Amazon S3 Client

Amazon S3 is an object storage service. It can be employed to store any type of object which allows for uses like storage for Internet applications, backup and recovery, disaster recovery, data archives, data lakes for analytics, any hybrid cloud storage. This extension provides functionality that allows the client to communicate with the service when running in Quarkus. You can find more information about S3 at the Amazon S3 website.

The S3 extension is based on AWS Java SDK 2.x. It’s a major rewrite of the 1.x code base that offers two programming models (Blocking & Async).

The Quarkus extension supports two programming models:

  • Blocking access using URL Connection HTTP client (by default) or the Apache HTTP Client

  • Asynchronous programming based on JDK’s CompletableFuture objects and the Netty HTTP client (by default) or the AWS CRT-based HTTP client

In this guide, we see how you can get your REST services to use S3 locally and on AWS.

Prerequisites

To complete this guide, you need:

  • JDK 17+ installed with JAVA_HOME configured appropriately

  • an IDE

  • Apache Maven 3.8.1+

  • AWS Command line interface

  • An AWS Account to access the S3 service. Before you can use the AWS SDKs with Amazon S3, you must get an AWS access key ID and secret access key.

  • Optionally, Docker for your system to run S3 locally for testing purposes

Provision S3 locally via Dev Services

The easiest way to start working with S3 is to run a local instance using Dev Services.

You can optionally configure the buckets that are created on startup with the quarkus.s3.devservices.buckets config property.

Provision S3 locally manually

You can also setup a local version of S3 manually, first start a LocalStack container:

docker run -it --publish 4566:4566 -e SERVICES=s3 -e START_WEB=0 localstack/localstack:3.7.2

This starts a S3 instance that is accessible on port 4566.

Create an AWS profile for your local instance using AWS CLI:

$ aws configure --profile localstack
AWS Access Key ID [None]: test-key
AWS Secret Access Key [None]: test-secret
Default region name [None]: us-east-1
Default output format [None]:

Create a S3 bucket

Create a S3 bucket using AWS CLI

aws s3 mb s3://quarkus.s3.quickstart --profile localstack --endpoint-url=http://localhost:4566

Solution

The application built here allows to manage files stored in Amazon S3.

We recommend that you follow the instructions in the next sections and create the application step by step. However, you can go right to the completed example.

Clone the Git repository: git clone https://github.com/quarkusio/quarkus-quickstarts.git, or download an archive.

The solution is located in the amazon-s3-quickstart directory.

Creating the Maven project

First, we need a new project. Create a new project with the following command:

mvn io.quarkus.platform:quarkus-maven-plugin:3.17.0:create \
    -DprojectGroupId=org.acme \
    -DprojectArtifactId=amazon-s3-quickstart \
    -DclassName="org.acme.s3.S3SyncClientResource" \
    -Dpath="/s3" \
    -Dextensions="resteasy-reactive-jackson,amazon-s3"
cd amazon-s3-quickstart

This command generates a Maven structure importing the RESTEasy Reactive/JAX-RS and S3 Client extensions. After this, the amazon-s3 extension has been added to your pom.xml.

The default setting for quarkus.http.limits.max-body-size is 10240K. This may limit your ability to upload multipart files larger than the default. If you want to upload larger files, you will need to set this limit explicitly.

Setting up the model

In this example, we will create an application to manage a list of files. The example application will demonstrate the two programming models supported by the extension.

Because the primary goal of our application is to upload a file into the S3 bucket, we need to setup the model we will be using to define the multipart/form-data payload, in the form of a @MultipartForm POJO.

Create a org.acme.s3.FormData class as follows:

package org.acme.s3;

import java.io.File;
import jakarta.ws.rs.core.MediaType;
import org.jboss.resteasy.reactive.PartType;
import org.jboss.resteasy.reactive.RestForm;

public class FormData {

    @RestForm("file")
    public File data;

    @RestForm
    @PartType(MediaType.TEXT_PLAIN)
    public String filename;

    @RestForm
    @PartType(MediaType.TEXT_PLAIN)
    public String mimetype;

}

The class defines three fields:

  • data that fill capture stream of uploaded bytes from the client

  • fileName that captures a filename as provided by the submited form

  • mimeType content type of the uploaded file

In the second step let’s create a bean that will represent a file in a Amazon S3 bucket as follows:

package org.acme.s3;

import software.amazon.awssdk.services.s3.model.S3Object;

public class FileObject {
    private String objectKey;

    private Long size;

    public FileObject() {
    }

    public static FileObject from(S3Object s3Object) {
        FileObject file = new FileObject();
        if (s3Object != null) {
            file.setObjectKey(s3Object.key());
            file.setSize(s3Object.size());
        }
        return file;
    }

    public String getObjectKey() {
        return objectKey;
    }

    public Long getSize() {
        return size;
    }

    public FileObject setObjectKey(String objectKey) {
        this.objectKey = objectKey;
        return this;
    }

    public FileObject setSize(Long size) {
        this.size = size;
        return this;
    }
}

Nothing fancy. One important thing to note is that having a default constructor is required by the JSON serialization layer. The static from method creates a bean based on the S3Object object provided by the S3 client response when listing all the objects in a bucket.

