Skip to main content

Bucket Actions

There are six actions in Bucket:

 Object Versioning
Presigned URL
Lifecycle Rule
Replication Rule
Empty
Add to CDN
Delete

Bucket Actions

Object Versioning

E2E provides an Object Versioning feature in Object storage. Using this feature, users can upload duplicate files, which will be stored in Minio with different versions.
To enable versioning, click on the Action button and select Object Versioning.

Object Versioning
Object Storage

Presigned URL

E2E provides a Presigned URL feature in Object Storage. This feature allows users to generate presigned URLs for files in their buckets, enabling direct download or upload of files via these URLs. Users can also easily integrate upload presigned URLs into their code for seamless file uploads.

Presigned URL

After clicking on Generate Presigned URL, you have to enter the required details and select the type of URL, as shown below.

Type of Presigned URL

Now click on Generate URL to create the Presigned URL.

Generate Presigned URL

Lifecycle Rule

E2E provides a Lifecycle Rule feature in Object storage. Using this feature, users can apply a lifecycle rule to a bucket. After applying this, the object will be deleted as per your set rule. To set it up, click on the Action button, select Lifecycle Rule, enter the details, and click Save.

Lifecycle Rule
Object Storage

Replication Rule

E2E provides a Replication Rule feature in Object Storage. This feature allows users to transfer their objects from one region to another region's bucket. To enable replication, click on Action and select Replication Rule. Enter the required details and click Save.

Note

For enabling replication rule, versioning must be enabled for the bucket.

Replication Rule
Object Storage
Object Storage

Users can perform actions on the replication bucket by clicking on Action. Available actions include Delete and Disable.

Replication Actions
Object Storage
Object Storage
Object Storage

Empty Bucket

Using the Empty action, the user can empty the bucket, which will delete all objects from it.

Empty Bucket
Object Storage

Add to CDN

EOS integration with CDN improves the performance, scalability, and reliability of the platform by leveraging the capabilities of a Content Delivery Network.

Users can perform actions on Add to CDN by clicking on the Action button.

Add to CDN

Note

To add CDN, you need to give public access to your bucket.

After clicking on Add to CDN, click on Create CDN.

Create CDN

Once created, a new section named Bucket CDN will appear in the Manage Object Storage interface, showing the details of the CDN.

Bucket CDN
CDN Details
CDN Actions

You can access comprehensive details about CDN services and view all their actions in the dedicated CDN section.

CDN Section

Upload Files

Upload Files
Object Storage
Object Storage
Object Storage
Object Storage
Object Storage

Permissions

In the Permissions tab, permission details are displayed, and customers can apply permissions to the bucket using the access key and perform actions on it.

Access Key

If you intend to use CLI or API for accessing your data on EOS, you will need to define bucket permissions.
Customers can create access keys using the Manage Access Keys option in the Permissions tab.

Using Manage Access Key

To create an access key, click on the Manage Access Keys button.

Manage Access Key
Object Storage
Object Storage
Object Storage
Object Storage

Actions in Manage Access Key

Customers can perform two actions on access keys: Lock, Unlock, and Delete.

Access Key Actions
Object Storage
Object Storage
Object Storage
Object Storage

  1. Go to Products > Storage option in the sidebar menu

  2. Choose any bucket or create a new one

  3. Click the Permissions tab

  4. Click the Create Access Key button

  5. Enter a name for your access key

  6. Choose an access key or create a new one

  7. Assign a role:

    RolePermissions
    bucket admincan read, write, manage
    bucket writercan read, write
    bucket readercan read

Assign Role
Object Storage
Object Storage
Object Storage
Object Storage

Public Access Config

Using Public Access Config, you can give the permissions for Upload, Download, Upload & Download, or Private for the objects using URL. To enable this, click on Public Access Config and select the desired permission.

Public Access Config
Object Storage
Object Storage
Object Storage
Object Storage

Bucket Lifecycle

In this section, the lifecycle rules you have created are displayed. You can also create and perform actions on these rules.

Bucket Lifecycle
Object Storage

Bucket Details

In this section, the details of the bucket are displayed.

