to a bucket
Object tagging gives you a way to categorize storage.
For more information, see the official docs.
Syntax
addTags(parameterStruct)
Parameters
|
Parameter |
Description |
Required |
|---|---|---|
|
key |
Unique identifier of the object. |
Yes |
|
versionId |
Refer to a specific version of the object. |
No |
|
tags |
Array of tag structs. |
Yes |
Example
<cfscript>
storageService = getCloudService(application.awsCred,application.s3Conf)
// create bucket
createBucketRequest = {
"acl":"PRIVATE",
"bucket" : "bucket.demoaddtagstest",
"objectLockEnabledForBucket" : true
}
bucketobj=storageService.createBucket(createBucketRequest)
// upload a file
uploadStruct = {
"srcFile" : "#ExpandPath('./')#/s3-notes.pdf",
"key" : "key12"
}
bucketobj.uploadFile(uploadStruct)
// add tags to the object
addTagStruct={
"key" : "key12",
"tags" : [
{
"key" : "label",
"value" : "red"
},
{
"key": "category",
"value": "important"
}
]
}
try{
addTagResponse=bucketobj.addTags(addTagStruct)
writeOutput("Tags added successfully")
writeDump(addTagResponse)
}
catch(any e){
writeOutput("Failed to add tags")
writeDump(e)
}
</cfscript>
Get tags of an object
Retrieve the list of tags that you’d added to the bucket. Use the getTagObjects function.
This function accepts the key that you’d specified while adding the tags.
Syntax
getTagObjects(parameterStruct)
Parameters
|
Parameter |
Description |
Required |
|---|---|---|
|
key |
Unique identifier of the object. |
Yes |
|
versionId |
Refer to a specific version of the object. |
No |
Example
<cfscript>
storageService = getCloudService(application.awsCred,application.s3Conf)
// create bucket
createBucketRequest = {
"acl":"PRIVATE",
"bucket" : "bucket.demoaddtagstest",
"objectLockEnabledForBucket" : true
}
bucketobj=storageService.createBucket(createBucketRequest)
// upload a file
uploadStruct = {
"srcFile" : "#ExpandPath('./')#/s3-notes.pdf",
"key" : "key12"
}
bucketobj.uploadFile(uploadStruct)
// add tags to the object
addTagStruct={
"key" : "key12",
"versionId":"v1",
"tags" : [
{
"key" : "label",
"value" : "red"
},
{
"key": "category",
"value": "important"
}
]
}
getTagResponse=bucketobj.GettagObjects("key12")
writeDump(getTagResponse)
</cfscript>
Get object details
Get details of an object that was uploaded in a bucket.
Syntax
getObjectDetails(parameterStruct)
Parameters
| Parameter | Description | Required |
|---|---|---|
| srcFile |
The path of the file that you want to upload in the bucket. | Yes |
| key |
Unique identifier of the object. | Yes |
| acl |
The ACL to apply to the object. For more information, see Canned ACL.The valid values are:
|
No |
| cacheControl |
Specify the caching behavior as defined here. | No |
| contentDisposition |
Specify the content format of the object as defined here. | No |
| contentEncoding |
Specify the type of encoding on the object as defined here. | No |
| contentLanguage |
The language of the object that you want to upload. | No |
| contentLength |
The size of the object in bytes. | No |
| validateContentMD5 |
True or False. The base64-encoded 128-bit MD5 digest of the message (without the headers). |
No |
| contentType |
The format of the content as defined here. | No |
| expires |
The date and time when the object cannot be cached any longer. |
No |
| grantFullControl |
Gives the grantee READ, READ_ACP, and WRITE_ACP permissions on the object. |
No |
| grantRead |
Allows grantee to only read the object data. |
No |
| grantWrite |
Allows grantee to write to the object data. |
No |
| grantReadACP |
Allows grantee to read the object ACL. |
No |
| grantWriteACP |
Allows grantee to write the ACL for the object. |
No |
| metadata |
The object metadata to use. | No |
| serverSideEncryption |
The server-side encryption algorithm to be used. |
No |
| storageClass |
Valid values are:
For more information, see S3 storage class. |
No |
| websiteRedirectLocation |
If the bucket is configured as a website, specify the redirect request to another object in the same bucket or to an external URL. |
No |
| sseCustomerAlgorithm |
Specifies the algorithm to use to when encrypting the object. |
No |
| sseCustomerKey |
Specifies the customer-provided encryption key for S3 to use in encrypting data. |
No |
| ssekmsKeyId |
Specifies the ID of the AWS Key Management Service (AWS KMS). |
No |
| ssekmsEncryptionContext |
Specifies the AWS KMS Encryption Context to use for object encryption. |
No |
| requestPayer |
Confirms that the requester knows that they will be charged for the request. |
No |
| tagging |
The tag-set for the object. Must be a struct of key-value pairs. |
No |
| objectLockMode |
The Object locking mode that you want to apply to this object. Valid values are:
|
No |
| objectLockRetainUntilDate |
The date and time when you want this object's Object Lock to expire. |
No |
| objectLockLegalHoldStatus |
Indicates whether the specified object has a Legal Hold in place.. Valid values are:
|
No |
Example
<cfscript>
storageService = getcloudService(application.awsCred,application.s3Conf)
// create a bucket
bucketStruct={
"acl":"PRIVATE",
"bucket" : "bucket.demo.objectdetailsdemo",
"objectLockEnabledForBucket" : true
}
bucketObj=storageService.createBucket(bucketStruct)
// upload an object into the bucket
uploadStruct = {
"srcFile" : "#ExpandPath('./')#/Colors.jpg",
"key" : "key001",
"metadata": {
"filename": "Colors.jpg",
"creator":"john",
"place":"london",
"creation_date":"2020/04/20",
"filetype":"image"
},
"contentLanguage":"en",
"websiteRedirectLocation":"http://bucket",
"expires":"2020-05-28"
}
bucketObj.uploadFile(uploadStruct)
// get object details
objectDetailsResponse=bucketObj.getObjectDetails("key001")
writeDump(objectDetailsResponse)
</cfscript>
Upload file parallelly
You can upload objects in a bucket in parts, or parallelly. You can use parallel uploads for objects from 5 MB to 5 TB in size. If you're uploading large objects over a stable high-bandwidth network, use parallel uploading to make better use of your available bandwidth by uploading object parts in parallel for multi-threaded performance.
