AWS SDK for Go
The AWS SDK for Go is a software development kit for integration with AWS services in Go.
Getting started
-
Assign to the service account the roles required for your project, e.g., storage.editor for a bucket (to work with a particular bucket) or a folder (to work with all buckets in this folder). For more information about roles, see Access management with Yandex Identity and Access Management.
To work with objects in an encrypted bucket, a user or service account must have the following roles for the encryption key in addition to the
storage.configurerrole:kms.keys.encrypter: To read the key, encrypt and upload objects.kms.keys.decrypter: To read the key, decrypt and download objects.kms.keys.encrypterDecrypter: This role includes thekms.keys.encrypterandkms.keys.decrypterpermissions.
For more information, see Key Management Service service roles.
-
As a result, you will get the static access key data. To authenticate in Object Storage, you will need the following:
key_id: Static access key IDsecret: Secret key
Save
key_idandsecret: you will not be able to get the key value again.
Note
A service account is only allowed to view a list of buckets in the folder it was created in.
A service account can perform actions with objects in buckets that are created in folders different from the service account folder. To enable this, assign the service account roles for the appropriate folder or its bucket.
Installation
To install the AWS SDK for Go, use the instructions posted on the developer's site.
Configuration
Configuring a directory for authentication data
-
Create a directory to store the authentication data in and navigate to it:
For macOS and Linux:
mkdir ~/.aws/For Windows:
mkdir C:\Users\<username>\.aws\ -
In the
.awsdirectory, create a file namedcredentials, copy the credentials you got earlier, and paste them into it:[default] aws_access_key_id = <static_key_ID> aws_secret_access_key = <secret_key> -
Create a file named
configwith the default region settings and copy the following information to it:[default] region = ru-central1 endpoint_url = https://storage.yandexcloud.netNote
Some apps designed to work with Amazon S3 do not allow you to specify the region; this is why Object Storage may also accept the
us-east-1value.
To access Object Storage, use the https://storage.yandexcloud.net endpoint.
Using environment variables
By default, the AWS SDK for Go uses authentication data from environment variables if they are set. These variables have priority over authentication data from the .aws/credentials file.
The following environment variables are supported:
AWS_ACCESS_KEY_ID: Static key ID.AWS_SECRET_ACCESS_KEY: Secret key.AWS_SESSION_TOKEN: (Optional) Session token. For more information, see Accessing a bucket using Security Token Service.
To set environment variables, depending on your operating system, follow these steps:
In the terminal, run this command:
export AWS_ACCESS_KEY_ID=<static_key_ID>
export AWS_SECRET_ACCESS_KEY=<secret_key>
export AWS_SESSION_TOKEN=<optional_session_token>
In PowerShell, run:
$Env:AWS_ACCESS_KEY_ID=<static_key_ID>
$Env:AWS_SECRET_ACCESS_KEY=<secret_key>
$Env:AWS_SESSION_TOKEN=<optional_session_token>
Code snippets
AWS SDK v.1 for Go entered maintenance mode in July 2024. We recommend migrating to AWS SDK v.2.
