It is possible to use Amazon S3 as storage both for input and output of conversions. Therefore we recommend for security reasons to create a seperate accessKey / secretKey pair with limited rights. For downloading files CloudConvert needs the s3:GetObject permission, for uploading the s3:PutObject permission. If you want to set a ACL different from "private" for the output file for you will need the s3:PutObjectAcl permission.

The following example shows how to start such a conversion. Please read the documentation about the other necassary parameters for starting conversions.

Parameter Description
input/output.s3.accesskeyid * The Amazon S3 accessKeyId. It is possible to use different S3 access keys / buckets for input and output. (Required)
input/output.s3.secretaccesskey * The Amazon S3 secretAccessKey. (Required)
input/output.s3.sessiontoken Auth using AWS Security Token Service. Optional additional to accessKeyId/secretAccessKey. (Optional)
input/output.s3.bucket * The Amazon S3 bucket where to download the input file or upload the output file. (Required)
input/output.s3.region Specify the Amazon S3 endpoint, e.g. us-west-2 or eu-west-1. As default us-east-1 will be used. (Optional)
file * S3 key of the input file (normally the filename, including path). (Required)
output.s3.path Filename (S3 key), including path, for the output file. If this value ends with "/" the output file is stored in the corresponding directory. (Optional)
output.s3.acl S3 ACL for storing the output file. Possible values include: private, public-read, public-read-write, authenticated-read, bucket-owner-read, bucket-owner-full-control. (Default: private, Optional)
output.s3.cachecontrol S3 CacheControl header to specify the lifetime of the file, for example: max-age=172800. (Optional)
output.s3.metadata Object of additional meta data. (Optional)
output.s3.encryption Enable the Server-side encryption algorithm used when storing this object in S3. Possible values include AES256 and aws:kms. (Optional)