Syntax
parallelUploadFile(parameterStruct)
Parameters
| Parameter | Description | Required |
|---|---|---|
| srcFile | The location of the file that you want to upload. | Yes |
| chunkLengthInBytes | Size of the content chunk. | No |
| timeOutInSeconds | The time out of the upload operation. | No |
| acl | Amazon S3 access control lists (ACLs) enable you to manage access to buckets and objects. Valid values are:
|
No |
| cacheControl | Specify the caching behavior as defined here. | No |
| contentDisposition | Specify the content format of the object as defined here. | No |
| contentEncoding | Specify the type of encoding on the object as defined here. | No |
| contentLanguage | The language of the object that you want to upload. | No |
| contentLength | The size of the object in bytes. | No |
| validateContentMD5 : | True | False. The base64-encoded 128-bit MD5 digest of the message (without the headers). | No |
| contentType | The format of the content as defined here. | No |
| expires | The date and time when the object cannot be cached any longer. | No |
| grantFullControl | Gives the grantee READ, READ_ACP, and WRITE_ACP permissions on the object. | No |
| grantRead | Allows grantee to read the object ACL. | No |
| grantReadACP | Allows grantee to read the object ACL. | No |
| grantWriteACP | Allows grantee to write the ACL for the object. | No |
| metadata | The object metadata to use. | No |
| serverSideEncryption | The server-side encryption algorithm to be used. | No |
| storageClass | Valid values are:
For more information, see S3 storage class. |
No |
| websiteRedirectLocation | If the bucket is configured as a website, specify the redirect request to another object in the same bucket or to an external URL. | No |
| sseCustomerAlgorithm | Specifies the algorithm to use to when encrypting the object. | No |
| sseCustomerKey | Specifies the customer-provided encryption key for S3 to use in encrypting data. | No |
| sseCustomerKeyMD5 | Specifies the MD5 of the key. | No |
| ssekmsKeyId | Specifies the ID of the AWS Key Management Service (AWS KMS). | No |
| ssekmsEncryptionContext | Specifies the AWS KMS Encryption Context to use for object encryption. | No |
| requestPayer | Confirms that the requester knows that they will be charged for the request. | No |
| tagging | NOTE: This will be supported from s3 sdk 2.10.46 onwards. | No |
| objectLockMode | The Object locking mode that you want to apply to this object. Valid values are:
|
|
| objectLockRetainUntilDate | The date and time when you want this object's Object Lock to expire. | No |
| objectLockLegalHoldStatus | Indicates whether the specified object has a Legal Hold in place.. Valid values are:
|
No |
Example
<cfscript>
storageService = getCloudService(application.awsCred,application.s3Conf)
// create a bucket
createBucketRequest = {
"bucket" : "bucket.parallel.upload"
}
rootObj = storageService.createBucket(createBucketRequest)
// parallel upload struct
parallelUploadRequest = {
"srcFile" : "#ExpandPath('..')#/files/file.txt",
"chunkLengthInBytes": "5e+6",
"timeOutInSeconds": "60",
"key": "key1"
}
try{
uploadResponse = rootObj.parallelUploadFile(parallelUploadRequest)
writeOutput("Parallel upload successful")
writeDump(uploadResponse)
}
catch(any e){
writeDump(e)
}
</cfscript>
Download file parallelly
Once you’ve uploaded a large object in a bucket, you can then download the object parallelly, in parts.
