Developing with Amazon S3 using the Amazon SDKs, and explorers - Amazon Simple Storage Service
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China.

Developing with Amazon S3 using the Amazon SDKs, and explorers

You can use the Amazon SDKs when developing applications with Amazon S3. The Amazon SDKs simplify your programming tasks by wrapping the underlying REST API. The Amazon Mobile SDKs and the Amazon Amplify JavaScript library are also available for building connected mobile and web applications using Amazon.

This section provides an overview of using Amazon SDKs for developing Amazon S3 applications. This section also describes how you can test the Amazon SDK code examples provided in this guide.

In addition to the Amazon SDKs, Amazon Explorers are available for Visual Studio and Eclipse for Java IDE. In this case, the SDKs and the explorers are available bundled together as Amazon Toolkits.

You can also use the Amazon Command Line Interface (Amazon CLI) to manage Amazon S3 buckets and objects.

Amazon Toolkit for Eclipse

The Amazon Toolkit for Eclipse includes both the Amazon SDK for Java and Amazon Explorer for Eclipse. The Amazon Explorer for Eclipse is an open source plugin for Eclipse for Java IDE that makes it easier for developers to develop, debug, and deploy Java applications using Amazon. The easy-to-use GUI enables you to access and administer your Amazon infrastructure including Amazon S3. You can perform common operations such as managing your buckets and objects and setting IAM policies, while developing applications, all from within the context of Eclipse for Java IDE. For set up instructions, see Set up the Toolkit. For examples of using the explorer, see How to Access Amazon Explorer.

Amazon Toolkit for Visual Studio

Amazon Explorer for Visual Studio is an extension for Microsoft Visual Studio that makes it easier for developers to develop, debug, and deploy .NET applications using Amazon Web Services. The easy-to-use GUI enables you to access and administer your Amazon infrastructure including Amazon S3. You can perform common operations such as managing your buckets and objects or setting IAM policies, while developing applications, all from within the context of Visual Studio. For setup instructions, go to Setting Up the Amazon Toolkit for Visual Studio. For examples of using Amazon S3 using the explorer, see Using Amazon S3 from Amazon Explorer.

Amazon SDKs

You can download only the SDKs. For information about downloading the SDK libraries, see Sample Code Libraries.

Amazon CLI

The Amazon CLI is a unified tool to manage your Amazon services, including Amazon S3. For information about downloading the Amazon CLI, see Amazon Command Line Interface.

Using this service with an Amazon SDK

Amazon software development kits (SDKs) are available for many popular programming languages. Each SDK provides an API, code examples, and documentation that make it easier for developers to build applications in their preferred language.

For examples specific to this service, see Code examples for Amazon S3 using Amazon SDKs.

Specifying the Signature Version in Request Authentication

Amazon S3 supports only Amazon Signature Version 4 in most Amazon Web Services Regions. In some of the older Amazon Web Services Regions, Amazon S3 supports both Signature Version 4 and Signature Version 2. However, Signature Version 2 is being turned off (deprecated). For more information about the end of support for Signature Version 2, see Amazon Signature Version 2 Turned Off (Deprecated) for Amazon S3.

For a list of all the Amazon S3 Regions and the signature versions they support, see Regions and Endpoints in the Amazon General Reference.

For all Amazon Web Services Regions, Amazon SDKs use Signature Version 4 by default to authenticate requests. When using Amazon SDKs that were released before May 2016, you might be required to request Signature Version 4, as shown in the following table.

