# Getting started with Amazon S3 The following code example shows how to: + Create your first S3 bucket + Upload an object + Enable versioning + Configure default encryption + Add tags to your bucket + List objects and versions + Clean up resources ------ #### [ Bash ] **Amazon CLI with Bash script** There's more on GitHub. Find the complete example and learn how to set up and run in the [Sample developer tutorials](https://github.com/aws-samples/sample-developer-tutorials/tree/main/tuts/003-s3-gettingstarted) repository. ``` #!/bin/bash # S3 Getting Started - Create a bucket, upload and download objects, copy to a # folder prefix, enable versioning, configure encryption and public access # blocking, tag the bucket, list objects and versions, and clean up. set -eE set -o pipefail # ============================================================================ # Prerequisites check # ============================================================================ CONFIGURED_REGION=$(aws configure get region 2>/dev/null || true) if [ -z "$CONFIGURED_REGION" ] && [ -z "$AWS_DEFAULT_REGION" ] && [ -z "$AWS_REGION" ]; then echo "ERROR: No AWS region configured. Run 'aws configure' or set AWS_DEFAULT_REGION." exit 1 fi # Verify AWS credentials are configured if ! aws sts get-caller-identity &>/dev/null; then echo "ERROR: AWS credentials not configured or invalid. Run 'aws configure'." exit 1 fi # ============================================================================ # Setup: logging, temp directory, resource tracking # ============================================================================ UNIQUE_ID=$(head -c 6 /dev/urandom | od -An -tx1 | tr -d ' ') # Check for shared prereq bucket PREREQ_BUCKET=$(aws cloudformation describe-stacks --stack-name tutorial-prereqs-bucket \ --query 'Stacks[0].Outputs[?OutputKey==`BucketName`].OutputValue' --output text 2>/dev/null || true) if [ -n "$PREREQ_BUCKET" ] && [ "$PREREQ_BUCKET" != "None" ]; then BUCKET_NAME="$PREREQ_BUCKET" BUCKET_IS_SHARED=true echo "Using shared bucket: $BUCKET_NAME" else BUCKET_IS_SHARED=false BUCKET_NAME="s3api-${UNIQUE_ID}" fi TEMP_DIR=$(mktemp -d) trap 'rm -rf "$TEMP_DIR"' EXIT LOG_FILE="${TEMP_DIR}/s3-gettingstarted.log" CREATED_RESOURCES=() exec > >(tee -a "$LOG_FILE") 2>&1 echo "============================================" echo "S3 Getting Started" echo "============================================" echo "Bucket name: ${BUCKET_NAME}" echo "Temp directory: ${TEMP_DIR}" echo "Log file: ${LOG_FILE}" echo "" # ============================================================================ # Helper functions # ============================================================================ get_region() { echo "${AWS_REGION:-${AWS_DEFAULT_REGION:-${CONFIGURED_REGION}}}" } delete_object_versions() { local bucket=$1 local query=$2 local versions versions=$(aws s3api list-object-versions \ --bucket "$bucket" \ --query "$query" \ --output json 2>&1) || return 0 if [ -z "$versions" ] || [ "$versions" = "null" ] || [ "$versions" = "[]" ]; then return 0 fi echo "$versions" | jq -r '.[] | "\(.Key)\t\(.VersionId)"' 2>/dev/null | while IFS=$'\t' read -r key version_id; do if [ -n "$key" ] && [ "$key" != "null" ]; then aws s3api delete-object --bucket "$bucket" --key "$key" --version-id "$version_id" >/dev/null 2>&1 || true fi done return 0 } # ============================================================================ # Error handling and cleanup functions # ============================================================================ cleanup() { echo "" echo "============================================" echo "CLEANUP" echo "============================================" if [ "$BUCKET_IS_SHARED" = "false" ]; then echo "Deleting all object versions in bucket..." delete_object_versions "$BUCKET_NAME" "Versions[].