Object Storage
Our S3-compatible Object Storage offering is developed with data sovereignty in mind, designed to be accessed from anywhere including websites, mobile applications or IoT devices. You can export your Snapshots to Object Storage, allowing you to perform instantaneous real-time backups. The Cloud Panel offers you the possibility to manage your access keys as well as the buckets. Keep in mind that bucket names are managed universally, so ensure that each bucket name you specify is **unique**.
Along with your Access Key, the following are always required as parameters while performing operations related to Object Storage:
de/fra2: https://gos3.io
de/ehz1: https://af13.gos3.io
ch/app1: https://bc01.gos3.io
nl/ams1: https://ce21.gos3.io
More information about these locations can be found in the location Explorer in the panels.
Access Keys
There are two types of access keys - account keys and user keys.
| Role | Access | Account key | User key |
|---|---|---|---|
| Owner | Can see all types of keys from all users in an account. | Can create and see all. | Can create and see all. |
| Admin | Can see all types of keys from all users in an account. | Can create and see all. | Can create and see all. |
| Write | Can only see their user access keys. | Can not create or see | Can create and see only theirs. |
| Read | No Access | No Access | No Access |
When using the Cloud Panel, we generate access keys depending on your role in that accounts. account keys are generated for users with the admin or owner role and user keys are generated for users with write role.
Account keys have access to all buckets created before 13.03.2022 as well as all buckets created with account keys from any users within the account.
User keys have access only to buckets created with these keys. account keys cannot see buckets created with user keys
Users with the owner or admin role can see all access keys from all users in the account. This gives admins and owners access to everything by default.
Users with the write role can only see their own user keys and therefore only have access to buckets generated with those user keys.
Access Key Limits
You have the possibility to create a maximum of 128 account keys per account.
Bucket Operations
This section details bucket operations supported by our Object Storage offering, allowing you to create, delete, retrieve information about buckets and control their behaviour.
| Operation | Description |
|---|---|
| Pre-signed URLs | By default, all objects and buckets are private. Using a pre-signed URL, you can share objects or allow objects to be uploaded to buckets without requiring explicit security credentials or permissions |
| CREATE Bucket | Creates a new bucket |
| DELETE Bucket | Deletes a specified bucket |
| DELETE Bucket CORS | Deletes the cross-origin resource sharing configuration for a specified bucket |
| DELETE Bucket Lifecycle | Deletes the lifecycle configuration for a specified bucket |
| DELETE Bucket Website | Deletes the website configuration for a specified bucket |
| GET Bucket ACL | Retrieves the access control list for a specified bucket |
| GET Bucket CORS | Retrieves the cross-origin resource sharing configuration for a specified bucket |
| GET Bucket Lifecycle Configuration | Retrieves the lifecycle configuration for a specified bucket |
| GET Bucket Versioning | Retrieves the versioning state for a specified bucket |
| GET Bucket Ownership Controls | Retrieves the bucket ownership controls for a specified bucket |
| GET Public Access Block | Retrieves the public access block for a specified bucket |
| GET Bucket Website | Retrieves the website configuration for a specified bucket |
| GET Object Lock Configuration | Retrieves the object lock configuration for a specified bucket |
| HEAD Bucket | Determines the existence and access permissions for a specified bucket |
| PUT Bucket ACL | Sets the access control list for a specified bucket |
| PUT Bucket CORS | Sets the cross-origin resource sharing configuration for a specified bucket |
| PUT Bucket Lifecycle Configuration | Sets the lifecycle configuration for a specified bucket |
| PUT Bucket Website | Sets the website configuration for a specified bucket |
| PUT Bucket Policy | Sets the bucket policy for a specified bucket |
| List Buckets | Lists buckets associated with your contract |
Sample Bucket Operations
In order to start running commands using your terminal, you need to have the latest version of the AWS CLI installed on your system first. If you’re using Windows or macOS, you could install Cyberduck to view your buckets, add objects and perform some operations. Once you’ve completed the installation process, you can go through this section which details how to perform bucket operations using the s3api CLI. Keep in mind that you have to replace bucketname and filename with the respective equivalents.
Pre-signed URLs
By default, all objects and buckets are private. Using a pre-signed URL, you can share objects or allow objects to be uploaded to buckets without requiring explicit security credentials or permissions.
aws s3 presign s3://bucketname/filename.ext --endpoint https://gos3.io
CREATE Bucket
Creates a new bucket. If you wish to have Object Lock enabled, the --object-lock-enabled-for-bucket attribute needs to be set during bucket creation process. Keep in mind that versioning is automatically activated in case Object Lock is enabled.
aws s3api create-bucket --object-lock-enabled-for-bucket --bucket $bucketname --endpoint https://gos3.io
DELETE Bucket
Deletes a specified bucket.
aws s3api delete-bucket --bucket bucketname --endpoint https://gos3.io
DELETE Bucket CORS
Deletes the cross-origin resource sharing configuration for a specified bucket.
