S3

Objects, multipart, versioning, lifecycle, notifications, replication, website hosting.

fakecloud implements 107 of 107 S3 operations at 100% Smithy conformance.

Supported features

• Objects — GET/PUT/DELETE/HEAD, versioning, delete markers, metadata, tags, ACLs
• Multipart uploads — full lifecycle; resumable across restarts in persistent mode. CompleteMultipartUpload emits s3:ObjectCreated:CompleteMultipartUpload with the full-object checksum.
• Lifecycle — expiration and storage class transitions via /_fakecloud/s3/lifecycle-processor/tick
• Notifications — delivery to SNS, SQS, Lambda, and EventBridge on object create/delete
• Versioning — enable/suspend, list object versions, delete specific versions
• Encryption — SSE-S3, SSE-KMS (real envelope encryption through the KMS hook with the aws:s3:arn encryption context), SSE-C
• Bucket subresources — policy, CORS, lifecycle, logging, website, public access block, object lock, replication, ownership, inventory, encryption, accelerate, request payment, tagging
• Object Lock — legal hold, retention modes
• Website hosting — index/error documents, redirect rules
• Access Points — full control plane (CreateAccessPoint, GetAccessPoint, DeleteAccessPoint, ListAccessPoints) via the s3-control host prefix; data plane traffic to s3-accesspoint.<region> resolves the alias to its underlying bucket so standard S3 operations work unchanged.
• S3 Select — real SelectObjectContent over CSV/JSON via EventStream framing (Records, Stats, End messages).
• Object Lambda — WriteGetObjectResponse actually stores the transformed body + metadata against the original request token; the next GetObject on the access point returns the transformed payload.
• Public Access Block — IgnorePublicAcls is enforced on GetObject; public-read ACL grants are ignored when the bucket-level block is set.
• ACL ownership modes — BucketOwnerEnforced disables ACLs entirely (all ACL writes rejected, reads return owner-only).

Protocol

REST. Path-based routing (/bucket/key), HTTP method + query string for actions, XML responses.

Introspection

• GET /_fakecloud/s3/notifications — list all S3 notification events recorded during the test
• POST /_fakecloud/s3/lifecycle-processor/tick — run one lifecycle processing tick
• GET /_fakecloud/s3/access-points — list every S3 access point registered across all accounts (name, alias, bucket, network origin, VPC config, creation timestamp)
• GET /_fakecloud/s3/object-lambda-responses — list bodies stored by WriteGetObjectResponse calls (S3 Object Lambda). Body is returned base64-encoded under bodyBase64, with requestToken, requestRoute, statusCode, contentType, errorMessage, and metadata

Cross-service delivery

• S3 -> SNS / SQS / Lambda / EventBridge — Bucket notifications on object create/delete

Gotchas

• In persistent mode, object bodies stream to disk with a bounded LRU cache (--s3-cache-size, default 256 MiB). Objects larger than cache-size / 2 bypass the cache.
• The /_fakecloud/s3/notifications introspection buffer is intentionally not persisted across restarts.
• SigV4 signatures are parsed for request routing but never validated.

Source

• crates/fakecloud-s3 — implementation
• aws-models/s3.json — Smithy model
• AWS S3 API reference