Skip to main content

Documentation Index

Fetch the complete documentation index at: https://kosli-mintlify-f3f70bb3.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

Synopsis

kosli snapshot s3 ENVIRONMENT-NAME [flags]
Report a snapshot of the content of an AWS S3 bucket to Kosli. To authenticate to AWS, you can either:
  1. provide the AWS static credentials via flags or by exporting the equivalent KOSLI env vars (e.g. KOSLI_AWS_KEY_ID)
  2. export the AWS env vars (e.g. AWS_ACCESS_KEY_ID).
  3. Use a shared config/credentials file under the $HOME/.aws
Option 1 takes highest precedence, while option 3 is the lowest. More details can be found here: https://aws.github.io/aws-sdk-go-v2/docs/configuring-sdk/#specifying-credentials You can report the entire bucket content, or filter some of the content using --include / --exclude (literal prefix match) or --include-regex / --exclude-regex (Go regular expressions matched against the full object key). In all cases, the content is reported as one artifact. If you wish to report separate files/dirs within the same bucket as separate artifacts, you need to run the command twice. To specify paths in a directory artifact that should always be excluded from the SHA256 calculation, you can add a .kosli_ignore file to the root of the artifact. Each line should specify a relative path or path glob to be ignored. You can include comments in this file, using #. The .kosli_ignore will be treated as part of the artifact like any other file, unless it is explicitly ignored itself.

Flags

FlagDescription
--aws-key-id stringThe AWS access key ID.
--aws-region stringThe AWS region.
--aws-secret-key stringThe AWS secret access key.
--bucket stringThe name of the S3 bucket.
-D, --dry-run[optional] Run in dry-run mode. When enabled, no data is sent to Kosli and the CLI exits with 0 exit code regardless of any errors.
-x, --exclude strings[optional] The comma separated list of file and/or directory paths in the S3 bucket to exclude when fingerprinting. Paths match by literal prefix. Cannot be used together with --include or --include-regex.
--exclude-regex strings[optional] The comma separated list of Go regular expressions matched against object keys in the S3 bucket to exclude when fingerprinting. Cannot be used together with --include or --include-regex.
-h, --helphelp for s3
-i, --include strings[optional] The comma separated list of file and/or directory paths in the S3 bucket to include when fingerprinting. Paths match by literal prefix. Cannot be used together with --exclude or --exclude-regex.
--include-regex strings[optional] The comma separated list of Go regular expressions matched against object keys in the S3 bucket to include when fingerprinting. Cannot be used together with --exclude or --exclude-regex.

Flags inherited from parent commands

FlagDescription
-a, --api-token stringThe Kosli API token.
-c, --config-file string[optional] The Kosli config file path. (default “kosli”)
--debug[optional] Print debug logs to stdout.
-H, --host string[defaulted] The Kosli endpoint. (default “https://app.kosli.com”)
--http-proxy string[optional] The HTTP proxy URL including protocol and port number. e.g. http://proxy-server-ip:proxy-port
-r, --max-api-retries int[defaulted] How many times should API calls be retried when the API host is not reachable. (default 3)
--org stringThe Kosli organization.
-q, --quiet[optional] Suppress non-critical warning messages. Errors and normal output are not affected. If both --quiet and --debug are set, --debug wins.

Examples Use Cases

These examples all assume that the flags --api-token, --org, --host, (and --flow, --trail when required), are set/provided. 
export AWS_REGION=yourAWSRegion
export AWS_ACCESS_KEY_ID=yourAWSAccessKeyID
export AWS_SECRET_ACCESS_KEY=yourAWSSecretAccessKey

kosli snapshot s3 yourEnvironmentName 
	--bucket yourBucketName 


kosli snapshot s3 yourEnvironmentName 
	--bucket yourBucketName 
	--aws-key-id yourAWSAccessKeyID 
	--aws-secret-key yourAWSSecretAccessKey 
	--aws-region yourAWSRegion 


export AWS_REGION=yourAWSRegion
export AWS_ACCESS_KEY_ID=yourAWSAccessKeyID
export AWS_SECRET_ACCESS_KEY=yourAWSSecretAccessKey

kosli snapshot s3 yourEnvironmentName 
	--bucket yourBucketName 
	--include file.txt,path/within/bucket 


export AWS_REGION=yourAWSRegion
export AWS_ACCESS_KEY_ID=yourAWSAccessKeyID
export AWS_SECRET_ACCESS_KEY=yourAWSSecretAccessKey

kosli snapshot s3 yourEnvironmentName 
	--bucket yourBucketName 
	--exclude file.txt,path/within/bucket 


kosli snapshot s3 yourEnvironmentName 
	--bucket yourBucketName 
	--exclude-regex '.*\.png$'
Last modified on May 18, 2026