{
	"id": "af6ea806-6a39-4b2f-ab47-6b1a54eef33c",
	"created_at": "2026-04-06T01:31:55.429104Z",
	"updated_at": "2026-04-10T03:20:49.098475Z",
	"deleted_at": null,
	"sha1_hash": "c8f327e07deccbf033edf20f557fbaf18c3f37ee",
	"title": "HeadBucket - Amazon Simple Storage Service",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 103745,
	"plain_text": "HeadBucket - Amazon Simple Storage Service\r\nArchived: 2026-04-06 01:27:36 UTC\r\nYou can use this operation to determine if a bucket exists and if you have permission to access it. The action\r\nreturns a 200 OK HTTP status code if the bucket exists and you have permission to access it. You can make a\r\nHeadBucket call on any bucket name to any Region in the partition, and regardless of the permissions on the\r\nbucket, you will receive a response header with the correct bucket location so that you can then make a proper,\r\nsigned request to the appropriate Regional endpoint.\r\nNote\r\nIf the bucket doesn't exist or you don't have permission to access it, the HEAD request returns a generic 400 Bad\r\nRequest , 403 Forbidden , or 404 Not Found HTTP status code. A message body isn't included, so you can't\r\ndetermine the exception beyond these HTTP response codes.\r\nAuthentication and authorization\r\nGeneral purpose buckets - Request to public buckets that grant the s3:ListBucket permission publicly do\r\nnot need to be signed. All other HeadBucket requests must be authenticated and signed by using IAM\r\ncredentials (access key ID and secret access key for the IAM identities). All headers with the x-amz-prefix, including x-amz-copy-source , must be signed. For more information, see REST Authentication.\r\nDirectory buckets - You must use IAM credentials to authenticate and authorize your access to the\r\nHeadBucket API operation, instead of using the temporary security credentials through the\r\nCreateSession API operation.\r\nAWS CLI or SDKs handles authentication and authorization on your behalf.\r\nPermissions\r\nGeneral purpose bucket permissions - To use this operation, you must have permissions to\r\nperform the s3:ListBucket action. The bucket owner has this permission by default and can grant\r\nthis permission to others. For more information about permissions, see Managing access\r\npermissions to your Amazon S3 resources in the Amazon S3 User Guide.\r\nDirectory bucket permissions - You must have the s3express:CreateSession permission in the\r\nAction element of a policy. If no session mode is specified, the session will be created with the\r\nmaximum allowable privilege, attempting ReadWrite first, then ReadOnly if ReadWrite is not\r\npermitted. If you want to explicitly restrict the access to be read-only, you can set the\r\ns3express:SessionMode condition key to ReadOnly on the bucket.\r\nFor more information about example bucket policies, see Example bucket policies for S3 Express\r\nOne Zone and AWS Identity and Access Management (IAM) identity-based policies for S3 Express\r\nhttps://docs.aws.amazon.com/AmazonS3/latest/API/API_HeadBucket.html\r\nPage 1 of 6\n\nOne Zone in the Amazon S3 User Guide.\r\nHTTP Host header syntax\r\nDirectory buckets - The HTTP Host header syntax is Bucket-name.s3express-zone-id.region-code.amazonaws.com .\r\nImportant\r\nYou must URL encode any signed header values that contain spaces. For example, if your header value is my\r\nfile.txt , containing two spaces after my , you must URL encode this value to my%20%20file.txt .\r\nRequest Syntax\r\nHEAD / HTTP/1.1\r\nHost: Bucket .s3.amazonaws.com\r\nx-amz-expected-bucket-owner: ExpectedBucketOwner\r\nURI Request Parameters\r\nThe request uses the following URI parameters.\r\nBucket\r\nThe bucket name.\r\nDirectory buckets - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format Bucket-name.s3express-zone-id.region-code.amazonaws.com . Path-style\r\nrequests are not supported. Directory bucket names must be unique in the chosen Zone (Availability Zone\r\nor Local Zone). Bucket names must follow the format bucket-base-name--zone-id--x-s3 (for example,\r\namzn-s3-demo-bucket--usw2-az1--x-s3 ). For information about bucket naming restrictions, see Directory\r\nbucket naming rules in the Amazon S3 User Guide.\r\nAccess points - When you use this action with an access point for general purpose buckets, you must\r\nprovide the alias of the access point in place of the bucket name or specify the access point ARN. When\r\nyou use this action with an access point for directory buckets, you must provide the access point name in\r\nplace of the bucket name. When using the access point ARN, you must direct requests to the access point\r\nhostname. The access point hostname takes the form AccessPointName-AccountId.s3-\r\naccesspoint.Region.amazonaws.com. When using this action with an access point through the AWS SDKs,\r\nyou provide the access point ARN in place of the bucket name. For more information about access point\r\nARNs, see Using access points in the Amazon S3 User Guide.\r\nObject Lambda access points - When you use this API operation with an Object Lambda access point,\r\nprovide the alias of the Object Lambda access point in place of the bucket name. If the Object Lambda\r\nhttps://docs.aws.amazon.com/AmazonS3/latest/API/API_HeadBucket.html\r\nPage 2 of 6\n\naccess point alias in a request is not valid, the error code InvalidAccessPointAliasError is returned. For\r\nmore information about InvalidAccessPointAliasError , see List of Error Codes.