Create JAX-RS resource

Now create a org.acme.s3.CommonResource that will consist of methods to prepare S3 request to get object from a S3 bucket, or to put file into a S3 bucket. Note a configuration property bucket.name is defined here as the request method required name of the S3 bucket.

package org.acme.s3;

import org.eclipse.microprofile.config.inject.ConfigProperty;

import software.amazon.awssdk.services.s3.model.GetObjectRequest;
import software.amazon.awssdk.services.s3.model.PutObjectRequest;

abstract public class CommonResource {

    @ConfigProperty(name = "bucket.name")
    String bucketName;

    protected PutObjectRequest buildPutRequest(FormData formData) {
        return PutObjectRequest.builder()
                .bucket(bucketName)
                .key(formData.filename)
                .contentType(formData.mimetype)
                .build();
    }

    protected GetObjectRequest buildGetRequest(String objectKey) {
        return GetObjectRequest.builder()
                .bucket(bucketName)
                .key(objectKey)
                .build();
    }

}

Then, create a org.acme.s3.S3SyncClientResource that will provides an API to upload/download files as well as to list all the files in a bucket.

package org.acme.s3;

import java.util.Comparator;
import java.util.List;
import java.util.stream.Collectors;

import jakarta.inject.Inject;
import jakarta.ws.rs.Consumes;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.POST;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.Produces;
import jakarta.ws.rs.core.MediaType;
import jakarta.ws.rs.core.Response;
import jakarta.ws.rs.core.Response.ResponseBuilder;
import jakarta.ws.rs.core.Response.Status;
import software.amazon.awssdk.core.ResponseBytes;
import software.amazon.awssdk.core.sync.RequestBody;
import software.amazon.awssdk.services.s3.S3Client;
import software.amazon.awssdk.services.s3.model.GetObjectResponse;
import software.amazon.awssdk.services.s3.model.ListObjectsRequest;
import software.amazon.awssdk.services.s3.model.PutObjectResponse;


@Path("/s3")
public class S3SyncClientResource extends CommonResource {
    @Inject
    S3Client s3;

    @POST
    @Path("upload")
    @Consumes(MediaType.MULTIPART_FORM_DATA)
    public Response uploadFile(FormData formData) throws Exception {

        if (formData.filename == null || formData.filename.isEmpty()) {
            return Response.status(Status.BAD_REQUEST).build();
        }

        if (formData.mimetype == null || formData.mimetype.isEmpty()) {
            return Response.status(Status.BAD_REQUEST).build();
        }

        PutObjectResponse putResponse = s3.putObject(buildPutRequest(formData),
                RequestBody.fromFile(formData.data));
        if (putResponse != null) {
            return Response.ok().status(Status.CREATED).build();
        } else {
            return Response.serverError().build();
        }
    }

    @GET
    @Path("download/{objectKey}")
    @Produces(MediaType.APPLICATION_OCTET_STREAM)
    public Response downloadFile(String objectKey) {
        ResponseBytes<GetObjectResponse> objectBytes = s3.getObjectAsBytes(buildGetRequest(objectKey));
        Response.ResponseBuilder response = Response.ok(objectBytes.asByteArray());
        response.header("Content-Disposition", "attachment;filename=" + objectKey);
        response.header("Content-Type", objectBytes.response().contentType());
        return response.build();
    }

    @GET
    @Produces(MediaType.APPLICATION_JSON)
    public List<FileObject> listFiles() {
        ListObjectsRequest listRequest = ListObjectsRequest.builder().bucket(bucketName).build();

        //HEAD S3 objects to get metadata
        return s3.listObjects(listRequest).contents().stream()
                .map(FileObject::from)
                .sorted(Comparator.comparing(FileObject::getObjectKey))
                .collect(Collectors.toList());
    }
}

Configuring S3 clients

Both S3 clients (sync and async) are configurable via the application.properties file that can be provided in the src/main/resources directory.

You need to add to the classpath a proper implementation of the sync client. By default the extension uses the URL connection HTTP client, so add a URL connection client dependency to the pom.xml file:
<dependency>
    <groupId>software.amazon.awssdk</groupId>
    <artifactId>url-connection-client</artifactId>
</dependency>

If you want to use the Apache HTTP client instead, configure it as follows:

quarkus.s3.sync-client.type=apache

And add following dependency to the application pom.xml:

<dependency>
    <groupId>software.amazon.awssdk</groupId>
    <artifactId>apache-client</artifactId>
</dependency>

If you want to use the AWS CRT-based HTTP client instead, configure it as follows:

quarkus.s3.sync-client.type=aws-crt

And add the following dependency to the application pom.xml:

<dependency>
    <groupId>software.amazon.awssdk</groupId>
    <artifactId>aws-crt-client</artifactId>
</dependency>

For asynchronous client refer to Going asynchronous for more information.

If you’re going to use a local S3 instance, configure it as follows:

quarkus.s3.endpoint-override=http://localhost:4566

quarkus.s3.aws.region=us-east-1
quarkus.s3.aws.credentials.type=static
quarkus.s3.aws.credentials.static-provider.access-key-id=test-key
quarkus.s3.aws.credentials.static-provider.secret-access-key=test-secret

bucket.name=quarkus.s3.quickstart
  • quarkus.s3.aws.region - It’s required by the client, but since you’re using a local S3 instance you can pick any valid AWS region.

  • quarkus.s3.aws.credentials.type - Set static credentials provider with any values for access-key-id and secret-access-key

  • quarkus.s3.endpoint-override - Override the S3 client to use a local instance instead of an AWS service

  • bucket.name - Name of the S3 bucket

If you want to work with an AWS account, you’d need to set it with:

bucket.name=<your-bucket-name>

quarkus.s3.aws.region=<YOUR_REGION>
quarkus.s3.aws.credentials.type=default
  • bucket.name - name of the S3 bucket on your AWS account.

  • quarkus.s3.aws.region you should set it to the region where your S3 bucket was created,

  • quarkus.s3.aws.credentials.type - use the default credentials provider chain that looks for credentials in this order:

    • Java System Properties - aws.accessKeyId and aws.secretAccessKey

    • Environment Variables - AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY

    • Credential profiles file at the default location (~/.aws/credentials) shared by all AWS SDKs and the AWS CLI

    • Credentials delivered through the Amazon ECS if the AWS_CONTAINER_CREDENTIALS_RELATIVE_URI environment variable is set and the security manager has permission to access the variable,

    • Instance profile credentials delivered through the Amazon EC2 metadata service

Creating a frontend

Now let’s add a simple web page to interact with our S3SyncClientResource. Quarkus automatically serves static resources located under the META-INF/resources directory. In the src/main/resources/META-INF/resources directory, add a s3.html file with the content from this s3.html file in it.