SDK Requesting Signature Version 4 for Request Authentication
Amazon CLI

For the default profile, run the following command:

$ aws configure set default.s3.signature_version s3v4

For a custom profile, run the following command:

$ aws configure set profile.your_profile_name.s3.signature_version s3v4
Java SDK

Add the following in your code:

System.setProperty(SDKGlobalConfiguration.ENABLE_S3_SIGV4_SYSTEM_PROPERTY, "true");

Or, on the command line, specify the following:

-Dcom.amazonaws.services.s3.enableV4
JavaScript SDK

Set the signatureVersion parameter to v4 when constructing the client:

var s3 = new AWS.S3({signatureVersion: 'v4'});
PHP SDK

Set the signature parameter to v4 when constructing the Amazon S3 service client for PHP SDK v2:

<?php $client = S3Client::factory([ 'region' => 'YOUR-REGION', 'version' => 'latest', 'signature' => 'v4' ]);

When using the PHP SDK v3, set the signature_version parameter to v4 during construction of the Amazon S3 service client:

<?php $s3 = new Aws\S3\S3Client([ 'version' => '2006-03-01', 'region' => 'YOUR-REGION', 'signature_version' => 'v4' ]);
Ruby SDK

Ruby SDK - Version 1: Set the :s3_signature_version parameter to :v4 when constructing the client:

s3 = AWS::S3::Client.new(:s3_signature_version => :v4)

Ruby SDK - Version 3: Set the signature_version parameter to v4 when constructing the client:

s3 = Aws::S3::Client.new(signature_version: 'v4')
.NET SDK

Add the following to the code before creating the Amazon S3 client:

AWSConfigsS3.UseSignatureVersion4 = true;

Or, add the following to the config file:

<appSettings> <add key="AWS.S3.UseSignatureVersion4" value="true" /> </appSettings>

 

Amazon Signature Version 2 Turned Off (Deprecated) for Amazon S3

Signature Version 2 is being turned off (deprecated) in Amazon S3. Amazon S3 will then only accept API requests that are signed using Signature Version 4.

This section provides answers to common questions regarding the end of support for Signature Version 2.

What is Signature Version 2/4, and What Does It Mean to Sign Requests?

The Signature Version 2 or Signature Version 4 signing process is used to authenticate your Amazon S3 API requests. Signing requests enables Amazon S3 to identify who is sending the request and protects your requests from bad actors.

For more information about signing Amazon requests, see Signing Amazon API Requests in the Amazon General Reference.

What Update Are You Making?

We currently support Amazon S3 API requests that are signed using Signature Version 2 and Signature Version 4 processes. After that, Amazon S3 will only accept requests that are signed using Signature Version 4.

For more information about signing Amazon requests, see Changes in Signature Version 4 in the Amazon General Reference.

Why Are You Making the Update?

Signature Version 4 provides improved security by using a signing key instead of your secret access key. Signature Version 4 is currently supported in all Amazon Web Services Regions, whereas Signature Version 2 is only supported in Regions that were launched before January 2014. This update allows us to provide a more consistent experience across all Regions.

How Do I Ensure That I'm Using Signature Version 4, and What Updates Do I Need?

The signature version that is used to sign your requests is usually set by the tool or the SDK on the client side. By default, the latest versions of our Amazon SDKs use Signature Version 4. For third-party software, contact the appropriate support team for your software to confirm what version you need. If you are sending direct REST calls to Amazon S3, you must modify your application to use the Signature Version 4 signing process.

For information about which version of the Amazon SDKs to use when moving to Signature Version 4, see Moving from Signature Version 2 to Signature Version 4.

For information about using Signature Version 4 with the Amazon S3 REST API, see Authenticating Requests (Amazon Signature Version 4) in the Amazon Simple Storage Service API Reference.

What Happens if I Don't Make Updates?

Requests signed with Signature Version 2 that are made after that will fail to authenticate with Amazon S3. Requesters will see errors stating that the request must be signed with Signature Version 4.

Should I Make Changes Even if I’m Using a Presigned URL That Requires Me to Sign for More than 7 Days?

If you are using a presigned URL that requires you to sign for more than 7 days, no action is currently needed. You can continue to use Amazon Signature Version 2 to sign and authenticate the presigned URL. We will follow up and provide more details on how to migrate to Signature Version 4 for a presigned URL scenario.

