Tribblix: manual page: s3cmd.1

s3cmd(1) User Commands s3cmd(1)

NAME

s3cmd - tool for managing Amazon S3 storage space and Amazon
CloudFront content delivery network

SYNOPSIS

s3cmd [OPTIONS] COMMAND [PARAMETERS]

DESCRIPTION

s3cmd is a command line client for copying files to/from Amazon S3
(Simple Storage Service) and performing other related tasks, for
instance creating and removing buckets, listing objects, etc.

COMMANDS

s3cmd can do several actions specified by the following commands.

s3cmd mb s3://BUCKET
Make bucket

s3cmd rb s3://BUCKET
Remove bucket

s3cmd ls [s3://BUCKET[/PREFIX]]
List objects or buckets

s3cmd la
List all object in all buckets

s3cmd put FILE [FILE...] s3://BUCKET[/PREFIX]
Put file into bucket

s3cmd get s3://BUCKET/OBJECT LOCAL_FILE
Get file from bucket

s3cmd del s3://BUCKET/OBJECT
Delete file from bucket

s3cmd rm s3://BUCKET/OBJECT
Delete file from bucket (alias for del)

s3cmd restore s3://BUCKET/OBJECT
Restore file from Glacier storage

s3cmd sync LOCAL_DIR s3://BUCKET[/PREFIX] or s3://BUCKET[/PREFIX]
LOCAL_DIR or s3://BUCKET[/PREFIX] s3://BUCKET[/PREFIX]
Synchronize a directory tree to S3 (checks files freshness
using size and md5 checksum, unless overridden by options, see
below)

s3cmd du [s3://BUCKET[/PREFIX]]
Disk usage by buckets

s3cmd info s3://BUCKET[/OBJECT]
Get various information about Buckets or Files

s3cmd cp s3://BUCKET1/OBJECT1 s3://BUCKET2[/OBJECT2]
Copy object

s3cmd modify s3://BUCKET1/OBJECT
Modify object metadata

s3cmd mv s3://BUCKET1/OBJECT1 s3://BUCKET2[/OBJECT2]
Move object

s3cmd setacl s3://BUCKET[/OBJECT]
Modify Access control list for Bucket or Files

s3cmd setversioning s3://BUCKET enable|disable
Modify Bucket Versioning

s3cmd setownership s3://BUCKET
BucketOwnerPreferred|BucketOwnerEnforced|ObjectWriter
Modify Bucket Object Ownership

s3cmd setblockpublicaccess s3://BUCKET
BlockPublicAcls,IgnorePublicAcls,BlockPublicPolicy,RestrictPublicBuckets
Modify Block Public Access rules

s3cmd setobjectlegalhold STATUS s3://BUCKET/OBJECT
Modify Object Legal Hold

s3cmd setobjectretention MODE RETAIN_UNTIL_DATE s3://BUCKET/OBJECT
Modify Object Retention

s3cmd setpolicy FILE s3://BUCKET
Modify Bucket Policy

s3cmd delpolicy s3://BUCKET
Delete Bucket Policy

s3cmd setcors FILE s3://BUCKET
Modify Bucket CORS

s3cmd delcors s3://BUCKET
Delete Bucket CORS

s3cmd payer s3://BUCKET
Modify Bucket Requester Pays policy

s3cmd multipart s3://BUCKET [Id]
Show multipart uploads

s3cmd abortmp s3://BUCKET/OBJECT Id
Abort a multipart upload

s3cmd listmp s3://BUCKET/OBJECT Id
List parts of a multipart upload

s3cmd accesslog s3://BUCKET
Enable/disable bucket access logging

s3cmd sign STRING-TO-SIGN
Sign arbitrary string using the secret key

s3cmd signurl s3://BUCKET/OBJECT <expiry_epoch|+expiry_offset>
Sign an S3 URL to provide limited public access with expiry

s3cmd fixbucket s3://BUCKET[/PREFIX]
Fix invalid file names in a bucket

s3cmd settagging s3://BUCKET[/OBJECT] "KEY=VALUE[&KEY=VALUE ...]"
Modify tagging for Bucket or Files