You can now interact with your REST service:

  • start Quarkus with ./mvnw compile quarkus:dev

  • open a browser to http://localhost:8080/s3.html

  • upload new file to the current S3 bucket via the form and see the list of files in the bucket

Next steps

Packaging

Packaging your application is as simple as ./mvnw clean package. It can be run with java -jar target/quarkus-app/quarkus-run.jar.

With GraalVM installed, you can also create a native executable binary: ./mvnw clean package -Dnative. Depending on your system, that will take some time.

Going asynchronous

Thanks to the AWS SDK v2.x used by the Quarkus extension, you can use the asynchronous programming model out of the box.

Create a org.acme.s3.S3AsyncClientResource that will be similar to our S3SyncClientResource but using an asynchronous programming model.

package org.acme.s3;

import java.nio.ByteBuffer;
import java.util.Comparator;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;

import jakarta.inject.Inject;
import jakarta.ws.rs.Consumes;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.POST;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.Produces;
import jakarta.ws.rs.core.MediaType;
import jakarta.ws.rs.core.Response;
import jakarta.ws.rs.core.Response.Status;
import mutiny.zero.flow.adapters.AdaptersToFlow;

import org.jboss.resteasy.reactive.RestMulti;
import org.reactivestreams.Publisher;

import io.smallrye.mutiny.Multi;
import io.smallrye.mutiny.Uni;
import io.vertx.core.buffer.Buffer;
import software.amazon.awssdk.core.async.AsyncRequestBody;
import software.amazon.awssdk.core.async.AsyncResponseTransformer;
import software.amazon.awssdk.services.s3.S3AsyncClient;
import software.amazon.awssdk.services.s3.model.ListObjectsRequest;
import software.amazon.awssdk.services.s3.model.ListObjectsResponse;

@Path("/async-s3")
public class S3AsyncClientResource extends CommonResource {
    @Inject
    S3AsyncClient s3;

    @POST
    @Path("upload")
    @Consumes(MediaType.MULTIPART_FORM_DATA)
    public Uni<Response> uploadFile(FormData formData) throws Exception {

        if (formData.filename == null || formData.filename.isEmpty()) {
            return Uni.createFrom().item(Response.status(Status.BAD_REQUEST).build());
        }

        if (formData.mimetype == null || formData.mimetype.isEmpty()) {
            return Uni.createFrom().item(Response.status(Status.BAD_REQUEST).build());
        }

        return Uni.createFrom()
                .completionStage(() -> {
                    return s3.putObject(buildPutRequest(formData), AsyncRequestBody.fromFile(formData.data));
                })
                .onItem().ignore().andSwitchTo(Uni.createFrom().item(Response.created(null).build()))
                .onFailure().recoverWithItem(th -> {
                    th.printStackTrace();
                    return Response.serverError().build();
                });
    }

    @GET
    @Path("download/{objectKey}")
    @Produces(MediaType.APPLICATION_OCTET_STREAM)
    public RestMulti<Buffer> downloadFile(String objectKey) {

        return RestMulti.fromUniResponse(Uni.createFrom()
                .completionStage(() -> s3.getObject(buildGetRequest(objectKey),
                        AsyncResponseTransformer.toPublisher())),
                response -> Multi.createFrom().safePublisher(AdaptersToFlow.publisher((Publisher<ByteBuffer>) response))
                        .map(S3AsyncClientResource::toBuffer),
                response -> Map.of("Content-Disposition", List.of("attachment;filename=" + objectKey), "Content-Type",
                        List.of(response.response().contentType())));
    }

    @GET
    public Uni<List<FileObject>> listFiles() {
        ListObjectsRequest listRequest = ListObjectsRequest.builder()
                .bucket(bucketName)
                .build();

        return Uni.createFrom().completionStage(() -> s3.listObjects(listRequest))
                .onItem().transform(result -> toFileItems(result));
    }

    private static Buffer toBuffer(ByteBuffer bytebuffer) {
        byte[] result = new byte[bytebuffer.remaining()];
        bytebuffer.get(result);
        return Buffer.buffer(result);
    }

    private List<FileObject> toFileItems(ListObjectsResponse objects) {
        return objects.contents().stream()
                .map(FileObject::from)
                .sorted(Comparator.comparing(FileObject::getObjectKey))
                .collect(Collectors.toList());
    }
}

And we need to add the Netty HTTP client dependency to the pom.xml:

<dependency>
    <groupId>software.amazon.awssdk</groupId>
    <artifactId>netty-nio-client</artifactId>
</dependency>

If you want to use the AWS CRT-based HTTP client instead, configure it as follows:

quarkus.s3.async-client.type=aws-crt

And add the following dependency to the application pom.xml:

<dependency>
    <groupId>software.amazon.awssdk</groupId>
    <artifactId>aws-crt-client</artifactId>
</dependency>

If you want to use the AWS CRT-based S3 client, add the io.quarkiverse.amazon.s3.runtime.S3Crt qualifier as follows:

@Inject
@S3Crt
S3AsyncClient s3;

And add the following dependency to the application pom.xml:

<dependency>
    <groupId>software.amazon.awssdk</groupId>
    <artifactId>aws-crt-client</artifactId>
</dependency>

S3 Transfer Manager

Amazon S3 Transfer Manager is high-level file transfer utility based on the S3 client. The extension provides functionality that allows to use S3TransferManager when running in Quarkus. You can find more information about S3 Transfer Manager at the Amazon S3 website.

S3 Transfer Manager and the Quarkus extension supports only Asynchronous programming based on JDK’s CompletableFuture objects and the Netty HTTP client (by default) or the AWS CRT-based HTTP client, or AWS CRT-based S3 client.

S3 Transfer Manager share the same configuration as S3 asynchronous client. See above to configure an S3AsyncClient.

