Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Prerequisite: For the installation instructions, see Install or update to the latest version of the AWS CLI.
Run the aws configure
command in a terminal.
AWS Access Key ID [None]: Insert the Access Key. In the DCD, go to Menu > Storage > IONOS Object Storage > Key management and check the Access keys section to find the essential details.
AWS Secret Access Key [None]: Paste the Secret Key. In the DCD, go to Menu > Storage > IONOS Object Storage > Key management and check the Access keys section to find the essential details.
Default region name [None]: de
.
Default output format [None]: json
.
Test if you set up AWS CLI correctly by running a command to list buckets; use any endpoints for testing purposes.
If the setup works correctly, you may proceed with the other commands.
For each command, be sure to include one of the endpoints in the endpoint-url
parameter:
For information on the supported IONOS Object Storage Service endpoints, see Endpoints.
There are two sets of commands:
S3: Offers high-level commands for managing buckets and moving, copying, and synchronizing objects.
S3api: Allows you to work with specific features such as ACL, CORS, and Versioning.
For additional information, see the official AWS CLI Command Reference.
This document provides instructions for managing IONOS Object Storage using the AWS CLI. Additionally, this task can also be performed through the DCD DCD and API.
Prerequisites:
Set up the AWS CLI by following the installation instructions.
Make sure to consider the supported Endpoints.
Option 1: Using s3 set of commands:
Option 2: Using s3api set of commands:
Create a bucket in the eu-central-2
region (Berlin, Germany):
Option 1: Using s3 set of commands:
Option 2: Using s3api set of commands:
Create a bucket in the de
region (Frankfurt, Germany) with Object Lock enabled:
Upload an object from the current directory to a bucket:
Download all the objects from the my-bucket
bucket to the local directory my-dir
:
Copy the object to the bucket:
Copy the contents of the local directory my-dir
to the bucket my-bucket
:
For more information, see the cp command reference.
Copy all objects from my-source-bucket
to my-dest-bucket
excluding .zip files. The command does not support cross-region copying for IONOS Object Storage:
Sync the bucket my-bucket
with the contents of the local directory my-dir
:
For more information, see sync command reference.
This document provides instructions to manage Replication using the CLI. Additionally, these tasks can also be performed using the DCD and IONOS Object Storage API.
Prerequisites:
Set up the AWS CLI by following the installation instructions.
Make sure to consider the supported Endpoints.
Versioning must be enabled for source and destination buckets.
Create the file replication_configuration.json
with the following content:
Enable replication from my-source-bucket
to my-destination-bucket
(use the endpoint of the source bucket):
Retrieve the replication configuration:
Delete the replication configuration:
Info: It takes up to a few minutes for the deletion of a replication rule to propagate fully.
This document provides instructions to Manage ACL for Buckets using the AWS CLI. Additionally, these tasks can also be performed using the DCD and IONOS Object Storage API.
Prerequisites:
Set up the AWS CLI by following the installation instructions.
Make sure to consider the supported Endpoints.
Use the following keys to define access permissions:
--grant-read
: Grants read-only access.
--grant-write
: Grants write-only access.
--grant-read-acp
: Grants permission to read the Access Control List.
--grant-write-acp
: Grants permission to modify the Access Control List.
--grant-full-control
: Grants full access, encompassing the permissions listed above (read, write, read ACL, and write ACL).
Note: Granting access to a bucket for another IONOS user does not make the bucket appear in the user's Object Storage in the DCD due to the S3 protocol's architecture. To access the bucket, the user must utilize other S3 Tools, as the granted access does not translate to interface visibility.
Grant full control of my-bucket
to a user with a specific Canonical user ID:
Separate grants with a comma if you want to specify multiple Canonical user IDs:
Grant full control of my-bucket
to multiple users using their Canonical user IDs:
Grant full control of my-bucket
by using an email address
instead of a Canonical User ID:
Retrieve the ACL of a bucket and save it to the file acl.json
:
Edit the file. For example, remove or add some grants and apply the updated ACL to the bucket:
Use the following values for the --acl
key:
private
removes public access.
public-read
allows public read-only access.
public-read-write
allows public read/write access.
authenticated-read
allows read-only access to all authenticated users of IONOS Object storage (including ones out of your contract).
Allow public read-only access to the bucket:
Remove public access to the bucket:
Set WRITE
and READ_ACP
permissions for the Log Delivery Group, which is required before enabling the Logging feature for a bucket:
This document provides instructions for managing Static Website Hosting using the CLI. Additionally, these tasks can also be performed using the DCD and IONOS Object Storage API.
Prerequisites:
Set up the AWS CLI by following the installation instructions.
Make sure to consider the supported Endpoints.
Make the bucket public for static website hosting using Bucket Policy:
Contents of policy.json
:
Enable static website hosting for my-bucket
:
Info: The website URLs differ from the endpoint URLs. The command sets up the static website here – http://my-bucket.s3-website-eu-central-2.ionoscloud.com
.
Disable static website hosting for my-bucket
:
This document provides instructions to manage using the CLI. Additionally, these tasks can also be performed using the and .
Prerequisites:
Set up the AWS CLI by following the .
Make sure to consider the supported .
To create a file policy.json
with the JSON policy, see .
Apply a bucket policy to a bucket:
Save a bucket policy to file:
Delete the bucket policy:
IONOS Object Storage is compatible with the S3 protocol, which means that it can be used to manage buckets and objects with existing S3 clients once properly configured.
Amazon Web Services (AWS) Command-line Interface (CLI) is unique in offering a wide range of commands for comprehensive management of buckets and objects which is ideal for scripting and automation. IONOS Object Storage supports using AWS CLI for Windows, macOS, and Linux.
