33 configuration options · available in Rust, Python, Node.js, Java
use opendal::Operator;
let op = Operator::via_iter("s3", [
("bucket".to_string(), "my-bucket".to_string()),
])?;
use opendal::Operator;
let op = Operator::via_iter("s3", [
// --- General ---
// root of this backend.
//
// All operations will happen under this root.
//
// default to `/` if not set.
// ("root".to_string(), "/".to_string()),
// bucket name of this backend.
//
// required.
("bucket".to_string(), "my-bucket".to_string()),
// endpoint of this backend.
//
// Endpoint must be full uri, e.g.
//
// - AWS S3: `https://s3.amazonaws.com` or `https://s3.{region}.amazonaws.com`
// - Cloudflare R2: `https://<ACCOUNT_ID>.r2.cloudflarestorage.com`
// - Aliyun OSS: `https://{region}.aliyuncs.com`
// - Tencent COS: `https://cos.{region}.myqcloud.com`
// - Minio: `http://127.0.0.1:9000`
//
// If user inputs endpoint without scheme like "s3.amazonaws.com", we
// will prepend "https://" before it.
//
// - If endpoint is set, we will take user's input first.
// - If not, we will try to load it from environment.
// - If still not set, default to `https://s3.amazonaws.com`.
// ("endpoint".to_string(), "https://s3.amazonaws.com".to_string()),
// Region represent the signing region of this endpoint. This is required
// if you are using the default AWS S3 endpoint.
//
// If using a custom endpoint,
// - If region is set, we will take user's input first.
// - If not, we will try to load it from environment.
// ("region".to_string(), "us-east-1".to_string()),
// --- Credentials ---
// access_key_id of this backend.
//
// - If access_key_id is set, we will take user's input first.
// - If not, we will try to load it from environment.
// ("access_key_id".to_string(), "...".to_string()),
// secret_access_key of this backend.
//
// - If secret_access_key is set, we will take user's input first.
// - If not, we will try to load it from environment.
// ("secret_access_key".to_string(), "...".to_string()),
// session_token (aka, security token) of this backend.
//
// This token will expire after sometime, it's recommended to set session_token
// by hand.
// ("session_token".to_string(), "...".to_string()),
// Disable config load so that opendal will not load config from
// environment.
//
// For examples:
//
// - envs like `AWS_ACCESS_KEY_ID`
// - files like `~/.aws/config`
// ("disable_config_load".to_string(), "true".to_string()),
// Disable load credential from ec2 metadata.
//
// This option is used to disable the default behavior of opendal
// to load credential from ec2 metadata, a.k.a., IMDSv2
// ("disable_ec2_metadata".to_string(), "true".to_string()),
// Skip signature will skip loading credentials and signing requests.
// ("skip_signature".to_string(), "true".to_string()),
// --- Assume role ---
// role_arn for this backend.
//
// If `role_arn` is set, we will use already known config as source
// credential to assume role with `role_arn`.
// ("role_arn".to_string(), "...".to_string()),
// external_id for this backend.
// ("external_id".to_string(), "...".to_string()),
// role_session_name for this backend.
// ("role_session_name".to_string(), "...".to_string()),
// assume_role_duration_seconds for this backend.
// ("assume_role_duration_seconds".to_string(), "1000".to_string()),
// assume_role_session_tags for this backend.
// ("assume_role_session_tags".to_string(), "...".to_string()),
// --- Encryption ---
// server_side_encryption for this backend.
//
// Available values: `AES256`, `aws:kms`.
// ("server_side_encryption".to_string(), "...".to_string()),
// server_side_encryption_aws_kms_key_id for this backend
//
// - If `server_side_encryption` set to `aws:kms`, and `server_side_encryption_aws_kms_key_id`
// is not set, S3 will use aws managed kms key to encrypt data.
// - If `server_side_encryption` set to `aws:kms`, and `server_side_encryption_aws_kms_key_id`
// is a valid kms key id, S3 will use the provided kms key to encrypt data.
// - If the `server_side_encryption_aws_kms_key_id` is invalid or not found, an error will be
// returned.
// - If `server_side_encryption` is not `aws:kms`, setting `server_side_encryption_aws_kms_key_id`
// is a noop.
// ("server_side_encryption_aws_kms_key_id".to_string(), "...".to_string()),
// server_side_encryption_customer_algorithm for this backend.
//
// Available values: `AES256`.
// ("server_side_encryption_customer_algorithm".to_string(), "...".to_string()),
// server_side_encryption_customer_key for this backend.