Syntax
parallelDownloadFile(parameterStruct)
Parameters
| Parameter | Description | Required |
|---|---|---|
| key | The key with which an object was uploaded. | Yes |
| destinationFile | The location where you want to download the file to. | Yes |
| chunkLengthInBytes | Size of the content chunk. | No |
| cacheControl |
Set the cache control header of the object, | No |
| contentDisposition |
Set the Content-Disposition header of the response. |
No |
| contentEncoding |
Set the Content-Encoding header of the response. |
No |
| contentLanguage |
Set the Content-Language header of the response. |
No |
| contentType |
Set the Content-Type header of the response. |
No |
| expires |
Sets the Response header of the response. |
No |
| versionId |
Refer to a specific version of the object. | No |
| sseCustomerAlgorithm |
Specify the algorithm to use to when encrypting the object. |
No |
| sseCustomerKey |
Specify the customer-provided encryption key for S3 to use in encrypting data. |
No |
| requestPayer |
Confirms that the requester knows that they will be charged for the request. |
No |
Example
<cfscript>
storageService = cloudService(application.awsCred,application.s3Conf)
// create a bucket
createBucketRequest = {
"bucket" : "bucket.parallel.download"
}
rootObj = storageService.createBucket(createBucketRequest)
// parallel upload struct
parallelUploadRequest = {
"srcFile" : "#ExpandPath('..')#/files/file.txt",
"chunkLengthInBytes": "5e+6",
"timeOutInSeconds": "60",
"key": "key1"
}
// upload object parallelly
rootObj.parallelUploadFile(parallelUploadRequest)
// parallel download struct
parallelDownloadRequest = {
"key" : "key1",
"destinationFile" : "file.txt",
"chunkLengthInBytes": "5e+6"
}
downloadResponse=rootObj.parallelDownloadFile(parallelDownloadRequest)
writeDump(downloadResponse)
</cfscript>
Multi-part upload of files
Multipart upload allows you to upload a single object as a set of parts. Each part is a contiguous portion of the object's data.
You can upload these object parts independently and in any order.
For more information, see Multi-part uploads in AWS.
Syntax
multipartUpload(parameterStruct)
Parameters
| Parameter | Description | Required |
|---|---|---|
| srcFile | The location of the file that you want to upload. | Yes |
| chunkLengthInBytes | Size of the content chunk. | No |
| timeOutInSeconds | The time out of the upload operation. | No |
| acl | Amazon S3 access control lists (ACLs) enable you to manage access to buckets and objects. Valid values are:
|
No |
| cacheControl | Specify the caching behavior as defined here. | No |
| contentDisposition | Specify the content format of the object as defined here. | No |
| contentEncoding | Specify the type of encoding on the object as defined here. | No |
| contentLanguage | The language of the object that you want to upload. | No |
| contentLength | The size of the object in bytes. | No |
| validateContentMD5 : | True | False. The base64-encoded 128-bit MD5 digest of the message (without the headers). | No |
| contentType | The format of the content as defined here. | No |
| expires | The date and time when the object cannot be cached any longer. | No |
| grantFullControl | Gives the grantee READ, READ_ACP, and WRITE_ACP permissions on the object. | No |
| grantRead | Allows grantee to read the object ACL. | No |
| grantReadACP | Allows grantee to read the object ACL. | No |
| grantWriteACP | Allows grantee to write the ACL for the object. | No |
| metadata | The object metadata to use. | No |
| serverSideEncryption | The server-side encryption algorithm to be used. | No |
| storageClass | Valid values are:
For more information, see S3 storage class. |
No |
| websiteRedirectLocation | If the bucket is configured as a website, specify the redirect request to another object in the same bucket or to an external URL. | No |
| sseCustomerAlgorithm | Specifies the algorithm to use to when encrypting the object. | No |
| sseCustomerKey | Specifies the customer-provided encryption key for S3 to use in encrypting data. | No |
| sseCustomerKeyMD5 | Specifies the MD5 of the key. | No |
| ssekmsKeyId | Specifies the ID of the AWS Key Management Service (AWS KMS). | No |
| ssekmsEncryptionContext | Specifies the AWS KMS Encryption Context to use for object encryption. | No |
| requestPayer | Confirms that the requester knows that they will be charged for the request. | No |
| tagging | NOTE: This will be supported from s3 sdk 2.10.46 onwards. | No |
| objectLockMode | The Object locking mode that you want to apply to this object. Valid values are:
|
|
| objectLockRetainUntilDate | The date and time when you want this object's Object Lock to expire. | No |
| objectLockLegalHoldStatus | Indicates whether the specified object has a Legal Hold in place.. Valid values are:
|
No |
Example
<cfscript>
storageService = cloudService(application.awsCred,application.s3Conf)
// create a bucket
createBucketRequest = {
"bucket" : "bucket.parallel.multipartupload"
}
rootObj = storageService.createBucket(createBucketRequest)
// multi part upload struct
mulitipartUploadRequest = {
"srcFile" : "#ExpandPath('..')#/files/file.mp4",
"chunkLengthInBytes": "5e+6",
"timeOutInSeconds": "2",
"key": "key1"
}
try{
uploadResponse = rootObj.multipartUpload(mulitipartUploadRequest)
writeOutput("File uploaded sucessfully in multiple parts")
writeDump(uploadResponse)
}
catch(any e){
writeDump(e)
}
</cfscript>
Upload an object
Upload an object to a bucket.
