S3 Express One Zone session authentication - Amazon SDKs and Tools
Support by Amazon SDKs and tools
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

S3 Express One Zone session authentication

Note

For help in understanding the layout of settings pages, or in interpreting the Support by Amazon SDKs and tools table that follows, see Understanding the settings pages of this guide.

S3 Express One Zone is Amazon S3's high-performance storage class that provides single-digit millisecond latency for frequently accessed data. When you use S3 Express One Zone buckets, Amazon SDKs and tools automatically use session-based authentication that is optimized for low-latency authorization of data requests. You use session tokens with Zonal (object-level) operations to distribute the latency that's associated with authorization over a number of requests in a session, reducing the authentication overhead and improving overall request performance.

S3 Express One Zone buckets use a specific naming format that includes the Availability Zone ID, such as bucket-name--usw2-az1--x-s3. When the SDK detects this naming pattern, it automatically routes requests to the appropriate S3 Express One Zone endpoints and applies the optimized authentication flow. The session authentication creates temporary, bucket-specific credentials that provide low-latency access to your bucket and are cached and refreshed automatically by the SDK. See S3 Express One Zone in the Amazon S3 User Guide to learn more.

By default, session authentication is enabled for S3 Express One Zone buckets.

Configure this functionality by using the following:

s3_disable_express_session_auth - shared Amazon config file setting
AWS_S3_DISABLE_EXPRESS_SESSION_AUTH - environment variable
aws.disableS3ExpressAuth - JVM system property: Java/Kotlin only

Controls whether S3 Express One Zone session authentication is disabled. When set to true, the SDK uses standard SigV4 authentication for S3 Express One Zone buckets instead of session authentication.

Default value: false

Valid values:

  • true – Disable S3 Express One Zone session authentication.

  • false – Enable S3 Express One Zone session authentication.

Example of setting this value in the config file:

[default]
s3_disable_express_session_auth=true

Linux/macOS example of setting environment variables via command line:

export AWS_S3_DISABLE_EXPRESS_SESSION_AUTH=true

Windows example of setting environment variables via command line:

setx AWS_S3_DISABLE_EXPRESS_SESSION_AUTH true

Support by Amazon SDKs and tools

The following SDKs support the features and settings described in this topic. Any partial exceptions are noted. Any JVM system property settings are supported by the Amazon SDK for Java and the Amazon SDK for Kotlin only.

SDK Supported Notes or more information
Amazon CLI v2 Yes
Amazon CLI v1 No
SDK for C++ Yes
SDK for Go V2 (1.x) Yes
SDK for Go 1.x (V1) No To use shared config file settings, you must turn on loading from the config file; see Sessions.
SDK for Java 2.x Yes
SDK for Java 1.x No
SDK for JavaScript 3.x Yes
SDK for JavaScript 2.x No
SDK for Kotlin Yes The JVM system property is aws.s3DisableExpressSessionAuth.
SDK for .NET 4.x Yes
SDK for .NET 3.x Yes
SDK for PHP 3.x Yes
SDK for Python (Boto3) Yes
SDK for Ruby 3.x Yes
SDK for Rust Yes
SDK for Swift Yes
Tools for PowerShell V5 Yes
Tools for PowerShell V4 Yes