Net::Amazon::S3 - Use the Amazon S3 - Simple Storage Service


version 0.991


  use Net::Amazon::S3;
  use Net::Amazon::S3::Authorization::Basic;
  use Net::Amazon::S3::Authorization::IAM;
  my $aws_access_key_id     = 'fill me in';
  my $aws_secret_access_key = 'fill me in too';

  my $s3 = Net::Amazon::S3->new (
    authorization_context => Net::Amazon::S3::Authorization::Basic->new (
      aws_access_key_id     => $aws_access_key_id,
      aws_secret_access_key => $aws_secret_access_key,
    retry => 1,

  # or use an IAM role.
  my $s3 = Net::Amazon::S3->new (
    authorization_context => Net::Amazon::S3::Authorization::IAM->new (
      aws_access_key_id     => $aws_access_key_id,
      aws_secret_access_key => $aws_secret_access_key,
    retry => 1,

  # a bucket is a globally-unique directory
  # list all buckets that i own
  my $response = $s3->buckets;
  foreach my $bucket ( @{ $response->{buckets} } ) {
      print "You have a bucket: " . $bucket->bucket . "\n";

  # create a new bucket
  my $bucketname = 'acmes_photo_backups';
  my $bucket = $s3->add_bucket( { bucket => $bucketname } )
      or die $s3->err . ": " . $s3->errstr;

  # or use an existing bucket
  $bucket = $s3->bucket($bucketname);

  # store a file in the bucket
  $bucket->add_key_filename( '1.JPG', 'DSC06256.JPG',
      { content_type => 'image/jpeg', },
  ) or die $s3->err . ": " . $s3->errstr;

  # store a value in the bucket
  $bucket->add_key( 'reminder.txt', 'this is where my photos are backed up' )
      or die $s3->err . ": " . $s3->errstr;

  # list files in the bucket
  $response = $bucket->list_all
      or die $s3->err . ": " . $s3->errstr;
  foreach my $key ( @{ $response->{keys} } ) {
      my $key_name = $key->{key};
      my $key_size = $key->{size};
      print "Bucket contains key '$key_name' of size $key_size\n";

  # fetch file from the bucket
  $response = $bucket->get_key_filename( '1.JPG', 'GET', 'backup.jpg' )
      or die $s3->err . ": " . $s3->errstr;

  # fetch value from the bucket
  $response = $bucket->get_key('reminder.txt')
      or die $s3->err . ": " . $s3->errstr;
  print "reminder.txt:\n";
  print "  content length: " . $response->{content_length} . "\n";
  print "    content type: " . $response->{content_type} . "\n";
  print "            etag: " . $response->{content_type} . "\n";
  print "         content: " . $response->{value} . "\n";

  # delete keys
  $bucket->delete_key('reminder.txt') or die $s3->err . ": " . $s3->errstr;
  $bucket->delete_key('1.JPG')        or die $s3->err . ": " . $s3->errstr;

  # and finally delete the bucket
  $bucket->delete_bucket or die $s3->err . ": " . $s3->errstr;


This module provides a Perlish interface to Amazon S3. From the developer blurb: "Amazon S3 is storage for the Internet. It is designed to make web-scale computing easier for developers. Amazon S3 provides a simple web services interface that can be used to store and retrieve any amount of data, at any time, from anywhere on the web. It gives any developer access to the same highly scalable, reliable, fast, inexpensive data storage infrastructure that Amazon uses to run its own global network of web sites. The service aims to maximize benefits of scale and to pass those benefits on to developers".

To find out more about S3, please visit:

To use this module you will need to sign up to Amazon Web Services and provide an "Access Key ID" and " Secret Access Key". If you use this module, you will incurr costs as specified by Amazon. Please check the costs. If you use this module with your Access Key ID and Secret Access Key you must be responsible for these costs.

I highly recommend reading all about S3, but in a nutshell data is stored in values. Values are referenced by keys, and keys are stored in buckets. Bucket names are global.

Note: This is the legacy interface, please check out Net::Amazon::S3::Client instead.

Development of this code happens here:

Bucket names with dots, HTTPS, and Signature V4

At the moment Amazon S3 doesn't play well with HTTPS and virtual bucket hosts if bucket name contains dots.