//
// Value: BASE64-encoded key that matches algorithm specified in
// `server_side_encryption_customer_algorithm`.
// ("server_side_encryption_customer_key".to_string(), "...".to_string()),
// Set server_side_encryption_customer_key_md5 for this backend.
//
// Value: MD5 digest of key specified in `server_side_encryption_customer_key`.
// ("server_side_encryption_customer_key_md5".to_string(), "...".to_string()),
// --- Behavior ---
// default storage_class for this backend.
//
// Available values:
// - `DEEP_ARCHIVE`
// - `GLACIER`
// - `GLACIER_IR`
// - `INTELLIGENT_TIERING`
// - `ONEZONE_IA`
// - `EXPRESS_ONEZONE`
// - `OUTPOSTS`
// - `REDUCED_REDUNDANCY`
// - `STANDARD`
// - `STANDARD_IA`
//
// S3 compatible services don't support all of them
// ("default_storage_class".to_string(), "...".to_string()),
// Enable virtual host style so that opendal will send API requests
// in virtual host style instead of path style.
//
// - By default, opendal will send API to `https://s3.us-east-1.amazonaws.com/bucket_name`
// - Enabled, opendal will send API to `https://bucket_name.s3.us-east-1.amazonaws.com`
// ("enable_virtual_host_style".to_string(), "true".to_string()),
// Checksum Algorithm to use when sending checksums in HTTP headers.
// This is necessary when writing to AWS S3 Buckets with Object Lock enabled for example.
//
// Available options:
// - "crc32c"
// - "md5"
// ("checksum_algorithm".to_string(), "...".to_string()),
// OpenDAL uses List Objects V2 by default to list objects.
// However, some legacy services do not yet support V2.
// This option allows users to switch back to the older List Objects V1.
// ("disable_list_objects_v2".to_string(), "true".to_string()),
// Indicates whether the client agrees to pay for the requests made to the S3 bucket.
// ("enable_request_payer".to_string(), "true".to_string()),
// Default ACL for new objects.
// Note that some s3 services like minio do not support this option.
// ("default_acl".to_string(), "...".to_string()),
])?;
Every option is passed as a string key; OpenDAL parses it into the right type. Some services may require building the binding with the matching services-* feature enabled.
| Key | Type | Required | Description |
|---|---|---|---|
rootdefault / | string | no | root of this backend.
All operations will happen under this root.
default to / if not set. |
buckete.g. my-bucket | string | yes | bucket name of this backend. required. |
endpointdefault https://s3.amazonaws.com | string | no | endpoint of this backend.
Endpoint must be full uri, e.g.
- AWS S3: https://s3.amazonaws.com or https://s3.{region}.amazonaws.com
- Cloudflare R2: https://<ACCOUNT_ID>.r2.cloudflarestorage.com
- Aliyun OSS: https://{region}.aliyuncs.com
- Tencent COS: https://cos.{region}.myqcloud.com
- Minio: http://127.0.0.1:9000
If user inputs endpoint without scheme like "s3.amazonaws.com", we
will prepend "https://" before it.
- If endpoint is set, we will take user's input first.
- If not, we will try to load it from environment.
- If still not set, default to https://s3.amazonaws.com. |
regione.g. us-east-1 | string | no | Region represent the signing region of this endpoint. This is required if you are using the default AWS S3 endpoint. If using a custom endpoint, - If region is set, we will take user's input first. - If not, we will try to load it from environment. |
| Key | Type | Required | Description |
|---|---|---|---|
access_key_id | string | no | access_key_id of this backend. - If access_key_id is set, we will take user's input first. - If not, we will try to load it from environment. |
secret_access_key | string | no | secret_access_key of this backend. - If secret_access_key is set, we will take user's input first. - If not, we will try to load it from environment. |
session_token | string | no | session_token (aka, security token) of this backend. This token will expire after sometime, it's recommended to set session_token by hand. |
disable_config_load | bool | no | Disable config load so that opendal will not load config from
environment.
For examples:
- envs like AWS_ACCESS_KEY_ID
- files like ~/.aws/config |
disable_ec2_metadata | bool | no | Disable load credential from ec2 metadata. This option is used to disable the default behavior of opendal to load credential from ec2 metadata, a.k.a., IMDSv2 |
skip_signature | bool | no | Skip signature will skip loading credentials and signing requests. |
| Key | Type | Required | Description |
|---|---|---|---|
role_arn | string | no | role_arn for this backend.