Bucket Details

Bucket Permissions

If you intend to use CLI or API for accessing your data on EOS, you will need to define bucket permissions.

Bucket Permissions

  1. Go to Products > Storage option in the sidebar menu

  2. Choose any bucket or create a new one

  3. Click the Permissions tab

  4. Click the Create Access Key button

  5. Enter a name for your access key

  6. Choose an access key or create a new one

  7. Assign a role:

    RolePermissions
    bucket admincan read, write, manage
    bucket writercan read, write
    bucket readercan read
  8. Save the permission.

Create Access Key

You can create an access key from the Permissions tab on the Bucket details page or the Manage Access page.

Create Access Key

  1. Enter a name for your access key (application name, project name, or team member name).
  2. Click Generate Key.
  3. A newly generated access and secret key will be displayed.
  4. Keep a note of both keys as you will not see them again after you close the modal window.
  5. If you have mc setup, use the given command to configure CLI for this access key.

Hint: Choose a short name for the access key, as you will be entering this for each command you type in CLI.

Manage Access

Sometimes you may need to disable access for certain users or applications. You can lock their access key from the Manage Access page.

Manage Access

  1. Go to Products > Storage option in the sidebar menu
  2. Click Manage Access Key
  3. Identify the access you want to lock by key name
  4. Click the Lock icon

To unlock, follow the same steps, but click the Unlock icon.

Protect Your Bucket Data With Encryption

Introduction

The procedure on this page configures and enables Server-Side Encryption with Client-Managed Keys (SSE-C). EOS SSE-C supports client-driven encryption of objects before writing the object to the drive. Clients must specify the correct key to decrypt objects for read operations.

Prerequisites

  • The mc client is required to encrypt an object (How to install mc client).
  • The SSE-C key must be a 256-bit base64-encoded string.
  • The client application is responsible for generating and storing the encryption key.
  • EOS does not store SSE-C encryption keys and cannot decrypt SSE-C encrypted objects without the client-managed key.

1) Generate the Encryption Key

First, an encryption key is required. You can generate the encryption key using the following command:

cat /dev/urandom | head -c 32 | base64 -
  • It is important to notice that a 256-bit base64-encoded string should be used.
  • Save the encryption key for future reference.

2) Encrypt and Copy Object into Bucket Using Encryption Key

To encrypt an object using the mc client, refer to the following command:

 mc cp ~/source_path/my_object.json ALIAS/BUCKET/my_object.json \
--encrypt-key "ALIAS/BUCKET/=ENCRYPTION_KEY"
  • Replace ALIAS with the key_name used while configuring the mc client on which you want to write the SSE-C encrypted object.

  • Replace BUCKET with the full path to the bucket or bucket prefix to which you want to write the SSE-C encrypted object.

  • Replace ENCRYPTION_KEY with the key generated in the first step.

3) Copy an SSE-C Encrypted Object Between Two Buckets

EOS also supports copying an SSE-C encrypted object to another S3-compatible service:

 mc cp SOURCE/BUCKET/mydata.json TARGET/BUCKET/mydata.json  \
--encrypt-key \
"SOURCE/BUCKET/=ENCRYPTION_KEY","TARGET/BUCKET/=ENCRYPTION_KEY"
  • Replace ALIAS with respecting key_name used while configuring the mc client on which you want to read and write the SSE-C encrypted object.

  • Replace source and destination BUCKET with the full path to the bucket or bucket prefix on which you want to read and write the SSE-C encrypted object.

  • Replace ENCRYPTION_KEY with the key generated in the first step.

Considerations:

  • SSE-C encrypted objects are not compatible with the EOS bucket replication feature.

  • User manage a mapping of which encryption key was used to encrypt which object. E2E does not store encryption keys. You are responsible for tracking which encryption key you provided for which object.

  • If your bucket is versioning-enabled, each object version that you upload by using this feature can have its own encryption key. You are responsible for tracking which encryption key was used for which object version.

  • For downloading an encrypted object encryption key is required, if the user loses the key then he can not download the data, and his data will be lost. In this case E2E is not responsible for the loss of your data.

References