Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Run the aws configure command in a terminal.
AWS Access Key ID [None]: Insert the Access Key. In the DCD, go to Menu > Storage > IONOS Object Storage > Key management and check the Access keys section to find the essential details.
AWS Secret Access Key [None]: Paste the Secret Key. In the DCD, go to Menu > Storage > IONOS Object Storage > Key management and check the Access keys section to find the essential details.
Default region name [None]: de.
Default output format [None]: json.
Test if you set up AWS CLI correctly by running a command to list buckets; use any endpoints for testing purposes.
If the setup works correctly, you may proceed with the other commands.
For each command, be sure to include one of the endpoints in the endpoint-url parameter:
For information on the supported IONOS Object Storage Service endpoints, see .
There are two sets of commands:
: Offers high-level commands for managing buckets and moving, copying, and synchronizing objects.
: Allows you to work with specific features such as ACL, CORS, and Versioning.
For additional information, see the official .
aws s3 ls --endpoint-url https://s3.eu-central-1.ionoscloud.com
--endpoint-url https://s3.eu-central-2.ionoscloud.comIONOS Object Storage is compatible with the S3 protocol, which means that it can be used to manage buckets and objects with existing S3 clients once properly configured.
Amazon Web Services (AWS) Command-line Interface (CLI) is unique in offering a wide range of commands for comprehensive management of buckets and objects which is ideal for scripting and automation. IONOS Object Storage supports using AWS CLI for Windows, macOS, and Linux.
This document provides instructions to manage Replication using the CLI. Additionally, these tasks can also be performed using the DCD and IONOS Object Storage API.
Create the file replication_configuration.json with the following content:
Enable replication from my-source-bucket to my-destination-bucket (use the endpoint of the source bucket):
Retrieve the replication configuration:
Delete the replication configuration:
This document provides instructions to manage Versioning using the CLI. Additionally, these tasks can also be performed using the DCD and IONOS Object Storage API.
Get the versioning state of the bucket:
Enable versioning for the bucket:
List object versions for the bucket:
List object versions for the object my-object.txt:
aws s3api get-bucket-versioning --bucket my-bucket --endpoint-url https://s3.eu-central-2.ionoscloud.com
"Role": "this field is ignored",
"Rules": [
{
"Status": "Enabled",
"Prefix": "",
"Destination": {
"Bucket": "arn:aws:s3:::my-destination-bucket"
}
}
]
aws s3api put-bucket-replication --bucket my-source-bucket --replication-configuration file://replication_configuration.json --endpoint-url https://s3.eu-central-2.ionoscloud.com
aws s3api get-bucket-replication --bucket my-source-bucket --endpoint-url https://s3.eu-central-2.ionoscloud.comaws s3api delete-bucket-replication --bucket my-source-bucket --endpoint-url https://s3.eu-central-2.ionoscloud.comaws s3api put-bucket-versioning --bucket my-bucket --versioning-configuration Status=Enabled --endpoint-url https://s3.eu-central-2.ionoscloud.com
aws s3api list-object-versions --bucket my-bucket --endpoint-url https://s3.eu-central-2.ionoscloud.com
aws s3api list-object-versions --bucket my-bucket --prefix my-object.txt --endpoint-url https://s3.eu-central-2.ionoscloud.com
This document provides instructions to Manage ACL for Objects using the AWS CLI. Additionally, these tasks can also be performed using the DCD and IONOS Object Storage API.
Use the following keys to define access permissions:
--grant-read: Grants read-only access.
--grant-write: Grants write-only access.
--grant-read-acp: Grants permission to read the Access Control List.
Use --key to specify the object for granting access:
Use the following values for the --acl key:
private removes public access.
public-read allows public read-only access.
public-read-write allows public read/write access.
Allow public read-only access to the object:
Remove public access from the object:
This document provides instructions for managing IONOS Object Storage using the AWS CLI. Additionally, this task can also be performed through the DCD and .
