Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Run the aws configure command in a terminal.
AWS Access Key ID [None]: Insert the Access Key. In the DCD, go to Menu > Storage > IONOS Object Storage > Key management and check the Access keys section to find the essential details.
AWS Secret Access Key [None]: Paste the Secret Key. In the DCD, go to Menu > Storage > IONOS Object Storage > Key management and check the Access keys section to find the essential details.
Default region name [None]: de.
Default output format [None]: json.
Test if you set up AWS CLI correctly by running a command to list buckets; use any endpoints for testing purposes.
aws s3 ls --endpoint-url https://s3.eu-central-1.ionoscloud.com
If the setup works correctly, you may proceed with the other commands.
For each command, be sure to include one of the endpoints in the endpoint-url parameter:
--endpoint-url https://s3.eu-central-2.ionoscloud.comFor information on the supported IONOS Object Storage Service endpoints, see Endpoints.
There are two sets of commands:
S3: Offers high-level commands for managing buckets and moving, copying, and synchronizing objects.
S3api: Allows you to work with specific features such as ACL, CORS, and Versioning.
For additional information, see the official AWS CLI Command Reference.
IONOS Object Storage is compatible with the S3 protocol, which means that it can be used to manage buckets and objects with existing S3 clients once properly configured.
Amazon Web Services (AWS) Command-line Interface (CLI) is unique in offering a wide range of commands for comprehensive management of buckets and objects which is ideal for scripting and automation. IONOS Object Storage supports using AWS CLI for Windows, macOS, and Linux.
Configure AWS CLI
Learn how to set up AWS CLI and using it with IONOS Object Storage.
Standard Commands
Learn the common commands to manage IONOS Object Storage using AWS CLI.
Object Lock
Learn how to create and manage Object Lock using AWS CLI.
Replication
Learn how to replicate buckets using the AWS CLI.
Versioning
Learn how to version buckets using the AWS CLI.
Lifecycle
Learn how to manage Lifecycle using the AWS CLI.
Bucket Policy
Learn about the features compatible with S3 API.
ACL for Buckets
Learn how to define access permissions for buckets using the AWS CLI.
ACL for Objects
Learn how to define access permissions for objects using the AWS CLI.
Logging
Learn how to enable and manage Logging for buckets using the AWS CLI.
CORS
Learn how to configure CORS for buckets using the AWS CLI.
Static Website Hosting
Learn how to allow and manage static website hosting for buckets using the AWS CLI.
This document provides instructions to manage Versioning using the CLI. Additionally, these tasks can also be performed using the DCD and IONOS Object Storage API.
Get the versioning state of the bucket:
aws s3api get-bucket-versioning --bucket my-bucket --endpoint-url https://s3.eu-central-2.ionoscloud.com
Enable versioning for the bucket:
aws s3api put-bucket-versioning --bucket my-bucket --versioning-configuration Status=Enabled --endpoint-url https://s3.eu-central-2.ionoscloud.com
List object versions for the bucket:
aws s3api list-object-versions --bucket my-bucket --endpoint-url https://s3.eu-central-2.ionoscloud.com
List object versions for the object my-object.txt:
aws s3api list-object-versions --bucket my-bucket --prefix my-object.txt --endpoint-url https://s3.eu-central-2.ionoscloud.com
This document provides instructions to manage Bucket Policy using the CLI. Additionally, these tasks can also be performed using the DCD and IONOS Object Storage API.
To create a file policy.json with the JSON policy, see Examples.
Apply a bucket policy to a bucket:
aws s3api put-bucket-policy --bucket my-bucket --policy file://policy.json --endpoint-url https://s3.eu-central-2.ionoscloud.com
Save a bucket policy to file:
aws s3api get-bucket-policy --bucket my-bucket --endpoint-url https://s3.eu-central-2.ionoscloud.com > policy.json
Delete the bucket policy:
aws s3api delete-bucket-policy --bucket my-bucket --endpoint-url https://s3.eu-central-2.ionoscloud.com
This document provides instructions to manage Object Lock using the CLI. Additionally, these tasks can also be performed using the DCD and IONOS Object Storage API.
Create a bucket my-bucket in the de region (Frankfurt, Germany) with Object Lock:
aws s3api create-bucket \
--bucket my-bucket \
--object-lock-enabled-for-bucket \
--region=de --create-bucket-configuration \
LocationConstraint=de \
--endpoint-url https://s3.eu-central-1.ionoscloud.comAn Object Lock with Governance mode on a bucket provides the bucket owner with better flexibility compared to the Compliance mode. It permits the removal of the Object Lock before the designated retention period has expired, allowing for subsequent replacements or deletions of the object.
Apply Governance mode configuration to the bucket my-bucket-with-object-lock with a default retention period equal to 15 days (or use the PutObjectLockConfiguration API Call):
aws s3api put-object-lock-configuration \
--bucket my-bucket-with-object-lock \
--object-lock-configuration '{ "ObjectLockEnabled": "Enabled", "Rule": { "DefaultRetention": { "Mode": "GOVERNANCE", "Days": 15 }}}' \
--endpoint-url https://s3.eu-central-1.ionoscloud.comOn applying this configuration, the newly uploaded objects adhere to this retention setting.
An Object Lock with Compliance mode on a bucket ensures strict control by enforcing a stringent retention policy on objects. Once this mode is set, the retention period for an object cannot be shortened or modified. It provides immutable protection by preventing objects from being deleted or overwritten during their retention period.
This mode is particularly suited for meeting regulatory requirements as it guarantees that objects remain unaltered. It does not allow locks to be removed before the retention period concludes, ensuring consistent data protection.
Apply Compliance mode configuration to the bucket my-bucket-with-object-lock with a default retention period equal to 15 days:
aws s3api put-object-lock-configuration \
--bucket my-bucket-with-object-lock \
--object-lock-configuration '{ "ObjectLockEnabled": "Enabled", "Rule": { "DefaultRetention": { "Mode": "COMPLIANCE", "Days": 15 }}}' \
--endpoint-url https://s3.eu-central-1.ionoscloud.comOn applying this configuration, the newly uploaded objects adhere to this retention setting.
Retrieve Object Lock configuration of a bucket (the same could be achieved with the GetObjectLockConfiguration API Call):
aws s3api get-object-lock-configuration \
--bucket my-bucket-with-object-lock \
--endpoint-url https://s3.eu-central-1.ionoscloud.com {
"ObjectLockConfiguration": {
"ObjectLockEnabled": "Enabled",
"Rule": {
"DefaultRetention": {
"Mode": "GOVERNANCE",
"Days": 15
}
}
}
}aws s3api put-object-lock-configuration \
--bucket my-bucket-with-object-lock \
--object-lock-configuration '{ "ObjectLockEnabled": "Enabled", "Rule": { "DefaultRetention": { "Mode": "COMPLIANCE", "Days": 15 }}}' \
--endpoint-url https://s3.eu-central-1.ionoscloud.comUpload my-object.pdf to the bucket my-bucket-with-object-lock:
aws s3api put-object \
--bucket my-bucket-with-object-lock \
--key my-object.pdf \
--endpoint-url https://s3.eu-central-1.ionoscloud.com{
"ETag": "\"d41d8cd98f00b204e9800998ecf8427e\"",
"VersionId": "fe11c94b-d120-723f-b907-1070fde7f794"
}This task could also be achieved by using the PutObject API call.
Upload my-object.pdf to the bucket my-bucket-with-object-lock and override the bucket’s default Object Lock configuration:
aws s3api put-object \
--bucket my-bucket-with-object-lock \
--key my-object.pdf \
--object-lock-mode GOVERNANCE \
--object-lock-retain-until-date 2023-08-09T09:01:01Z \
--endpoint-url https://s3.eu-central-1.ionoscloud.comThe permanent deletion of the object’s version is prohibited, and the system only creates a deletion marker for the object. But it makes IONOS Object Storage behave in most ways as though the object has been deleted. You can only list the delete markers and other versions of an object by using the ListObjectVersions API call.
aws s3api list-object-versions --bucket my-bucket-with-object-lock --endpoint-url https://s3.eu-central-1.ionoscloud.comApply legal-hold status to my-object.pdf in the bucket my-bucket-with-object-lock:
aws s3api put-object-legal-hold \
--bucket my-bucket-with-object-lock \
--key my-object.pdf \
--legal-hold Status=ON \
--endpoint-url https://s3.eu-central-1.ionoscloud.comUse Status=OFF to turn off the legal-hold status.