Syntax
uploadObject(parameterStruct)
Parameters
| Parameter | Description | Required |
|---|---|---|
| key |
Unique identifier of the object. | Yes |
| acl |
The ACL to apply to the object. For more information, see Canned ACL.The valid values are:
|
No |
| cacheControl |
Specify the caching behavior as defined here. | No |
| contentDisposition |
Specify the content format of the object as defined here. | No |
| contentEncoding |
Specify the type of encoding on the object as defined here. | No |
| contentLanguage |
The language of the object that you want to upload. | No |
| contentLength |
The size of the object in bytes. | No |
| validateContentMD5 |
The base64-encoded 128-bit MD5 digest of the message (without the headers). |
No |
| contentType |
The format of the content as defined here. | No |
| expires |
The date and time when the object cannot be cached any longer. |
No |
| grantFullControl |
Gives the grantee READ, READ_ACP, and WRITE_ACP permissions on the object. |
No |
| grantRead |
Allows grantee to only read the object data. |
No |
| grantWrite |
Allows grantee to write to the object data. |
No |
| grantReadACP |
Allows grantee to read the object ACL. |
No |
| grantWriteACP |
Allows grantee to write the ACL for the object. |
No |
| metadata |
The object metadata to use. | No |
| serverSideEncryption |
The server-side encryption algorithm to be used. |
No |
| storageClass |
Valid values are:
For more information, see S3 storage class. |
No |
| websiteRedirectLocation |
If the bucket is configured as a website, specify the redirect request to another object in the same bucket or to an external URL. |
No |
| sseCustomerAlgorithm |
Specifies the algorithm to use to when encrypting the object. |
No |
| sseCustomerKey |
Specifies the customer-provided encryption key for S3 to use in encrypting data. |
No |
| ssekmsKeyId |
Specifies the ID of the AWS Key Management Service (AWS KMS). |
No |
| ssekmsEncryptionContext |
Specifies the AWS KMS Encryption Context to use for object encryption. |
No |
| requestPayer |
Confirms that the requester knows that they will be charged for the request. |
No |
| tagging |
The tag-set for the object. Must be a struct of key-value pairs. |
No |
| objectLockMode |
The Object locking mode that you want to apply to this object. Valid values are:
|
No |
| objectLockRetainUntilDate |
The date and time when you want this object's Object Lock to expire. |
No |
| object | Object to be uploaded. | No |
| type | Object type- json | No |
| useCustomSerializer | True or False. Whether to use the custom serializer or not. The default value is true. The custom serializer will be always used for XML deserialization. If false, the XML/JSON deserialization will be done using the default ColdFusion behavior. If any other type is passed with useCustomSerializer as false, then TypeNotSupportedException will be thrown. For more information, see Serialize. |
No |
| objectLockLegalHoldStatus |
Indicates whether the specified object has a Legal Hold in place.. Valid values are:
|
Example
<cfscript>
storageService = getCloudService(application.awsCred,application.s3Conf)
// create the bucket
rootObj=storageService.bucket("bucket.download.object","true")
key = "key12"
a=["a","b","c","d"];
// define upload struct
uploadStruct = {
"type": "json",
"object" : a,
"key" : key
}
// upload an object
try{
rootObj.uploadObject(uploadStruct)
writeOutput("Object uploaded successfully")
}
catch(any e){
writeOutput("Failed to upload object")
writeDump(e)
}
// define download struct
downloadStruct = {
"type": "json",
"key" : key
}
// download the object
try{
rootObj.downloadObject(downloadStruct)
writeOutput("Object downloaded successfully")
}
catch(any e){
writeOutput("Failed to download object")
writeDump(e)
}
</cfscript>
Download an object
Download an object that was uploaded previously.
Syntax
downloadObject(parameterStruct)
Parameters
| Parameter | Description | Required |
|---|---|---|
| key |
Unique identifier of the object. | Yes |
| cacheControl |
Set the cache control header of the object, | No |
| contentDisposition |
Set the Content-Disposition header of the response. |
No |
| contentEncoding |
Set the Content-Encoding header of the response. |
No |
| contentLanguage |
Set the Content-Language header of the response. |
No |
| contentType |
Set the Content-Type header of the response. |
No |
| expires |
Sets the Response header of the response. |
No |
| versionId |
Refer to a specific version of the object. | No |
| sseCustomerAlgorithm |
Specify the algorithm to use to when encrypting the object. |
No |
| sseCustomerKey |
Specify the customer-provided encryption key for S3 to use in encrypting data. |
No |
| requestPayer |
Confirms that the requester knows that they will be charged for the request. |
No |
| type | Object type- json | No |
| useCustomSerializer | True or False | No |
Example
<cfscript>
storageService = getCloudService(application.awsCred,application.s3Conf)
// create the bucket
rootObj=storageService.bucket("bucket.download.object","true")
key = "key12"
a=["a","b","c","d"];
// define upload struct
uploadStruct = {
"type": "json",
"object" : a,
"key" : key
}
// upload an object
try{
rootObj.uploadObject(uploadStruct)
writeOutput("Object uploaded successfully")
}
catch(any e){
writeOutput("Failed to upload object")
writeDump(e)
}
// define download struct
downloadStruct = {
"type": "json",
"key" : key
}
// download the object
try{
rootObj.downloadObject(downloadStruct)
writeOutput("Object downloaded successfully")
}
catch(any e){
writeOutput("Failed to download object")
writeDump(e)
}
</cfscript>
Upload a directory
Upload a directory in a bucket. You can also perform a bulk upload.
Syntax
uploadDirectory(parameterStruct)
Parameters
|
Parameter |
Description |
Required |
|---|---|---|
|
prefix |
It is the prefix that will be added to the object key while uploading. |
Yes |
|
sourceDirectory |
The location of the directory to upload. |
Yes |
|
uploadNestedDirectory |
True or False. Specify if you want to include sub-directories inside the main folder. |
No |
Example
<cfscript>
storageService = getCloudService(application.awsCred,application.s3Conf)
// create a bucket
createBucketRequest = {
"acl":"PRIVATE",
"bucket" : "bucket.b.four",
"objectLockEnabledForBucket" : true
}
bucketObj=storageService.createBucket(createBucketRequest)
// define request parameters for upload
dirUploadReq = {
"prefix" : "test_bulk\",
"sourceDirectory" : "../files",
"uploadNestedDirectory" : true
}
try{
uploadResponse=storageService.uploadDirectory(dirUploadReq)
writeOutput("Directory uploaded successfully")
writeDump(uploadResponse)
}
catch(any e){
writeDump(e)
}
</cfscript>
PutObjectLockConfiguration
Place an Object Lock configuration on the specified bucket.
