Object Storage

Our S3-compatible Object Storage offering is developed with data sovereignty in mind, designed to be accessed from anywhere including websites, mobile applications or IoT devices. You can export your Snapshots to Object Storage, allowing you to perform instantaneous real-time backups. The Cloud Panel offers you the possibility to manage your access keys as well as the buckets. Keep in mind that bucket names are managed universally, so ensure that each bucket name you specify is **unique**.

Along with your Access Key, the following are always required as parameters while performing operations related to Object Storage:

de/fra2: https://gos3.io

de/fra3: https://cfea.gos3.io

de/ehz1: https://af13.gos3.io

ch/app1: https://bc01.gos3.io

nl/ams1: https://ce21.gos3.io

More information about these locations can be found in the location Explorer in the panels.

Access Keys

There are two types of access keys - account keys and user keys.

RoleAccessAccount keyUser key
OwnerCan see all types of keys from all users in an account.Can create and see all.Can create and see all.
AdminCan see all types of keys from all users in an account.Can create and see all.Can create and see all.
WriteCan only see their user access keys.Can not create or seeCan create and see only theirs.
ReadNo AccessNo AccessNo Access

When using the Cloud Panel, we generate access keys depending on your role in that accounts. account keys are generated for users with the admin or owner role and user keys are generated for users with write role.

Account keys have access to all buckets created before 13.03.2022 as well as all buckets created with account keys from any users within the account.

User keys have access only to buckets created with these keys. account keys cannot see buckets created with user keys

Users with the owner or admin role can see all access keys from all users in the account. This gives admins and owners access to everything by default.

Users with the write role can only see their own user keys and therefore only have access to buckets generated with those user keys.

Access Key Limits

You have the possibility to create a maximum of 128 account keys per account.

Bucket Operations

This section details bucket operations supported by our Object Storage offering, allowing you to create, delete, retrieve information about buckets and control their behaviour.

OperationDescription
Pre-signed URLsBy default, all objects and buckets are private. Using a pre-signed URL, you can share objects or allow objects to be uploaded to buckets without requiring explicit security credentials or permissions
CREATE BucketCreates a new bucket
DELETE BucketDeletes a specified bucket
DELETE Bucket CORSDeletes the cross-origin resource sharing configuration for a specified bucket
DELETE Bucket LifecycleDeletes the lifecycle configuration for a specified bucket
DELETE Bucket WebsiteDeletes the website configuration for a specified bucket
GET Bucket ACLRetrieves the access control list for a specified bucket
GET Bucket CORSRetrieves the cross-origin resource sharing configuration for a specified bucket
GET Bucket Lifecycle ConfigurationRetrieves the lifecycle configuration for a specified bucket
GET Bucket VersioningRetrieves the versioning state for a specified bucket
GET Bucket Ownership ControlsRetrieves the bucket ownership controls for a specified bucket
GET Public Access BlockRetrieves the public access block for a specified bucket
GET Bucket WebsiteRetrieves the website configuration for a specified bucket
GET Object Lock ConfigurationRetrieves the object lock configuration for a specified bucket
HEAD BucketDetermines the existence and access permissions for a specified bucket
PUT Bucket ACLSets the access control list for a specified bucket
PUT Bucket CORSSets the cross-origin resource sharing configuration for a specified bucket
PUT Bucket Lifecycle ConfigurationSets the lifecycle configuration for a specified bucket
PUT Bucket WebsiteSets the website configuration for a specified bucket
PUT Bucket PolicySets the bucket policy for a specified bucket
List BucketsLists buckets associated with your contract

Sample Bucket Operations

In order to start running commands using your terminal, you need to have the latest version of the AWS CLI installed on your system first. If you’re using Windows or macOS, you could install Cyberduck to view your buckets, add objects and perform some operations. Once you’ve completed the installation process, you can go through this section which details how to perform bucket operations using the s3api CLI. Keep in mind that you have to replace bucketname and filename with the respective equivalents.

Pre-signed URLs

By default, all objects and buckets are private. Using a pre-signed URL, you can share objects or allow objects to be uploaded to buckets without requiring explicit security credentials or permissions.

aws s3 presign s3://bucketname/filename.ext --endpoint https://gos3.io

CREATE Bucket

Creates a new bucket. If you wish to have Object Lock enabled, the --object-lock-enabled-for-bucket attribute needs to be set during bucket creation process. Keep in mind that versioning is automatically activated in case Object Lock is enabled.

aws s3api create-bucket --object-lock-enabled-for-bucket --bucket $bucketname --endpoint https://gos3.io

DELETE Bucket

Deletes a specified bucket.

aws s3api delete-bucket --bucket bucketname --endpoint https://gos3.io

DELETE Bucket CORS

Deletes the cross-origin resource sharing configuration for a specified bucket.


aws s3api delete-bucket-cors --bucket bucketname --endpoint https://gos3.io

DELETE Bucket Lifecycle

Deletes the lifecycle configuration for a specified bucket.


aws s3api delete-bucket-lifecycle --bucket bucketname --endpoint https://gos3.io

DELETE Bucket Website

Deletes the website configuration for a specified bucket.


