AWS services or capabilities described in AWS Documentation may vary by region/location. Click Getting Started with Amazon AWS to see specific differences applicable to the China (Beijing) Region.
End of support notice: Beginning October 1, 2025, Amazon S3 will discontinue support
for creating new Email Grantee Access Control Lists (ACL). Email Grantee ACLs created
prior to this date will continue to work and remain accessible through the Amazon
Web Services Management Console, Command Line Interface (CLI), SDKs, and REST API.
However, you will no longer be able to create new Email Grantee ACLs.
This change affects the following Amazon Web Services Regions: US East (N. Virginia)
Region, US West (N. California) Region, US West (Oregon) Region, Asia Pacific (Singapore)
Region, Asia Pacific (Sydney) Region, Asia Pacific (Tokyo) Region, Europe (Ireland)
Region, and South America (São Paulo) Region.
Adds an object to a bucket.
Amazon S3 never adds partial objects; if you receive a success response, Amazon S3
added the entire object to the bucket. You cannot use PutObject to only update
a single piece of metadata for an existing object. You must put the entire object
with updated metadata if you want to update some values.
If your bucket uses the bucket owner enforced setting for Object Ownership, ACLs are disabled and no longer affect permissions. All objects written to the bucket by any account will be owned by the bucket owner.
Directory buckets - For directory buckets, you must make requests for this
API operation to the Zonal endpoint. These endpoints support virtual-hosted-style
requests in the format https://amzn-s3-demo-bucket.s3express-zone-id.region-code.amazonaws.com/key-name. Path-style requests are not supported. For more information about endpoints
in Availability Zones, see Regional
and Zonal endpoints for directory buckets in Availability Zones in the Amazon
S3 User Guide. For more information about endpoints in Local Zones, see Concepts
for directory buckets in Local Zones in the Amazon S3 User Guide.
Amazon S3 is a distributed system. If it receives multiple write requests for the same object simultaneously, it overwrites all but the last object written. However, Amazon S3 provides features that can modify this behavior:
S3 Object Lock - To prevent objects from being deleted or overwritten, you can use Amazon S3 Object Lock in the Amazon S3 User Guide.
This functionality is not supported for directory buckets.
If-None-Match - Uploads the object only if the object key name does not already
exist in the specified bucket. Otherwise, Amazon S3 returns a 412 Precondition
Failed error. If a conflicting operation occurs during the upload, S3 returns
a 409 ConditionalRequestConflict response. On a 409 failure, retry the upload.
Expects the * character (asterisk).
For more information, see Add preconditions to S3 operations with conditional requests in the Amazon S3 User Guide or RFC 7232.
This functionality is not supported for S3 on Outposts.
S3 Versioning - When you enable versioning for a bucket, if Amazon S3 receives multiple write requests for the same object simultaneously, it stores all versions of the objects. For each write request that is made to the same object, Amazon S3 automatically generates a unique version ID of that object being stored in Amazon S3. You can retrieve, replace, or delete any version of the object. For more information about versioning, see Adding Objects to Versioning-Enabled Buckets in the Amazon S3 User Guide. For information about returning the versioning state of a bucket, see GetBucketVersioning.
This functionality is not supported for directory buckets.
General purpose bucket permissions - The following permissions are required
in your policies when your PutObject request includes specific headers.
s3:PutObject - To successfully complete the PutObject request,
you must always have the s3:PutObject permission on a bucket to add an object
to it.
s3:PutObjectAcl - To successfully change the objects ACL of your
PutObject request, you must have the s3:PutObjectAcl.
s3:PutObjectTagging - To successfully set the tag-set with your PutObject
request, you must have the s3:PutObjectTagging.
Directory bucket permissions - To grant access to this API operation on a
directory bucket, we recommend that you use the CreateSession API operation for session-based authorization. Specifically,
you grant the s3express:CreateSession permission to the directory bucket in
a bucket policy or an IAM identity-based policy. Then, you make the CreateSession
API call on the bucket to obtain a session token. With the session token in your request
header, you can make API requests to this operation. After the session token expires,
you make another CreateSession API call to generate a new session token for
use. Amazon Web Services CLI or SDKs create session and refresh the session token
automatically to avoid service interruptions when a session expires. For more information
about authorization, see CreateSession.
If the object is encrypted with SSE-KMS, you must also have the kms:GenerateDataKey
and kms:Decrypt permissions in IAM identity-based policies and KMS key policies
for the KMS key.
General purpose bucket - To ensure that data is not corrupted traversing the
network, use the Content-MD5 header. When you use this header, Amazon S3 checks
the object against the provided MD5 value and, if they do not match, Amazon S3 returns
an error. Alternatively, when the object's ETag is its MD5 digest, you can calculate
the MD5 while putting the object to Amazon S3 and compare the returned ETag to the
calculated MD5 value.
Directory bucket - This functionality is not supported for directory buckets.
Directory buckets - The HTTP Host header syntax is Bucket-name.s3express-zone-id.region-code.amazonaws.com.
For more information about related Amazon S3 APIs, see the following:
This is an asynchronous operation using the standard naming convention for .NET 4.7.2 or higher.
Namespace: Amazon.S3
Assembly: AWSSDK.S3.dll
Version: 3.x.y.z
public abstract Task<PutObjectResponse> PutObjectAsync( PutObjectRequest request, CancellationToken cancellationToken )
Container for the necessary parameters to execute the PutObject service method.
A cancellation token that can be used by other objects or threads to receive notice of cancellation.
.NET:
Supported in: 8.0 and newer, Core 3.1
.NET Standard:
Supported in: 2.0
.NET Framework:
Supported in: 4.7.2 and newer