Amazon S3 gateway

About the S3 gateway fields.

The fields for the Amazon S3 Gateway service are as seen in the following figure.

Amazon S3-specific fields

The following table describes the additional fields relevant for the Amazon S3 Gateway service.

FieldSub-FieldDescriptionNotes
Object Mapping List of source and target objects that the service will use.
 SourceBucket path where data that needs to be protected is stored. For example, john.doe/incoming.The DSG supports four levels of nested folders in an Amazon S3 bucket.
 TargetBucket path where protected data is stored. For example, john.doe/outgoing .
Streaming List of file processing delimiters to process file using streaming.Note: The Text, CSV, and Binary payloads are supported. If you want to use XML/JSON payload with HTTP streaming, ensure you use the Text payload for extract rule.
 FilenameRegular Expression to look for in the file’s name and path before applying streaming (e.g. \.csv$)
 DelimiterRegular Expression used to delimit stream. Rules will be invoked on delimited streams.If the delimiter value is not matched, then the data will be processed in non-streaming mode.

The options for the Outbound Transport Settings field in the Amazon S3 Gateway are described in the following table.

OptionsDescription
SSECustomerAlgorithmIf server-side encryption with a customer-provided encryption key was requested, the response will include this header confirming the encryption algorithm used.
SSECustomerKeyConstructs a new customer provided server-side encryption key.
SSECustomerKeyMD5If server-side encryption with a customer-provided encryption key was requested, the response will include this header to provide round trip message integrity verification of the customer-provided encryption key.
ServerSideEncryptionThe Server-side encryption algorithm used when storing this object in S3 (e.g., AES256, aws:kms).
StorageClassSpecifies constants that define Amazon S3 storage classes.
SSEKMSKeyIdSpecifies the ID of the AWS Key Management Service (KMS) master encryption key that was used for the object.
ACLAllows controlling the ownership of uploaded objects in an S3 bucket.For example, if ACL or Access Control List is set to “bucket-owner-full-control”, new objects uploaded by other AWS accounts are owned by the bucket owner. By default, the objects uploaded by other AWS accounts are owned by them.
Last modified January 30, 2025