Copying objects

Written by

Updated at October 28, 2024

Copying a single object
Copying all bucket objects to another bucket
Copying objects to a bucket in a different organization

Object Storage supports server-side object copy.

If encryption in a bucket is disabled, objects will be copied to server-side buckets. The host on which the copy operation is run and Object Storage exchange nothing but object keys. No fee is charged for the copying traffic in this case, because the traffic is internal for the object storage. However, you are charged for copy requests.

If bucket objects are encrypted, first they will be copied to the host that executes the command and then uploaded to the target bucket.

Large objects uploaded using multipart uploads are stored in the bucket in parts. They are copied by invoking copyPart for each part. Therefore, multipart objects cost more to copy than regular ones.

You can copy either the entire bucket contents or an individual bucket object. You can also copy objects between buckets of different organizations.

To work with objects in an encrypted bucket, a user or service account must have the following roles for the encryption key in addition to the storage.configurer role:

kms.keys.encrypter: To read the key, encrypt, and upload objects.
kms.keys.decrypter: To read the key, decrypt, and download objects.
kms.keys.encrypterDecrypter: Includes the kms.keys.encrypter and kms.keys.decrypter permissions.

For more information, see Key Management Service service roles.

Copying a single object

AWS CLI

If you do not have the AWS CLI yet, install and configure it.

Run this command:

aws --endpoint-url=https://storage.yandexcloud.net/ \
  s3 cp s3://<source_bucket>/<object_key> s3://<target_bucket>/<object_key>

Where:

--endpoint-url: Object Storage endpoint.
s3 cp: Copy object command.

Result:

copy: s3://<source_bucket>/<object_key> to s3://<target_bucket>/<object_key>

For more information about the aws s3 cp command, see the AWS CLI Command Reference.

Copying all bucket objects to another bucket

AWS CLI

If you do not have the AWS CLI yet, install and configure it.
Run this command:
```
aws --endpoint-url=https://storage.yandexcloud.net/ \
  s3 cp --recursive s3:<source_bucket>/ s3:<target_bucket>/
```
Where:
- --endpoint-url: Object Storage endpoint.
- s3 cp: Copy object command.
- --recursive: Parameter for copying all objects from the source bucket.
For more information about the aws s3 cp command, see the AWS CLI Command Reference.

All objects from the source bucket will be copied to the target bucket.

Note

You can copy objects between buckets either within a single cloud or between different clouds. To do this, make sure your service account has write permissions for both buckets.

Copying objects to a bucket in a different organization

To copy objects to a bucket hosted in a different organization, create two service accounts: one with the storage.viewer role for the source bucket and the other one with the storage.editor role for the target bucket.

AWS CLI

If you do not have the AWS CLI yet, install and configure it for each organization.
Make sure the profiles for the source and target service accounts are listed in the ~/.aws/credentials file.
Set the target bucket's access control list (ACL) with full access permissions granted to the source bucket's service account:
```
aws --endpoint-url=https://storage.yandexcloud.net/ \
  s3api put-bucket-acl --profile <target_profile_name> \
  --bucket <target_bucket_name> \
  --grant-full-control id=<source_service_account_ID>
```
Where:
- --endpoint-url: Object Storage endpoint.
- --profile: Name of the profile in the AWS CLI configuration file for the organization hosting the target bucket.
- --bucket: Target bucket name.
- --grant-full-control: Grants the source bucket service account access to the target bucket. Specify the service account ID of the organization from which the objects are copied.
Copy the objects:
```
aws --endpoint-url=https://storage.yandexcloud.net/ \
  s3 cp --profile <source_profile_name> \
  s3://<source_bucket>/<object_key> \
  s3://<target_bucket>/<object_key>
```
Where:
- --endpoint-url: Object Storage endpoint.
- --profile: Name of the profile in the AWS CLI configuration file for the organization hosting the source bucket.
- s3 cp: Copy object command.
To copy all objects from the source bucket, use the --recursive parameter.

Result:
```
copy: s3://<source_bucket>/<object_key> to s3://<target_bucket>/<object_key>
```
For more information about the aws s3 cp command, see the AWS CLI Command Reference.

Copying objects

Copying a single objectCopying a single object

Copying all bucket objects to another bucketCopying all bucket objects to another bucket

Copying objects to a bucket in a different organizationCopying objects to a bucket in a different organization

Was the article helpful?

Copying a single object

Copying all bucket objects to another bucket

Copying objects to a bucket in a different organization