Upload a part for protection using Immutable Object Storage

This enhancement of the UPLOAD PART requires that a Content MD-5 header is included with each part that is uploaded if the V4 Signature does not include the sha256 of the content. However, the Content MD-5 header is not required for UPLOAD PART-COPY requests. The Content MD-5 header and V4 Signature signing are not required for INITIATE MULTI PART UPLOAD requests.

If an UPLOAD PART/ UPLOAD PART-COPY/ INITIATE MULTI PART UPLOAD request is sent with retention headers present in it, they are ignored and the normal operation continues.

Objects in protected buckets that are no longer under retention (retention period has expired and the object does not have any legal holds), when overwritten, will again come under retention. The new retention period can be provided as part of the object overwrite request or the default retention time of the bucket will be given to the object.

The UPLOAD PART-COPY uses the fastest vault as the source of the copy if the source is a protected mirror.

An integrity check is required by using either content-md5, a x-amz-checksum- header, or the x-amz-content-sha256 header.

Requests

Request headers

This implementation of the operation requires that the Content MD-5 header or V4 signing are included with each part that is uploaded.

Table 1. Request headers
Name Type Description
Content-MD5 String The base64-encoded 128-bit MD5 digest of the message (without the headers) according to RFC 1864.
x-amz-checksum-crc32 String This header is the Base64 encoded, 32-bit CRC32 checksum of the object.
x-amz-checksum-crc32c String This header is the Base64 encoded, 32-bit CRC32C checksum of the object.
x-amz-checksum-crc64nvme String This header is the Base64 encoded, 64-bit CRC64NVME checksum of the object. The CRC64NVME checksum is always a full object checksum.
x-amz-checksum-sha1 String This header is the Base64 encoded, 160-bit SHA1 digest of the object.
x-amz-checksum-sha256 String This header is the Base64 encoded, 256-bit SHA256 digest of the object.
x-amz-trailer String
Possible value
x-amz-checksum-crc32
Indicates which checksum value header will be found in the trailer of the payload in order to verify object upload integrity.

Content-MD5 or x-amz-checksum- HTTP header or AWS Signature Version 4 signed payload is required for upload requests with Object Lock parameters.

Specific headers for SSE-C

Common SSE-C headers are available for buckets using Server Side Encryption with Customer-Provided Keys (SSE-C) enabled.

Attention: SSE-C headers can be used to write or write objects from a protected bucket. However, it should be noted that SSE-C keys cannot be rotated for objects in a protected bucket.