aws s3api delete-bucket-website --bucket bucketname --endpoint https://gos3.io

GET Bucket ACL

Retrieves the access control list for a specified bucket.

aws s3api get-bucket-acl --bucket bucketname --endpoint https://gos3.io

GET Bucket CORS

Retrieves the cross-origin resource sharing configuration for a specified bucket.

aws s3api get-bucket-cors --bucket bucketname --endpoint https://gos3.io

GET Bucket Lifecycle Configuration

Retrieves the lifecycle configuration for a specified bucket.

aws s3api get-bucket-lifecycle-configuration --bucket bucketname --endpoint https://gos3.io

GET Bucket Versioning

Retrieves the versioning state for a specified bucket.

aws s3api get-bucket-versioning --bucket bucketname --endpoint https://gos3.io

GET Bucket Ownership Controls

Retrieves the bucket ownership controls for a specified bucket.

aws s3api get-bucket-ownership-controls --bucket bucketname --endpoint-url https://gos3.io

GET Public Access Block

Retrieves the public access block for a specified bucket.

aws s3api get-public-access-block --bucket bucketname --endpoint-url https://gos3.io

GET Bucket Website

Retrieves the website configuration for a specified bucket.

aws s3api get-bucket-website --bucket bucketname --endpoint https://gos3.io

GET Object Lock Configuration

Retrieves the object lock configuration for a specified bucket.

aws s3api get-object-lock-configuration --bucket bucketname --endpoint https://gos3.io

HEAD Bucket

Determines the existence and access permissions for a specified bucket.

aws s3api head-bucket --bucket bucketname --endpoint https://gos3.io

PUT Bucket ACL

Sets the access control list for a specified bucket.

aws s3api put-bucket-acl --bucket bucketname --acl public-read --endpoint https://gos3.io

PUT Bucket CORS

Sets the cross-origin resource sharing configuration for a specified bucket.

aws s3api put-bucket-cors --bucket bucketname --cors-configuration file://cors.json --endpoint https://gos3.io
cors.json:
{
  "CORSRules": [
    {
      "AllowedOrigins": ["http://www.example.com"],
      "AllowedHeaders": ["*"],
      "AllowedMethods": ["PUT", "POST", "DELETE"],
      "MaxAgeSeconds": 3000,
      "ExposeHeaders": ["x-amz-server-side-encryption"]
    },
    {
      "AllowedOrigins": ["*"],
      "AllowedHeaders": ["Authorization"],
      "AllowedMethods": ["GET"],
      "MaxAgeSeconds": 3000
    }
  ]
}

PUT Bucket Lifecycle Configuration

Sets the lifecycle configuration for a specified bucket.

aws s3api put-bucket-lifecycle-configuration --bucket bucketname --lifecycle-configuration file://delete-lifecycle.json --endpoint https://gos3.io
delete-lifecycle.json
{
    "Rules":
    [
        {
            "ID": "id-1",
            "Filter":
            {},
            "Status": "Enabled",
            "Expiration":
            {
                "Days": 2
            }
        }
    ]
}

PUT Bucket Website

Sets the website configuration for a specified bucket.

aws s3api put-bucket-website --bucket bucketname --website-configuration file://website.json --endpoint https://gos3.io
website.json
{
    "IndexDocument":
    {
        "Suffix": "index.html"
    },
    "ErrorDocument":
    {
        "Key": "error.html"
    }
}

PUT Bucket Policy

Sets the bucket policy for a specified bucket.

aws s3api put-bucket-policy --bucket bucketname --policy file://policy.json --endpoint https://gos3.io
policy.json
{
    "Version": "2021-01-17",
    "Statement":
    [
        {
          "Sid": "AddPerm",
          "Effect": "Allow",
          "Principal": "*",
          "Action": "s3:GetObject",
          "Resource": "arn:aws:s3:::bucketname/*"
        }
    ]
}

PUT Object Lock Configuration

Sets the object lock configuration for a specified bucket. Keep in mind that Object Lock can only be activated at the time of bucket creation, and also enables Versioning by default. This means that Object Lock cannot be disabled and Versioning cannot be suspended for the specified bucket.

By default, the specified rule within the configuration gets applied to every object within the specified bucket and the defaults are immutable. A new version of the specified object is created in this case. The retention period specifies how long an object remains locked during which the object remains WORM-protected and cannot be overwritten or deleted. This also means that the bucket cannot be deleted until the retention time period is over.

aws s3api put-object-lock-configuration --bucket bucketname --object-lock-configuration '{ "ObjectLockEnabled": "Enabled", "Rule": { "DefaultRetention": { "Mode": "COMPLIANCE", "Days": 10 }}}' --endpoint https://gos3.io

List Buckets

Lists buckets associated with your contract.

aws s3api list-buckets --endpoint-url https://gos3.io --output table

Object Operations

This section details object operations supported by our Object Storage offering, allowing you to create, delete, retrieve information about objects and control their behaviour.