Due the current implementation of Signature V4 handling you should use workaround consisting of usage of region hostnames

        my $bucket_region = $global_s3->bucket ($bucket)->_head_region;

        my $region_s3 = Net::Amazon:S3->new (
                vendor => Net::Amazon::S3::Vendor::Amazon->new (
                        host => "s3-$",
                        use_virtual_host => 0,

        my $bucket = $region_s3->bucket ($bucket);

And use bucket instance / region s3 connection.



Create a new S3 client object. Takes some arguments:


Class that provides authorization information.

See one of available implementations for more


Instance of Net::Amazon::S3::Vendor holding vendor specific deviations.

S3 became widely used object storage protocol with many vendors providing different feature sets and different compatibility level.

One common difference is bucket's HEAD request to determine its region.

To maintain currently known differences along with any differencies that may rise in feature it's better to hold vendor specification in dedicated classes. This also allows users to build their own fine-tuned vendor classes.



When used it's used to create authorization context.

Use your Access Key ID as the value of the AWSAccessKeyId parameter in requests you send to Amazon Web Services (when required). Your Access Key ID identifies you as the party responsible for the request.



When used it's used to create authorization context.

Since your Access Key ID is not encrypted in requests to AWS, it could be discovered and used by anyone. Services that are not free require you to provide additional information, a request signature, to verify that a request containing your unique Access Key ID could only have come from you.




When used it's used to create authorization context.

If you are using temporary credentials provided by the AWS Security Token Service, set the token here, and it will be added to the request in order to authenticate it.



When used it's used to create authorization context.

If you'd like to use IAM provided temporary credentials, pass this option with a true value.



Set this to 0 if you don't want to use SSL-encrypted connections when talking to S3. Defaults to 1.

To use SSL-encrypted connections, LWP::Protocol::https is required.

See #vendor and Net::Amazon::S3::Vendor.


Set this to 0 to disable Keep-Alives. Default is 10.


How many seconds should your script wait before bailing on a request to S3? Defaults to 30.


If this library should retry upon errors. This option is recommended. This uses exponential backoff with retries after 1, 2, 4, 8, 16, 32 seconds, as recommended by Amazon. Defaults to off.

When retry is on, request will be automatically retried when one of following HTTP statuses happens

408 - Request Timeout
500 - Internal Server Error
502 - Bad Gateway
503 - Service Unavailable
504 - Gateway Timeout

For more details see LWP::UserAgent::Determined.



The S3 host endpoint to use. Defaults to ''. This allows you to connect to any S3-compatible host.

See #vendor and Net::Amazon::S3::Vendor.



Use the virtual host method ('') instead of specifying the bucket at the first part of the path. This is particularly useful if you want to access buckets not located in the US-Standard region (such as EU, Asia Pacific or South America). See for the pros and cons.

See #vendor and Net::Amazon::S3::Vendor.



Authorization implementation package name.

This library provides Net::Amazon::S3::Signature::V2 and Net::Amazon::S3::Signature::V4

Default is Signature 4 if host is, Signature 2 otherwise

See #vendor and Net::Amazon::S3::Vendor.


Error handler class name (package name), see Net::Amazon::S3::Error::Handler for more.

Default: Net::Amazon::S3::Error::Handler::Legacy


Instance of error handler class.


When using Net::Amazon::S3 in child processes using fork (such as in combination with the excellent Parallel::ForkManager) you should create the S3 object in each child, use a fresh LWP::UserAgent in each child, or disable the LWP::ConnCache in the parent:

    $s3->ua( LWP::UserAgent->new( 
        keep_alive => 0, requests_redirectable => [qw'GET HEAD DELETE PUT POST'] );


Returns undef on error, else hashref of results


        # Create new bucket with default location
        my $bucket = $s3->add_bucket ('new-bucket');

        # Create new bucket in another location
        my $bucket = $s3->add_bucket ('new-bucket', location_constraint => 'eu-west-1');
        my $bucket = $s3->add_bucket ('new-bucket', { location_constraint => 'eu-west-1' });
        my $bucket = $s3->add_bucket (bucket => 'new-bucket', location_constraint => 'eu-west-1');
        my $bucket = $s3->add_bucket ({ bucket => 'new-bucket', location_constraint => 'eu-west-1' });

Method creates and returns new bucket.