To check the Object Lock status for a particular version of an object, you can utilize either the GET Object or the HEAD Object commands. Both commands will provide information about the retention mode, the designated 'Retain Until Date' and the status of the legal hold for the chosen object version.
When multiple users have permission to upload objects to your bucket, there is a risk of overly extended retention periods being set. This can lead to increased storage costs and data management challenges. While the system allows for up to 100 years using the s3:object-lock-remaining-retention-days condition key, implementing limitations can be particularly beneficial in multi-user environments.
Establish a 10-day maximum retention limit:
{
"Version": "2012-10-17",
"Id": "Set Retention Limits",
"Statement": [
{
"Sid": "Set Retention Period",
"Effect": "Deny",
"Principal": "*",
"Action": [
"s3:PutObjectRetention"
],
"Resource": "arn:aws:s3:::my-bucket-with-object-lock/*",
"Condition": {
"NumericGreaterThan": {
"s3:object-lock-remaining-retention-days": "10"
}
}
}
]
}Save it to the policy.json file and apply using the following command:
aws s3api put-bucket-policy --bucket my-bucket-with-object-lock --policy file://policy.jsonThis document provides instructions to Manage ACL for Buckets using the AWS CLI. Additionally, these tasks can also be performed using the DCD and IONOS Object Storage API.
Use the following keys to define access permissions:
--grant-read: Grants read-only access.
--grant-write: Grants write-only access.
--grant-read-acp: Grants permission to read the Access Control List.
--grant-write-acp: Grants permission to modify the Access Control List.
--grant-full-control: Grants full access, encompassing the permissions listed above (read, write, read ACL, and write ACL).
Grant full control of my-bucket to a user with a specific Canonical user ID:
aws s3api put-bucket-acl --bucket MY-BUCKET --grant-full-control id=CANONICAL_USER_ID --endpoint-url https://s3.eu-central-2.ionoscloud.com
Separate grants with a comma if you want to specify multiple Canonical user IDs:
aws s3api put-bucket-acl --bucket MY-BUCKET --grant-full-control id=CANONICAL_USER_ID_1,id=CANONICAL_USER_ID_2 --endpoint-url https://s3.eu-central-2.ionoscloud.comGrant full control of my-bucket to multiple users using their Canonical user IDs:
aws s3api put-bucket-acl --bucket MY-BUCKET --grant-full-control id=CANONICAL_USER_ID_1,id=CANONICAL_USER_ID_2 --endpoint-url https://s3.eu-central-2.ionoscloud.comGrant full control of my-bucket by using an email address instead of a Canonical User ID:
aws s3api put-bucket-acl --bucket MY-BUCKET --grant-full-control [email protected] --endpoint-url https://s3.eu-central-2.ionoscloud.comRetrieve the ACL of a bucket and save it to the file acl.json:
aws s3api get-bucket-acl --bucket MY-BUCKET --endpoint-url https://s3.eu-central-2.ionoscloud.com > acl.jsonEdit the file. For example, remove or add some grants and apply the updated ACL to the bucket:
aws s3api put-bucket-acl --bucket MY-BUCKET --access-control-policy file://acl.json --endpoint-url https://s3.eu-central-2.ionoscloud.com
Use the following values for the --acl key:
private removes public access.
public-read allows public read-only access.
public-read-write allows public read/write access.
authenticated-read allows read-only access to all authenticated users of IONOS Object storage (including ones out of your contract).
Allow public read-only access to the bucket:
aws s3api put-bucket-acl --bucket MY-BUCKET --acl public-read --endpoint-url https://s3.eu-central-2.ionoscloud.comRemove public access to the bucket:
aws s3api put-bucket-acl --bucket MY-BUCKET --acl private --endpoint-url https://s3.eu-central-2.ionoscloud.comSet WRITE and READ_ACP permissions for the Log Delivery Group, which is required before enabling the Logging feature for a bucket:
aws s3api put-bucket-acl --bucket MY-BUCKET --acl log-delivery-write --endpoint-url https://s3.eu-central-2.ionoscloud.comThis document provides instructions to Manage ACL for Objects using the AWS CLI. Additionally, these tasks can also be performed using the DCD and IONOS Object Storage API.