If role_arn is set, we will use already known config as source
credential to assume role with role_arn. |
external_id | string | no | external_id for this backend. |
role_session_name | string | no | role_session_name for this backend. |
assume_role_duration_seconds | integer | no | assume_role_duration_seconds for this backend. |
assume_role_session_tags | map | no | assume_role_session_tags for this backend. |
| Key | Type | Required | Description |
|---|---|---|---|
server_side_encryption | string | no | server_side_encryption for this backend.
Available values: AES256, aws:kms. |
server_side_encryption_aws_kms_key_id | string | no | server_side_encryption_aws_kms_key_id for this backend
- If server_side_encryption set to aws:kms, and server_side_encryption_aws_kms_key_id
is not set, S3 will use aws managed kms key to encrypt data.
- If server_side_encryption set to aws:kms, and server_side_encryption_aws_kms_key_id
is a valid kms key id, S3 will use the provided kms key to encrypt data.
- If the server_side_encryption_aws_kms_key_id is invalid or not found, an error will be
returned.
- If server_side_encryption is not aws:kms, setting server_side_encryption_aws_kms_key_id
is a noop. |
server_side_encryption_customer_algorithm | string | no | server_side_encryption_customer_algorithm for this backend.
Available values: AES256. |
server_side_encryption_customer_key | string | no | server_side_encryption_customer_key for this backend.
Value: BASE64-encoded key that matches algorithm specified in
server_side_encryption_customer_algorithm. |
server_side_encryption_customer_key_md5 | string | no | Set server_side_encryption_customer_key_md5 for this backend.
Value: MD5 digest of key specified in server_side_encryption_customer_key. |
| Key | Type | Required | Description |
|---|---|---|---|
default_storage_class | string | no | default storage_class for this backend.
Available values:
- DEEP_ARCHIVE
- GLACIER
- GLACIER_IR
- INTELLIGENT_TIERING
- ONEZONE_IA
- EXPRESS_ONEZONE
- OUTPOSTS
- REDUCED_REDUNDANCY
- STANDARD
- STANDARD_IA
S3 compatible services don't support all of them |
enable_virtual_host_style | bool | no | Enable virtual host style so that opendal will send API requests
in virtual host style instead of path style.
- By default, opendal will send API to https://s3.us-east-1.amazonaws.com/bucket_name
- Enabled, opendal will send API to https://bucket_name.s3.us-east-1.amazonaws.com |
checksum_algorithm | string | no | Checksum Algorithm to use when sending checksums in HTTP headers. This is necessary when writing to AWS S3 Buckets with Object Lock enabled for example. Available options: - "crc32c" - "md5" |
disable_list_objects_v2 | bool | no | OpenDAL uses List Objects V2 by default to list objects. However, some legacy services do not yet support V2. This option allows users to switch back to the older List Objects V1. |
enable_request_payer | bool | no | Indicates whether the client agrees to pay for the requests made to the S3 bucket. |
default_acl | string | no | Default ACL for new objects. Note that some s3 services like minio do not support this option. |
| Key | Type | Required | Description |
|---|---|---|---|
enable_versioningdeprecated | bool | no | Deprecated: S3 versioning capability is enabled by default. Deprecated since 0.57.0: S3 versioning capability is enabled by default and this option is no longer needed. |
allow_anonymousdeprecated | bool | no | Allow anonymous will allow opendal to send request without signing
when credential is not loaded. Deprecated since 0.57.0: Please use skip_signature instead of allow_anonymous |
batch_max_operationsdeprecated | integer | no | Deprecated: S3 delete batch capability is enabled by default. Deprecated since 0.57.0: S3 delete batch capability is enabled by default. Use CapabilityOverrideLayer to override delete_max_size for specific endpoints. |
delete_max_sizedeprecated | integer | no | Deprecated: S3 delete batch capability is enabled by default. Deprecated since 0.57.0: S3 delete batch capability is enabled by default. Use CapabilityOverrideLayer to override delete_max_size for specific endpoints. |
disable_stat_with_overridedeprecated | bool | no | Deprecated: S3 stat override capabilities are enabled by default. Deprecated since 0.57.0: S3 stat override capabilities are enabled by default. Use CapabilityOverrideLayer to override them for specific endpoints. |
disable_write_with_if_matchdeprecated | bool | no | Deprecated: S3 write with If-Match capability is enabled by default. Deprecated since 0.57.0: S3 write with If-Match capability is enabled by default and this option is no longer needed. |
enable_write_with_appenddeprecated | bool | no | Deprecated: S3 append capability is enabled by default. Deprecated since 0.57.0: S3 append capability is enabled by default and this option is no longer needed. |