deleteObjects method

Future<DeleteObjectsOutput> deleteObjects({ required String bucket, required Delete delete, bool? bypassGovernanceRetention, ChecksumAlgorithm? checksumAlgorithm, String? expectedBucketOwner, String? mfa, RequestPayer? requestPayer, })

This operation enables you to delete multiple objects from a bucket using a single HTTP request. If you know the object keys that you want to delete, then this operation provides a suitable alternative to sending individual delete requests, reducing per-request overhead.

The request can contain a list of up to 1,000 keys that you want to delete. In the XML, you provide the object key names, and optionally, version IDs if you want to delete a specific version of the object from a versioning-enabled bucket. For each key, Amazon S3 performs a delete operation and returns the result of that delete, success or failure, in the response. If the object specified in the request isn't found, Amazon S3 confirms the deletion by returning the result as deleted.

• Directory buckets - S3 Versioning isn't enabled and supported for directory buckets.
• Directory buckets - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://amzn-s3-demo-bucket.s3express-zone-id.region-code.amazonaws.com/key-name . Path-style requests are not supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Concepts for directory buckets in Local Zones in the Amazon S3 User Guide.

The operation supports two modes for the response: verbose and quiet. By default, the operation uses verbose mode in which the response includes the result of deletion of each key in your request. In quiet mode the response includes only keys where the delete operation encountered an error. For a successful deletion in a quiet mode, the operation does not return any information about the delete in the response body.

When performing this action on an MFA Delete enabled bucket, that attempts to delete any versioned objects, you must include an MFA token. If you do not provide one, the entire request will fail, even if there are non-versioned objects you are trying to delete. If you provide an invalid token, whether there are versioned keys in the request or not, the entire Multi-Object Delete request will fail. For information about MFA Delete, see MFA Delete in the Amazon S3 User Guide.

Permissions

• General purpose bucket permissions - The following permissions are required in your policies when your DeleteObjects request includes specific headers.
  • s3:DeleteObject - To delete an object from a bucket, you must always specify the s3:DeleteObject permission.
  • s3:DeleteObjectVersion - To delete a specific version of an object from a versioning-enabled bucket, you must specify the s3:DeleteObjectVersion permission.
• Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the CreateSession API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see CreateSession .

Content-MD5 request header

• General purpose bucket - The Content-MD5 request header is required for all Multi-Object Delete requests. Amazon S3 uses the header value to ensure that your request body has not been altered in transit.
• Directory bucket - The Content-MD5 request header or a additional checksum request header (including x-amz-checksum-crc32, x-amz-checksum-crc32c, x-amz-checksum-sha1, or x-amz-checksum-sha256) is required for all Multi-Object Delete requests.

HTTP Host header syntax

Directory buckets - The HTTP Host header syntax is Bucket-name.s3express-zone-id.region-code.amazonaws.com.

The following operations are related to DeleteObjects:

• CreateMultipartUpload
• UploadPart
• CompleteMultipartUpload
• ListParts
• AbortMultipartUpload

Parameter bucket : The bucket name containing the objects to delete.

Directory buckets - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format Bucket-name.s3express-zone-id.region-code.amazonaws.com. Path-style requests are not supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must follow the format bucket-base-name--zone-id--x-s3 (for example, amzn-s3-demo-bucket--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide.

Access points - When you use this action with an access point for general purpose buckets, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When you use this action with an access point for directory buckets, you must provide the access point name in place of the bucket name. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide. S3 on Outposts - When you use this action with S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts, the destination bucket must be the Outposts access point ARN or the access point alias. For more information about S3 on Outposts, see What is S3 on Outposts? in the Amazon S3 User Guide.

Parameter delete : Container for the request.

Parameter bypassGovernanceRetention : Specifies whether you want to delete this object even if it has a Governance-type Object Lock in place. To use this header, you must have the s3:BypassGovernanceRetention permission.

Parameter checksumAlgorithm : Indicates the algorithm used to create the checksum for the object when you use the SDK. This header will not provide any additional functionality if you don't use the SDK. When you send this header, there must be a corresponding x-amz-checksum-algorithm or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the HTTP status code 400 Bad Request.

For the x-amz-checksum-algorithm header, replace algorithm with the supported algorithm from the following list:

• CRC32
• CRC32C
• CRC64NVME
• MD5
• SHA1
• SHA256
• SHA512
• XXHASH3
• XXHASH64
• XXHASH128

For more information, see Checking object integrity in the Amazon S3 User Guide.

If the individual checksum value you provide through x-amz-checksum-algorithm doesn't match the checksum algorithm you set through x-amz-sdk-checksum-algorithm, Amazon S3 fails the request with a BadDigest error.

If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm parameter.

Parameter expectedBucketOwner : The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code 403 Forbidden (access denied).

Parameter mfa : The concatenation of the authentication device's serial number, a space, and the value that is displayed on your authentication device. Required to permanently delete a versioned object if versioning is configured with MFA delete enabled.

When performing the DeleteObjects operation on an MFA delete enabled bucket, which attempts to delete the specified versioned objects, you must include an MFA token. If you don't provide an MFA token, the entire request will fail, even if there are non-versioned objects that you are trying to delete. If you provide an invalid token, whether there are versioned object keys in the request or not, the entire Multi-Object Delete request will fail. For information about MFA Delete, see MFA Delete in the Amazon S3 User Guide.

Implementation

Future<DeleteObjectsOutput> deleteObjects({
  required String bucket,
  required Delete delete,
  bool? bypassGovernanceRetention,
  ChecksumAlgorithm? checksumAlgorithm,
  String? expectedBucketOwner,
  String? mfa,
  RequestPayer? requestPayer,
}) async {
  final headers = <String, String>{
    if (bypassGovernanceRetention != null)
      'x-amz-bypass-governance-retention':
          bypassGovernanceRetention.toString(),
    if (checksumAlgorithm != null)
      'x-amz-sdk-checksum-algorithm': checksumAlgorithm.value,
    if (expectedBucketOwner != null)
      'x-amz-expected-bucket-owner': expectedBucketOwner.toString(),
    if (mfa != null) 'x-amz-mfa': mfa.toString(),
    if (requestPayer != null) 'x-amz-request-payer': requestPayer.value,
  };
  final $result = await _protocol.sendRaw(
    method: 'POST',
    requestUri: '/${Uri.encodeComponent(bucket)}?delete',
    headers: headers,
    payload: delete.toXml('Delete'),
    exceptionFnMap: _exceptionFns,
  );
  final $elem = await _s.xmlFromResponse($result);
  return DeleteObjectsOutput(
    deleted:
        $elem.findElements('Deleted').map(DeletedObject.fromXml).toList(),
    errors: $elem.findElements('Error').map(Error.fromXml).toList(),
    requestCharged: _s
        .extractHeaderStringValue($result.headers, 'x-amz-request-charged')
        ?.let(RequestCharged.fromString),
  );
}