Use the following keys to define access permissions:
--grant-read: Grants read-only access.
--grant-write: Grants write-only access.
--grant-read-acp: Grants permission to read the Access Control List.
--grant-write-acp: Grants permission to modify the Access Control List.
--grant-full-control: Grants full access, encompassing the permissions listed above (read, write, read ACL, and write ACL).
Use --key to specify the object for granting access:
aws s3api put-object-acl --bucket MY-BUCKET --key my-object.txt --grant-full-control id=CANONICAL_USER_ID --endpoint-url https://s3.eu-central-2.ionoscloud.comUse the following values for the --acl key:
private removes public access.
public-read allows public read-only access.
public-read-write allows public read/write access.
authenticated-read allows read-only access to all authenticated users of IONOS Object storage (including ones out of your contract).
Allow public read-only access to the object:
aws s3api put-object-acl --bucket MY-BUCKET --acl public-read --endpoint-url https://s3.eu-central-2.ionoscloud.comRemove public access from the object:
aws s3api put-object-acl --bucket MY-BUCKET --acl private --endpoint-url https://s3.eu-central-2.ionoscloud.comThis document provides instructions to manage Lifecycle using the CLI. Additionally, these tasks can also be performed using the DCD and IONOS Object Storage API.
Create a file lifecycle.json with the JSON policy:
{
"Rules": [
{
"ID": "Delete objects with data/ prefix after 30 days with size",
"Status": "Enabled",
"Expiration": {
"Days": 30
},
"Filter": {
"Prefix": "data/"
}
},
{
"ID": "Delete objects 60 days after becoming non-current for bucket with Versioning enabled",
"Status": "Enabled",
"Filter": {
"Prefix": "temp/"
},
"NoncurrentVersionExpiration": {
"NoncurrentDays": 45
}
},
{
"ID": "Delete 2022 logs in 2024.",
"Status": "Enabled",
"Expiration": {
"Date": "2024-01-01T00:00:00.000Z"
},
"Filter": {
"Prefix": "logs/2022/"
}
},
{
"ID": "Delete incomplete multipart uploads",
"Status": "Enabled",
"AbortIncompleteMultipartUpload": {
"DaysAfterInitiation": 5
},
"Filter": {}
}
]
}Apply the lifecycle configuration to a bucket:
aws s3api put-bucket-lifecycle-configuration --bucket my-bucket --lifecycle-configuration file://lifecycle.json --endpoint-url https://s3.eu-central-2.ionoscloud.com
Save the bucket’s lifecycle configuration to a file:
aws s3api get-bucket-lifecycle-configuration --bucket my-bucket --endpoint-url https://s3.eu-central-2.ionoscloud.com > lifecycle.json
Delete the Lifecyle configuration:
aws s3api delete-bucket-lifecycle --bucket my-bucket --endpoint-url https://s3.eu-central-2.ionoscloud.com
This document provides instructions to manage Replication using the CLI. Additionally, these tasks can also be performed using the DCD and IONOS Object Storage API.
Create the file replication_configuration.json with the following content:
"Role": "this field is ignored",
"Rules": [
{
"Status": "Enabled",
"Prefix": "",
"Destination": {
"Bucket": "arn:aws:s3:::my-destination-bucket"
}
}
]
Enable replication from my-source-bucket to my-destination-bucket (use the endpoint of the source bucket):
aws s3api put-bucket-replication --bucket my-source-bucket --replication-configuration file://replication_configuration.json --endpoint-url https://s3.eu-central-2.ionoscloud.com
Retrieve the replication configuration:
aws s3api get-bucket-replication --bucket my-source-bucket --endpoint-url https://s3.eu-central-2.ionoscloud.comDelete the replication configuration:
aws s3api delete-bucket-replication --bucket my-source-bucket --endpoint-url https://s3.eu-central-2.ionoscloud.comThis document provides instructions to manage CORS using the CLI. Additionally, these tasks can also be performed using the DCD and API.