s3cmd gettagging s3://BUCKET[/OBJECT]
Get tagging for Bucket or Files

s3cmd deltagging s3://BUCKET[/OBJECT]
Delete tagging for Bucket or Files

s3cmd expire s3://BUCKET
Set or delete expiration rule for the bucket

s3cmd setlifecycle FILE s3://BUCKET
Upload a lifecycle policy for the bucket

s3cmd getlifecycle s3://BUCKET
Get a lifecycle policy for the bucket

s3cmd dellifecycle s3://BUCKET
Remove a lifecycle policy for the bucket

s3cmd setnotification FILE s3://BUCKET
Upload a notification policy for the bucket

s3cmd getnotification s3://BUCKET
Get a notification policy for the bucket

s3cmd delnotification s3://BUCKET
Remove a notification policy for the bucket

Commands for static WebSites configuration

s3cmd ws-create s3://BUCKET
Create Website from bucket

s3cmd ws-delete s3://BUCKET
Delete Website

s3cmd ws-info s3://BUCKET
Info about Website

Commands for CloudFront management

s3cmd cflist
List CloudFront distribution points

s3cmd cfinfo [cf://DIST_ID]
Display CloudFront distribution point parameters

s3cmd cfcreate s3://BUCKET
Create CloudFront distribution point

s3cmd cfdelete cf://DIST_ID
Delete CloudFront distribution point

s3cmd cfmodify cf://DIST_ID
Change CloudFront distribution point parameters

s3cmd cfinval s3://BUCKET/OBJECT [s3://BUCKET/OBJECT ...]
Invalidate CloudFront objects

s3cmd cfinvalinfo cf://DIST_ID[/INVAL_ID]
Display CloudFront invalidation request(s) status

OPTIONS

Some of the below specified options can have their default values set
in s3cmd config file (by default $HOME/.s3cmd). As it's a simple text
file feel free to open it with your favorite text editor and do any
changes you like.

-h, --help
show this help message and exit

--configure
Invoke interactive (re)configuration tool. Optionally use as
'--configure s3://some-bucket' to test access to a specific
bucket instead of attempting to list them all.

-c FILE, --config=FILE
Config file name. Defaults to $HOME/.s3cfg

--dump-config
Dump current configuration after parsing config files and
command line options and exit.

--access_key=ACCESS_KEY
AWS Access Key

--secret_key=SECRET_KEY
AWS Secret Key

--access_token=ACCESS_TOKEN
AWS Access Token

-n, --dry-run
Only show what should be uploaded or downloaded but don't
actually do it. May still perform S3 requests to get bucket
listings and other information though (only for file transfer
commands)

-s, --ssl
Use HTTPS connection when communicating with S3. (default)

--no-ssl
Don't use HTTPS.

-e, --encrypt
Encrypt files before uploading to S3.

--no-encrypt
Don't encrypt files.

-f, --force
Force overwrite and other dangerous operations.

--continue
Continue getting a partially downloaded file (only for [get]
command).

--continue-put
Continue uploading partially uploaded files or multipart
upload parts. Restarts parts/files that don't have matching
size and md5. Skips files/parts that do. Note: md5sum checks
are not always sufficient to check (part) file equality.
Enable this at your own risk.

--upload-id=UPLOAD_ID
UploadId for Multipart Upload, in case you want continue an
existing upload (equivalent to --continue- put) and there are
multiple partial uploads. Use s3cmd multipart [URI] to see
what UploadIds are associated with the given URI.

--skip-existing
Skip over files that exist at the destination (only for [get]
and [sync] commands).

-r, --recursive
Recursive upload, download or removal.

--check-md5
Check MD5 sums when comparing files for [sync]. (default)

--no-check-md5
Do not check MD5 sums when comparing files for [sync]. Only
size will be compared. May significantly speed up transfer but
may also miss some changed files.

-P, --acl-public
Store objects with ACL allowing read for anyone.

--acl-private
Store objects with default ACL allowing access for you only.

--acl-grant=PERMISSION:EMAIL or USER_CANONICAL_ID
Grant stated permission to a given amazon user. Permission is
one of: read, write, read_acp, write_acp, full_control, all

--acl-revoke=PERMISSION:USER_CANONICAL_ID
Revoke stated permission for a given amazon user. Permission
is one of: read, write, read_acp, write_acp, full_control, all

-D NUM, --restore-days=NUM
Number of days to keep restored file available (only for
'restore' command). Default is 1 day.