In case of error it reports it and returns undef (refer "ERROR HANDLING").

Recognized positional arguments (refer "CALLING CONVENTION")


Required, recognized as positional.

The name of the bucket you want to add.

Recognized optional arguments

        acl => 'private'
        acl => Net::Amazon::S3::ACL::Canned->PRIVATE
        acl => Net::Amazon::S3::ACL::Set->grant_read (email => 'foo@bar.baz')

Available since v0.94

Set ACL to the newly created bucket. Refer Net::Amazon::S3::ACL for possibilities.

acl_short (deprecated)

Deprecated since v0.94

When specified its value is used to populate acl argument (unless it exists).



Sets the location constraint of the new bucket. If left unspecified, the default S3 datacenter location will be used.

This library recognizes regions according Amazon S3 documentation

Provides operation CreateBucket.

bucket BUCKET

        # build bucket with guessed region
        $s3->bucket ('foo');
        $s3->bucket (bucket => 'foo');
        $s3->bucket (name   => 'foo');

        # build with explicit region
        $s3->bucket ('foo', region => 'bar');

Returns an (unverified) bucket object from an account. Does no network access.

However, when guessing region, HeadRegion operation may be called before first network access.

Region is mandatory when using Signature V4 authorization, which is default for AWS. AWS limits number of HTTP requests, see


        $s3->delete_bucket ($bucket);
        $s3->delete_bucket (bucket => $bucket);

Deletes bucket from account.

Returns true if the bucket is successfully deleted.

Returns false and reports an error otherwise (refer "ERROR HANDLING")

Positional arguments (refer "CALLING CONVENTION")



The name of the bucket or Net::Amazon::S3::Bucket instance you want to delete.

Provides operation "DeleteBucket"


List all keys in this bucket.

Takes a hashref of arguments:



The name of the bucket you want to list keys on



Restricts the response to only contain results that begin with the specified prefix. If you omit this optional argument, the value of prefix for your query will be the empty string. In other words, the results will be not be restricted by prefix.


If this optional, Unicode string parameter is included with your request, then keys that contain the same string between the prefix and the first occurrence of the delimiter will be rolled up into a single result element in the CommonPrefixes collection. These rolled-up keys are not returned elsewhere in the response. For example, with prefix="USA/" and delimiter="/", the matching keys "USA/Oregon/Salem" and "USA/Oregon/Portland" would be summarized in the response as a single "USA/Oregon" element in the CommonPrefixes collection. If an otherwise matching key does not contain the delimiter after the prefix, it appears in the Contents collection.

Each element in the CommonPrefixes collection counts as one against the MaxKeys limit. The rolled-up keys represented by each CommonPrefixes element do not. If the Delimiter parameter is not present in your request, keys in the result set will not be rolled-up and neither the CommonPrefixes collection nor the NextMarker element will be present in the response.


This optional argument limits the number of results returned in response to your query. Amazon S3 will return no more than this number of results, but possibly less. Even if max-keys is not specified, Amazon S3 will limit the number of results in the response. Check the IsTruncated flag to see if your results are incomplete. If so, use the Marker parameter to request the next page of results. For the purpose of counting max-keys, a 'result' is either a key in the 'Contents' collection, or a delimited prefix in the 'CommonPrefixes' collection. So for delimiter requests, max-keys limits the total number of list results, not just the number of keys.


This optional parameter enables pagination of large result sets. marker specifies where in the result set to resume listing. It restricts the response to only contain results that occur alphabetically after the value of marker. To retrieve the next page of results, use the last key from the current page of results as the marker in your next request.

See also next_marker, below.

If marker is omitted,the first page of results is returned.

Returns undef on error and a hashref of data on success:

The hashref looks like this:

        bucket          => $bucket_name,
        prefix          => $bucket_prefix,
        common_prefixes => [$prefix1,$prefix2,...]
        marker          => $bucket_marker,
        next_marker     => $bucket_next_available_marker,
        max_keys        => $bucket_max_keys,
        is_truncated    => $bucket_is_truncated_boolean
        keys            => [$key1,$key2,...]