This document provides instructions to manage using the CLI. Additionally, these tasks can also be performed using the and .
Prerequisites:
Set up the AWS CLI by following the .
Make sure to consider the supported .
Get the versioning state of the bucket:
Enable versioning for the bucket:
List object versions for the bucket:
List object versions for the object my-object.txt
:
This document provides instructions to manage using the CLI. Additionally, these tasks can also be performed using the and .
Prerequisites:
Set up the AWS CLI by following the .
Make sure to consider the supported .
must be enabled for source and destination buckets.
Create a file lifecycle.json
with the JSON policy:
Apply the lifecycle configuration to a bucket:
Save the bucket’s lifecycle configuration to a file:
Delete the Lifecyle configuration:
This document provides instructions to manage using the CLI. Additionally, these tasks can also be performed using the and .
Prerequisites:
Object Lock configuration is only feasible when enabled at the time of bucket creation. It cannot be activated for an existing bucket.
Set up the AWS CLI by following the .
Make sure to consider the supported .
Create a bucket my-bucket
in the de
region (Frankfurt, Germany) with Object Lock:
An Object Lock with Governance mode on a bucket provides the bucket owner with better flexibility compared to the Compliance mode. It permits the removal of the Object Lock before the designated retention period has expired, allowing for subsequent replacements or deletions of the object.
Apply Governance mode configuration to the bucket my-bucket-with-object-lock
with a default retention period equal to 15 days (or use the PutObjectLockConfiguration
API Call):
On applying this configuration, the newly uploaded objects adhere to this retention setting.
An Object Lock with Compliance mode on a bucket ensures strict control by enforcing a stringent retention policy on objects. Once this mode is set, the retention period for an object cannot be shortened or modified. It provides immutable protection by preventing objects from being deleted or overwritten during their retention period.
This mode is particularly suited for meeting regulatory requirements as it guarantees that objects remain unaltered. It does not allow locks to be removed before the retention period concludes, ensuring consistent data protection.
Apply Compliance mode configuration to the bucket my-bucket-with-object-lock
with a default retention period equal to 15 days:
On applying this configuration, the newly uploaded objects adhere to this retention setting.
Retrieve Object Lock configuration of a bucket (the same could be achieved with the GetObjectLockConfiguration
API Call):
Upload my-object.pdf
to the bucket my-bucket-with-object-lock
:
Note: The Object Lock retention is not specified so a bucket’s default retention configuration will be applied.
Upload my-object.pdf
to the bucket my-bucket-with-object-lock
and override the bucket’s default Object Lock configuration:
Note: You can overwrite objects protected with Object Lock. Since Versioning is used for a bucket, it allows to keep multiple versions of the object. It also allows deleting objects because this operation only adds a deletion marker to the object’s version.
Note: Delete markers are not WORM-protected, regardless of any retention period or legal hold in place on the underlying object.
Apply legal-hold
status to my-object.pdf
in the bucket my-bucket-with-object-lock
:
Use Status=OFF
to turn off the legal-hold
status.
To check the Object Lock status for a particular version of an object, you can utilize either the GET Object
or the HEAD Object
commands. Both commands will provide information about the retention mode, the designated 'Retain Until Date' and the status of the legal hold for the chosen object version.
When multiple users have permission to upload objects to your bucket, there is a risk of overly extended retention periods being set. This can lead to increased storage costs and data management challenges. While the system allows for up to 100 years using the s3:object-lock-remaining-retention-days
condition key, implementing limitations can be particularly beneficial in multi-user environments.
Establish a 10-day maximum retention limit:
Save it to the policy.json
file and apply using the following command:
This task could also be achieved by using the API call.
The permanent deletion of the object’s version is prohibited, and the system only creates a deletion marker for the object. But it makes IONOS Object Storage behave in most ways as though the object has been deleted. You can only list the delete markers and other versions of an object by using the API call.
This document provides instructions to Manage ACL for Objects using the AWS CLI. Additionally, these tasks can also be performed using the DCD and IONOS Object Storage API.
Prerequisites:
Set up the AWS CLI by following the installation instructions.
Make sure to consider the supported Endpoints for object upload.
Use the following keys to define access permissions:
--grant-read
: Grants read-only access.
--grant-write
: Grants write-only access.
--grant-read-acp
: Grants permission to read the Access Control List.
--grant-write-acp
: Grants permission to modify the Access Control List.
--grant-full-control
: Grants full access, encompassing the permissions listed above (read, write, read ACL, and write ACL).
Use --key
to specify the object for granting access:
Use the following values for the --acl
key:
private
removes public access.
public-read
allows public read-only access.
public-read-write
allows public read/write access.
authenticated-read
allows read-only access to all authenticated users of IONOS Object storage (including ones out of your contract).
Allow public read-only access to the object:
Remove public access from the object:
This document provides instructions to manage Logging using the CLI. Additionally, these tasks can also be performed using the DCD and IONOS Object Storage API.
Prerequisites:
Set up the AWS CLI by following the installation instructions.
Make sure to consider the supported Endpoints.
Prerequisite: Grant permissions to the Log Delivery Group to the bucket where logs will be stored. We recommend using a separate bucket for logs, but it must be in the same region. Log Delivery Group must be able to write objects and read ACL.
After that, you can enable Logging for a bucket:
Contents of logs-acl.json
:
Retrieve bucket logging settings:
Disable logging for a bucket:
This document provides instructions to manage using the CLI. Additionally, these tasks can also be performed using the and .
Prerequisites:
Set up the AWS CLI by following the .
Make sure to consider the supported .
must be enabled for source and destination buckets.
Get the CORS configuration for the bucket my-bucket
:
Set up CORS configuration for the bucket my-bucket
:
For more information, see command reference.