Overview

Storage: IONOS S3 Object Storage is a modern storage technology that can be found in private and public cloud storage applications. In object storage architecture, files are not stored and managed in hierarchies or blocks as is the case with file or block storage, but as objects. An object consists of the file itself, customizable metadata, and a unique identifier through which it is addressed.

Compatibility: Object storage is almost indefinitely scalable. It can be accessed through APIs and internet protocols. This makes it well-suited for cloud storage solutions. The S3 API (Simple Storage Services) has been established as a global standard for object storage for years. It allows for interoperability and compatibility across different object storage systems that adhere to this standard.

IONOS S3 Object Storage is currently available in Germany and Spain (see the list of available endpoints).

Applications: Object storage is best used for storing large chunks of unstructured, static data, such as videos, images, music, and other files not intended for manipulation by frequent transactions. This includes archives, backups, log files, documents, and any file type that you want to keep “as is” for later access.

Automation: IONOS S3 Object Storage is based on S3. The object storage solution offers the industry’s best compatibility with the S3 API. This guarantees a high level of interoperability with other object storage systems adhering to S3.

Furthermore, you can use any client application that supports S3 to access it. A GUI is available to make the management and use of IONOS Cloud Object Storage as comfortable as possible. The GUI is called the Object Storage Management Console.

Core Functionality

Objects: The IONOS S3 Object Storage can store objects, i.e. files of any format. Neither format nor content is checked during upload. Objects can be stored in buckets and folders. The number of objects you can save is unlimited.

Buckets: logical containers in which the objects of object storage are stored. Before files can be uploaded to object storage, a bucket must first be created. The name of a bucket must be unique throughout the IONOS S3 Object Storage. The bucket name must adhere to the naming convention. The User can define how the objects contained in a bucket are versioned and that access to them is logged. Access to a bucket is managed by authorizations.

Folders: logical containers in which objects can be stored in a structured way, similar to a file system. A bucket can contain folders at multiple levels, meaning a folder can contain other folders. You cannot define properties or permissions for folders, this is done using buckets and objects. The same naming rules apply to folders as to objects - once a folder is created, it cannot be renamed. Objects already uploaded cannot be moved to a newly created folder.

Security

IONOS S3 Object Storage protects User data on several levels. The storage policy chosen for the object storage covers the highest data protection level possible. Technical failures of any kind will not result in data loss.

Connection to the object storage is SSL-encrypted. Moreover, you can store uploaded objects using server-side encryption. Therefore, objects can be stored in IONOS object storage in any encrypted form. Storage objects are decrypted automatically when downloaded.

Access Management

S3 allows for comprehensive access management at the bucket and object levels. This allows you to define precisely who may access what. By default, newly created buckets and objects are “private”. Only the bucket owner can access them. In order to protect content from unauthorized access, it is recommended that you make only those buckets or objects public that are to be shared publicly.

Grantees: S3-defined user groups to whom permissions are granted that specify which buckets and objects they may access in which way.

Grantee
Bucket
Object

Public

Everyone

Authenticated Users

All users of the IONOS S3 Object Storage (not limited to a contract).

Log Delivery Group

Group required for logging (in combination with the "Log Delivery Write" ACL)

n/a

Individual users

Selected users of the IONOS S3 Object Storage (not limited to a contract)

Sharing buckets with individual users requires their IONOS S3 Object Storage ID.

Permissions: These are the access rights that can be assigned to Grantees. By default, buckets and objects are "private", i.e. only the bucket owner can access them. The content of a bucket is always accessible (as a list) as soon as the bucket is "public", even if the objects it contains are private and can therefore neither be displayed nor downloaded!

Permission
Bucket
Object

Read access (Readable)

View the contents of a bucket as a list. Opening and downloading objects is not possible.

Open and download objects

Write access (Writable)

Upload and delete objects

n/a

Read access to permissions (ACP Readable)

View the access rights of the bucket or object

Write access to permissions (ACP Writable)

View and edit the access rights of the bucket or object

Access Control Lists (ACLs): With the help of a detailed authorization system, based on S3 ACLs (Access Control Lists), you can control precisely who accesses and edits your content. By assigning ACLs to a group of users in accordance with an S3-compliant access control list, you can manage who may access the buckets and objects of your IONOS S3 Object Storage.

A DCD feature allows contract owners and administrators to log on to the object storage accounts of their contract members as bucket owners with full access rights.

Canned ACLs: Pre-defined access profiles so that you don't have to enter the combination of permissions per grantee manually. By default, buckets and objects are "private", i.e. only the bucket owner can access them.

Canned ACL
Bucket
Object

Private (default)

Full access for bucket owners

Public Read

Full access for bucket owners

Read access to buckets for all users of the IONOS S3 Object Storage (not limited to a contract).

Please note that the content of a bucket is always displayed as a list as soon as it is made "public", even if the objects it contains are private and can therefore neither be displayed nor downloaded!

Public Read Write

Full access for bucket owners

Read and write access for everyone. Everyone may view the bucket contents and upload and delete files.

n/a

Authenticated Read

Full access for bucket owners

Read access for all users of the IONOS S3 Object Storage (not limited to a contract).

Log Delivery Write

Full access for bucket owners

Write access for the Log Delivery Group, which can also view the access permissions of a bucket. This access profile is required for saving the log files generated when logging is activated for a bucket.

n/a

Bucket Owner Read

n/a

Full access for object owners

Read access for bucket owners

Bucket Owner Full

n/a

Full access for object and bucket owners

Limitations

Object size: Please note that objects may not exceed 5 GB in size if they are uploaded using the Object Storage Management Console. Other applications or the IONOS S3 Object Storage API are not subject to this limit.

Bucket limits: Each user may create up to 500 buckets.

Last updated

Revision created

Minor update from the comments