Billing for Amazon S3 error responses - Amazon Simple Storage Service
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Billing for Amazon S3 error responses

In general, S3 bucket owners are billed for requests with HTTP 200 OK successful responses and HTTP 4XX client error responses. Bucket owners aren't billed for HTTP 5XX server error responses, such as HTTP 503 Slow Down errors. For more information about billing charges if your bucket is configured as a Requester Pays bucket, see How Requester Pays charges work.

The following table lists specific error codes under HTTP 3XX and 4XX status codes that aren't billed. For buckets configured with website hosting, applicable request and other charges will still apply when S3 returns a custom error document or for custom redirects.

Note

For AccessDenied (HTTP 403 Forbidden), S3 doesn't charge the bucket owner when the request is initiated outside of the bucket owner's individual Amazon account or the bucket owner's Amazon organization.

HTTP status code Error code Description of error code
301 Moved Permanently PermanentRedirect The bucket that you are attempting to access must be addressed using the specified endpoint. Send all future requests to this endpoint.
PermanentRedirectControlError The API operation you are attempting to access must be addressed using the specified endpoint. Send all future requests to this endpoint.
307 Temporary Redirect TemporaryRedirect You are being redirected to the bucket while the Domain Name System (DNS) server is being updated.
400 Bad Request AuthorizationHeaderMalformed The authorization header that you provided is not valid.
AuthorizationQueryParametersError The authorization query parameters that you provided are not valid.
ConnectionClosedByRequester Returned to the original caller when an error is encountered while reading the WriteGetObjectResponse body.
DeviceNotActiveError The device is not currently active.
EndpointNotFound Direct requests to the correct endpoint.
ExpiredToken The provided token has expired.
IllegalLocationConstraintException You are trying to access a bucket from a different Region than where the bucket exists. To avoid this error, use the --region option. For example: aws s3 cp awsexample.txt s3://amzn-s3-demo-bucket/ --region ap-east-1.
InvalidArgument

This error might occur for the following reasons:

  • The specified argument was not valid.

  • The request was missing a required header.

  • The specified argument was incomplete or in the wrong format.

  • The specified argument must have a length greater than or equal to 3.

InvalidBucketOwnerAWSAccountID The value of the expected bucket owner parameter must be an Amazon Web Services account ID.
InvalidDigest The Content-MD5 or checksum value that you specified is not valid.
InvalidEncryptionAlgorithmError The encryption request that you specified is not valid. The valid value is AES256.
InvalidHostHeader The host headers provided in the request used the incorrect style addressing.
InvalidHttpMethod The request is made using an unexpected HTTP method.
InvalidRequest

This error might occur for the following reasons:

  • The request is using the wrong signature version. Use AWS4-HMAC-SHA256 (Signature Version 4).

  • An access point can be created only for an existing bucket.

  • The access point is not in a state where it can be deleted.

  • An access point can be listed only for an existing bucket.

  • The next token is not valid.

  • At least one action must be specified in a lifecycle rule.

  • At least one lifecycle rule must be specified.

  • The number of lifecycle rules must not exceed the allowed limit of 1000 rules.

  • The range for the MaxResults parameter is not valid.

  • SOAP requests must be made over an HTTPS connection.

  • Amazon S3 Transfer Acceleration is not supported for buckets with non-DNS compliant names.

  • Amazon S3 Transfer Acceleration is not supported for buckets with periods (.) in their names.

  • The Amazon S3 Transfer Acceleration endpoint supports only virtual style requests.

  • Amazon S3 Transfer Acceleration is not configured on this bucket.

  • Amazon S3 Transfer Acceleration is disabled on this bucket.

  • Amazon S3 Transfer Acceleration is not supported on this bucket. For assistance, contact Amazon Web Services Support.

  • Amazon S3 Transfer Acceleration cannot be enabled on this bucket. For assistance, contact Amazon Web Services Support.

  • Conflicting values provided in HTTP headers and query parameters.

  • Conflicting values provided in HTTP headers and POST form fields.

  • CopyObject request made on objects larger than 5GB in size.

InvalidSessionException Returned if the session doesn't exist anymore because it timed out or expired.
InvalidSignature The request signature that the server calculated does not match the signature that you provided. Check your Amazon secret access key and signing method. For more information, see Signing and authenticating REST requests.
InvalidSOAPRequest The SOAP request body is not valid.
InvalidStorageClass The storage class that you specified is not valid.
InvalidTag Your request contains tag input that is not valid. For example, your request might contain duplicate keys, keys or values that are too long, or system tags.
InvalidToken The provided token is malformed or otherwise not valid.
InvalidURI The specified URI couldn't be parsed.
KeyTooLongError Your key is too long.
KMS.DisabledException The request was rejected because the specified KMS key is not enabled.
KMS.InvalidKeyUsageException The request was rejected for one of the following reasons:
  • The KeyUsage value of the KMS key is incompatible with the API operation.

  • The encryption algorithm or signing algorithm specified for the operation is incompatible with the type of key material in the KMS key (KeySpec).

For encrypting, decrypting, re-encrypting, and generating data keys, the KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying messages, the KeyUsage must be SIGN_VERIFY. For generating and verifying message authentication codes (MACs), the KeyUsage must be GENERATE_VERIFY_MAC. For deriving key agreement secrets, the KeyUsage must be KEY_AGREEMENT. To find the KeyUsage of a KMS key, use the DescribeKey operation.

