Billing for Amazon S3 error responses
In general, S3 bucket owners are billed for requests with
HTTP 200 OK
successful responses and HTTP 4XX
client error responses. Bucket owners aren't billed for HTTP 5XX
server error responses, such as HTTP 503 Slow Down
errors.
For more information about billing charges if your bucket is configured as a Requester Pays bucket, see How Requester Pays charges work.
The following table lists specific error codes under HTTP 3XX
and 4XX
status codes that aren't billed. For buckets configured with website hosting,
applicable request and other charges will still apply when S3 returns a custom error document or for custom redirects.
Note
For AccessDenied
(HTTP 403 Forbidden
), S3 doesn't charge the bucket owner when the request is initiated outside of the bucket owner's individual Amazon account or the bucket owner's Amazon organization.
HTTP status code | Error code | Description of error code |
---|---|---|
301 Moved Permanently | PermanentRedirect | The bucket that you are attempting to access must be addressed using the specified endpoint. Send all future requests to this endpoint. |
PermanentRedirectControlError | The API operation you are attempting to access must be addressed using the specified endpoint. Send all future requests to this endpoint. | |
307 Temporary Redirect | TemporaryRedirect | You are being redirected to the bucket while the Domain Name System (DNS) server is being updated. |
400 Bad Request | AuthorizationHeaderMalformed | The authorization header that you provided is not valid. |
AuthorizationQueryParametersError | The authorization query parameters that you provided are not valid. | |
ConnectionClosedByRequester | Returned to the original caller when an error is encountered while reading the WriteGetObjectResponse body. | |
DeviceNotActiveError | The device is not currently active. | |
EndpointNotFound | Direct requests to the correct endpoint. | |
ExpiredToken | The provided token has expired. | |
IllegalLocationConstraintException | You are trying to access a bucket from a different Region than where the bucket exists.
To avoid this error, use the --region option. For example:
aws s3 cp . |
|
InvalidArgument |
This error might occur for the following reasons:
|
|
InvalidBucketOwnerAWSAccountID | The value of the expected bucket owner parameter must be an Amazon Web Services account ID. | |
InvalidDigest | The Content-MD5 or checksum value that you specified is not valid. | |
InvalidEncryptionAlgorithmError | The encryption request that you specified is not valid. The valid value is
AES256 . |
|
InvalidHostHeader | The host headers provided in the request used the incorrect style addressing. | |
InvalidHttpMethod | The request is made using an unexpected HTTP method. | |
InvalidRequest |
This error might occur for the following reasons:
|
|
InvalidSessionException | Returned if the session doesn't exist anymore because it timed out or expired. | |
InvalidSignature | The request signature that the server calculated does not match the signature that you provided. Check your Amazon secret access key and signing method. For more information, see Signing and authenticating REST requests. | |
InvalidSOAPRequest | The SOAP request body is not valid. | |
InvalidStorageClass | The storage class that you specified is not valid. | |
InvalidTag | Your request contains tag input that is not valid. For example, your request might contain duplicate keys, keys or values that are too long, or system tags. | |
InvalidToken | The provided token is malformed or otherwise not valid. | |
InvalidURI | The specified URI couldn't be parsed. | |
KeyTooLongError | Your key is too long. | |
KMS.DisabledException | The request was rejected because the specified KMS key is not enabled. | |
KMS.InvalidKeyUsageException | The request was rejected for one of the following reasons:
For encrypting, decrypting, re-encrypting, and generating data keys, the KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying messages, the KeyUsage must be SIGN_VERIFY. For generating and verifying message authentication codes (MACs), the KeyUsage must be GENERATE_VERIFY_MAC. For deriving key agreement secrets, the KeyUsage must be KEY_AGREEMENT. To find the KeyUsage of a KMS key, use the DescribeKey operation. To find the encryption or signing algorithms supported for a particular KMS key, use the DescribeKey operation. |
|
KMS.KMSInvalidStateException | The request was rejected because the state of the specified resource is not valid for this request.