Getting a list of bucket names
package main
import (
"context"
"log"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/config"
"github.com/aws/aws-sdk-go-v2/service/s3"
)
func main() {
// Loading the configuration from ~/.aws/*
cfg, err := config.LoadDefaultConfig(context.TODO())
if err != nil {
log.Fatal(err)
}
// Creating a client to access the S3 storage
client := s3.NewFromConfig(cfg)
// Requesting a list of buckets
result, err := client.ListBuckets(context.TODO(), &s3.ListBucketsInput{})
if err != nil {
log.Fatal(err)
}
for _, bucket := range result.Buckets {
log.Printf("bucket=%s creation time=%s", aws.ToString(bucket.Name), bucket.CreationDate.Local().Format("2006-01-02 15:04:05 Monday"))
}
}
package main
import (
"context"
"fmt"
"log"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/config"
"github.com/aws/aws-sdk-go-v2/service/s3"
)
func main() {
// Creating a custom endpoint resolver to return the correct URL for S3 and ru-central1
customResolver := aws.EndpointResolverWithOptionsFunc(func(service, region string, options ...interface{}) (aws.Endpoint, error) {
if service == s3.ServiceID && region == "ru-central1" {
return aws.Endpoint{
PartitionID: "yc",
URL: "https://storage.yandexcloud.net",
SigningRegion: "ru-central1",
}, nil
}
return aws.Endpoint{}, fmt.Errorf("unknown endpoint requested")
})
// Loading the configuration from ~/.aws/*
cfg, err := config.LoadDefaultConfig(context.TODO(), config.WithEndpointResolverWithOptions(customResolver))
if err != nil {
log.Fatal(err)
}
// Creating a client to access the S3 storage
client := s3.NewFromConfig(cfg)
// Requesting a list of buckets
result, err := client.ListBuckets(context.TODO(), &s3.ListBucketsInput{})
if err != nil {
log.Fatal(err)
}
for _, bucket := range result.Buckets {
log.Printf("bucket=%s creation time=%s", aws.ToString(bucket.Name), bucket.CreationDate.Format("2006-01-02 15:04:05 Monday"))
}
}
Getting a list of bucket objects
To get a list of objects in a bucket, provide its name in the -b command line parameter.
package main
import (
"context"
"flag"
"fmt"
"log"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/config"
"github.com/aws/aws-sdk-go-v2/service/s3"
)
func main() {
// Getting the bucket name from the command line argument
bucketName := flag.String("b", "", "The name of the bucket")
flag.Parse()
if *bucketName == "" {
fmt.Println("You must supply the name of a bucket (-b BUCKET)")
return
}
// Loading the configuration from ~/.aws/*
cfg, err := config.LoadDefaultConfig(context.TODO())
if err != nil {
log.Fatal(err)
}
// Creating a client to access the S3 storage
client := s3.NewFromConfig(cfg)
// Requesting a list of all bucket files
result, err := client.ListObjectsV2(context.TODO(), &s3.ListObjectsV2Input{
Bucket: aws.String(*bucketName),
})
if err != nil {
log.Fatal(err)
}
for _, object := range result.Contents {
log.Printf("object=%s size=%d Bytes last modified=%s", aws.ToString(object.Key), aws.ToInt64(object.Size), object.LastModified.Local().Format("2006-01-02 15:04:05 Monday"))
}
}
package main
import (
"context"
"fmt"
"log"
"flag"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/config"
"github.com/aws/aws-sdk-go-v2/service/s3"
)
func main() {
// Getting the bucket name from the command line argument
bucketName := flag.String("b", "", "The name of the bucket")
flag.Parse()
if *bucketName == "" {
fmt.Println("You must supply the name of a bucket (-b BUCKET)")
return
}
// Creating a custom endpoint resolver to return the correct URL for S3 and ru-central1
customResolver := aws.EndpointResolverWithOptionsFunc(func(service, region string, options ...interface{}) (aws.Endpoint, error) {
if service == s3.ServiceID && region == "ru-central1" {
return aws.Endpoint{
PartitionID: "yc",
URL: "https://storage.yandexcloud.net",
SigningRegion: "ru-central1",
}, nil
}
return aws.Endpoint{}, fmt.Errorf("unknown endpoint requested")
})
// Loading the configuration from ~/.aws/*
cfg, err := config.LoadDefaultConfig(context.TODO(), config.WithEndpointResolverWithOptions(customResolver))
if err != nil {
log.Fatal(err)
}
// Creating a client to access the S3 storage
client := s3.NewFromConfig(cfg)
// Requesting a list of all bucket files
result, err := client.ListObjectsV2(context.TODO(), &s3.ListObjectsV2Input{
Bucket: aws.String(*bucketName),
})
if err != nil {
log.Fatal(err)
}
for _, object := range result.Contents {
log.Printf("object=%s size=%d Bytes last modified=%s", aws.ToString(object.Key), object.Size, object.LastModified.Format("2006-01-02 15:04:05 Monday"))
}
}
See also the code samples and Go SDK API Reference Guide.