--restore-priority=RESTORE_PRIORITY
Priority for restoring files from S3 Glacier (only for
expedited

--delete-removed
Delete destination objects with no corresponding source file
[sync]

--no-delete-removed
Don't delete destination objects [sync]

--delete-after
Perform deletes AFTER new uploads when delete-removed is
enabled [sync]

--delay-updates
*OBSOLETE* Put all updated files into place at end [sync]

--max-delete=NUM
Do not delete more than NUM files. [del] and [sync]

--limit=NUM
Limit number of objects returned in the response body (only
for [ls] and [la] commands)

--add-destination=ADDITIONAL_DESTINATIONS
Additional destination for parallel uploads, in addition to
last arg. May be repeated.

--delete-after-fetch
Delete remote objects after fetching to local file (only for
[get] and [sync] commands).

-p, --preserve
Preserve filesystem attributes (mode, ownership, timestamps).
Default for [sync] command.

--no-preserve
Don't store FS attributes

--keep-dirs
Preserve all local directories as remote objects including
empty directories. Experimental feature.

--exclude=GLOB
Filenames and paths matching GLOB will be excluded from sync

--exclude-from=FILE
Read --exclude GLOBs from FILE

--rexclude=REGEXP
Filenames and paths matching REGEXP (regular expression) will
be excluded from sync

--rexclude-from=FILE
Read --rexclude REGEXPs from FILE

--include=GLOB
Filenames and paths matching GLOB will be included even if
previously excluded by one of --(r)exclude(-from) patterns

--include-from=FILE
Read --include GLOBs from FILE

--rinclude=REGEXP
Same as --include but uses REGEXP (regular expression) instead
of GLOB

--rinclude-from=FILE
Read --rinclude REGEXPs from FILE

--files-from=FILE
Read list of source-file names from FILE. Use - to read from
stdin.

--region=REGION, --bucket-location=REGION
Region to create bucket in. As of now the regions are:
us-east-1, us-west-1, us-west-2, eu-west-1, eu- central-1,
ap-northeast-1, ap-southeast-1, ap- southeast-2, sa-east-1

--host=HOSTNAME
HOSTNAME:PORT for S3 endpoint (default: s3.amazonaws.com,
alternatives such as s3-eu- west-1.amazonaws.com). You should
also set --host- bucket.

--host-bucket=HOST_BUCKET
DNS-style bucket+hostname:port template for accessing a bucket
(default: %(bucket)s.s3.amazonaws.com)

--reduced-redundancy, --rr
Store object with 'Reduced redundancy'. Lower per-GB price.
[put, cp, mv]

--no-reduced-redundancy, --no-rr
Store object without 'Reduced redundancy'. Higher per- GB
price. [put, cp, mv]

--storage-class=CLASS
Store object with specified CLASS (STANDARD, STANDARD_IA,
ONEZONE_IA, INTELLIGENT_TIERING, GLACIER or DEEP_ARCHIVE).
[put, cp, mv]

--access-logging-target-prefix=LOG_TARGET_PREFIX
Target prefix for access logs (S3 URI) (for [cfmodify] and
[accesslog] commands)

--no-access-logging
Disable access logging (for [cfmodify] and [accesslog]
commands)

--default-mime-type=DEFAULT_MIME_TYPE
Default MIME-type for stored objects. Application default is
binary/octet-stream.

-M, --guess-mime-type
Guess MIME-type of files by their extension or mime magic.
Fall back to default MIME-Type as specified by
--default-mime-type option

--no-guess-mime-type
Don't guess MIME-type and use the default type instead.

--no-mime-magic
Don't use mime magic when guessing MIME-type.

-m MIME/TYPE, --mime-type=MIME/TYPE
Force MIME-type. Override both --default-mime-type and
--guess-mime-type.

--add-header=NAME:VALUE
Add a given HTTP header to the upload request. Can be used
multiple times. For instance set 'Expires' or 'Cache-Control'
headers (or both) using this option.