OperationDescription
DELETE ObjectDeletes a specified object
DELETE Multiple ObjectsDeletes multiple specified objects
DELETE Object TaggingDeletes tagging associated with a specified object
GET ObjectRetrieves a specified object
GET Object ACLRetrieves the access control list for a specified object
GET Object TaggingRetrieves tagging associated with a specified object
HEAD ObjectDetermines the existence and access permissions for a specified object
PUT ObjectAdds an object to a bucket
List ObjectsLists up to 1000 objects within a specified bucket
List ObjectsV2Lists up to 1000 objects within a specified bucket
List Object VersionsRetrieves metadata for the specified object within a specified bucket
Initiate Multipart UploadInitiates a multipart upload request, which returns an upload ID
Abort Multipart UploadAborts a multipart upload request for a specified upload ID
List PartsLists parts that have been uploaded for a specified multipart upload
List Multipart UploadsLists up to 1000 multipart uploads currently in progress
Upload PartUploads a part within a multipart upload
Upload Part CopyUploads a part within a multipart upload by copying an existing object
Complete Multipart UploadIndicates all parts have been uploaded

Sample Object Operations

In order to start running commands using your terminal, you need to have the latest version of the AWS CLI installed on your system first. If you’re using Windows or macOS, you could install Cyberduck to view your buckets, add objects and perform some operations. Once you’ve completed the installation process, you can go through this section which details how to perform object operations using the s3api CLI. Keep in mind that you have to replace bucketname and filename with the respective equivalents.

DELETE Object

Deletes a specified object.

aws s3api delete-object --bucket bucketname --key filename.ext --endpoint https://gos3.io

DELETE Multiple Objects

Deletes multiple specified objects.

aws s3api delete-objects --bucket bucketname --delete file://delete.json --endpoint https://gos3.io
delete.json
{
  "Objects":
  [
    {
      "Key": "filename.ext"
    }
  ],
  "Quiet": false
}

DELETE Object Tagging

Deletes tagging associated with a specified object.

aws s3api delete-object-tagging --bucket bucketname --key filename.ext --endpoint https://gos3.io

GET Object

Retrieves a specified object.

aws s3api get-object --bucket bucketname --key filename.ext --endpoint https://gos3.io

GET Object ACL

Retrieves the access control list for a specified object.

aws s3api get-object-acl --bucket bucketname --key filename.ext --endpoint https://gos3.io

GET Object Tagging

Retrieves tagging associated with a specified object.

aws s3api get-object-tagging --bucket bucketname --key filename.ext --endpoint https://gos3.io

HEAD Object

Determines the existence and access permissions for a specified object.

aws s3api head-object --bucket bucketname --key filename.ext --endpoint https://gos3.io

PUT Object

Adds an object to a bucket.

aws s3api put-object --bucket bucketname --key filename.ext --body filename.ext --endpoint https://gos3.io

List Objects

Lists up to 1000 objects within a specified bucket.

aws s3api list-objects --bucket bucketname --endpoint https://gos3.io

List ObjectsV2

Lists up to 1000 objects within a specified bucket.

aws s3api list-objects-v2 --bucket bucketname --endpoint https://gos3.io

List Object Versions

Retrieves metadata for the specified object within a specified bucket.

aws s3api list-object-versions --bucket bucketname --prefix filename.ext --endpoint https://gos3.io

Use Cases

Deactivate Directory Listing

Directory listing is a function that displays the contents of a bucket when there is no index object file within a bucket. It is potentially risky in terms of security as well as privacy to leave this function turned on because it could potentially lead to unintentional information disclosure. If you wish to deactivate directory listing, run the following command and make sure to add the parameters as specified in the sample file below.

Note: make sure to replace bucketname with the name of the bucket that you’re working with.

aws s3api put-bucket-acl --bucket bucketname --policy file://noindexpolicy.json --endpoint https://gos3.io
noindexpolicy.json
{
    "Version": "2008-10-17",
    "Statement": [
        {
        "Sid": "AddPerm",
        "Effect": "Allow",
        "Principal": "*",
        "Action": "s3:GetObject",
        "Resource": "arn:aws:s3:::bucketname/*"
        }
    ]
}

Object Storage Website

Within your bucket’s settings, you can configure static hosting of your HTML files in order to make your bucket to function as a website. Choose an appropriate bucket name, as it will be visible within the URL like <bucketname>.eu-central-1.gos3.io. Upload your relevant files and enable the “Serve As Website” toggle. The next step is to set your index.html and error.html files within the website configuration and click the Update button (If the files don’t already exist, we will generate example files which can be changed afterwards).

Since the URL isn’t practical, you may want to serve this website from your domain, we’ve outlined the following two possible scenarios:

Domain Name (No SSL)

Add the CNAME <bucketname> which points to the bucket Web-URL, for instance <bucketname>.eu-central-1.gos3.io. This can be found in the buckets detail view within the Cloud Panel.

Wait for the DNS propagation to be completed and visit the website to ensure that all the configurations are appropriately set. Keep in mind that this website does not have SSL set on account of the inherent nature of wildcard SSL configurations.

Top