{Key:Key,VersionId:VersionId}" || true delete_object_versions "$BUCKET_NAME" "DeleteMarkers[].{Key:Key,VersionId:VersionId}" || true echo "Deleting bucket: ${BUCKET_NAME}" if ! aws s3api delete-bucket --bucket "$BUCKET_NAME" 2>/dev/null; then echo "WARNING: Failed to delete bucket ${BUCKET_NAME}" fi # Clean up logs bucket LOG_TARGET_BUCKET="${BUCKET_NAME}-logs" if aws s3api head-bucket --bucket "$LOG_TARGET_BUCKET" 2>/dev/null; then echo "Deleting log bucket: ${LOG_TARGET_BUCKET}" if ! aws s3api delete-bucket --bucket "$LOG_TARGET_BUCKET" 2>/dev/null; then echo "WARNING: Failed to delete bucket ${LOG_TARGET_BUCKET}" fi fi else echo "Keeping shared bucket: ${BUCKET_NAME}" fi echo "" echo "Cleanup complete." } handle_error() { local line_number=$1 echo "" echo "============================================" echo "ERROR on line ${line_number}" echo "============================================" echo "" echo "Resources created before error:" if [ ${#CREATED_RESOURCES[@]} -gt 0 ]; then for RESOURCE in "${CREATED_RESOURCES[@]}"; do echo " - ${RESOURCE}" done else echo " (none)" fi echo "" echo "Attempting cleanup..." cleanup exit 1 } trap 'handle_error "$LINENO"' ERR # ============================================================================ # Step 1: Create a bucket # ============================================================================ echo "Step 1: Creating bucket ${BUCKET_NAME}..." if [ "$BUCKET_IS_SHARED" = "false" ]; then REGION=$(get_region) if [ "$REGION" = "us-east-1" ]; then if ! aws s3api create-bucket --bucket "$BUCKET_NAME" >/dev/null 2>&1; then echo "ERROR: Failed to create bucket $BUCKET_NAME" exit 1 fi else if ! aws s3api create-bucket \ --bucket "$BUCKET_NAME" \ --region "$REGION" \ --create-bucket-configuration LocationConstraint="$REGION" >/dev/null 2>&1; then echo "ERROR: Failed to create bucket $BUCKET_NAME in region $REGION" exit 1 fi fi CREATED_RESOURCES+=("s3:bucket:${BUCKET_NAME}") echo "Bucket created." if ! aws s3api put-bucket-tagging \ --bucket "$BUCKET_NAME" \ --tagging '{ "TagSet": [ { "Key": "project", "Value": "doc-smith" }, { "Key": "tutorial", "Value": "s3-gettingstarted" } ] }' >/dev/null 2>&1; then echo "WARNING: Failed to tag bucket" fi fi echo "" # ============================================================================ # Step 2: Upload a sample text file # ============================================================================ echo "Step 2: Uploading a sample text file..." SAMPLE_FILE="${TEMP_DIR}/sample.txt" cat > "$SAMPLE_FILE" << 'EOF' Hello, Amazon S3! This is a sample file for the getting started tutorial. EOF if ! aws s3api put-object \ --bucket "$BUCKET_NAME" \ --key "sample.txt" \ --body "$SAMPLE_FILE" \ --server-side-encryption AES256 \ --metadata "tutorial=s3-gettingstarted" >/dev/null 2>&1; then echo "ERROR: Failed to upload sample.txt" exit 1 fi echo "File uploaded." echo "" # ============================================================================ # Step 3: Download the object # ============================================================================ echo "Step 3: Downloading the object..." DOWNLOAD_FILE="${TEMP_DIR}/downloaded-sample.txt" if ! aws s3api get-object \ --bucket "$BUCKET_NAME" \ --key "sample.txt" \ "$DOWNLOAD_FILE" >/dev/null 2>&1; then echo "ERROR: Failed to download sample.txt" exit 1 fi echo "Downloaded to: ${DOWNLOAD_FILE}" echo "Contents:" cat "$DOWNLOAD_FILE" echo "" # ============================================================================ # Step 4: Copy the object to a folder prefix # ============================================================================ echo "Step 4: Copying object to a folder prefix..." if ! aws s3api copy-object \ --bucket "$BUCKET_NAME" \ --copy-source "${BUCKET_NAME}/sample.txt" \ --key "backup/sample.txt" \ --server-side-encryption AES256 \ --metadata-directive COPY >/dev/null 2>&1; then echo "ERROR: Failed to copy object to backup/sample.txt" exit 1 fi echo "Object copied to backup/sample.txt." echo "" # ============================================================================ # Step 5: Enable versioning and upload a second version # ============================================================================ echo "Step 5: Enabling versioning..." if ! aws s3api put-bucket-versioning \ --bucket "$BUCKET_NAME" \ --versioning-configuration Status=Enabled >/dev/null 2>&1; then echo "ERROR: Failed to enable versioning" exit 1 fi echo "Versioning enabled." echo "Uploading a second version of sample.txt..." cat > "$SAMPLE_FILE" << 'EOF' Hello, Amazon S3! This is version 2 of the sample file. EOF if ! aws s3api put-object \ --bucket "$BUCKET_NAME" \ --key "sample.txt" \ --body "$SAMPLE_FILE" \ --server-side-encryption AES256 \ --metadata "tutorial=s3-gettingstarted,version=2" >/dev/null 2>&1; then echo "ERROR: Failed to upload second version of sample.txt" exit 1 fi echo "Second version uploaded." echo "" # ============================================================================ # Step 6: Configure SSE-S3 encryption # ============================================================================ echo "Step 6: Configuring SSE-S3 default encryption..." if ! aws s3api put-bucket-encryption \ --bucket "$BUCKET_NAME" \ --server-side-encryption-configuration '{ "Rules": [ { "ApplyServerSideEncryptionByDefault": { "SSEAlgorithm": "AES256" }, "BucketKeyEnabled": true } ] }' >/dev/null 2>&1; then echo "ERROR: Failed to configure SSE-S3 encryption" exit 1 fi echo "SSE-S3 encryption configured." echo "" # ============================================================================ # Step 7: Block all public access # ============================================================================ echo "Step 7: Blocking all public access..." if ! aws s3api put-public-access-block \ --bucket "$BUCKET_NAME" \ --public-access-block-configuration '{ "BlockPublicAcls": true, "IgnorePublicAcls": true, "BlockPublicPolicy": true, "RestrictPublicBuckets": true }' >/dev/null 2>&1; then echo "ERROR: Failed to block public access" exit 1 fi echo "Public access blocked." echo "" # ============================================================================ # Step 8: Configure bucket logging # ============================================================================ echo "Step 8: Configuring bucket logging..." LOG_TARGET_BUCKET="${BUCKET_NAME}-logs" if [ "$BUCKET_IS_SHARED" = "false" ]; then REGION=$(get_region) if [ "$REGION" = "us-east-1" ]; then aws s3api create-bucket --bucket "$LOG_TARGET_BUCKET" >/dev/null 2>&1 || true else aws s3api create-bucket \ --bucket "$LOG_TARGET_BUCKET" \ --region "$REGION" \ --create-bucket-configuration LocationConstraint="$REGION" >/dev/null 2>&1 || true fi if ! aws s3api put-bucket-tagging \ --bucket "$LOG_TARGET_BUCKET" \ --tagging '{ "TagSet": [ { "Key": "project", "Value": "doc-smith" }, { "Key": "tutorial", "Value": "s3-gettingstarted" } ] }' >/dev/null 2>&1; then echo "WARNING: Failed to tag log bucket" fi aws s3api put-bucket-acl --bucket "$LOG_TARGET_BUCKET" --acl log-delivery-write 2>/dev/null || true if ! aws s3api put-bucket-logging \ --bucket "$BUCKET_NAME" \ --bucket-logging-status '{ "LoggingEnabled": { "TargetBucket": "'$LOG_TARGET_BUCKET'", "TargetPrefix": "logs/" } }' >/dev/null 