amazon.aws.s3_object_info module – Gather information about objects in S3
Note
This module is part of the amazon.aws collection (version 7.6.1).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install amazon.aws
.
You need further requirements to be able to use this module,
see Requirements for details.
To use it in a playbook, specify: amazon.aws.s3_object_info
.
New in amazon.aws 5.0.0
Synopsis
Describes objects in S3.
Compatible with AWS, DigitalOcean, Ceph, Walrus, FakeS3 and StorageGRID (only supports list_keys currently).
When using non-AWS services, endpoint_url should be specified.
Requirements
The below requirements are needed on the host that executes this module.
python >= 3.6
boto3 >= 1.26.0
botocore >= 1.29.0
Parameters
Parameter |
Comments |
---|---|
AWS access key ID. See the AWS documentation for more information about access tokens https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys. The The aws_access_key and profile options are mutually exclusive. The aws_access_key_id alias was added in release 5.1.0 for consistency with the AWS botocore SDK. The ec2_access_key alias has been deprecated and will be removed in a release after 2024-12-01. Support for the |
|
The location of a CA Bundle to use when validating SSL certificates. The |
|
A dictionary to modify the botocore configuration. Parameters can be found in the AWS documentation https://botocore.amazonaws.com/v1/documentation/api/latest/reference/config.html#botocore.config.Config. |
|
The name of the bucket that contains the object. |
|
Enable API compatibility with Ceph RGW. It takes into account the S3 API subset working with Ceph in order to provide the same module behaviour where possible. Requires endpoint_url if ceph=true. Choices:
|
|
Use a The Choices:
|
|
Enables Amazon S3 Dual-Stack Endpoints, allowing S3 communications using both IPv4 and IPv6. Support for passing dualstack and endpoint_url at the same time has been deprecated, the dualstack endpoints are automatically configured using the configured region. Support will be removed in a release after 2024-12-01. Choices:
|
|
S3 URL endpoint for usage with Ceph, Eucalyptus and fakes3 etc. Otherwise assumes AWS. |
|
Retrieve requested S3 object detailed information. |
|
The fields/details that should be returned. Required when object_attributes is Choices:
|
|
Retreive S3 object ACL. Choices:
|
|
Retreive S3 object attributes. Choices:
|
|
Retreive S3 object legal_hold. Choices:
|
|
Retreive S3 object lock_configuration. Choices:
|
|
Retreive S3 object retention. Choices:
|
|
Retreive S3 object Tags. Choices:
|
|
The name of the object. If not specified, a list of all objects in the specified bucket will be returned. |
|
A named AWS profile to use for authentication. See the AWS documentation for more information about named profiles https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html. The The profile option is mutually exclusive with the aws_access_key, aws_secret_key and security_token options. |
|
The AWS region to use. For global services such as IAM, Route53 and CloudFront, region is ignored. The See the Amazon AWS documentation for more information http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region. The Support for the |
|
AWS secret access key. See the AWS documentation for more information about access tokens https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys. The The secret_key and profile options are mutually exclusive. The aws_secret_access_key alias was added in release 5.1.0 for consistency with the AWS botocore SDK. The ec2_secret_key alias has been deprecated and will be removed in a release after 2024-12-01. Support for the |
|
AWS STS session token for use with temporary credentials. See the AWS documentation for more information about access tokens https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys. The The security_token and profile options are mutually exclusive. Aliases aws_session_token and session_token were added in release 3.2.0, with the parameter being renamed from security_token to session_token in release 6.0.0. The security_token, aws_security_token, and access_token aliases have been deprecated and will be removed in a release after 2024-12-01. Support for the |
|
When set to Setting validate_certs=false is strongly discouraged, as an alternative, consider setting aws_ca_bundle instead. Choices:
|
Notes
Note
Support for the
S3_URL
environment variable has been deprecated and will be removed in a release after 2024-12-01, please use the endpoint_url parameter or theAWS_URL
environment variable.Caution: For modules, environment variables and configuration files are read from the Ansible ‘host’ context and not the ‘controller’ context. As such, files may need to be explicitly copied to the ‘host’. For lookup and connection plugins, environment variables and configuration files are read from the Ansible ‘controller’ context and not the ‘host’ context.
The AWS SDK (boto3) that Ansible uses may also read defaults for credentials and other settings, such as the region, from its configuration files in the Ansible ‘host’ context (typically
~/.aws/credentials
). See https://boto3.amazonaws.com/v1/documentation/api/latest/guide/credentials.html for more information.
