The server form is organized into sections: ### Server Details Enter your Bucket name and the region where it is hosted. ![S3 Bucket Details](https://i.ibb.co/zHGnbR80/s3-bucket-details.png) ### Authentication Enter your Access ID and Secret Key. ![S3 Authentication](https://i.ibb.co/yBhLbBzY/s3-authentication.png) ### Path Prefix If you want to upload your files to a different folder from your Bucket's root directory, enter the directory in the **Path Prefix**. ![S3 Path Prefix](https://i.ibb.co/jP0Xc5qS/s3-path-prefix.png) ## S3 Request Headers Within the S3 Request Headers section, you can configure specific metadata to send along with files matching a given pattern. You may, for example, wish to send a `Cache-Control` header for all files, or a `Content-Disposition` header for all files of a certain type or even in a certain directory, to force them to be downloaded rather than rendered inline in the end-user's browser. Add as many files as you like within this section, starting with the Header Key and Header Value, followed by a pattern. ![S3 Request Headers](https://i.ibb.co/dJjhp42b/s3-s3-request-headers.png) ## How DeployHQ deploys to S3 DeployHQ does not run `aws s3 sync`. It builds a manifest of changes between the last deployed revision and the new one, then applies those changes to your bucket: - **Added or changed files** in the repository are uploaded with PUT - **Files removed from the repository** since the last deployment are deleted from the bucket - **Objects in the bucket that were not part of any deployment** (uploaded manually, by another tool, or generated server-side) are left untouched This means deployments are incremental once the bucket is seeded. The first deployment uploads the full repository contents; subsequent deployments only transfer what changed in your git history. If you need behaviour equivalent to `aws s3 sync --delete` (mirroring the bucket exactly to the repository, removing any object that is not in the repository), the native S3 protocol does not support arbitrary CLI flags. Use the [AWS CLI in an SSH command or build pipeline step](Article: #716#alternative-approach-ssh-commands) instead. ## S3 server-side encryption As of January 5, 2023, all new object uploads to Amazon S3 are automatically encrypted with SSE-S3 (Amazon S3 managed keys) at no additional cost. This means your files are automatically encrypted when deployed to S3 buckets without requiring any additional configuration. However, depending on your business requirements, you might need to use a specific encryption method or comply with particular bucket policies. In these cases, you can add the `x-amz-server-side-encryption` header to your DeployHQ configuration: - For SSE-S3 (default): `x-amz-server-side-encryption: AES256` - For SSE-KMS: `x-amz-server-side-encryption: aws:kms` - For SSE-C: Use `x-amz-server-side-encryption: AES256` with additional customer-provided key headers More information on S3 encryption options can be found here.