If you want to use S3 Transfer Manager, configure an S3AsyncClient with the desired HTTP client library and simply inject an instance of S3TransferManager:

// Netty or AWS CRT-based HTTP client
@Inject
S3TransferManager transferManager;

// or AWS CRT-based S3 client
@Inject
@S3Crt
S3TransferManager transferManager;

And add the following dependency to the application pom.xml:

<dependency>
    <groupId>io.quarkiverse.amazonservices</groupId>
    <artifactId>quarkus-amazon-s3-transfer-manager</artifactId>
</dependency>

Configuration Reference

Configuration property fixed at build time - All other configuration properties are overridable at runtime

Configuration property

Type

Default

List of execution interceptors that will have access to read and modify the request and response objects as they are processed by the AWS SDK.

The list should consists of class names which implements software.amazon.awssdk.core.interceptor.ExecutionInterceptor interface. Classes will be attempted to be loaded via CDI first, and if no CDI beans are available, then the constructor with no parameters will be invoked to instantiate each class.

Environment variable: QUARKUS_S3_INTERCEPTORS

list of string

OpenTelemetry AWS SDK instrumentation will be enabled if the OpenTelemetry extension is present and this value is true.

Environment variable: QUARKUS_S3_TELEMETRY_ENABLED

boolean

false

Type of the sync HTTP client implementation

Environment variable: QUARKUS_S3_SYNC_CLIENT_TYPE

url, apache, aws-crt

url

Type of the async HTTP client implementation

Environment variable: QUARKUS_S3_ASYNC_CLIENT_TYPE

netty, aws-crt

netty

If a local AWS stack should be used. (default to true) If this is true and endpoint-override is not configured then a local AWS stack will be started and will be used instead of the given configuration. For all services but Cognito, the local AWS stack will be provided by LocalStack. Otherwise, it will be provided by Moto

Environment variable: QUARKUS_S3_DEVSERVICES_ENABLED

boolean

Indicates if the LocalStack container managed by Dev Services is shared. When shared, Quarkus looks for running containers using label-based service discovery. If a matching container is found, it is used, and so a second one is not started. Otherwise, Dev Services starts a new container.

The discovery uses the quarkus-dev-service-localstack label. The value is configured using the service-name property.

Sharing is not supported for the Cognito extension.

Environment variable: QUARKUS_S3_DEVSERVICES_SHARED

boolean

false

Indicates if shared LocalStack services managed by Dev Services should be isolated. When true, the service will be started in its own container and the value of the quarkus-dev-service-localstack label will be suffixed by the service name (s3, sqs, …​)

Environment variable: QUARKUS_S3_DEVSERVICES_ISOLATED

boolean

true

The value of the quarkus-dev-service-localstack label attached to the started container. In dev mode, when shared is set to true, before starting a container, Dev Services looks for a container with the quarkus-dev-service-localstack label set to the configured value. If found, it will use this container instead of starting a new one. Otherwise it starts a new container with the quarkus-dev-service-localstack label set to the specified value. In test mode, Dev Services will group services with the same service-name value in one container instance.

This property is used when you need multiple shared LocalStack instances.

Environment variable: QUARKUS_S3_DEVSERVICES_SERVICE_NAME

string

localstack

Generic properties that are pass for additional container configuration.

Environment variable: QUARKUS_S3_DEVSERVICES_CONTAINER_PROPERTIES__CONTAINER_PROPERTIES_

Map<String,String>

The buckets to create on startup.

Environment variable: QUARKUS_S3_DEVSERVICES_BUCKETS

list of string

default

Enable using the accelerate endpoint when accessing S3.

Accelerate endpoints allow faster transfer of objects by using Amazon CloudFront’s globally distributed edge locations.

Environment variable: QUARKUS_S3_ACCELERATE_MODE

boolean

false

Enable doing a validation of the checksum of an object stored in S3.

Environment variable: QUARKUS_S3_CHECKSUM_VALIDATION

boolean

true

Enable using chunked encoding when signing the request payload for software.amazon.awssdk.services.s3.model.PutObjectRequest and software.amazon.awssdk.services.s3.model.UploadPartRequest.

Environment variable: QUARKUS_S3_CHUNKED_ENCODING

boolean

true

Enable dualstack mode for accessing S3. If you want to use IPv6 when accessing S3, dualstack must be enabled.

Environment variable: QUARKUS_S3_DUALSTACK

boolean

false

Enable using path style access for accessing S3 objects instead of DNS style access. DNS style access is preferred as it will result in better load balancing when accessing S3.

Environment variable: QUARKUS_S3_PATH_STYLE_ACCESS

boolean

false

Enable cross-region call to the region specified in the S3 resource ARN different than the region the client was configured with. If this flag is not set to 'true', the cross-region call will throw an exception.

Environment variable: QUARKUS_S3_USE_ARN_REGION_ENABLED

boolean

false

Define the profile name that should be consulted to determine the default value of use-arn-region-enabled. This is not used, if the use-arn-region-enabled is configured to 'true'.

If not specified, the value in AWS_PROFILE environment variable or aws.profile system property is used and defaults to default name.

Environment variable: QUARKUS_S3_PROFILE_NAME

string

AWS SDK client configurations

Type

Default

quarkus.s3."client-name".endpoint-override

The endpoint URI with which the SDK should communicate.

If not specified, an appropriate endpoint to be used for the given service and region.

Environment variable: QUARKUS_S3_ENDPOINT_OVERRIDE

URI

quarkus.s3."client-name".api-call-timeout

The amount of time to allow the client to complete the execution of an API call.

This timeout covers the entire client execution except for marshalling. This includes request handler execution, all HTTP requests including retries, unmarshalling, etc.

This value should always be positive, if present.

Environment variable: QUARKUS_S3_API_CALL_TIMEOUT

Duration 

quarkus.s3."client-name".api-call-attempt-timeout

The amount of time to wait for the HTTP request to complete before giving up and timing out.

