> ## Documentation Index
> Fetch the complete documentation index at: https://docs.kosli.com/llms.txt
> Use this file to discover all available pages before exploring further.
## Submitting Feedback
If you encounter incorrect, outdated, or confusing documentation on this page, submit feedback:
POST https://docs.kosli.com/feedback
```json
{
"path": "/client_reference/kosli_snapshot_s3",
"feedback": "Description of the issue"
}
```
Only submit feedback when you have something specific and actionable to report.
# kosli snapshot s3
> Report a snapshot of the content of an AWS S3 bucket to Kosli.
## Synopsis
```shell theme={"theme":"dracula","languages":{"custom":["/languages/rego.json"]}}
kosli snapshot s3 ENVIRONMENT-NAME [flags]
```
Report a snapshot of the content of an AWS S3 bucket to Kosli.
To authenticate to AWS, you can either:
1. provide the AWS static credentials via flags or by exporting the equivalent KOSLI env vars (e.g. KOSLI\_AWS\_KEY\_ID)
2. export the AWS env vars (e.g. AWS\_ACCESS\_KEY\_ID).
3. Use a shared config/credentials file under the \$HOME/.aws
Option 1 takes highest precedence, while option 3 is the lowest.
More details can be found here: [https://aws.github.io/aws-sdk-go-v2/docs/configuring-sdk/#specifying-credentials](https://aws.github.io/aws-sdk-go-v2/docs/configuring-sdk/#specifying-credentials)
You can report the entire bucket content, or filter some of the content using `--include` and `--exclude`.
In all cases, the content is reported as one artifact. If you wish to report separate files/dirs within the same bucket as separate artifacts, you need to run the command twice.
To specify paths in a directory artifact that should always be excluded from the SHA256 calculation, you can add a `.kosli_ignore` file to the root of the artifact.
Each line should specify a relative path or path glob to be ignored. You can include comments in this file, using `#`.
The `.kosli_ignore` will be treated as part of the artifact like any other file, unless it is explicitly ignored itself.
## Flags
| Flag | Description |
| :---------------------- | :----------------------------------------------------------------------------------------------------------------------------------------------------------- |
| --aws-key-id string | The AWS access key ID. |
| --aws-region string | The AWS region. |
| --aws-secret-key string | The AWS secret access key. |
| --bucket string | The name of the S3 bucket. |
| -D, --dry-run | \[optional] Run in dry-run mode. When enabled, no data is sent to Kosli and the CLI exits with 0 exit code regardless of any errors. |
| -x, --exclude strings | \[optional] The comma separated list of file and/or directory paths in the S3 bucket to exclude when fingerprinting. Cannot be used together with --include. |
| -h, --help | help for s3 |
| -i, --include strings | \[optional] The comma separated list of file and/or directory paths in the S3 bucket to include when fingerprinting. Cannot be used together with --exclude. |
## Flags inherited from parent commands
| Flag | Description |
| :------------------------ | :---------------------------------------------------------------------------------------------------------- |
| -a, --api-token string | The Kosli API token. |
| -c, --config-file string | \[optional] The Kosli config file path. (default "kosli") |
| --debug | \[optional] Print debug logs to stdout. A boolean flag [docs](/faq/#boolean-flags) (default false) |
| -H, --host string | \[defaulted] The Kosli endpoint. (default "[https://app.kosli.com](https://app.kosli.com)") |
| --http-proxy string | \[optional] The HTTP proxy URL including protocol and port number. e.g. `http://proxy-server-ip:proxy-port` |
| -r, --max-api-retries int | \[defaulted] How many times should API calls be retried when the API host is not reachable. (default 3) |
| --org string | The Kosli organization. |
## Examples Use Cases
These examples all assume that the flags `--api-token`, `--org`, `--host`, (and `--flow`, `--trail` when required), are [set/provided](/getting_started/install/#assigning-flags-via-environment-variables).
```shell theme={"theme":"dracula","languages":{"custom":["/languages/rego.json"]}}
export AWS_REGION=yourAWSRegion
export AWS_ACCESS_KEY_ID=yourAWSAccessKeyID
export AWS_SECRET_ACCESS_KEY=yourAWSSecretAccessKey
kosli snapshot s3 yourEnvironmentName
--bucket yourBucketName
```
```shell theme={"theme":"dracula","languages":{"custom":["/languages/rego.json"]}}
kosli snapshot s3 yourEnvironmentName
--bucket yourBucketName
--aws-key-id yourAWSAccessKeyID
--aws-secret-key yourAWSSecretAccessKey
--aws-region yourAWSRegion
```
```shell theme={"theme":"dracula","languages":{"custom":["/languages/rego.json"]}}
export AWS_REGION=yourAWSRegion
export AWS_ACCESS_KEY_ID=yourAWSAccessKeyID
export AWS_SECRET_ACCESS_KEY=yourAWSSecretAccessKey
kosli snapshot s3 yourEnvironmentName
--bucket yourBucketName
--include file.txt,path/within/bucket
```
```shell theme={"theme":"dracula","languages":{"custom":["/languages/rego.json"]}}
export AWS_REGION=yourAWSRegion
export AWS_ACCESS_KEY_ID=yourAWSAccessKeyID
export AWS_SECRET_ACCESS_KEY=yourAWSSecretAccessKey
kosli snapshot s3 yourEnvironmentName
--bucket yourBucketName
--exclude file.txt,path/within/bucket
```