2>&1; then echo "WARNING: Failed to configure bucket logging" else echo "Bucket logging configured." fi else echo "Skipping logging configuration for shared bucket." fi echo "" # ============================================================================ # Step 9: Tag the bucket # ============================================================================ echo "Step 9: Tagging the bucket..." if ! aws s3api put-bucket-tagging \ --bucket "$BUCKET_NAME" \ --tagging '{ "TagSet": [ { "Key": "project", "Value": "doc-smith" }, { "Key": "tutorial", "Value": "s3-gettingstarted" }, { "Key": "Environment", "Value": "Tutorial" }, { "Key": "Project", "Value": "S3-GettingStarted" }, { "Key": "ManagedBy", "Value": "Bash-Tutorial" } ] }' >/dev/null 2>&1; then echo "ERROR: Failed to tag bucket" exit 1 fi echo "Bucket tagged." echo "Verifying tags..." if ! aws s3api get-bucket-tagging --bucket "$BUCKET_NAME" 2>&1; then echo "WARNING: Failed to retrieve bucket tags" fi echo "" # ============================================================================ # Step 10: List objects and versions # ============================================================================ echo "Step 10: Listing objects..." if ! aws s3api list-objects-v2 --bucket "$BUCKET_NAME" 2>&1; then echo "WARNING: Failed to list objects" fi echo "" echo "Listing object versions..." if ! aws s3api list-object-versions --bucket "$BUCKET_NAME" 2>&1; then echo "WARNING: Failed to list object versions" fi echo "" # ============================================================================ # Step 11: Cleanup # ============================================================================ echo "" echo "============================================" echo "TUTORIAL COMPLETE" echo "============================================" echo "" echo "Resources created:" if [ ${#CREATED_RESOURCES[@]} -gt 0 ]; then for RESOURCE in "${CREATED_RESOURCES[@]}"; do echo " - ${RESOURCE}" done else echo " (none)" fi echo "" echo "===========================================" echo "CLEANUP" echo "===========================================" echo "Cleaning up all created resources..." cleanup echo "" echo "Done." ``` + For API details, see the following topics in *Amazon CLI Command Reference*. + [CopyObject](https://docs.amazonaws.cn/goto/aws-cli/s3-2006-03-01/CopyObject) + [CreateBucket](https://docs.amazonaws.cn/goto/aws-cli/s3-2006-03-01/CreateBucket) + [DeleteBucket](https://docs.amazonaws.cn/goto/aws-cli/s3-2006-03-01/DeleteBucket) + [DeleteObjects](https://docs.amazonaws.cn/goto/aws-cli/s3-2006-03-01/DeleteObjects) + [GetObject](https://docs.amazonaws.cn/goto/aws-cli/s3-2006-03-01/GetObject) + [HeadObject](https://docs.amazonaws.cn/goto/aws-cli/s3-2006-03-01/HeadObject) + [ListObjectVersions](https://docs.amazonaws.cn/goto/aws-cli/s3-2006-03-01/ListObjectVersions) + [ListObjectsV2](https://docs.amazonaws.cn/goto/aws-cli/s3-2006-03-01/ListObjectsV2) + [PutBucketEncryption](https://docs.amazonaws.cn/goto/aws-cli/s3-2006-03-01/PutBucketEncryption) + [PutBucketTagging](https://docs.amazonaws.cn/goto/aws-cli/s3-2006-03-01/PutBucketTagging) + [PutBucketVersioning](https://docs.amazonaws.cn/goto/aws-cli/s3-2006-03-01/PutBucketVersioning) + [PutObject](https://docs.amazonaws.cn/goto/aws-cli/s3-2006-03-01/PutObject) + [PutPublicAccessBlock](https://docs.amazonaws.cn/goto/aws-cli/s3-2006-03-01/PutPublicAccessBlock) ------ For a complete list of Amazon SDK developer guides and code examples, see [Developing with Amazon S3 using the Amazon SDKs](sdk-general-information-section.md). This topic also includes information about getting started and details about previous SDK versions.