This value should always be positive, if present.

Environment variable: QUARKUS_S3_API_CALL_ATTEMPT_TIMEOUT

Duration 

quarkus.s3."client-name".advanced.use-quarkus-scheduled-executor-service

Whether the Quarkus thread pool should be used for scheduling tasks such as async retry attempts and timeout task.

When disabled, the default sdk behavior is to create a dedicated thread pool for each client, resulting in competition for CPU resources among these thread pools.

Environment variable: QUARKUS_S3_ADVANCED_USE_QUARKUS_SCHEDULED_EXECUTOR_SERVICE

boolean

true

AWS services configurations

Type

Default

quarkus.s3."client-name".aws.region

An Amazon Web Services region that hosts the given service.

It overrides region provider chain with static value of region with which the service client should communicate.

If not set, region is retrieved via the default providers chain in the following order:

  • aws.region system property

  • region property from the profile file

  • Instance profile file

See software.amazon.awssdk.regions.Region for available regions.

Environment variable: QUARKUS_S3_AWS_REGION

Region

quarkus.s3."client-name".aws.credentials.type

Configure the credentials provider that should be used to authenticate with AWS.

Available values:

  • default - the provider will attempt to identify the credentials automatically using the following checks:

    • Java System Properties - aws.accessKeyId and aws.secretAccessKey

    • Environment Variables - AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY

    • Credential profiles file at the default location (~/.aws/credentials) shared by all AWS SDKs and the AWS CLI

    • Credentials delivered through the Amazon EC2 container service if AWS_CONTAINER_CREDENTIALS_RELATIVE_URI environment variable is set and security manager has permission to access the variable.

    • Instance profile credentials delivered through the Amazon EC2 metadata service

  • static - the provider that uses the access key and secret access key specified in the static-provider section of the config.

  • system-property - it loads credentials from the aws.accessKeyId, aws.secretAccessKey and aws.sessionToken system properties.

  • env-variable - it loads credentials from the AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and AWS_SESSION_TOKEN environment variables.

  • profile - credentials are based on AWS configuration profiles. This loads credentials from a profile file, allowing you to share multiple sets of AWS security credentials between different tools like the AWS SDK for Java and the AWS CLI.

  • container - It loads credentials from a local metadata service. Containers currently supported by the AWS SDK are Amazon Elastic Container Service (ECS) and AWS Greengrass

  • instance-profile - It loads credentials from the Amazon EC2 Instance Metadata Service.

  • process - Credentials are loaded from an external process. This is used to support the credential_process setting in the profile credentials file. See Sourcing Credentials From External Processes for more information.

  • anonymous - It always returns anonymous AWS credentials. Anonymous AWS credentials result in un-authenticated requests and will fail unless the resource or API’s policy has been configured to specifically allow anonymous access.

Environment variable: QUARKUS_S3_AWS_CREDENTIALS_TYPE

default, static, system-property, env-variable, profile, container, instance-profile, process, custom, anonymous

default

Default credentials provider configuration

Type

Default

quarkus.s3."client-name".aws.credentials.default-provider.async-credential-update-enabled

Whether this provider should fetch credentials asynchronously in the background.

If this is true, threads are less likely to block, but additional resources are used to maintain the provider.

Environment variable: QUARKUS_S3_AWS_CREDENTIALS_DEFAULT_PROVIDER_ASYNC_CREDENTIAL_UPDATE_ENABLED

boolean

false

quarkus.s3."client-name".aws.credentials.default-provider.reuse-last-provider-enabled

Whether the provider should reuse the last successful credentials provider in the chain.

Reusing the last successful credentials provider will typically return credentials faster than searching through the chain.

Environment variable: QUARKUS_S3_AWS_CREDENTIALS_DEFAULT_PROVIDER_REUSE_LAST_PROVIDER_ENABLED

boolean

true

Static credentials provider configuration

Type

Default

quarkus.s3."client-name".aws.credentials.static-provider.access-key-id

AWS Access key id

Environment variable: QUARKUS_S3_AWS_CREDENTIALS_STATIC_PROVIDER_ACCESS_KEY_ID

string

quarkus.s3."client-name".aws.credentials.static-provider.secret-access-key

AWS Secret access key

Environment variable: QUARKUS_S3_AWS_CREDENTIALS_STATIC_PROVIDER_SECRET_ACCESS_KEY

string

quarkus.s3."client-name".aws.credentials.static-provider.session-token

AWS Session token

Environment variable: QUARKUS_S3_AWS_CREDENTIALS_STATIC_PROVIDER_SESSION_TOKEN

string

AWS Profile credentials provider configuration

Type

Default

quarkus.s3."client-name".aws.credentials.profile-provider.profile-name

The name of the profile that should be used by this credentials provider.

If not specified, the value in AWS_PROFILE environment variable or aws.profile system property is used and defaults to default name.

Environment variable: QUARKUS_S3_AWS_CREDENTIALS_PROFILE_PROVIDER_PROFILE_NAME

string

Process credentials provider configuration

Type

Default

quarkus.s3."client-name".aws.credentials.process-provider.async-credential-update-enabled

Whether the provider should fetch credentials asynchronously in the background.

If this is true, threads are less likely to block when credentials are loaded, but additional resources are used to maintain the provider.

Environment variable: QUARKUS_S3_AWS_CREDENTIALS_PROCESS_PROVIDER_ASYNC_CREDENTIAL_UPDATE_ENABLED

boolean

false

quarkus.s3."client-name".aws.credentials.process-provider.credential-refresh-threshold

The amount of time between when the credentials expire and when the credentials should start to be refreshed.

This allows the credentials to be refreshed *before* they are reported to expire.

Environment variable: QUARKUS_S3_AWS_CREDENTIALS_PROCESS_PROVIDER_CREDENTIAL_REFRESH_THRESHOLD

Duration 

15S

quarkus.s3."client-name".aws.credentials.process-provider.process-output-limit

The maximum size of the output that can be returned by the external process before an exception is raised.