--remove-header=NAME
Remove a given HTTP header. Can be used multiple times. For
instance, remove 'Expires' or 'Cache- Control' headers (or
both) using this option. [modify]

--server-side-encryption
Specifies that server-side encryption will be used when
putting objects. [put, sync, cp, modify]

--server-side-encryption-kms-id=KMS_KEY
Specifies the key id used for server-side encryption with AWS
KMS-Managed Keys (SSE-KMS) when putting objects. [put, sync,
cp, modify]

--encoding=ENCODING
Override autodetected terminal and filesystem encoding
(character set). Autodetected: UTF-8

--add-encoding-exts=EXTENSIONs
Add encoding to these comma delimited extensions i.e.
(css,js,html) when uploading to S3 )

--verbatim
Use the S3 name as given on the command line. No pre-
processing, encoding, etc. Use with caution!

--disable-multipart
Disable multipart upload on files bigger than
--multipart-chunk-size-mb

--multipart-chunk-size-mb=SIZE
Size of each chunk of a multipart upload. Files bigger than
SIZE are automatically uploaded as multithreaded- multipart,
smaller files are uploaded using the traditional method. SIZE
is in Mega-Bytes, default chunk size is 15MB, minimum allowed
chunk size is 5MB, maximum is 5GB.

--list-md5
Include MD5 sums in bucket listings (only for 'ls' command).

--list-allow-unordered
Not an AWS standard. Allow the listing results to be returned
in unsorted order. This may be faster when listing very large
buckets.

-H, --human-readable-sizes
Print sizes in human readable form (eg 1kB instead of 1234).

--ws-index=WEBSITE_INDEX
Name of index-document (only for [ws-create] command)

--ws-error=WEBSITE_ERROR
Name of error-document (only for [ws-create] command)

--expiry-date=EXPIRY_DATE
Indicates when the expiration rule takes effect. (only for
[expire] command)

--expiry-days=EXPIRY_DAYS
Indicates the number of days after object creation the
expiration rule takes effect. (only for [expire] command)

--expiry-prefix=EXPIRY_PREFIX
Identifying one or more objects with the prefix to which the
expiration rule applies. (only for [expire] command)

--skip-destination-validation
Skips validation of Amazon SQS, Amazon SNS, and AWS Lambda
destinations when applying notification configuration. (only
for [setnotification] command)

--progress
Display progress meter (default on TTY).

--no-progress
Don't display progress meter (default on non-TTY).

--stats
Give some file-transfer stats.

--enable
Enable given CloudFront distribution (only for [cfmodify]
command)

--disable
Disable given CloudFront distribution (only for [cfmodify]
command)

--cf-invalidate
Invalidate the uploaded filed in CloudFront. Also see
[cfinval] command.

--cf-invalidate-default-index
When using Custom Origin and S3 static website, invalidate the
default index file.

--cf-no-invalidate-default-index-root
When using Custom Origin and S3 static website, don't
invalidate the path to the default index file.

--cf-add-cname=CNAME
Add given CNAME to a CloudFront distribution (only for
[cfcreate] and [cfmodify] commands)

--cf-remove-cname=CNAME
Remove given CNAME from a CloudFront distribution (only for
[cfmodify] command)

--cf-comment=COMMENT
Set COMMENT for a given CloudFront distribution (only for
[cfcreate] and [cfmodify] commands)

--cf-default-root-object=DEFAULT_ROOT_OBJECT
Set the default root object to return when no object is
specified in the URL. Use a relative path, i.e.
default/index.html instead of /default/index.html or
s3://bucket/default/index.html (only for [cfcreate] and
[cfmodify] commands)

-v, --verbose
Enable verbose output.

-d, --debug
Enable debug output.

--version
Show s3cmd version (2.4.0) and exit.

-F, --follow-symlinks
Follow symbolic links as if they are regular files

--cache-file=FILE
Cache FILE containing local source MD5 values

-q, --quiet
Silence output on stdout

--ca-certs=CA_CERTS_FILE
Path to SSL CA certificate FILE (instead of system default)

--ssl-cert=SSL_CLIENT_CERT_FILE
Path to client own SSL certificate CRT_FILE

--ssl-key=SSL_CLIENT_KEY_FILE
Path to client own SSL certificate private key KEY_FILE

--check-certificate
Check SSL certificate validity

--no-check-certificate
Do not check SSL certificate validity

--check-hostname
Check SSL certificate hostname validity

--no-check-hostname
Do not check SSL certificate hostname validity

--signature-v2
Use AWS Signature version 2 instead of newer signature
methods. Helpful for S3-like systems that don't have AWS
Signature v4 yet.

