Upload
Upload a file to a S3 bucket.
type: "io.kestra.plugin.aws.s3.Upload"Upload a FILE input to S3
id: aws_s3_upload
namespace: company.team
inputs:
- id: bucket
type: STRING
defaults: my-bucket
- id: myfile
type: FILE
tasks:
- id: upload
type: io.kestra.plugin.aws.s3.Upload
region: "{{ secret('AWS_DEFAULT_REGION') }}"
accessKeyId: "{{ secret('AWS_ACCESS_KEY_ID') }}"
secretKeyId: "{{ secret('AWS_SECRET_KEY_ID') }}"
from: "{{ inputs.myfile }}"
bucket: "{{ inputs.bucket }}"
key: "path/to/file"
Download a file and upload it to S3
id: upload_file_to_s3
namespace: company.team
inputs:
- id: bucket
type: STRING
defaults: my-bucket
- id: file_url
type: STRING
defaults: https://wri-dataportal-prod.s3.amazonaws.com/manual/global_power_plant_database_v_1_3.zip
tasks:
- id: download_file
type: io.kestra.plugin.core.http.Download
uri: "{{ inputs.file_url }}"
- id: upload_to_s3
type: io.kestra.plugin.aws.s3.Upload
from: "{{ outputs.download_file.uri }}"
key: powerplant/global_power_plant_database.zip
bucket: "{{ inputs.bucket }}"
region: "{{ secret('AWS_DEFAULT_REGION') }}"
accessKeyId: "{{ secret('AWS_ACCESS_KEY_ID') }}"
secretKeyId: "{{ secret('AWS_SECRET_KEY_ID') }}"
YESThe S3 bucket name.
YESThe file(s) to upload.
Can be a single file, a list of files or json array.
YESThe key where to upload the file.
a full key (with filename) or the directory path if from is multiple files.
YESAccess Key Id in order to connect to AWS.
If no credentials are defined, we will use the default credentials provider chain to fetch credentials.
YESThe canned ACL to apply to the object.
YESSpecifies whether Amazon S3 should use an S3 Bucket Key for object encryption with server-side encryption using Key Management Service (KMS) keys (SSE-KMS).
Setting this header to true causes Amazon S3 to use an S3 Bucket Key for object encryption with SSE-KMS.
YESCan be used to specify caching behavior along the request/response chain.
YESThe checksum data integrity check to verify that the data received is the same data that was originally sent.
Must be used in pair with checksumAlgorithm to defined the expect algorithm of these values
YESCRC32CRC32_CSHA1SHA256CRC64_NVMEUNKNOWN_TO_SDK_VERSIONIndicates the algorithm used to create the checksum for the object when using the SDK.
YESfalseThis property will use the AWS S3 DefaultAsyncClient instead of the S3CrtAsyncClient, which maximizes compatibility with S3-compatible services but restricts uploads and downloads to 2GB. For some S3 endpoints such as CloudFlare R2, you may need to set this value to true.
YESSpecifies presentational information for the object.
YESSpecifies what content encodings have been applied to the object.
And thus, what decoding mechanisms must be applied to obtain the media-type referenced by the Content-Type header field.
YESThe language the content is in.
YESThe size of the body in bytes.
This parameter is useful when the size of the body cannot be determined automatically.
YESA standard MIME type describing the format of the contents.
YESThe endpoint with which the SDK should communicate.
This property allows you to use a different S3 compatible storage backend.
YESThe account ID of the expected bucket owner.
If the bucket is owned by a different account, the request fails with the HTTP status code 403 Forbidden (access denied).
YESThe date and time after which the object is no longer cacheable.
YESForce path style access.
Must only be used when compatibilityMode is enabled.
YESA map of metadata to store with the object in S3.
YESONOFFUNKNOWN_TO_SDK_VERSIONSpecifies whether a legal hold will be applied to this object.
YESGOVERNANCECOMPLIANCEUNKNOWN_TO_SDK_VERSIONThe Object Lock mode that you want to apply to this object.
YESThe date and time when you want this object's Object Lock to expire.
YESAWS region with which the SDK should communicate.