Environment variable: QUARKUS_S3_AWS_CREDENTIALS_PROCESS_PROVIDER_PROCESS_OUTPUT_LIMIT

MemorySize 

1024

quarkus.s3."client-name".aws.credentials.process-provider.command

The command that should be executed to retrieve credentials. Command and parameters are seperated list entries.

Environment variable: QUARKUS_S3_AWS_CREDENTIALS_PROCESS_PROVIDER_COMMAND

list of string

Custom credentials provider configuration

Type

Default

quarkus.s3."client-name".aws.credentials.custom-provider.name

The name of custom AwsCredentialsProvider bean.

Environment variable: QUARKUS_S3_AWS_CREDENTIALS_CUSTOM_PROVIDER_NAME

string

Sync HTTP transport configurations

Type

Default

The maximum amount of time to establish a connection before timing out.

Environment variable: QUARKUS_S3_SYNC_CLIENT_CONNECTION_TIMEOUT

Duration 

2S

The amount of time to wait for data to be transferred over an established, open connection before the connection is timed out.

Environment variable: QUARKUS_S3_SYNC_CLIENT_SOCKET_TIMEOUT

Duration 

30S

TLS key managers provider type.

Available providers:

  • none - Use this provider if you don’t want the client to present any certificates to the remote TLS host.

  • system-property - Provider checks the standard javax.net.ssl.keyStore, javax.net.ssl.keyStorePassword, and javax.net.ssl.keyStoreType properties defined by the JSSE.

  • file-store - Provider that loads the key store from a file.

Environment variable: QUARKUS_S3_SYNC_CLIENT_TLS_KEY_MANAGERS_PROVIDER_TYPE

none, system-property, file-store

system-property

Path to the key store.

Environment variable: QUARKUS_S3_SYNC_CLIENT_TLS_KEY_MANAGERS_PROVIDER_FILE_STORE_PATH

path

Key store type.

See the KeyStore section in the https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#KeyStore[Java Cryptography Architecture Standard Algorithm Name Documentation] for information about standard keystore types.

Environment variable: QUARKUS_S3_SYNC_CLIENT_TLS_KEY_MANAGERS_PROVIDER_FILE_STORE_TYPE

string

Key store password

Environment variable: QUARKUS_S3_SYNC_CLIENT_TLS_KEY_MANAGERS_PROVIDER_FILE_STORE_PASSWORD

string

TLS trust managers provider type.

Available providers:

  • trust-all - Use this provider to disable the validation of servers certificates and therefore trust all server certificates.

  • system-property - Provider checks the standard javax.net.ssl.keyStore, javax.net.ssl.keyStorePassword, and javax.net.ssl.keyStoreType properties defined by the JSSE.

  • file-store - Provider that loads the key store from a file.

Environment variable: QUARKUS_S3_SYNC_CLIENT_TLS_TRUST_MANAGERS_PROVIDER_TYPE

trust-all, system-property, file-store

system-property

Path to the key store.

Environment variable: QUARKUS_S3_SYNC_CLIENT_TLS_TRUST_MANAGERS_PROVIDER_FILE_STORE_PATH

path

Key store type.

See the KeyStore section in the https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#KeyStore[Java Cryptography Architecture Standard Algorithm Name Documentation] for information about standard keystore types.

Environment variable: QUARKUS_S3_SYNC_CLIENT_TLS_TRUST_MANAGERS_PROVIDER_FILE_STORE_TYPE

string

Key store password

Environment variable: QUARKUS_S3_SYNC_CLIENT_TLS_TRUST_MANAGERS_PROVIDER_FILE_STORE_PASSWORD

string

Apache HTTP client specific configurations

Type

Default

The amount of time to wait when acquiring a connection from the pool before giving up and timing out.

Environment variable: QUARKUS_S3_SYNC_CLIENT_APACHE_CONNECTION_ACQUISITION_TIMEOUT

Duration 

10S

The maximum amount of time that a connection should be allowed to remain open while idle.

Environment variable: QUARKUS_S3_SYNC_CLIENT_APACHE_CONNECTION_MAX_IDLE_TIME

Duration 

60S

The maximum amount of time that a connection should be allowed to remain open, regardless of usage frequency.

Environment variable: QUARKUS_S3_SYNC_CLIENT_APACHE_CONNECTION_TIME_TO_LIVE

Duration 

The maximum number of connections allowed in the connection pool.

Each built HTTP client has its own private connection pool.

Environment variable: QUARKUS_S3_SYNC_CLIENT_APACHE_MAX_CONNECTIONS

int

50

Whether the client should send an HTTP expect-continue handshake before each request.

Environment variable: QUARKUS_S3_SYNC_CLIENT_APACHE_EXPECT_CONTINUE_ENABLED

boolean

true

Whether the idle connections in the connection pool should be closed asynchronously.

When enabled, connections left idling for longer than quarkus..sync-client.connection-max-idle-time will be closed. This will not close connections currently in use.

Environment variable: QUARKUS_S3_SYNC_CLIENT_APACHE_USE_IDLE_CONNECTION_REAPER

boolean

true

Configure whether to enable or disable TCP KeepAlive.

Environment variable: QUARKUS_S3_SYNC_CLIENT_APACHE_TCP_KEEP_ALIVE

boolean

false

Enable HTTP proxy

Environment variable: QUARKUS_S3_SYNC_CLIENT_APACHE_PROXY_ENABLED

boolean

false

The endpoint of the proxy server that the SDK should connect through.

Currently, the endpoint is limited to a host and port. Any other URI components will result in an exception being raised.

Environment variable: QUARKUS_S3_SYNC_CLIENT_APACHE_PROXY_ENDPOINT

URI

The username to use when connecting through a proxy.