For more information, see the official docs.
Syntax
putObjectLockConfiguration(parameterStruct)
Parameters
|
Parameter |
Description |
Required |
|---|---|---|
|
objectLockConfiguration |
The root level tag for the ObjectLockConfiguration parameters. |
Yes |
|
objectLockEnabled |
Whether this bucket has an Object Lock configuration enabled. Valid values are: ENABLED |
No |
|
defaultRetention |
Struct containing the following: mode: The Object locking mode that you want to apply to this object. Valid values are:
days: Number of days to lock the object for. years: Number of years to lock the object for. Note: Specify either days or years, not both. |
No |
Example
<cfscript>
storageService = getCloudService(application.awsCred,application.s3Conf)
// create a bucket
createBucketRequest = {
"acl":"PRIVATE",
"bucket" : "bucket.demo.getobjectlock",
"objectLockEnabledForBucket" : true
}
// create a bucket
bucketObj=storageService.createBucket(createBucketRequest)
// upload an object to the bucket
uploadStruct={
"srcFile":"#ExpandPath('./')#/s3-notes.pdf",
"key":"key161"
}
bucketObj.uploadFile(uploadStruct)
// put object lock
putObjectLockRequest = {
"objectLockConfiguration" : {
"objectLockEnabled" : "ENABLED",
"defaultRetention" : {
"mode" : "GOVERNANCE",
"days" : 31
}
}
}
bucketObj.putObjectLockConfiguration(putObjectLockRequest)
// get object lock
objectLockResponse=bucketObj.getObjectLockConfiguration()
writeDump(objectLockResponse)
</cfscript>
getObjectLockConfiguration
Get the Object Lock configuration for a bucket.
For more information, see the official docs.
Syntax
getObjectLockConfiguration()
Example
<cfscript>
storageService = getCloudService(application.awsCred,application.s3Conf)
// create a bucket
createBucketRequest = {
"acl":"PRIVATE",
"bucket" : "bucket.demo.getobjectlock",
"objectLockEnabledForBucket" : true
}
// create a bucket
bucketObj=storageService.createBucket(createBucketRequest)
// upload an object to the bucket
uploadStruct={
"srcFile":"#ExpandPath('./')#/s3-notes.pdf",
"key":"key161"
}
bucketObj.uploadFile(uploadStruct)
// put object lock
putObjectLockRequest = {
"objectLockConfiguration" : {
"objectLockEnabled" : "ENABLED",
"defaultRetention" : {
"mode" : "GOVERNANCE",
"days" : 31
}
}
}
bucketObj.putObjectLockConfiguration(putObjectLockRequest)
// get object lock
objectLockResponse=bucketObj.getObjectLockConfiguration()
writeDump(objectLockResponse)
</cfscript>
acquireLegalHold
Apply a Legal Hold to object.
For more information, see Locking Objects and the official doc.
Syntax
acquireLegalHold(parameterStruct)
Parameters
|
Parameter |
Description |
Required |
|---|---|---|
|
key |
The key name for the object that you want to place a Legal Hold on. |
Yes |
|
versionId |
The version ID of the object that you want to place a Legal Hold on. |
No |
|
legalHold |
The root level tag for the LegalHold parameters. Struct containing the following: status: ON or OFF |
No |
|
requestPayer |
Confirms that the requester knows that they will be charged for the request. Valid value is: REQUESTER |
No |
Example
<cfscript>
storageService = getCloudService(application.awsCred,application.s3Conf)
// create a bucket
createBucketRequest = {
"acl":"PRIVATE",
"bucket" : "bucket.demo.acquirelegalhold",
"objectLockEnabledForBucket" : true
}
// create a bucket
bucketObj=storageService.createBucket(createBucketRequest)
// upload an object to the bucket
uploadStruct={
"srcFile":"#ExpandPath('./')#/s3-notes.pdf",
"key":"key121"
}
bucketObj.uploadFile(uploadStruct)
// enable versioning
bucketObj.enableVersioning()
// list all versions
list=bucketObj.listAllVersions()
// get version Id
v_id=list.response[1].versionId
// acquire legal hold request
acquireLegalHoldRequest = {
"key" : "key121",
"versionId" : "#v_id#",
"legalHold" : {
"status" : "ON"
},
"requestPayer" : "REQUESTER"
}
try{
acquireHoldResponse=bucketObj.acquireLegalHold(acquireLegalHoldRequest)
writeDump(acquireHoldResponse)
}
catch (any e){
writeDump(e)
}
</cfscript>
getLegalHold
Apply a Legal Hold to object.
For more information, see Locking Objects.
