Guide to inspecting and managing Amazon S3 objects in the console covering metadata, permissions, uploads, copies, deletions, prefixes, and bucket behaviors
Let’s inspect an object in Amazon S3 and walk through the key information available for each object, how console operations work, and the important behaviors to remember when uploading, copying, or deleting objects.When you open an object in the S3 console you’ll immediately see basic properties: the bucket region, object size, and last modified timestamp. The console also displays the object key (its name inside the bucket), the object’s ARN, the ETag, and the object URL that can be used to retrieve it. Additional per-object settings include storage class, server-side encryption, object lock state, checksums, and tags — these attributes can vary between objects even within the same bucket.
Many of those per-object settings are shown in more detail on the object details page. From there you can view and edit metadata and tags, check the object lock status, and inspect or modify additional checksum fields and encryption information.
Access behavior and authenticated requestsIf you click the Object URL in a browser, whether the object is accessible depends on its permissions. For a private object, an unauthenticated (anonymous) request returns an Access Denied response like this:
This illustrates that S3 objects are private by default. To view a private object from the console use the Open or Download actions — these use temporary, authenticated URLs tied to your console session. To make content publicly reachable you must explicitly allow access (for example via a bucket policy, object ACL, or by enabling static website hosting with appropriate permissions).Folders in the console are key prefixes (not real directories)Although the console shows a folder-like UI, S3 is a flat object store. “Folders” are simply prefixes in the object key. Creating a folder named food effectively creates the prefix food/ that will be part of any object key you upload into that pseudo-folder.
Uploading multiple files shows progress and statusWhen uploading several files into a prefix the console shows per-file progress and an overall transfer indicator. Large, high-resolution images will take longer to upload based on your network conditions and the file sizes.
Common S3 object identifiersBelow are the typical identifiers S3 presents for an object (URI, ARN, ETag, HTTP URL, and the key). This table uses the example values from the screenshots to clarify each identifier’s purpose.
Identifier type
Purpose
Example
S3 URI
Console/CLI friendly object URI
s3://kk-demo-123/food/burger.jpg
ARN
Global resource name used in IAM policies
arn:aws:s3:::kk-demo-123/food/burger.jpg
ETag
Content hash (often MD5 for non-multipart objects)
Because the console renders objects with the same prefix together, it appears as if they live in folders — but they are just objects with key names containing slashes.If you attempt to open the object URL as an unauthenticated user, you will get the Access Denied XML shown earlier. Using the console Open button retrieves the object via your authenticated session credentials.Deleting objectsDeleting an object is as straightforward as uploading: select the object and choose Delete. The console prompts you to confirm the deletion (typically by typing “permanently delete”) to prevent accidental removals. In buckets without versioning enabled, deletion permanently removes the object.
After a successful deletion the console shows a success banner and a summary of the operation.
Moving or copying objects (change the key)Moving an object in S3 is implemented under the hood as a copy to the new key followed by a delete of the source object. To move or copy an object you provide the full destination path (the destination key). The console helps by pre-populating the destination prefix and showing options such as encryption behavior for the copied object.
Deleting a bucket: must be empty firstA bucket must be empty before it can be deleted. If you try to delete a non-empty bucket, the console will prevent deletion and show a warning. The UI provides an option to empty the bucket (permanently deleting all objects) before you confirm the bucket deletion by typing its name.
When you trigger an empty operation via the console you’ll typically need to confirm one more time (by typing “permanently delete” or the bucket name depending on the prompt). After the bucket is emptied, you can permanently delete the empty bucket by entering its name into the confirmation field.
S3 recap: objects are stored in a flat namespace and identified by keys (which can include slashes to emulate folders). By default, buckets and objects are private — change permissions (bucket policies, ACLs, or object-level settings) to grant public access. If bucket versioning is disabled, deleting an object permanently removes it.