Environment variable: QUARKUS_S3_SYNC_CLIENT_APACHE_PROXY_USERNAME

string

The password to use when connecting through a proxy.

Environment variable: QUARKUS_S3_SYNC_CLIENT_APACHE_PROXY_PASSWORD

string

For NTLM proxies - the Windows domain name to use when authenticating with the proxy.

Environment variable: QUARKUS_S3_SYNC_CLIENT_APACHE_PROXY_NTLM_DOMAIN

string

For NTLM proxies - the Windows workstation name to use when authenticating with the proxy.

Environment variable: QUARKUS_S3_SYNC_CLIENT_APACHE_PROXY_NTLM_WORKSTATION

string

Whether to attempt to authenticate preemptively against the proxy server using basic authentication.

Environment variable: QUARKUS_S3_SYNC_CLIENT_APACHE_PROXY_PREEMPTIVE_BASIC_AUTHENTICATION_ENABLED

boolean

The hosts that the client is allowed to access without going through the proxy.

Environment variable: QUARKUS_S3_SYNC_CLIENT_APACHE_PROXY_NON_PROXY_HOSTS

list of string

AWS CRT-based HTTP client specific configurations

Type

Default

The maximum amount of time that a connection should be allowed to remain open while idle.

Environment variable: QUARKUS_S3_SYNC_CLIENT_CRT_CONNECTION_MAX_IDLE_TIME

Duration 

60S

The maximum number of allowed concurrent requests.

Environment variable: QUARKUS_S3_SYNC_CLIENT_CRT_MAX_CONCURRENCY

int

50

Enable HTTP proxy

Environment variable: QUARKUS_S3_SYNC_CLIENT_CRT_PROXY_ENABLED

boolean

false

The endpoint of the proxy server that the SDK should connect through.

Currently, the endpoint is limited to a host and port. Any other URI components will result in an exception being raised.

Environment variable: QUARKUS_S3_SYNC_CLIENT_CRT_PROXY_ENDPOINT

URI

The username to use when connecting through a proxy.

Environment variable: QUARKUS_S3_SYNC_CLIENT_CRT_PROXY_USERNAME

string

The password to use when connecting through a proxy.

Environment variable: QUARKUS_S3_SYNC_CLIENT_CRT_PROXY_PASSWORD

string

Async HTTP transport configurations

Type

Default

The maximum number of allowed concurrent requests.

For HTTP/1.1 this is the same as max connections. For HTTP/2 the number of connections that will be used depends on the max streams allowed per connection.

Environment variable: QUARKUS_S3_ASYNC_CLIENT_MAX_CONCURRENCY

int

50

The maximum number of pending acquires allowed.

Once this exceeds, acquire tries will be failed.

Environment variable: QUARKUS_S3_ASYNC_CLIENT_MAX_PENDING_CONNECTION_ACQUIRES

int

10000

The amount of time to wait for a read on a socket before an exception is thrown.

Specify 0 to disable.

Environment variable: QUARKUS_S3_ASYNC_CLIENT_READ_TIMEOUT

Duration 

30S

The amount of time to wait for a write on a socket before an exception is thrown.

Specify 0 to disable.

Environment variable: QUARKUS_S3_ASYNC_CLIENT_WRITE_TIMEOUT

Duration 

30S

The amount of time to wait when initially establishing a connection before giving up and timing out.

Environment variable: QUARKUS_S3_ASYNC_CLIENT_CONNECTION_TIMEOUT

Duration 

10S

The amount of time to wait when acquiring a connection from the pool before giving up and timing out.

Environment variable: QUARKUS_S3_ASYNC_CLIENT_CONNECTION_ACQUISITION_TIMEOUT

Duration 

2S

The maximum amount of time that a connection should be allowed to remain open, regardless of usage frequency.

Environment variable: QUARKUS_S3_ASYNC_CLIENT_CONNECTION_TIME_TO_LIVE

Duration 

The maximum amount of time that a connection should be allowed to remain open while idle.

Currently has no effect if quarkus..async-client.use-idle-connection-reaper is false.

Environment variable: QUARKUS_S3_ASYNC_CLIENT_CONNECTION_MAX_IDLE_TIME

Duration 

5S

Whether the idle connections in the connection pool should be closed.

When enabled, connections left idling for longer than quarkus..async-client.connection-max-idle-time will be closed. This will not close connections currently in use.

Environment variable: QUARKUS_S3_ASYNC_CLIENT_USE_IDLE_CONNECTION_REAPER

boolean

true

Configure whether to enable or disable TCP KeepAlive.

Environment variable: QUARKUS_S3_ASYNC_CLIENT_TCP_KEEP_ALIVE

boolean

false

The HTTP protocol to use.

Environment variable: QUARKUS_S3_ASYNC_CLIENT_PROTOCOL

http1-1, http2

http1-1

The SSL Provider to be used in the Netty client.

Default is OPENSSL if available, JDK otherwise.

Environment variable: QUARKUS_S3_ASYNC_CLIENT_SSL_PROVIDER

jdk, openssl, openssl-refcnt

The maximum number of concurrent streams for an HTTP/2 connection.

This setting is only respected when the HTTP/2 protocol is used.

Environment variable: QUARKUS_S3_ASYNC_CLIENT_HTTP2_MAX_STREAMS

long

4294967295

The initial window size for an HTTP/2 stream.

This setting is only respected when the HTTP/2 protocol is used.

Environment variable: QUARKUS_S3_ASYNC_CLIENT_HTTP2_INITIAL_WINDOW_SIZE

int

1048576

Sets the period that the Netty client will send PING frames to the remote endpoint to check the health of the connection. To disable this feature, set a duration of 0.

This setting is only respected when the HTTP/2 protocol is used.

Environment variable: QUARKUS_S3_ASYNC_CLIENT_HTTP2_HEALTH_CHECK_PING_PERIOD

Duration 

5

Enable HTTP proxy.