More Info

Moving from Signature Version 2 to Signature Version 4

If you currently use Signature Version 2 for Amazon S3 API request authentication, you should move to using Signature Version 4. Support is ending for Signature Version 2, as described in Amazon Signature Version 2 Turned Off (Deprecated) for Amazon S3.

For information about using Signature Version 4 with the Amazon S3 REST API, see Authenticating Requests (Amazon Signature Version 4) in the Amazon Simple Storage Service API Reference.

The following table lists the SDKs with the necessary minimum version to use Signature Version 4 (SigV4). If you are using presigned URLs with the Amazon Java, JavaScript (Node.js), or Python (Boto/CLI) SDKs, you must set the correct Amazon Web Services Region and set Signature Version 4 in the client configuration. For information about setting SigV4 in the client configuration, see Specifying the Signature Version in Request Authentication.

If you use this SDK/Product Upgrade to this SDK version Code change needed to the client to use Sigv4? Link to SDK documentation

Amazon SDK for Java v1

Upgrade to Java 1.11.201+ or v2 in Q4 2018. Yes Specifying the Signature Version in Request Authentication

Amazon SDK for Java v2 (preview)

No SDK upgrade is needed. No Amazon SDK for Java

Amazon SDK for .NET v1

Upgrade to 3.1.10 or later. Yes Amazon SDK for .NET

Amazon SDK for .NET v2

Upgrade to 3.1.10 or later. No Amazon SDK for .NET v2

Amazon SDK for .NET v3

Upgrade to 3.3.0.0 or later. Yes Amazon SDK for .NET v3

Amazon SDK for JavaScript v1

Upgrade to 2.68.0 or later. Yes Amazon SDK for JavaScript

Amazon SDK for JavaScript v2

Upgrade to 2.68.0 or later. Yes Amazon SDK for JavaScript

Amazon SDK for JavaScript v3

No action is currently needed. Upgrade to major version V3 in Q3 2019. No Amazon SDK for JavaScript

Amazon SDK for PHP v1

Recommend to upgrade to the most recent version of PHP or, at least to v2.7.4 with the signature parameter set to v4 in the S3 client's configuration. Yes Amazon SDK for PHP

Amazon SDK for PHP v2

Recommend to upgrade to the most recent version of PHP or, at least to v2.7.4 with the signature parameter set to v4 in the S3 client's configuration. No Amazon SDK for PHP

Amazon SDK for PHP v3

No SDK upgrade is needed. No Amazon SDK for PHP

Boto2

Upgrade to Boto2 v2.49.0. Yes Boto 2 Upgrade

Boto3

Upgrade to 1.5.71 (Botocore), 1.4.6 (Boto3). Yes Boto 3 - Amazon SDK for Python

Amazon CLI

Upgrade to 1.11.108. Yes Amazon Command Line Interface

Amazon CLI v2 (preview)

No SDK upgrade is needed. No Amazon Command Line Interface version 2

Amazon SDK for Ruby v1

Upgrade to Ruby V3. Yes Ruby V3 for Amazon

Amazon SDK for Ruby v2

Upgrade to Ruby V3. Yes Ruby V3 for Amazon

Amazon SDK for Ruby v3

No SDK upgrade is needed. No Ruby V3 for Amazon

Go

No SDK upgrade is needed. No Amazon SDK for Go

C++

No SDK upgrade is needed. No Amazon SDK for C++

Amazon Tools for Windows PowerShell or Amazon Tools for PowerShell Core

If you are using module versions earlier than 3.3.0.0, you must upgrade to 3.3.0.0.

To get the version information, use the Get-Module cmdlet:

Get-Module –Name AWSPowershell Get-Module –Name AWSPowershell.NetCore

To update the 3.3.0.0 version, use the Update-Module cmdlet:

Update-Module –Name AWSPowershell Update-Module –Name AWSPowershell.NetCore

You can use presigned URLs that are valid for more than 7 days that you will send Signature Version 2 traffic on.