To find the encryption or signing algorithms supported for a particular KMS key, use the DescribeKey operation.
KMS.KMSInvalidStateException The request was rejected because the state of the specified resource is not valid for this request. This exception means one of the following:
  • The key state of the KMS key is not compatible with the operation.

    To find the key state, use the DescribeKey operation. For more information about which key states are compatible with each KMS operation, see Key states of Amazon KMS keys in the Amazon Key Management Service Developer Guide.

  • For cryptographic operations on KMS keys in custom key stores, this exception represents a general failure with many possible causes. To identify the cause, see the error message that accompanies the exception.

KMS.NotFoundException The request was rejected because the specified entity or resource could not be found.
LambdaInvalidResponse Returned to the original caller when WriteGetObjectResponse responds with ValidationError to Amazon Lambda. See the ValidationError message for more details. Not all cases of ValidationError result in a LambdaInvalidResponse error.
LambdaInvocationFailed Lambda function invocation failed. Callers might receive the following error when S3 Object Lambda is unable to successfully invoke the configured Lambda function. The error message might contain details about an eventual error returned by the Amazon Lambda service when invoking the function (for example, status code, error code, error message and request ID).
MalformedACLError The ACL that you provided was not well formed or did not validate against our published schema.
MalformedPOSTRequest The body of your POST request is not well-formed multipart/form-data.
MalformedXML The XML that you provided was not well formed or did not validate against our published schema.
MaxPostPreDataLengthExceededError Your POST request fields preceding the upload file were too large.
MetadataTooLarge Your metadata headers exceed the maximum allowed metadata size.
MissingAttachment A SOAP attachment was expected, but none was found.
MissingRequestBodyError You sent an empty XML document as a request.
MissingSecurityHeader Your request is missing a required header.
NoLoggingStatusForKey There is no such thing as a logging status subresource for a key.
NotDeviceOwnerError The device that generated the token is not owned by the authenticated user.
ResponseInterrupted Returned to the original caller when an error is encountered while reading the WriteGetObjectResponse body.
RequestHeaderSectionTooLarge The request header and query parameters used to make the request exceed the maximum allowed sizes
TokenCodeInvalidError The serial number and/or token code you provided is not valid.
UnexpectedContent This request contains unsupported content.
UnsupportedArgument The request contained an unsupported argument.
UnsupportedSignature The provided request is signed with an unsupported STS Token version or the signature version is not supported.
UserKeyMustBeSpecified The bucket POST request must contain the specified field name. If it is specified, check the order of the fields.
IncorrectEndpoint The specified bucket exists in another Region. Direct requests to the correct endpoint.
ValidationError Validation errors might be returned from the WriteGetObjectResponse API operation and can occur for numerous reasons. See the error message for more details.
403 Forbidden RequestTimeTooSkewed The difference between the request time and the server's time is too large.
SignatureDoesNotMatch The request signature that the server calculated does not match the signature that you provided. Check your Amazon secret access key and signing method. For more information, see REST Authentication and SOAP Authentication.
NotSignedUp Your account is not signed up for the Amazon S3 service. You must sign up before you can use Amazon S3. You can sign up at the following URL: http://www.amazonaws.cn/s3
InvalidSecurity The provided security credentials are not valid.
InvalidPayer All access to this object has been disabled. For further assistance, see Contact Us.
InvalidAccessKeyId The Amazon access key ID that you provided does not exist in our records.
AccountProblem There is a problem with your Amazon Web Services account that prevents the operation from completing successfully. For further assistance, see Contact Us.
UnauthorizedAccessError Applicable in China Regions only. Returned when a request is made to a bucket that doesn't have an ICP license. For more information, see ICP Recordal.
UnexpectedIPError Applicable in China Regions only. This request was rejected because the IP was unexpected.
MissingAuthenticationToken The request was not signed. 
LambdaPermissionError The caller is not authorized to invoke the Lambda function. The caller must have permission to invoke the Lambda function. Check the policies attached to the caller and ensure that they've been allowed to use lambda:Invoke for the configured function. The error message might contain details about an eventual error returned by the Lambda service when invoking the function (for example, status code, error code, error message and request ID).
404 Not Found LambdaNotFound The Amazon Lambda function was not found. The configured Lambda function, version, or alias was not found when attempting to invoke it. Ensure that the S3 Object Lambda Access Point configuration points to the correct Lambda function ARN. The error message might contain details about an eventual error returned by the Amazon Lambda service when invoking the function (for example, status code, error code, error message and request ID).
NoSuchAsyncRequest The specified request was not found.
NoSuchObjectLockConfiguration The specified object does not have an ObjectLock configuration.
NoSuchUpload The specified multipart upload does not exist. The upload ID might not be valid, or the multipart upload might have been aborted or completed.
NoSuchWebsiteConfiguration The specified bucket does not have a website configuration.
NoTransformationDefined No transformation found for this Object Lambda Access Point.
ObjectLockConfigurationNotFoundError The Object Lock configuration does not exist for this bucket.
405 Method Not Allowed MethodNotAllowed The specified method is not allowed against this resource.
409 Conflict BucketAlreadyExists The requested bucket name is not available. The bucket namespace is shared by all users of the system. Specify a different name and try again.
InvalidBucketState The request is not valid for the current state of the bucket.
OperationAborted A conflicting conditional operation is currently in progress against this resource. Try again.
411 Length Required MissingContentLength You must provide the Content-Length HTTP header.
412 Precondition Failed RequestIsNotMultiPartContent A bucket POST request must be of the enclosure-type multipart/form-data.
416 Requested Range Not Satisfiable InvalidRange The requested range is not valid for the request. Try another range.