Syntax
getLegalHold(parameterStruct)
Parameters
|
Parameter |
Description |
Required |
|---|---|---|
|
key |
The key name for the object whose Legal Hold status you want to get. |
Yes |
|
versionId |
The version ID of the object whose Legal Hold status you want to get. |
No |
|
requestPayer |
Confirms that the requester knows that they will be charged for the request. Valid value is: REQUESTER |
No |
Example
<cfscript>
storageService = getCloudService(application.awsCred,application.s3Conf)
createBucketRequest = {
"acl":"PRIVATE",
"bucket" : "bucket.demo.getlegalhold",
"objectLockEnabledForBucket" : true
}
// create a bucket
bucketObj=storageService.createBucket(createBucketRequest)
// upload an object to the bucket
uploadStruct={
"srcFile":"#ExpandPath('./')#/s3-notes.pdf",
"key":"key141"
}
bucketObj.uploadFile(uploadStruct)
// enable versioning
bucketObj.enableVersioning()
// list all versions
list=bucketObj.listAllVersions()
// get version Id
v_id=list.response[1].versionId
// get legal hold status on the object
getLegalHoldRequest = {
"key" : "key141",
"versionId" : "#v_id#",
"requestPayer" : "REQUESTER"
}
getLegalHoldResponse=bucketObj.getLegalHold(getLegalHoldRequest)
writeDump(getLegalHoldResponse)
</cfscript>
Acquire retention lock
Place an Object Retention configuration on an object.
For more information, see the official docs.
Syntax
acquireRetentionLock(parameterStruct)
Parameters
|
Parameter |
Description |
Required |
|---|---|---|
|
key |
The key name for the object that you want to apply this Object Retention configuration to. |
Yes |
|
versionID |
The version ID for the object that you want to apply this Object Retention configuration to. |
No |
|
retention |
Struct containing the following:
|
No |
|
requestPayer |
Confirms that the requester knows that he/she will be charged for the request. |
No |
|
bypassGovernanceRetention |
Whether this operation must bypass Governance-mode restrictions. |
|
Example
<cfscript>
storageService = getCloudService(application.awsCred,application.s3Conf)
createBucketRequest = {
"acl":"PRIVATE",
"bucket" : "bucket.demo.acquireretentionlock",
"objectLockEnabledForBucket" : true
}
// create a bucket
bucketObj=storageService.createBucket(createBucketRequest)
// upload an object to the bucket
uploadStruct={
"srcFile":"#ExpandPath('./')#/s3-notes.pdf",
"key":"key131"
}
bucketObj.uploadFile(uploadStruct)
// enable versioning
bucketObj.enableVersioning()
// list all versions
list=bucketObj.listAllVersions()
// get version Id
v_id=list.response[1].versionId
retainDate=DateFormat(DateAdd("d",8,now()),"yyyy-mm-dd")
retentionRequestStruct = {
"key" : "key131",
"versionId" : "#v_id#",
"retention" : {
"mode" : "GOVERNANCE",
"retainUntilDate" : "#retainDate#"
},
"requestPayer" : "REQUESTER",
"bypassGovernanceRetention" : false
}
try{
acquireRetentionLockResponse=bucketObj.acquireRetentionLock(retentionRequestStruct)
writeDump(acquireRetentionLockResponse)
}
catch(any e){
writeDump(e)
}
</cfscript>
Get retention lock
Retrieve an object's retention settings.
Syntax
getRetentionLock(parameterStruct)
Parameters
|
Parameter |
Description |
Required |
|---|---|---|
|
key |
The key name for the object for which you want to retrieve this Object Retention configuration. |
Yes |
|
versionId |
The version id for the object for which you want to retrieve this Object Retention configuration. |
No |
|
requestPayer |
Confirms that the requester knows that he/she will be charged for the request. Valid value is: REQUESTER |
No |
Example
<cfscript>
storageService = getCloudService(application.awsCred, application.s3Conf)
createBucketRequest = {
"bucket" : "bucket.demo.lock",
"objectLockEnabledForBucket" : "true"
}
rootObj=storageService.createBucket(createBucketRequest)
//rootObj=storageService.bucket("cfqa2.test123456",true);
rootObj.enableVersioning()
// upload a file
uploadRequest = {
"srcFile" : "test.txt",
"key" : "test",
"validateContentMD5":"true",
"objectLockMode" : "GOVERNANCE",
"objectLockRetainUntilDate" : "2019-12-11",
"objectLockLegalHoldStatus" : "ON"
}
rootObj.uploadFile(uploadRequest);
//writedump(uploadResponse)
request1 = {
"objectLockConfiguration" : {
"objectLockEnabled" : "ENABLED",
"defaultRetention" : {
"mode" : "GOVERNANCE",
"days" : "2",
"years": "1"
}
}
}
rootObj.putObjectLockConfiguration(request1)
retentionRequest = {
"key" : "test",
"retention" : {
"mode" : "GOVERNANCE",
"retainUntilDate" : "{ts '2019-11-27 12:13:50'}"
},
"bypassGovernanceRetention" :"true"
}
rootObj.acquireRetentionLock(retentionRequest)
getRetentionRequest={
"key" : "test"
}
writedump(rootObj.getRetentionLock(getRetentionRequest))
</cfscript>
Requester Pay
In general, bucket owners pay for the storage and data transfer costs associated with their bucket. A bucket owner can configure a bucket to be a Requester Pays bucket. With Requester Pays buckets, the requester instead of the bucket owner pays the cost of the request and the data download from the bucket. The bucket owner always pays the cost of storing data.