YESSets the value of the RequestPayer property for this object.
YESSecret Key Id in order to connect to AWS.
If no credentials are defined, we will use the default credentials provider chain to fetch credentials.
YESAES256AWS_KMSAWS_KMS_DSSEUNKNOWN_TO_SDK_VERSIONThe server-side encryption algorithm used when storing this object in Amazon S3.
For example, AES256, aws: kms, aws: kms: dsse
YESAWS session token, retrieved from an AWS token service, used for authenticating that this user has received temporary permissions to access a given resource.
If no credentials are defined, we will use the default credentials provider chain to fetch credentials.
YESSTANDARDREDUCED_REDUNDANCYSTANDARD_IAONEZONE_IAINTELLIGENT_TIERINGGLACIERDEEP_ARCHIVEOUTPOSTSGLACIER_IRSNOWEXPRESS_ONEZONEUNKNOWN_TO_SDK_VERSIONIf you don't specify, S3 Standard is the default storage class. Amazon S3 supports other storage classes.
YESThe AWS STS endpoint with which the SDKClient should communicate.
YESAWS STS Role.
The Amazon Resource Name (ARN) of the role to assume. If set the task will use the StsAssumeRoleCredentialsProvider. If no credentials are defined, we will use the default credentials provider chain to fetch credentials.
YESAWS STS External Id.
A unique identifier that might be required when you assume a role in another account. This property is only used when an stsRoleArn is defined.
YESPT15MdurationAWS STS Session duration.
The duration of the role session (default: 15 minutes, i.e., PT15M). This property is only used when an stsRoleArn is defined.
YESAWS STS Session name.
This property is only used when an stsRoleArn is defined.
YESThe tag-set for the object.
The version of the object.
YESThe S3 bucket where to download the file.
YESAccess Key Id in order to connect to AWS.
If no credentials are defined, we will use the default credentials provider chain to fetch credentials.
YESEnable compatibility mode.
Use it to connect to S3 bucket with S3 compatible services that didn't support the new transport client.
YESA delimiter is a character you use to group keys.
YESThe EncodingType property for this object.
YESThe endpoint with which the SDK should communicate.
This property allows you to use a different S3 compatible storage backend.
YESThe account ID of the expected bucket owner.
If the bucket is owned by a different account, the request fails with the HTTP status code 403 Forbidden (access denied).
YESBOTHFILESDIRECTORYBOTHThe type of objects to filter: files, directory, or both.
YESForce path style access.
Must only be used when compatibilityMode is enabled.
YESMarker is where you want Amazon S3 to start listing from.
Amazon S3 starts listing after this specified key. Marker can be any key in the bucket.
YES1000Sets the maximum number of keys returned in the response.
By default, the action returns up to 1,000 key names. The response might contain fewer keys but will never contain more.
YESLimits the response to keys that begin with the specified prefix.
YESA regexp to filter on full key.
ex:
regExp: .* to match all files
regExp: .*2020-01-0.\\.csv to match files between 01 and 09 of january ending with .csv
YESAWS region with which the SDK should communicate.
YESSets the value of the RequestPayer property for this object.
YESSecret Key Id in order to connect to AWS.
If no credentials are defined, we will use the default credentials provider chain to fetch credentials.
YESAWS session token, retrieved from an AWS token service, used for authenticating that this user has received temporary permissions to access a given resource.
If no credentials are defined, we will use the default credentials provider chain to fetch credentials.
YESThe AWS STS endpoint with which the SDKClient should communicate.
YESAWS STS Role.
The Amazon Resource Name (ARN) of the role to assume. If set the task will use the StsAssumeRoleCredentialsProvider. If no credentials are defined, we will use the default credentials provider chain to fetch credentials.
YESAWS STS External Id.
A unique identifier that might be required when you assume a role in another account. This property is only used when an stsRoleArn is defined.
YESPT15MdurationAWS STS Session duration.
The duration of the role session (default: 15 minutes, i.e., PT15M). This property is only used when an stsRoleArn is defined.
YESAWS STS Session name.
This property is only used when an stsRoleArn is defined.