This exception means one of the following:
|
|
KMS.NotFoundException | The request was rejected because the specified entity or resource could not be found. | |
LambdaInvalidResponse | Returned to the original caller when WriteGetObjectResponse responds with ValidationError to Amazon Lambda. See the ValidationError message for more details. Not all cases of ValidationError result in a LambdaInvalidResponse error. | |
LambdaInvocationFailed | Lambda function invocation failed. Callers might receive the following error when S3 Object Lambda is unable to successfully invoke the configured Lambda function. The error message might contain details about an eventual error returned by the Amazon Lambda service when invoking the function (for example, status code, error code, error message and request ID). | |
MalformedACLError | The ACL that you provided was not well formed or did not validate against our published schema. | |
MalformedPOSTRequest | The body of your POST request is not well-formed multipart/form-data. | |
MalformedXML | The XML that you provided was not well formed or did not validate against our published schema. | |
MaxPostPreDataLengthExceededError | Your POST request fields preceding the upload file were too large. | |
MetadataTooLarge | Your metadata headers exceed the maximum allowed metadata size. | |
MissingAttachment | A SOAP attachment was expected, but none was found. | |
MissingRequestBodyError | You sent an empty XML document as a request. | |
MissingSecurityHeader | Your request is missing a required header. | |
NoLoggingStatusForKey | There is no such thing as a logging status subresource for a key. | |
NotDeviceOwnerError | The device that generated the token is not owned by the authenticated user. | |
ResponseInterrupted | Returned to the original caller when an error is encountered while reading the WriteGetObjectResponse body. | |
RequestHeaderSectionTooLarge | The request header and query parameters used to make the request exceed the maximum allowed sizes | |
TokenCodeInvalidError | The serial number and/or token code you provided is not valid. | |
UnexpectedContent | This request contains unsupported content. | |
UnsupportedArgument | The request contained an unsupported argument. | |
UnsupportedSignature | The provided request is signed with an unsupported STS Token version or the signature version is not supported. | |
UserKeyMustBeSpecified | The bucket POST request must contain the specified field name. If it is specified, check the order of the fields. | |
IncorrectEndpoint | The specified bucket exists in another Region. Direct requests to the correct endpoint. | |
ValidationError | Validation errors might be returned from the WriteGetObjectResponse API operation and can occur for numerous reasons. See the error message for more details. | |
403 Forbidden | RequestTimeTooSkewed | The difference between the request time and the server's time is too large. |
SignatureDoesNotMatch | The request signature that the server calculated does not match the signature that you provided. Check your Amazon secret access key and signing method. For more information, see REST Authentication and SOAP Authentication. | |
NotSignedUp | Your account is not signed up for the Amazon S3 service. You must sign up before you can use
Amazon S3. You can sign up at the following URL: http://www.amazonaws.cn/s3 |
|
InvalidSecurity | The provided security credentials are not valid. | |
InvalidPayer | All access to this object has been disabled. For further assistance, see Contact Us |
|
InvalidAccessKeyId | The Amazon access key ID that you provided does not exist in our records. | |
AccountProblem | There is a problem with your Amazon Web Services account that prevents the operation from completing
successfully. For further assistance, see Contact Us |
|
UnauthorizedAccessError | Applicable in China Regions only. Returned when a request is made to a bucket that doesn't have an ICP license. For more information, see ICP Recordal |
|
UnexpectedIPError | Applicable in China Regions only. This request was rejected because the IP was unexpected. | |
MissingAuthenticationToken | The request was not signed. | |
LambdaPermissionError | The caller is not authorized to invoke the Lambda function.
The caller must have permission to invoke the Lambda function. Check the policies attached to the caller and ensure that they've been allowed to use lambda:Invoke for the configured function.
The error message might contain details about an eventual error returned by the Lambda service when invoking the function (for example, status code, error code, error message and request ID). |
|
404 Not Found | LambdaNotFound | The Amazon Lambda function was not found. The configured Lambda function, version, or alias was not found when attempting to invoke it. Ensure that the S3 Object Lambda Access Point configuration points to the correct Lambda function ARN. The error message might contain details about an eventual error returned by the Amazon Lambda service when invoking the function (for example, status code, error code, error message and request ID). |
NoSuchAsyncRequest | The specified request was not found. | |
NoSuchObjectLockConfiguration | The specified object does not have an ObjectLock configuration. | |
NoSuchUpload | The specified multipart upload does not exist. The upload ID might not be valid, or the multipart upload might have been aborted or completed. | |
NoSuchWebsiteConfiguration | The specified bucket does not have a website configuration. | |
NoTransformationDefined | No transformation found for this Object Lambda Access Point. | |
ObjectLockConfigurationNotFoundError | The Object Lock configuration does not exist for this bucket. | |
405 Method Not Allowed | MethodNotAllowed | The specified method is not allowed against this resource. |
409 Conflict | BucketAlreadyExists | The requested bucket name is not available. The bucket namespace is shared by all users of the system. Specify a different name and try again. |
InvalidBucketState | The request is not valid for the current state of the bucket. | |
OperationAborted | A conflicting conditional operation is currently in progress against this resource. Try again. | |
411 Length Required | MissingContentLength | You must provide the Content-Length HTTP header. |
412 Precondition Failed | RequestIsNotMultiPartContent | A bucket POST request must be of the enclosure-type multipart/form-data. |
416 Requested Range Not Satisfiable | InvalidRange | The requested range is not valid for the request. Try another range. |