aws s3api delete-bucket-cors --bucket bucketname --endpoint https://gos3.io
DELETE Bucket Lifecycle
Deletes the lifecycle configuration for a specified bucket.
aws s3api delete-bucket-lifecycle --bucket bucketname --endpoint https://gos3.io
DELETE Bucket Website
Deletes the website configuration for a specified bucket.
aws s3api delete-bucket-website --bucket bucketname --endpoint https://gos3.io
GET Bucket ACL
Retrieves the access control list for a specified bucket.
aws s3api get-bucket-acl --bucket bucketname --endpoint https://gos3.io
GET Bucket CORS
Retrieves the cross-origin resource sharing configuration for a specified bucket.
aws s3api get-bucket-cors --bucket bucketname --endpoint https://gos3.io
GET Bucket Lifecycle Configuration
Retrieves the lifecycle configuration for a specified bucket.
aws s3api get-bucket-lifecycle-configuration --bucket bucketname --endpoint https://gos3.io
GET Bucket Versioning
Retrieves the versioning state for a specified bucket.
aws s3api get-bucket-versioning --bucket bucketname --endpoint https://gos3.io
GET Bucket Ownership Controls
Retrieves the bucket ownership controls for a specified bucket.
aws s3api get-bucket-ownership-controls --bucket bucketname --endpoint-url https://gos3.io
GET Public Access Block
Retrieves the public access block for a specified bucket.
aws s3api get-public-access-block --bucket bucketname --endpoint-url https://gos3.io
GET Bucket Website
Retrieves the website configuration for a specified bucket.
aws s3api get-bucket-website --bucket bucketname --endpoint https://gos3.io
GET Object Lock Configuration
Retrieves the object lock configuration for a specified bucket.
aws s3api get-object-lock-configuration --bucket bucketname --endpoint https://gos3.io
HEAD Bucket
Determines the existence and access permissions for a specified bucket.
aws s3api head-bucket --bucket bucketname --endpoint https://gos3.io
PUT Bucket ACL
Sets the access control list for a specified bucket.
aws s3api put-backet-acl --bucket bucketname --acl public-read --endpoint https://gos3.io
PUT Bucket CORS
Sets the cross-origin resource sharing configuration for a specified bucket.
aws s3api put-bucket-cors --bucket bucketname --cors-configuration file://cors.json --endpoint https://gos3.io
cors.json:
{
"CORSRules": [
{
"AllowedOrigins": ["http://www.example.com"],
"AllowedHeaders": ["*"],
"AllowedMethods": ["PUT", "POST", "DELETE"],
"MaxAgeSeconds": 3000,
"ExposeHeaders": ["x-amz-server-side-encryption"]
},
{
"AllowedOrigins": ["*"],
"AllowedHeaders": ["Authorization"],
"AllowedMethods": ["GET"],
"MaxAgeSeconds": 3000
}
]
}
PUT Bucket Lifecycle Configuration
Sets the lifecycle configuration for a specified bucket.
aws s3api put-bucket-lifecycle-configuration --bucket bucketname --lifecycle-configuration file://delete-lifecycle.json --endpoint https://gos3.io
delete-lifecycle.json
{
"Rules":
[
{
"ID": "id-1",
"Filter":
{},
"Status": "Enabled",
"Expiration":
{
"Days": 2
}
}
]
}
PUT Bucket Website
Sets the website configuration for a specified bucket.
aws s3api put-bucket-website --bucket bucketname --website-configuration file://website.json --endpoint https://gos3.io
website.json
{
"IndexDocument":
{
"Suffix": "index.html"
},
"ErrorDocument":
{
"Key": "error.html"
}
}
PUT Bucket Policy
Sets the bucket policy for a specified bucket.
aws s3api put-bucket-policy --bucket bucketname --policy file://policy.json --endpoint https://gos3.io
policy.json
{
"Version": "2021-01-17",
"Statement":
[
{
"Sid": "AddPerm",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::bucketname/*"
}
]
}
PUT Object Lock Configuration
Sets the object lock configuration for a specified bucket. Keep in mind that Object Lock can only be activated at the time of bucket creation, and also enables Versioning by default. This means that Object Lock cannot be disabled and Versioning cannot be suspended for the specified bucket.
By default, the specified rule within the configuration gets applied to every object within the specified bucket and the defaults are immutable. A new version of the specified object is created in this case. The retention period specifies how long an object remains locked during which the object remains WORM-protected and cannot be overwritten or deleted. This also means that the bucket cannot be deleted until the retention time period is over.
aws s3api put-object-lock-configuration --bucket bucketname --object-lock-configuration '{ "ObjectLockEnabled": "Enabled", "Rule": { "DefaultRetention": { "Mode": "COMPLIANCE", "Days": 10 }}}' --endpoint https://gos3.io
List Buckets
Lists buckets associated with your contract.
aws s3api list-buckets --endpoint-url https://gos3.io --output table
Object Operations
This section details object operations supported by our Object Storage offering, allowing you to create, delete, retrieve information about objects and control their behaviour.