\r\nNote\r\nObject Lambda access points are not supported by directory buckets.\r\nS3 on Outposts - When you use this action with S3 on Outposts, you must direct requests to the S3 on\r\nOutposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you use this action with S3 on Outposts,\r\nthe destination bucket must be the Outposts access point ARN or the access point alias. For more\r\ninformation about S3 on Outposts, see What is S3 on Outposts? in the Amazon S3 User Guide.\r\nRequired: Yes\r\nx-amz-expected-bucket-owner\r\nThe account ID of the expected bucket owner. If the account ID that you provide does not match the actual\r\nowner of the bucket, the request fails with the HTTP status code 403 Forbidden (access denied).\r\nRequest Body\r\nThe request does not have a request body.\r\nResponse Syntax\r\nHTTP/1.1 200\r\nx-amz-bucket-arn: BucketArn\r\nx-amz-bucket-location-type: BucketLocationType\r\nx-amz-bucket-location-name: BucketLocationName\r\nx-amz-bucket-region: BucketRegion\r\nx-amz-access-point-alias: AccessPointAlias\r\nResponse Elements\r\nIf the action is successful, the service sends back an HTTP 200 response.\r\nThe response returns the following HTTP headers.\r\nx-amz-access-point-alias\r\nIndicates whether the bucket name used in the request is an access point alias.\r\nNote\r\nFor directory buckets, the value of this field is false .\r\nhttps://docs.aws.amazon.com/AmazonS3/latest/API/API_HeadBucket.html\r\nPage 3 of 6\n\nx-amz-bucket-arn\r\nThe Amazon Resource Name (ARN) of the S3 bucket. ARNs uniquely identify AWS resources across all of\r\nAWS.\r\nLength Constraints: Minimum length of 1. Maximum length of 128.\r\nPattern: arn:[^:]+:(s3|s3express):.*\r\nx-amz-bucket-location-name\r\nThe name of the location where the bucket will be created.\r\nFor directory buckets, the Zone ID of the Availability Zone or the Local Zone where the bucket is created.\r\nAn example Zone ID value for an Availability Zone is usw2-az1 .\r\nNote\r\nThis functionality is only supported by directory buckets.\r\nx-amz-bucket-location-type\r\nThe type of location where the bucket is created.\r\nNote\r\nThis functionality is only supported by directory buckets.\r\nValid Values: AvailabilityZone | LocalZone\r\nx-amz-bucket-region\r\nThe Region that the bucket is located.\r\nLength Constraints: Minimum length of 0. Maximum length of 20.\r\nErrors\r\nNoSuchBucket\r\nThe specified bucket does not exist.\r\nHTTP Status Code: 404\r\nExamples\r\nSample Request for general purpose buckets\r\nThis example illustrates one usage of HeadBucket.\r\nhttps://docs.aws.amazon.com/AmazonS3/latest/API/API_HeadBucket.html\r\nPage 4 of 6\n\nHEAD / HTTP/1.1\r\n Date: Fri, 10 Feb 2012 21:34:55 GMT\r\n Authorization: authorization string\r\n Host: myawsbucket.s3.amazonaws.com\r\n Connection: Keep-Alive\r\n \r\nSample responses for general purpose buckets\r\nThis example illustrates one usage of HeadBucket.\r\n HTTP/1.1 200 OK\r\n x-amz-id-2: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY\r\n x-amz-request-id: 28PG2CEB32F5EE25\r\n x-amz-bucket-region: us-west-2\r\n x-amz-access-point-alias: false\r\n Date: Fri, 10 2012 21:34:56 GMT\r\n Server: AmazonS3\r\n \r\n HTTP/1.1 301 Moved Permanantly\r\n x-amz-id-2: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY\r\n x-amz-request-id: M8H3G2AJ0V6NQ8AJ\r\n Date: Tue, 06 May 2025 21:29:41 GMT\r\n x-amz-bucket-region: us-east-1\r\n x-amz-access-point-alias: false\r\n Server: AmazonS3\r\n \r\n HTTP/1.1 403 Forbidden\r\n x-amz-bucket-region: us-east-1\r\n x-amz-request-id: P6K9QSW8EN5YEPS\r\n x-amz-id-2: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY\r\n Date: Tue, 06 May 2025 21:24:51 GMT\r\n Server: AmazonS3\r\n \r\nExample of anonymous request response\r\nThis example illustrates one usage of HeadBucket.\r\nhttps://docs.aws.amazon.com/AmazonS3/latest/API/API_HeadBucket.html\r\nPage 5 of 6\n\nHTTP/1.1 403 Forbidden\r\n x-amz-bucket-region: us-east-1\r\n x-amz-request-id: 7B3WF90PGN6J8F2\r\n x-amz-id-2: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY\r\n Date: Tue, 06 May 2025 21:55:02\r\n GMT Server: AmazonS3\r\n \r\nSee Also\r\nFor more information about using this API in one of the language-specific AWS SDKs, see the following:\r\nAWS Command Line Interface V2\r\nAWS SDK for .NET V4\r\nAWS SDK for C++\r\nAWS SDK for Go v2\r\nAWS SDK for Java V2\r\nAWS SDK for JavaScript V3\r\nAWS SDK for Kotlin\r\nAWS SDK for PHP V3\r\nAWS SDK for Python\r\nAWS SDK for Ruby V3\r\nSource: https://docs.aws.amazon.com/AmazonS3/latest/API/API_HeadBucket.html\r\nhttps://docs.aws.amazon.com/AmazonS3/latest/API/API_HeadBucket.html\r\nPage 6 of 6",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://docs.aws.amazon.com/AmazonS3/latest/API/API_HeadBucket.html"
	],
	"report_names": [
		"API_HeadBucket.html"
	],
	"threat_actors": [],
	"ts_created_at": 1775439115,
	"ts_updated_at": 1775791249,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/c8f327e07deccbf033edf20f557fbaf18c3f37ee.pdf",
		"text": "https://archive.orkl.eu/c8f327e07deccbf033edf20f557fbaf18c3f37ee.txt",
		"img": "https://archive.orkl.eu/c8f327e07deccbf033edf20f557fbaf18c3f37ee.jpg"
	}
}