Environment variable: QUARKUS_S3_ASYNC_CLIENT_PROXY_ENABLED

boolean

false

The endpoint of the proxy server that the SDK should connect through.

Currently, the endpoint is limited to a host and port. Any other URI components will result in an exception being raised.

Environment variable: QUARKUS_S3_ASYNC_CLIENT_PROXY_ENDPOINT

URI

The hosts that the client is allowed to access without going through the proxy.

Environment variable: QUARKUS_S3_ASYNC_CLIENT_PROXY_NON_PROXY_HOSTS

list of string

TLS key managers provider type.

Available providers:

  • none - Use this provider if you don’t want the client to present any certificates to the remote TLS host.

  • system-property - Provider checks the standard javax.net.ssl.keyStore, javax.net.ssl.keyStorePassword, and javax.net.ssl.keyStoreType properties defined by the JSSE.

  • file-store - Provider that loads the key store from a file.

Environment variable: QUARKUS_S3_ASYNC_CLIENT_TLS_KEY_MANAGERS_PROVIDER_TYPE

none, system-property, file-store

system-property

Path to the key store.

Environment variable: QUARKUS_S3_ASYNC_CLIENT_TLS_KEY_MANAGERS_PROVIDER_FILE_STORE_PATH

path

Key store type.

See the KeyStore section in the https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#KeyStore[Java Cryptography Architecture Standard Algorithm Name Documentation] for information about standard keystore types.

Environment variable: QUARKUS_S3_ASYNC_CLIENT_TLS_KEY_MANAGERS_PROVIDER_FILE_STORE_TYPE

string

Key store password

Environment variable: QUARKUS_S3_ASYNC_CLIENT_TLS_KEY_MANAGERS_PROVIDER_FILE_STORE_PASSWORD

string

TLS trust managers provider type.

Available providers:

  • trust-all - Use this provider to disable the validation of servers certificates and therefore trust all server certificates.

  • system-property - Provider checks the standard javax.net.ssl.keyStore, javax.net.ssl.keyStorePassword, and javax.net.ssl.keyStoreType properties defined by the JSSE.

  • file-store - Provider that loads the key store from a file.

Environment variable: QUARKUS_S3_ASYNC_CLIENT_TLS_TRUST_MANAGERS_PROVIDER_TYPE

trust-all, system-property, file-store

system-property

Path to the key store.

Environment variable: QUARKUS_S3_ASYNC_CLIENT_TLS_TRUST_MANAGERS_PROVIDER_FILE_STORE_PATH

path

Key store type.

See the KeyStore section in the https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#KeyStore[Java Cryptography Architecture Standard Algorithm Name Documentation] for information about standard keystore types.

Environment variable: QUARKUS_S3_ASYNC_CLIENT_TLS_TRUST_MANAGERS_PROVIDER_FILE_STORE_TYPE

string

Key store password

Environment variable: QUARKUS_S3_ASYNC_CLIENT_TLS_TRUST_MANAGERS_PROVIDER_FILE_STORE_PASSWORD

string

Enable the custom configuration of the Netty event loop group.

Environment variable: QUARKUS_S3_ASYNC_CLIENT_EVENT_LOOP_OVERRIDE

boolean

false

Number of threads to use for the event loop group.

If not set, the default Netty thread count is used (which is double the number of available processors unless the io.netty.eventLoopThreads system property is set.

Environment variable: QUARKUS_S3_ASYNC_CLIENT_EVENT_LOOP_NUMBER_OF_THREADS

int

The thread name prefix for threads created by this thread factory used by event loop group.

The prefix will be appended with a number unique to the thread factory and a number unique to the thread.

If not specified it defaults to aws-java-sdk-NettyEventLoop

Environment variable: QUARKUS_S3_ASYNC_CLIENT_EVENT_LOOP_THREAD_NAME_PREFIX

string

Whether the default thread pool should be used to complete the futures returned from the HTTP client request.

When disabled, futures will be completed on the Netty event loop thread.

Environment variable: QUARKUS_S3_ASYNC_CLIENT_ADVANCED_USE_FUTURE_COMPLETION_THREAD_POOL

boolean

true

AWS CRT-based S3 client configurations

Type

Default

Configure the starting buffer size the client will use to buffer the parts downloaded from S3.

Environment variable: QUARKUS_S3_CRT_CLIENT_INITIAL_READ_BUFFER_SIZE_IN_BYTES

long

Equal to the resolved part size * 10

Specifies the maximum number of S3 connections that should be established during a transfer.

Environment variable: QUARKUS_S3_CRT_CLIENT_MAX_CONCURRENCY

int

Sets the minimum part size for transfer parts.

Environment variable: QUARKUS_S3_CRT_CLIENT_MINIMUM_PART_SIZE_IN_BYTES

long

8MB

The target throughput for transfer requests.

Environment variable: QUARKUS_S3_CRT_CLIENT_TARGET_THROUGHPUT_IN_GBPS

double

10

The amount of native memory that CRT is allowed to use when making requests to S3. Only specify the memory limit explicitly when necessary. Refer to the AWS SDK documentation for further details.

Environment variable: QUARKUS_S3_CRT_CLIENT_MAX_NATIVE_MEMORY_LIMIT_IN_BYTES

long

Based on a number of parameters such as target throughput

About the Duration format

To write duration values, use the standard java.time.Duration format. See the Duration#parse() Java API documentation for more information.

You can also use a simplified format, starting with a number:

  • If the value is only a number, it represents time in seconds.

  • If the value is a number followed by ms, it represents time in milliseconds.

In other cases, the simplified format is translated to the java.time.Duration format for parsing:

  • If the value is a number followed by h, m, or s, it is prefixed with PT.

  • If the value is a number followed by d, it is prefixed with P.

About the MemorySize format

A size configuration option recognizes strings in this format (shown as a regular expression): [0-9]+[KkMmGgTtPpEeZzYy]?.

If no suffix is given, assume bytes.