--limit-rate=LIMITRATE
Limit the upload or download speed to amount bytes per second.
Amount may be expressed in bytes, kilobytes with the k suffix,
or megabytes with the m suffix

--no-connection-pooling
Disable connection reuse

--requester-pays
Set the REQUESTER PAYS flag for operations

-l, --long-listing
Produce long listing [ls]

--stop-on-error
stop if error in transfer

--max-retries=NUM
Maximum number of times to retry a failed request before
giving up. Default is 5

--content-disposition=CONTENT_DISPOSITION
Provide a Content-Disposition for signed URLs, e.g., "inline;
filename=myvideo.mp4"

--content-type=CONTENT_TYPE
Provide a Content-Type for signed URLs, e.g., "video/mp4"

EXAMPLES

One of the most powerful commands of s3cmd is s3cmd sync used for
synchronising complete directory trees to or from remote S3 storage.
To some extent s3cmd put and s3cmd get share a similar behaviour with
sync.

Basic usage common in backup scenarios is as simple as:
s3cmd sync /local/path/ s3://test-bucket/backup/

This command will find all files under /local/path directory and copy
them to corresponding paths under s3://test-bucket/backup on the
remote side. For example:
/local/path/file1.ext -> s3://bucket/backup/file1.ext
/local/path/dir123/file2.bin -> s3://bucket/backup/dir123/file2.bin

However if the local path doesn't end with a slash the last
directory's name is used on the remote side as well. Compare these
with the previous example:
s3cmd sync /local/path s3://test-bucket/backup/
will sync:
/local/path/file1.ext -> s3://bucket/backup/path/file1.ext
/local/path/dir123/file2.bin -> s3://bucket/backup/path/dir123/file2.bin

To retrieve the files back from S3 use inverted syntax:
s3cmd sync s3://test-bucket/backup/ ~/restore/
that will download files:
s3://bucket/backup/file1.ext -> ~/restore/file1.ext
s3://bucket/backup/dir123/file2.bin -> ~/restore/dir123/file2.bin

Without the trailing slash on source the behaviour is similar to what
has been demonstrated with upload:
s3cmd sync s3://test-bucket/backup ~/restore/
will download the files as:
s3://bucket/backup/file1.ext -> ~/restore/backup/file1.ext
s3://bucket/backup/dir123/file2.bin -> ~/restore/backup/dir123/file2.bin

All source file names, the bold ones above, are matched against
exclude rules and those that match are then re-checked against
include rules to see whether they should be excluded or kept in the
source list.

For the purpose of --exclude and --include matching only the bold
file names above are used. For instance only path/file1.ext is tested
against the patterns, not /local/path/file1.ext

Both --exclude and --include work with shell-style wildcards (a.k.a.
GLOB). For a greater flexibility s3cmd provides Regular-expression
versions of the two exclude options named --rexclude and --rinclude.
The options with ...-from suffix (eg --rinclude-from) expect a
filename as an argument. Each line of such a file is treated as one
pattern.

There is only one set of patterns built from all --(r)exclude(-from)
options and similarly for include variant. Any file excluded with eg
--exclude can be put back with a pattern found in --rinclude-from
list.

Run s3cmd with --dry-run to verify that your rules work as expected.
Use together with --debug get detailed information about matching
file names against exclude and include rules.

For example to exclude all files with ".jpg" extension except those
beginning with a number use:

--exclude '*.jpg' --rinclude '[0-9].*.jpg'

To exclude all files except "*.jpg" extension, use:

--exclude '*' --include '*.jpg'

To exclude local directory 'somedir', be sure to use a trailing
forward slash, as such:

--exclude 'somedir/'

AUTHOR

Written by Michal Ludvig, Florent Viard and contributors

CONTACT, SUPPORT
Preferred way to get support is our mailing list:
s3tools-general@lists.sourceforge.net
or visit the project homepage:
https://s3tools.org

REPORTING BUGS

Report bugs to s3tools-bugs@lists.sourceforge.net

COPYRIGHT

LICENSE

This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or (at
your option) any later version. This program is distributed in the
hope that it will be useful, but WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
PURPOSE. See the GNU General Public License for more details.

s3cmd(1)