--grant-write-acp: Grants permission to modify the Access Control List.--grant-full-control: Grants full access, encompassing the permissions listed above (read, write, read ACL, and write ACL).
authenticated-read allows read-only access to all authenticated users of IONOS Object storage (including ones out of your contract).aws s3api put-object-acl --bucket MY-BUCKET --key my-object.txt --grant-full-control id=CANONICAL_USER_ID --endpoint-url https://s3.eu-central-2.ionoscloud.comaws s3api put-object-acl --bucket MY-BUCKET --acl public-read --endpoint-url https://s3.eu-central-2.ionoscloud.comaws s3api put-object-acl --bucket MY-BUCKET --acl private --endpoint-url https://s3.eu-central-2.ionoscloud.comOption 1: Using s3 set of commands:
Option 2: Using s3api set of commands:
Create a bucket in the eu-central-2 region (Berlin, Germany):
Option 1: Using s3 set of commands:
Option 2: Using s3api set of commands:
Create a bucket in the de region (Frankfurt, Germany) with Object Lock enabled:
Upload an object from the current directory to a bucket:
Download all the objects from the my-bucket bucket to the local directory my-dir:
Copy the object to the bucket:
Copy the contents of the local directory my-dir to the bucket my-bucket:
For more information, see the cp command reference.
Copy all objects from my-source-bucket to my-dest-bucket excluding .zip files. The command does not support cross-region copying for IONOS Object Storage:
Sync the bucket my-bucket with the contents of the local directory my-dir:
For more information, see sync command reference.
This document provides instructions to manage Logging using the CLI. Additionally, these tasks can also be performed using the DCD and IONOS Object Storage API.
After that, you can enable Logging for a bucket:
Contents of logs-acl.json:
Retrieve bucket logging settings:
Disable logging for a bucket:
This document provides instructions to manage using the CLI. Additionally, these tasks can also be performed using the and .
This document provides instructions to manage using the CLI. Additionally, these tasks can also be performed using the and .
This document provides instructions for managing using the CLI. Additionally, these tasks can also be performed using the and .
aws s3 ls --endpoint-url https://s3.eu-central-2.ionoscloud.comaws s3api list-buckets --endpoint-url https://s3.eu-central-2.ionoscloud.comaws s3 mb s3://my-bucket --region eu-central-2 --endpoint-url https://s3.eu-central-2.ionoscloud.comaws s3 cp filename.txt s3://my-bucket --endpoint-url https://s3.eu-central-2.ionoscloud.com
aws s3 cp s3://my-bucket my-dir --recursive --endpoint-url https://s3.eu-central-2.ionoscloud.com
aws s3 cp my-dir s3://my-bucket/ --recursive --endpoint-url https://s3.eu-central-2.ionoscloud.comaws s3 cp my-dir s3://my-bucket/ --recursive --endpoint-url https://s3.eu-central-2.ionoscloud.comSet up the AWS CLI by following the installation instructions.
Make sure to consider the supported Endpoints.
Create a bucket my-bucket in the de region (Frankfurt, Germany) with Object Lock:
An Object Lock with Governance mode on a bucket provides the bucket owner with better flexibility compared to the Compliance mode. It permits the removal of the Object Lock before the designated retention period has expired, allowing for subsequent replacements or deletions of the object.
Apply Governance mode configuration to the bucket my-bucket-with-object-lock with a default retention period equal to 15 days (or use the PutObjectLockConfiguration API Call):
On applying this configuration, the newly uploaded objects adhere to this retention setting.
An Object Lock with Compliance mode on a bucket ensures strict control by enforcing a stringent retention policy on objects. Once this mode is set, the retention period for an object cannot be shortened or modified. It provides immutable protection by preventing objects from being deleted or overwritten during their retention period.
This mode is particularly suited for meeting regulatory requirements as it guarantees that objects remain unaltered. It does not allow locks to be removed before the retention period concludes, ensuring consistent data protection.
Apply Compliance mode configuration to the bucket my-bucket-with-object-lock with a default retention period equal to 15 days:
On applying this configuration, the newly uploaded objects adhere to this retention setting.
Retrieve Object Lock configuration of a bucket (the same could be achieved with the GetObjectLockConfiguration API Call):
Upload my-object.pdf to the bucket my-bucket-with-object-lock:
This task could also be achieved by using the PutObject API call.
Upload my-object.pdf to the bucket my-bucket-with-object-lock and override the bucket’s default Object Lock configuration:
The permanent deletion of the object’s version is prohibited, and the system only creates a deletion marker for the object. But it makes IONOS Object Storage behave in most ways as though the object has been deleted. You can only list the delete markers and other versions of an object by using the ListObjectVersions API call.
Apply legal-hold status to my-object.pdf in the bucket my-bucket-with-object-lock:
Use Status=OFF to turn off the legal-hold status.
To check the Object Lock status for a particular version of an object, you can utilize either the GET Object or the HEAD Object commands. Both commands will provide information about the retention mode, the designated 'Retain Until Date' and the status of the legal hold for the chosen object version.
When multiple users have permission to upload objects to your bucket, there is a risk of overly extended retention periods being set. This can lead to increased storage costs and data management challenges. While the system allows for up to 100 years using the s3:object-lock-remaining-retention-days condition key, implementing limitations can be particularly beneficial in multi-user environments.
Establish a 10-day maximum retention limit:
Save it to the policy.json file and apply using the following command:
To create a file policy.json with the JSON policy, see Examples.
Apply a bucket policy to a bucket:
Save a bucket policy to file:
Delete the bucket policy:
aws s3api put-bucket-policy --bucket my-bucket --policy file://policy.json --endpoint-url https://s3.eu-central-2.ionoscloud.com
Make the bucket public for static website hosting using Bucket Policy:
Contents of policy.json:
Enable static website hosting for my-bucket:
Disable static website hosting for my-bucket:
aws s3api create-bucket --bucket my-bucket --region=eu-central-2 --create-bucket-configuration LocationConstraint=eu-central-2 --endpoint-url https://s3.eu-central-2.ionoscloud.comaws s3api create-bucket --bucket my-bucket --object-lock-enabled-for-bucket --region=de --create-bucket-configuration LocationConstraint=de --endpoint-url https://s3.eu-central-1.ionoscloud.comaws s3 cp s3://my-source-bucket/ s3://my-dest-bucket/ --recursive --exclude "*.zip" --endpoint-url https://s3.eu-central-2.ionoscloud.com`aws s3 sync my-dir s3://my-bucket --endpoint-url https://s3.eu-central-2.ionoscloud.comaws s3api put-bucket-acl \
--bucket MY-BUCKET-FOR-LOGS \
--grant-write URI=http://acs.amazonaws.com/groups/s3/LogDelivery \
--grant-read-acp URI=http://acs.amazonaws.com/groups/s3/LogDelivery \
--endpoint-url https://s3.eu-central-2.ionoscloud.comaws s3api put-bucket-logging \
--bucket MY-BUCKET \
--bucket-logging-status file://logs-acl.json \
--endpoint-url https://s3.eu-central-2.ionoscloud.comaws s3api get-bucket-logging \
--bucket MY-BUCKET \
--endpoint-url https://s3.eu-central-2.ionoscloud.comaws s3api put-bucket-logging \
--bucket MY-BUCKET \
--bucket-logging-status '{}' \
--endpoint-url https://s3.eu-central-2.ionoscloud.comaws s3api create-bucket \
--bucket my-bucket \
--object-lock-enabled-for-bucket \
--region=de --create-bucket-configuration \
LocationConstraint=de \
--endpoint-url https://s3.eu-central-1.ionoscloud.comaws s3api put-object-lock-configuration \
--bucket my-bucket-with-object-lock \
--object-lock-configuration '{ "ObjectLockEnabled": "Enabled", "Rule": { "DefaultRetention": { "Mode": "GOVERNANCE", "Days": 15 }}}' \
--endpoint-url https://s3.eu-central-1.ionoscloud.comaws s3api put-object-lock-configuration \
--bucket my-bucket-with-object-lock \
--object-lock-configuration '{ "ObjectLockEnabled": "Enabled", "Rule": { "DefaultRetention": { "Mode": "COMPLIANCE", "Days": 15 }}}' \
--endpoint-url https://s3.eu-central-1.ionoscloud.comaws s3api get-object-lock-configuration \
--bucket my-bucket-with-object-lock \
--endpoint-url https://s3.eu-central-1.ionoscloud.com {
"ObjectLockConfiguration": {
