Give Feedback

Spaces S3 Compatibility

Validated on 29 Aug 2025 • Last edited on 23 Oct 2025

Spaces Object Storage is an S3-compatible service for storing and serving large amounts of data. The built-in Spaces CDN minimizes page load times, improves performance, and reduces bandwidth and infrastructure costs.

DigitalOcean Spaces provides an S3-compatible API with partial support for Amazon S3 features.

Feature Compatibility

The following table lists supported S3 features and restrictions:

Feature	Notes
Object Copy	Supported with `CopyObject`. Cross-region and cross-cluster copies are not supported.
Multipart Uploads	Supported for large objects. `UploadPartCopy` is not supported across regions or clusters.
Presigned URLs	Supported with both Signature Version 2 and Version 4.
Bucket Policies	Supported only through the API (not configurable in the control panel).
Bucket Versioning	Supported only through the API (not configurable in the control panel).
Bucket Lifecycle	Supported for time-based expiration and removing incomplete multipart uploads. Tag-based lifecycle rules are not supported.
Bucket Access Logging	Supported only through the API. The source and destination buckets must be different.
Object Encryption	Supported with SSE-C (server-side encryption with customer-provided keys). Bucket-level encryption settings are not supported.
Bucket Websites	Supported at `https://[bucket-name].[region]-static.digitaloceanspaces.com`. CDN is not supported for bucket websites.
List Objects	Both `ListObjects` (legacy) and `ListObjectsV2` are supported. Use `ListObjectsV2` for new applications.
Preflight Requests	`OPTIONS` preflight requests require no permissions, but the bucket policy or ACL must still allow the subsequent request.
Unsupported API Calls	Unsupported S3 operations return a standard `NotImplemented` error.
Authentication	Spaces supports AWS Signature Version 4 (recommended) and Signature Version 2 for legacy clients.

For more information on product-wide usage limits, see Spaces Limits.

Access Control Lists (ACLs)

Spaces supports a limited set of canned ACLs for buckets and objects. Only two ACLs are available:

private: Grants FULL_CONTROL to the bucket or object owner. Blocks public access.
public-read: Grants FULL_CONTROL to the owner and allows unauthenticated read access to anyone on the internet.

You can apply an ACL in two ways:

Send a PUT ?acl request with an XML AccessControlPolicy.
Use the x-amz-acl header with a canned ACL (simpler and recommended).

Private ACL Example

To restrict access so only the bucket owner has full control, set the ACL to private. You can apply this setting either by adding the x-amz-acl header or by using an XML access control policy:

x-amz-acl Header

curl -X PUT "https://example-space.nyc3.digitaloceanspaces.com/example.txt" \
  -H "Authorization: ..." \
  -H "Date: ..." \
  -H "x-amz-acl: private" \
  --upload-file ./example.txt

XML Policy

<AccessControlPolicy xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
  <Owner><ID>6174283</ID></Owner>
  <AccessControlList>
    <Grant>
      <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="CanonicalUser">
        <ID>6174283</ID>
      </Grantee>
      <Permission>FULL_CONTROL</Permission>
    </Grant>
  </AccessControlList>
</AccessControlPolicy>

Public Read ACL Example

To make objects readable by anyone on the internet while still retaining full control as the owner, set the ACL to public-read. You can configure this either with the x-amz-acl header or with an XML access control policy: