Connection module for Amazon S3
This module accepts explicit s3 credentials but can also utilize IAM roles assigned to the instance through Instance Profiles. Dynamic credentials are then automatically obtained from AWS API and no further configuration is necessary. More Information available at:
If IAM roles are not used you need to specify them either in a pillar or in the minion's config file:
This is literally the pillar key
s3.keyid or the config option
service_url may also be specified in the configuration:
role_arn may also be specified in the configuration:
service_url is not specified, the default is
may appear in various documentation as an "endpoint". A comprehensive list
for Amazon S3 may be found at:
service_url will form the basis for the final endpoint that is used to
query the service.
Path style can be enabled:
This can be useful if you need to use Salt with a proxy for a S3 compatible storage.
You can use either HTTPS protocol or HTTP protocol:
SSL verification may also be turned off in the configuration:
This is required if using S3 bucket names that contain a period, as these will not match Amazon's S3 wildcard certificates. Certificate verification is enabled by default.
AWS region may be specified in the configuration:
This module should be usable to query other S3-like services, such as Eucalyptus.
Delete a bucket, or delete an object from a bucket.
CLI Example to delete a bucket:
salt myminion s3.delete mybucket
CLI Example to delete an object from a bucket:
salt myminion s3.delete mybucket remoteobject
List the contents of a bucket, or return an object from a bucket. Set return_bin to True in order to retrieve an object wholesale. Otherwise, Salt will attempt to parse an XML response.
CLI Example to list buckets:
salt myminion s3.get
CLI Example to list the contents of a bucket:
salt myminion s3.get mybucket
CLI Example to return the binary contents of an object:
salt myminion s3.get mybucket myfile.png return_bin=True
CLI Example to save the binary contents of an object to a local file:
salt myminion s3.get mybucket myfile.png local_file=/tmp/myfile.png
It is also possible to perform an action on a bucket. Currently, S3 supports the following actions:
To perform an action on a bucket:
salt myminion s3.get mybucket myfile.png action=acl
Return the metadata for a bucket, or an object in a bucket.
salt myminion s3.head mybucket
salt myminion s3.head mybucket myfile.png
Create a new bucket, or upload an object to a bucket.
CLI Example to create a bucket:
salt myminion s3.put mybucket
CLI Example to upload an object to a bucket:
salt myminion s3.put mybucket remotepath local_file=/path/to/file