| Operation | Description |
|---|---|
| DELETE Object | Deletes a specified object |
| DELETE Multiple Objects | Deletes multiple specified objects |
| DELETE Object Tagging | Deletes tagging associated with a specified object |
| GET Object | Retrieves a specified object |
| GET Object ACL | Retrieves the access control list for a specified object |
| GET Object Tagging | Retrieves tagging associated with a specified object |
| HEAD Object | Determines the existence and access permissions for a specified object |
| PUT Object | Adds an object to a bucket |
| List Objects | Lists up to 1000 objects within a specified bucket |
| List ObjectsV2 | Lists up to 1000 objects within a specified bucket |
| List Object Versions | Retrieves metadata for the specified object within a specified bucket |
| Initiate Multipart Upload | Initiates a multipart upload request, which returns an upload ID |
| Abort Multipart Upload | Aborts a multipart upload request for a specified upload ID |
| List Parts | Lists parts that have been uploaded for a specified multipart upload |
| List Multipart Uploads | Lists up to 1000 multipart uploads currently in progress |
| Upload Part | Uploads a part within a multipart upload |
| Upload Part Copy | Uploads a part within a multipart upload by copying an existing object |
| Complete Multipart Upload | Indicates all parts have been uploaded |
Sample Object Operations
In order to start running commands using your terminal, you need to have the latest version of the AWS CLI installed on your system first. If you’re using Windows or macOS, you could install Cyberduck to view your buckets, add objects and perform some operations. Once you’ve completed the installation process, you can go through this section which details how to perform object operations using the s3api CLI. Keep in mind that you have to replace bucketname and filename with the respective equivalents.
DELETE Object
Deletes a specified object.
aws s3api delete-object --bucket bucketname --key filename.ext --endpoint https://gos3.io
DELETE Multiple Objects
Deletes multiple specified objects.
aws s3api delete-objects --bucket bucketname --delete file://delete.json --endpoint https://gos3.io
delete.json
{
"Objects":
[
{
"Key": "filename.ext"
}
],
"Quiet": false
}
DELETE Object Tagging
Deletes tagging associated with a specified object.
aws s3api delete-object-tagging --bucket bucketname --key filename.ext --endpoint https://gos3.io
GET Object
Retrieves a specified object.
aws s3api get-object --bucket bucketname --key filename.ext --endpoint https://gos3.io
GET Object ACL
Retrieves the access control list for a specified object.
aws s3api get-object-acl --bucket bucketname --key filename.ext --endpoint https://gos3.io
GET Object Tagging
Retrieves tagging associated with a specified object.
aws s3api get-object-tagging --bucket bucketname --key filename.ext --endpoint https://gos3.io
HEAD Object
Determines the existence and access permissions for a specified object.
aws s3api head-object --bucket bucketname --key filename.ext --endpoint https://gos3.io
PUT Object
Adds an object to a bucket.
aws s3api put-object --bucket bucketname --key filename.ext --body filename.ext --endpoint https://gos3.io
List Objects
Lists up to 1000 objects within a specified bucket.
aws s3api list-objects --bucket bucketname --endpoint https://gos3.io
List ObjectsV2
Lists up to 1000 objects within a specified bucket.
aws s3api list-objects-v2 --bucket bucketname --endpoint https://gos3.io
List Object Versions
Retrieves metadata for the specified object within a specified bucket.
aws s3api list-object-versions --bucket bucketname --prefix filename.ext --endpoint https://gos3.io
Use Cases
Deactivate Directory Listing
Directory listing is a function that displays the contents of a bucket when there is no index object file within a bucket. It is potentially risky in terms of security as well as privacy to leave this function turned on because it could potentially lead to unintentional information disclosure. If you wish to deactivate directory listing, run the following command and make sure to add the parameters as specified in the sample file below.
Note: make sure to replace bucketname with the name of the bucket that you’re working with.
aws s3api put-bucket-acl --bucket bucketname --policy file://noindexpolicy.json --endpoint https://gos3.io
noindexpolicy.json
{
"Version": "2008-10-17",
"Statement": [
{
"Sid": "AddPerm",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::bucketname/*"
}
]
}
Object Storage Website
Within your bucket’s settings, you can configure static hosting of your HTML files in order to make your bucket to function as a website. Choose an appropriate bucket name, as it will be visible within the URL like <bucketname>.eu-central-1.gos3.io. Upload your relevant files and enable the “Serve As Website” toggle. The next step is to set your index.html and error.html files within the website configuration and click the Update button (If the files don’t already exist, we will generate example files which can be changed afterwards).
Since the URL isn’t practical, you may want to serve this website from your domain, we’ve outlined the following two possible scenarios:
Domain Name (No SSL)
Add the CNAME <bucketname> which points to the bucket Web-URL, for instance <bucketname>.eu-central-1.gos3.io. This can be found in the buckets detail view within the Cloud Panel.
Wait for the DNS propogation to be completed and visit the website to ensure that all the configurations are appropriately set. Keep in mind that this website does not have SSL set on account of the inherent nature of wildcard SSL configurations.