Examples
# Note: These examples do not set authentication details, see the AWS Guide for details.
- name: Retrieve a list of objects in S3 bucket
amazon.aws.s3_object_info:
bucket_name: MyTestBucket
- name: Retrieve a list of objects in Ceph RGW S3
amazon.aws.s3_object_info:
bucket_name: MyTestBucket
ceph: true
endpoint_url: "http://localhost:8000"
- name: Retrieve object metadata without object itself
amazon.aws.s3_object_info:
bucket_name: MyTestBucket
object_name: MyTestObjectKey
- name: Retrieve detailed S3 information for all objects in the bucket
amazon.aws.s3_object_info:
bucket_name: MyTestBucket
object_details:
object_acl: true
object_attributes: true
attributes_list:
- ETag
- ObjectSize
- StorageClass
- name: Retrieve detailed S3 object information
amazon.aws.s3_object_info:
bucket_name: MyTestBucket
object_name: MyTestObjectKey
object_details:
object_acl: true
object_tagging: true
object_legal_hold: true
object_attributes: true
attributes_list:
- ETag
- ObjectSize
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
S3 object details. Returned: when bucket_name and object_name are specified. |
|
Access control list (ACL) of an object. Returned: when object_acl is set to true. |
|
A list of grants. Returned: always |
|
The entity being granted permissions. Returned: always |
|
The canonical user ID of the grantee. Returned: always Sample: |
|
type of grantee. Returned: always Sample: |
|
Specifies the permission given to the grantee. Returned: always Sample: |
|
Bucket owner’s display ID and name. Returned: always |
|
Bucket owner’s display name. Returned: always Sample: |
|
Bucket owner’s ID. Returned: always Sample: |
|
Object attributes. Returned: when object_attributes is set to true. |
|
The checksum or digest of the object. Returned: always |
|
The base64-encoded, 32-bit CRC32 checksum of the object. Returned: if it was upload with the object. Sample: |
|
The base64-encoded, 32-bit CRC32C checksum of the object. Returned: if it was upload with the object. Sample: |
|
The base64-encoded, 160-bit SHA-1 digest of the object. Returned: if it was upload with the object. Sample: |
|
The base64-encoded, 256-bit SHA-256 digest of the object. Returned: if it was upload with the object. Sample: |
|
An ETag is an opaque identifier assigned by a web server to a specific version of a resource found at a URL. Returned: always Sample: |
|
The creation date of the object. Returned: always Sample: |
|
A collection of parts associated with a multipart upload. Returned: always |
|
Indicates whether the returned list of parts is truncated. Returned: always |
|
The maximum number of parts allowed in the response. Returned: always |
|
When a list is truncated, this element specifies the last part in the list As well as the value to use for the PartNumberMarker request parameter in a subsequent request. Returned: always |
|
The marker for the current part. Returned: always |
|
The total number of parts. Returned: always |
|
The size of the object in bytes. Returned: alwayS Sample: |
|
A container for elements related to an individual part. Returned: always |
|
The base64-encoded, 32-bit CRC32 checksum of the object. Returned: if it was upload with the object. Sample: |
|
The base64-encoded, 32-bit CRC32C checksum of the object. Returned: if it was upload with the object. Sample: |
|
The base64-encoded, 160-bit SHA-1 digest of the object. Returned: if it was upload with the object. Sample: |
|
The base64-encoded, 256-bit SHA-256 digest of the object. Returned: if it was upload with the object. Sample: |
|
The part number identifying the part. This value is a positive integer between 1 and 10,000. Returned: always |
|
The size of the uploaded part in bytes. Returned: always |
|
The storage class information of the object. Returned: always Sample: |
|
A dict containing the metadata of S3 object. Returned: when bucket_name and object_name are specified but object_details is not specified. |
|
Indicates that a range of bytes was specified. Returned: always |
|
Size of the body (object data) in bytes. Returned: always |
|
A standard MIME type describing the format of the object data. Returned: always |
|
A opaque identifier assigned by a web server to a specific version of a resource found at a URL. Returned: always |
|
Creation date of the object. Returned: always |
|
A map of metadata to store with the object in S3. Returned: always |
|
The server-side encryption algorithm used when storing this object in Amazon S3. Returned: always |
|
The number of tags, if any, on the object. Returned: always |
|
Object’s current legal hold status Returned: when object_legal_hold is set to true and object legal hold is set on the bucket. |
|
The current legal hold status for the specified object. Returned: always |
|
Indicates whether the specified object has a legal hold in place. Returned: always Sample: |
|
Object Lock configuration for a bucket. Returned: when object_lock_configuration is set to true and object lock configuration is set on the bucket. |
|
Indicates whether this bucket has an Object Lock configuration enabled. Returned: always |
|
Specifies the Object Lock rule for the specified object. Returned: always |
|
The default Object Lock retention mode and period that you want to apply to new objects placed in the specified bucket. Returned: always |
|
The number of days that you want to specify for the default retention period. Returned: always |
|
The default Object Lock retention mode you want to apply to new objects placed in the specified bucket. Must be used with either Days or Years. Returned: always |
|
The number of years that you want to specify for the default retention period. Returned: always |
|
Object’s retention settings. Returned: when object_retention is set to true and object retention is set on the bucket. |
|
The container element for an object’s retention settings. Returned: always |
|
Indicates the Retention mode for the specified object. Returned: always |
|
The date on which this Object Lock Retention will expire. Returned: always |
|
The tag-set of an object Returned: when object_tagging is set to true. |
|
List of object keys. Returned: when only bucket_name is specified and object_name, object_details are not specified. Sample: |