Typically, you configure buckets to be Requester Pays when you want to share data but not incur charges associated with others accessing the data. You might, for example, use Requester Pays buckets when making available large datasets, such as zip code directories, reference data, geospatial information, or web crawling data.
If you enable Requester Pays on a bucket, anonymous access to that bucket is not allowed.
You must authenticate all requests involving Requester Pays buckets. The request authentication enables Amazon S3 to identify and charge the requester for their use of the Requester Pays bucket.
enableRequesterPay
Enable requester pay on a bucket.
Syntax
enableRequesterpay()
Example
<cfscript>
storageService = getCloudService(application.awsCred,application.s3Conf)
// create a bucket
createBucketRequest = {
"acl":"PRIVATE",
"bucket" : "sg.bucket",
"objectLockEnabledForBucket" : true
}
// create a bucket
myobj=storageService.createBucket(createBucketRequest)
// Enabling "Requester Pays" on bucket:
myobj.enableRequesterpay()
// Get Requester Pay status:
getResponse=myobj.getRequesterPayStatus()
writeDump(getResponse)
</cfscript>
disableRequesterPay
Disable requester pay on a bucket.
Syntax
disableRequesterPay()
Example
<cfscript>
storageService = getCloudService(application.awsCred,application.s3Conf)
// create a bucket
createBucketRequest = {
"acl":"PRIVATE",
"bucket" : "bucket.demo.disablerequester",
"objectLockEnabledForBucket" : true
}
// create a bucket
bucketObj=storageService.createBucket(createBucketRequest)
// Enabling "Requester Pays" on bucket
bucketObj.enableRequesterpay()
// Disable requester pay status on the bucket
try{
disableRequesterPayResponse=bucketObj.disableRequesterPay()
writeOutput("Requester pay disabled")
writeDump(disableRequesterPayResponse)
}
catch (any e){
writeOutput("Unable to disable requester pay")
writeDUmp(e)
}
</cfscript>
getRequesterPayStatus
Check if requester pay is enabled on bucket.
Syntax
getRequesterPayStatus()
Example
<cfscript>
storageService = cloudService(application.awsCred,application.s3Conf)
// create a bucket
createBucketRequest = {
"acl":"PRIVATE",
"bucket" : "bucket.demo.getrequester",
"objectLockEnabledForBucket" : true
}
// create a bucket
bucketObj=storageService.createBucket(createBucketRequest)
// Enabling "Requester Pays" on bucket
bucketObj.enableRequesterpay()
// Get the requester pay details
getRequesterPayResponse=bucketObj.getRequesterPayStatus()
writeDump(getRequesterPayResponse)
</cfscript>
Security
AWS provides Identity and Access Management (IAM) user policies that specify the users that can access specific buckets and objects.
AWS S3 provides writing bucket policies that define access to specific buckets and objects. You can use a bucket policy to grant access across AWS accounts, grant public or anonymous permissions, and allow or block access based on conditions.
Using Amazon S3 Block Public Access as a centralized way to limit public access. Block Public Access settings override bucket policies and object permissions. Be sure to enable Block Public Access for all accounts and buckets that you don't want publicly accessible.
Amazon S3 block public access provides four settings. You can apply these settings in any combination to individual buckets or to entire AWS accounts. If you apply a setting to an account, it applies to all buckets that are owned by that account.
putSecurityAccessBlock
Block public access on bucket. For more information, see Public access block.
Syntax
putSecurityAccessBlock(parameterStruct)
Parameters
|
Parameter |
Description |
Required |
|---|---|---|
|
blockPublicAcls |
TRUE or FALSE. Whether S3 must block public access control lists (ACLs) for this bucket and objects in this bucket. |
No |
|
ignorePublicAcls |
TRUE or FALSE. Whether S3 must ignore public access control lists (ACLs) for this bucket and objects in this bucket. |
No |
|
blockPublicPolicy |
TRUE or FALSE. Whether S3 must block public bucket policies for this bucket. |
No |
|
restrictPublicBuckets |
TRUE or FALSE. Whether S3 must restrict public bucket policies for this bucket. |
No |
Example
<cfscript>
storageService = getCloudService(application.awsCred,application.s3Conf)
// create a bucket
createBucketRequest = {
"acl":"PRIVATE",
"bucket" : "bucket.demo.getpublicaccess",
"objectLockEnabledForBucket" : true
}
bucketobj=storageService.createBucket(createBucketRequest)
pubAccessReq = {
"publicAccessBlockConfiguration" : {
"blockPublicAcls" : true,
"ignorePublicAcls" : true,
"blockPublicPolicy" : true,
"restrictPublicBuckets" : true
}
}
try{
accessBlockResponse=bucketobj.putSecurityAccessBlock(pubAccessReq)
writeOutput("Block to public access enforced successfully")
writeDump(accessBlockResponse)
}
catch(any e){
writeOutput("Failed to block public access")
writeDump(e)
}
// get the block details
getBlockResponse=bucketobj.getSecurityAccessBlock()
writeDump(getBlockResponse)
</cfscript>
getSecurityAccessBlock
Get public access configuration on bucket. For more information, see Get public access block.