Explanation of bits of that:


If list_bucket was requested with a delimiter, common_prefixes will contain a list of prefixes matching that delimiter. Drill down into these prefixes by making another request with the prefix parameter.


B flag that indicates whether or not all results of your query were returned in this response. If your results were truncated, you can make a follow-up paginated request using the Marker parameter to retrieve the rest of the results.


A convenience element, useful when paginating with delimiters. The value of next_marker, if present, is the largest (alphabetically) of all key names and all CommonPrefixes prefixes in the response. If the is_truncated flag is set, request the next page of results by setting marker to the value of next_marker. This element is only present in the response if the delimiter parameter was sent with the request.

Each key is a hashref that looks like this:

        key           => $key,
        last_modified => $last_mod_date,
        etag          => $etag, # An MD5 sum of the stored content.
        size          => $size, # Bytes
        storage_class => $storage_class # Doc?
        owner_id      => $owner_id,
        owner_displayname => $owner_name


List all keys in this bucket without having to worry about 'marker'. This is a convenience method, but may make multiple requests to S3 under the hood.

Takes the same arguments as list_bucket.


    my $response = $s3->_perform_operation ('Operation' => (
        # ... operation request parameters

Internal operation implementation method, takes request construction parameters, performs necessary HTTP requests(s) and returns Response instance.

Method takes same named parameters as realted Request class.

Method provides available contextual parameters by default (eg s3, bucket)

Method invokes contextual error handler.


Available since v0.97 - calling convention extentend

In order to make method calls somehow consistent, backward compatible, and extendable, API's methods support multiple ways how to provide their arguments

plain named arguments (preferred)
        method (named => 'argument', another => 'argument');
trailing configuration hash
        method ({ named => 'argument', another => 'argument' });
        method (positional, { named => 'argument', another => 'argument' } );

Last argument of every method can be configuration hash, treated as additional named arguments. Can be combined with named arguments.

positional arguments with optional named arguments
        method (positional, named => 'argument', another => 'argument');
        method (positional, { named => 'argument', another => 'argument' } );

For methods supporting mandatory positional arguments additional named arguments and/or configuration hash is supported.

Named arguments or configuration hash can specify value of positional arguments as well removing it from list of required positional arguments for given call (see example)

        $s3->bucket->add_key ('key', 'value', acl => $acl);
        $s3->bucket->add_key ('value', key => 'key', acl => $acl);
        $s3->bucket->add_key (key => 'key', value => 'value', acl => $acl);


Net::Amazon::S3 supports pluggable error handling via Net::Amazon::S3::Error::Handler.

When response ends up with an error, every method reports it, and in case it receives control back (no exception), it returns undef.

Default error handling for Net::Amazon::S3 is Net::Amazon::S3::Error::Handler::Legacy which (mostly) sets err and errstr.


This module contains code modified from Amazon that contains the following notice:

  #  This software code is made available "AS IS" without warranties of any
  #  kind.  You may copy, display, modify and redistribute the software
  #  code either by itself or as incorporated into your code; provided that
  #  you do not remove any proprietary notices.  Your use of this software
  #  code is at your own risk and you waive any claim against Amazon
  #  Digital Services, Inc. or its affiliates with respect to your use of
  #  this software code. (c) 2006 Amazon Digital Services, Inc. or its
  #  affiliates.


Testing S3 is a tricky thing. Amazon wants to charge you a bit of money each time you use their service. And yes, testing counts as using. Because of this, the application's test suite skips anything approaching a real test unless you set these three environment variables:


Doesn't matter what you set it to. Just has to be set


Your AWS access key


Your AWS sekkr1t passkey. Be forewarned that setting this environment variable on a shared system might leak that information to another user. Be careful.


Leon Brocard <> and unknown Amazon Digital Services programmers.

Brad Fitzpatrick <> - return values, Bucket object

Pedro Figueiredo <> - since 0.54

Branislav Zahradník <> - since v0.81




Branislav Zahradník <>


This software is copyright (c) 2022 by Amazon Digital Services, Leon Brocard, Brad Fitzpatrick, Pedro Figueiredo, Rusty Conover, Branislav Zahradník.

This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.