Copying objects
Object Storage supports server-side object copy.
If encryption in a bucket is disabled, objects will be copied to server-side buckets. The host on which the copy operation is run and Object Storage exchange nothing but object keys. No fee is charged for the copying traffic in this case, because the traffic is internal for the object storage. However, you are charged for copy requests.
If bucket objects are encrypted, first they will be copied to the host that executes the command and then uploaded to the target bucket.
Large objects uploaded using multipart uploads are stored in the bucket in parts. They are copied by invoking copyPart for each part. Therefore, multipart objects cost more to copy than regular ones.
You can copy either the entire bucket contents or an individual bucket object. You can also copy objects between buckets of different organizations.
To work with objects in an encrypted bucket, a user or service account must have the following roles for the encryption key in addition to the storage.configurer
role:
kms.keys.encrypter
: To read the key, encrypt, and upload objects.kms.keys.decrypter
: To read the key, decrypt, and download objects.kms.keys.encrypterDecrypter
: Includes thekms.keys.encrypter
andkms.keys.decrypter
permissions.
For more information, see Key Management Service service roles.
Copying a single object
-
If you do not have the AWS CLI yet, install and configure it.
-
Run this command:
aws --endpoint-url=https://storage.yandexcloud.net/ \ s3 cp s3://<source_bucket>/<object_key> s3://<target_bucket>/<object_key>
Where:
--endpoint-url
: Object Storage endpoint.s3 cp
: Copy object command.
Result:
copy: s3://<source_bucket>/<object_key> to s3://<target_bucket>/<object_key>
For more information about the
aws s3 cp
command, see the AWS CLI Command Reference .
Copying all bucket objects to another bucket
-
If you do not have the AWS CLI yet, install and configure it.
-
Run this command:
aws --endpoint-url=https://storage.yandexcloud.net/ \ s3 cp --recursive s3:<source_bucket>/ s3:<target_bucket>/
Where:
--endpoint-url
: Object Storage endpoint.s3 cp
: Copy object command.--recursive
: Parameter for copying all objects from the source bucket.
For more information about the
aws s3 cp
command, see the AWS CLI Command Reference .
All objects from the source bucket will be copied to the target bucket.
Note
You can copy objects between buckets either within a single cloud or between different clouds. To do this, make sure your service account has write permissions for both buckets.
Copying objects to a bucket in a different organization
To copy objects to a bucket hosted in a different organization, create two service accounts: one with the storage.viewer
role for the source bucket and the other one with the storage.editor
role for the target bucket.
-
If you do not have the AWS CLI yet, install and configure it for each organization.
-
Make sure the profiles for the source and target service accounts are listed in the
~/.aws/credentials
file. -
Set the target bucket's access control list (ACL) with full access permissions granted to the source bucket's service account:
aws --endpoint-url=https://storage.yandexcloud.net/ \ s3api put-bucket-acl --profile <target_profile_name> \ --bucket <target_bucket_name> \ --grant-full-control id=<source_service_account_ID>
Where:
--endpoint-url
: Object Storage endpoint.--profile
: Name of the profile in the AWS CLI configuration file for the organization hosting the target bucket.--bucket
: Target bucket name.--grant-full-control
: Grants the source bucket service account access to the target bucket. Specify the service account ID of the organization from which the objects are copied.
-
Copy the objects:
aws --endpoint-url=https://storage.yandexcloud.net/ \ s3 cp --profile <source_profile_name> \ s3://<source_bucket>/<object_key> \ s3://<target_bucket>/<object_key>
Where:
--endpoint-url
: Object Storage endpoint.--profile
: Name of the profile in the AWS CLI configuration file for the organization hosting the source bucket.s3 cp
: Copy object command.
To copy all objects from the source bucket, use the
--recursive
parameter.Result:
copy: s3://<source_bucket>/<object_key> to s3://<target_bucket>/<object_key>
For more information about the
aws s3 cp
command, see the AWS CLI Command Reference .