"ObjectLockEnabled": "Enabled",
"Rule": {
"DefaultRetention": {
"Mode": "GOVERNANCE",
"Days": 15
}
}
}
}aws s3api put-object-lock-configuration \
--bucket my-bucket-with-object-lock \
--object-lock-configuration '{ "ObjectLockEnabled": "Enabled", "Rule": { "DefaultRetention": { "Mode": "COMPLIANCE", "Days": 15 }}}' \
--endpoint-url https://s3.eu-central-1.ionoscloud.comaws s3api put-object \
--bucket my-bucket-with-object-lock \
--key my-object.pdf \
--endpoint-url https://s3.eu-central-1.ionoscloud.com{
"ETag": "\"d41d8cd98f00b204e9800998ecf8427e\"",
"VersionId": "fe11c94b-d120-723f-b907-1070fde7f794"
}aws s3api put-object \
--bucket my-bucket-with-object-lock \
--key my-object.pdf \
--object-lock-mode GOVERNANCE \
--object-lock-retain-until-date 2023-08-09T09:01:01Z \
--endpoint-url https://s3.eu-central-1.ionoscloud.comaws s3api list-object-versions --bucket my-bucket-with-object-lock --endpoint-url https://s3.eu-central-1.ionoscloud.comaws s3api put-object-legal-hold \
--bucket my-bucket-with-object-lock \
--key my-object.pdf \
--legal-hold Status=ON \
--endpoint-url https://s3.eu-central-1.ionoscloud.com{
"Version": "2012-10-17",
"Id": "Set Retention Limits",
"Statement": [
{
"Sid": "Set Retention Period",
"Effect": "Deny",
"Principal": "*",
"Action": [
"s3:PutObjectRetention"
],
"Resource": "arn:aws:s3:::my-bucket-with-object-lock/*",
"Condition": {
"NumericGreaterThan": {
"s3:object-lock-remaining-retention-days": "10"
}
}
}
]
}aws s3api put-bucket-policy --bucket my-bucket-with-object-lock --policy file://policy.jsonaws s3api get-bucket-policy --bucket my-bucket --endpoint-url https://s3.eu-central-2.ionoscloud.com > policy.json
aws s3api delete-bucket-policy --bucket my-bucket --endpoint-url https://s3.eu-central-2.ionoscloud.com
aws s3api put-bucket-policy --bucket my-bucket \
--policy file://policy.json \
--endpoint-url https://s3.eu-central-2.ionoscloud.com
{
"Version": "2012-10-17",
"Statement":
[
{
"Sid": "PublicRead",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::example-bucket/*"
}
]
}
aws s3 website s3://my-bucket \
--index-document index.html \
--error-document error.htm \
--endpoint-url https://s3.eu-central-2.ionoscloud.comaws s3api delete-bucket-website --bucket my-bucket \
--endpoint-url https://s3.eu-central-2.ionoscloud.comThis document provides instructions to Manage ACL for Buckets using the AWS CLI. Additionally, these tasks can also be performed using the DCD and IONOS Object Storage API.
Use the following keys to define access permissions:
--grant-read: Grants read-only access.
--grant-write: Grants write-only access.
--grant-read-acp: Grants permission to read the Access Control List.
Grant full control of my-bucket to a user with a specific Canonical user ID:
Separate grants with a comma if you want to specify multiple Canonical user IDs:
Grant full control of my-bucket to multiple users using their Canonical user IDs:
Grant full control of my-bucket by using an email address instead of a Canonical User ID:
Retrieve the ACL of a bucket and save it to the file acl.json:
Edit the file. For example, remove or add some grants and apply the updated ACL to the bucket:
Use the following values for the --acl key:
private removes public access.
public-read allows public read-only access.
public-read-write allows public read/write access.
Allow public read-only access to the bucket:
Remove public access to the bucket:
Set WRITE and READ_ACP permissions for the Log Delivery Group, which is required before enabling the Logging feature for a bucket:
This document provides instructions to manage Lifecycle using the CLI. Additionally, these tasks can also be performed using the DCD and IONOS Object Storage API.
Create a file lifecycle.json with the JSON policy:
Apply the lifecycle configuration to a bucket:
Save the bucket’s lifecycle configuration to a file:
Delete the Lifecyle configuration:
This document provides instructions to manage CORS using the CLI. Additionally, these tasks can also be performed using the DCD and API.