Syntax
getSecurityAccessBlock()
Example
<cfscript>
storageService = getCloudService(application.awsCred,application.s3Conf)
// create a bucket
createBucketRequest = {
"acl":"PRIVATE",
"bucket" : "bucket.demo.getpublicaccess",
"objectLockEnabledForBucket" : true
}
bucketobj=storageService.createBucket(createBucketRequest)
pubAccessReq = {
"publicAccessBlockConfiguration" : {
"blockPublicAcls" : true,
"ignorePublicAcls" : true,
"blockPublicPolicy" : true,
"restrictPublicBuckets" : true
}
}
try{
accessBlockResponse=bucketobj.putSecurityAccessBlock(pubAccessReq)
writeOutput("Block to public access enforced successfully")
writeDump(accessBlockResponse)
}
catch(any e){
writeOutput("Failed to block public access")
writeDump(e)
}
// get the block details
getBlockResponse=bucketobj.getSecurityAccessBlock()
writeDump(getBlockResponse)
</cfscript>
Get location of an S3 bucket
Get the region that contains a bucket.
For more information, see Get bucket location.
Syntax
getLocation()
Example
<cfscript>
storageService = getCloudService(application.awsCred, application.s3Conf)
// create a bucket
createBucketRequest = {
"acl":"PRIVATE",
"bucket" : "bucket.demo.loc",
"objectLockEnabledForBucket" : true
}
// create a bucket
bucketObj=storageService.createBucket(createBucketRequest)
// get bucket location
bucketLoc=bucketObj.getLocation()
writeDump(bucketLoc)
</cfscript>
Get metadata of an object
Get the metadata of an object in a bucket. While uploading an object, you'd have already set the object's metadata.
Syntax
getObjectMetadata(parameterStruct)
Parameters
|
Parameter |
Description |
Required |
|---|---|---|
|
key |
The key with which the object was uploaded. |
Yes |
|
versionId |
The version id associated with the object. |
No |
Example
<cfscript>
storageService = cloudService(application.awsCred,application.s3Conf)
// create a bucket
bucketStruct={
"acl":"PRIVATE",
"bucket" : "bucket.demo.objectmetadatademo",
"objectLockEnabledForBucket" : true
}
bucketObj=storageService.createBucket(bucketStruct)
// upload an object into the bucket
uploadStruct={
"srcFile" : "#ExpandPath('./')#/Colors.jpg",
"key" : "key001",
"metadata": {
"filename": "Colors.jpg",
"creator":"john",
"place":"london",
"creation_date":"2020/04/20",
"filetype":"image"
}
}
bucketObj.uploadFile(uploadStruct)
// get object metadata
objectMetadataResponse=bucketObj.getObjectMetadata("key001")
writeDump(objectMetadataResponse)
</cfscript>
Pre-signed URL
A pre-signed URL gives you access to the object identified in the URL, provided that the creator of the pre-signed URL has permissions to access that object. If you receive a pre-signed URL to upload an object, you can upload the object only if the creator of the pre-signed URL has the necessary permissions to upload that object.
For more information, see Uploading objects using pre-signed urls.
generateGetPresignedUrl
Generate a url to get an object.
Syntax
generateGetPresignedUrl(parameterStruct)
Parameters
| Parameter | Description | Required |
|---|---|---|
| duration | Duration of the url in days. | No |
| key | The key associated with the object. | Yes |
| cacheControl |
Specify the caching behavior as defined here. | No |
| contentDisposition |
Specify the content format of the object as defined here. | No |
| contentEncoding |
Specify the type of encoding on the object as defined here. | No |
| contentLanguage |
The language of the object that you want to upload. | No |
| contentType |
The format of the content as defined here. | No |
| expires |
The date and time when the object cannot be cached any longer. |
No |
| versionId | The version id of the object. | No |
| sseCustomerAlgorithm |
Specifies the algorithm to use to when encrypting the object. |
No |
| sseCustomerKey |
Specifies the customer-provided encryption key for S3 to use in encrypting data. |
No |
| sseCustomerKeyMD5 | Specifies the MD5 of the key. | No |
| requestPayer | Confirms that the requester knows that they will be charged for the request. | No |
Example
<cfscript>
storageService = getCloudService(application.awsCred,application.s3Conf)
// create a bucket
createBucketRequest = {
"bucket" : "bucket.parallel.getpresignedurl"
}
rootObj = storageService.createBucket(createBucketRequest)
// upload a file
src = "#ExpandPath('..')#/files/file.txt"
key = "key12"
uploadStruct = {
"srcFile" : src,
"key" : key
}
rootObj.uploadFile(uploadStruct)
// Pre signed url struct
getPresignedUrlRequest = {
"duration": "1d", // 1 day
"key":key
}
getPresignedUrlResp = rootObj.generateGetPresignedUrl(getPresignedUrlRequest)
writeDump(getPresignedUrlResp)
</cfscript>
generatePutPresignedUrl
Generates a url to put an object.
Syntax
generatePutPresignedUrl(parameterStruct)
Parameters
|
Parameter |
Description |
Required |
|---|---|---|
|
duration |
Duration of the url in days. |
No |
|
key |
The key associated with the object. |
Yes |
Example
<cfscript>
storageService = getCloudService(application.awsCred,application.s3Conf)
// create a bucket
createBucketRequest = {
"bucket" : "bucket.parallel.putpresignedurl"
}
rootObj = storageService.createBucket(createBucketRequest)
putPresignedReq = {
"duration": "1d", // 1 day
"key" : "key12"
}
putPresignedUrlResp = rootObj.generatePutPresignedUrl(putPresignedReq);
writedump(putPresignedUrlResp)
</cfscript>