RSS Feed
Download our iPhone app
Browse DevX
Sign up for e-mail newsletters from DevX


Anywhere, Anytime Storage and Retrieval with Amazon's S3  : Page 2

Amazon's S3 storage service adds to the already-long list of places for storing data—but provides the advantages of location-independent, always-available access. Build this S3 client application and perform your own storage tests.

Amazon S3 SOAP API Methods
The S3 SOAP interface is composed of two classes of method calls: operations on buckets and operations on objects, as defined below:

Operations on Buckets:

  • CreateBucket creates a new bucket with the specified name. Because bucket names must be unique across the entire Amazon S3 service, the system returns an error if a bucket with the specified name already exists, even if that bucket name is owned by another account holder.
  • DeleteBucket deletes the bucket with the specified name. S3 will return an error if you attempt to delete a bucket containing any objects. To delete a bucket, you must first delete all the objects in the bucket.
  • ListBucket returns a list of the objects contained in the specified bucket. Because there's no limit to the number of objects that you can store in a bucket, this method automatically supports paging through the list of objects contained in a bucket.
  • ListAllMyBuckets returns the names of all the buckets owned by the Amazon.com account specified in the request.
  • GetBucketAccessControlPolicy and SetBucketAccessControlPolicy get and set the access control policy assigned to the specified bucket. As these are more advanced, I won't cover these methods in this article.
Operations on Objects:

  • PutObjectInline places an object into a bucket. You provide the name of the bucket, the name of the object, and the object contents as parameters to the method call.
  • GetObject retrieves an object with the specified bucket and object names.
  • DeleteObject deletes an object with the specified bucket and object names.
  • PutObject places an object into a bucket, but instead of specifying the object data in a parameter to the method call as with PutObjectInline, you provide it in a DIME attachment. I won't cover this method in this article.
  • GetObjectExtended is similar to the GetObject method, but supports advanced features such as reading specific byte-ranges from the object and conditional reads. I won't cover this method in this article.
  • GetObjectAccessControlPolicy and SetObjectAccessControlPolicy get and set the access control policy assigned to the specified object. I won't cover these methods in this article.
S3 Authentication
When you sign up for an Amazon Web services (AWS) account, the system assigns you an Access Key ID and a Secret Access Key that uniquely identify you as the account owner. You use these keys for authentication when making Web service calls.

For each Web service call, you must specify three parameters to authenticate successfully: the Access Key ID, a timestamp specifying the time the method call was made, and a signature for the method call. These parameters are described below, and are further documented in the downloadable code for this article.

You pass the Access Key ID exactly as it was assigned to your AWS account. You can generate the timestamp from the current system time, formatting it as specified in the AWS documentation. Here's a VB.NET code sample that generates a timestamp in the specified format:

   strISOTimestamp = TimeStamp.ToUniversalTime.ToString(
      "yyyy-MM-ddTHH:mm:ss.fffZ", _
For example, if provided with a time string of 4/1/2006 8:31:13.891 PM, the preceding timestamp code would produce a timestamp string of 2006-04-02T02:31:13.891Z.

Building the signature is more complex, but you can copy it directly from the sample code. It uses a HMAC-SHA1 digest of the string AmazonS3<Operation Name><Timestamp>.

As an example, using the timestamp shown above with a PutObjectInline method call, the string would be AmazonS3PutObjectInline2006-04-02T02:31:13.891Z. To create the signature, you encrypt that concatenated string using the HMACSHA1 algorithm and your Secret Access Key. From the encrypted stream, a base-64 hash is extracted to produce the signature. You can see a sample of the code to do this below. You pass the signature the code produces as the third of the three authentication parameters used in all S3 method calls.

   Public Function aws_GetSignature _
       (ByVal Operation As String, ByVal TimeStamp As _
       DateTime) As String
       Dim strSig_Raw As String
       Dim strSig_UTF8 As Byte()
       Dim strSignature As String
       Dim objUTF8Encoder As UTF8Encoding
       Dim objHMACSHA1 As HMACSHA1
       strSig_Raw = "AmazonS3" & Operation & _ 
       objUTF8Encoder = New UTF8Encoding()
       strSig_UTF8 = objUTF8Encoder.GetBytes(strSig_Raw)
       objHMACSHA1 = New HMACSHA1( _
       strSignature = Convert.ToBase64String _
          (objHMACSHA1.ComputeHash( _
          objUTF8Encoder.GetBytes( _
       Return strSignature
   End Function

Close Icon
Thanks for your registration, follow us on our social networks to keep up-to-date