Get the CORS configuration for the bucket my-bucket:
Set up CORS configuration for the bucket my-bucket:
For more information, see command reference.
--grant-write-acp: Grants permission to modify the Access Control List.--grant-full-control: Grants full access, encompassing the permissions listed above (read, write, read ACL, and write ACL).
authenticated-read allows read-only access to all authenticated users of IONOS Object storage (including ones out of your contract).aws s3api put-bucket-lifecycle-configuration --bucket my-bucket --lifecycle-configuration file://lifecycle.json --endpoint-url https://s3.eu-central-2.ionoscloud.com
aws s3api put-bucket-acl --bucket MY-BUCKET --grant-full-control id=CANONICAL_USER_ID --endpoint-url https://s3.eu-central-2.ionoscloud.com
aws s3api put-bucket-acl --bucket MY-BUCKET --grant-full-control id=CANONICAL_USER_ID_1,id=CANONICAL_USER_ID_2 --endpoint-url https://s3.eu-central-2.ionoscloud.comaws s3api put-bucket-acl --bucket MY-BUCKET --grant-full-control id=CANONICAL_USER_ID_1,id=CANONICAL_USER_ID_2 --endpoint-url https://s3.eu-central-2.ionoscloud.comaws s3api put-bucket-acl --bucket MY-BUCKET --grant-full-control [email protected] --endpoint-url https://s3.eu-central-2.ionoscloud.comaws s3api get-bucket-acl --bucket MY-BUCKET --endpoint-url https://s3.eu-central-2.ionoscloud.com > acl.jsonaws s3api put-bucket-acl --bucket MY-BUCKET --access-control-policy file://acl.json --endpoint-url https://s3.eu-central-2.ionoscloud.com
aws s3api put-bucket-acl --bucket MY-BUCKET --acl public-read --endpoint-url https://s3.eu-central-2.ionoscloud.comaws s3api put-bucket-acl --bucket MY-BUCKET --acl private --endpoint-url https://s3.eu-central-2.ionoscloud.comaws s3api put-bucket-acl --bucket MY-BUCKET --acl log-delivery-write --endpoint-url https://s3.eu-central-2.ionoscloud.com{
"Rules": [
{
"ID": "Delete objects with data/ prefix after 30 days with size",
"Status": "Enabled",
"Expiration": {
"Days": 30
},
"Filter": {
"Prefix": "data/"
}
},
{
"ID": "Delete objects 60 days after becoming non-current for bucket with Versioning enabled",
"Status": "Enabled",
"Filter": {
"Prefix": "temp/"
},
"NoncurrentVersionExpiration": {
"NoncurrentDays": 45
}
},
{
"ID": "Delete 2022 logs in 2024.",
"Status": "Enabled",
"Expiration": {
"Date": "2024-01-01T00:00:00.000Z"
},
"Filter": {
"Prefix": "logs/2022/"
}
},
{
"ID": "Delete incomplete multipart uploads",
"Status": "Enabled",
"AbortIncompleteMultipartUpload": {
"DaysAfterInitiation": 5
},
"Filter": {}
}
]
}aws s3api get-bucket-lifecycle-configuration --bucket my-bucket --endpoint-url https://s3.eu-central-2.ionoscloud.com > lifecycle.json
aws s3api delete-bucket-lifecycle --bucket my-bucket --endpoint-url https://s3.eu-central-2.ionoscloud.com
aws s3api get-bucket-cors --bucket my-bucket --endpoint-url https://s3.eu-central-2.ionoscloud.com
aws s3api put-bucket-cors --bucket my-bucket --cors-configuration file://cors.json --endpoint-url https://s3.eu-central-2.ionoscloud.com
{
"CORSRules": [
{
"AllowedOrigins": ["http://www.example.com"],
"AllowedHeaders": ["*"],
"AllowedMethods": ["PUT", "POST", "DELETE"],
"MaxAgeSeconds": 3000,
"ExposeHeaders": ["x-amz-server-side-encryption"]
},
{
"AllowedOrigins": ["*"],
"AllowedHeaders": ["Authorization"],
"AllowedMethods": ["GET"],
"MaxAgeSeconds": 3000
}
]
}