Get the CORS configuration for the bucket my-bucket:
aws s3api get-bucket-cors --bucket my-bucket --endpoint-url https://s3.eu-central-2.ionoscloud.com
Set up CORS configuration for the bucket my-bucket:
aws s3api put-bucket-cors --bucket my-bucket --cors-configuration file://cors.json --endpoint-url https://s3.eu-central-2.ionoscloud.com
{
"CORSRules": [
{
"AllowedOrigins": ["http://www.example.com"],
"AllowedHeaders": ["*"],
"AllowedMethods": ["PUT", "POST", "DELETE"],
"MaxAgeSeconds": 3000,
"ExposeHeaders": ["x-amz-server-side-encryption"]
},
{
"AllowedOrigins": ["*"],
"AllowedHeaders": ["Authorization"],
"AllowedMethods": ["GET"],
"MaxAgeSeconds": 3000
}
]
}For more information, see put-bucket-cors command reference.
This document provides instructions for managing IONOS Object Storage using the AWS CLI. Additionally, this task can also be performed through the DCD DCD and API.
Option 1: Using s3 set of commands:
aws s3 ls --endpoint-url https://s3.eu-central-2.ionoscloud.comOption 2: Using s3api set of commands:
aws s3api list-buckets --endpoint-url https://s3.eu-central-2.ionoscloud.comCreate a bucket in the eu-central-2 region (Berlin, Germany):
Option 1: Using s3 set of commands:
aws s3 mb s3://my-bucket --region eu-central-2 --endpoint-url https://s3.eu-central-2.ionoscloud.comOption 2: Using s3api set of commands:
aws s3api create-bucket --bucket my-bucket --region=eu-central-2 --create-bucket-configuration LocationConstraint=eu-central-2 --endpoint-url https://s3.eu-central-2.ionoscloud.comCreate a bucket in the de region (Frankfurt, Germany) with Object Lock enabled:
aws s3api create-bucket --bucket my-bucket --object-lock-enabled-for-bucket --region=de --create-bucket-configuration LocationConstraint=de --endpoint-url https://s3.eu-central-1.ionoscloud.comUpload an object from the current directory to a bucket:
aws s3 cp filename.txt s3://my-bucket --endpoint-url https://s3.eu-central-2.ionoscloud.com
Download all the objects from the my-bucket bucket to the local directory my-dir:
aws s3 cp s3://my-bucket my-dir --recursive --endpoint-url https://s3.eu-central-2.ionoscloud.com
Copy the object to the bucket:
aws s3 cp my-dir s3://my-bucket/ --recursive --endpoint-url https://s3.eu-central-2.ionoscloud.comCopy the contents of the local directory my-dir to the bucket my-bucket:
aws s3 cp my-dir s3://my-bucket/ --recursive --endpoint-url https://s3.eu-central-2.ionoscloud.comFor more information, see the cp command reference.
Copy all objects from my-source-bucket to my-dest-bucket excluding .zip files. The command does not support cross-region copying for IONOS Object Storage:
aws s3 cp s3://my-source-bucket/ s3://my-dest-bucket/ --recursive --exclude "*.zip" --endpoint-url https://s3.eu-central-2.ionoscloud.com`Sync the bucket my-bucket with the contents of the local directory my-dir:
aws s3 sync my-dir s3://my-bucket --endpoint-url https://s3.eu-central-2.ionoscloud.comFor more information, see sync command reference.
This document provides instructions for managing Static Website Hosting using the CLI. Additionally, these tasks can also be performed using the DCD and IONOS Object Storage API.
Make the bucket public for static website hosting using Bucket Policy:
aws s3api put-bucket-policy --bucket my-bucket \
--policy file://policy.json \
--endpoint-url https://s3.eu-central-2.ionoscloud.com
Contents of policy.json:
{
"Version": "2012-10-17",
"Statement":
[
{
"Sid": "PublicRead",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::example-bucket/*"
}
]
}
Enable static website hosting for my-bucket:
aws s3 website s3://my-bucket \
--index-document index.html \
--error-document error.htm \
--endpoint-url https://s3.eu-central-2.ionoscloud.comDisable static website hosting for my-bucket:
aws s3api delete-bucket-website --bucket my-bucket \
--endpoint-url https://s3.eu-central-2.ionoscloud.comThis document provides instructions to manage Logging using the CLI. Additionally, these tasks can also be performed using the DCD and IONOS Object Storage API.
aws s3api put-bucket-acl \
--bucket MY-BUCKET-FOR-LOGS \
--grant-write URI=http://acs.amazonaws.com/groups/s3/LogDelivery \
--grant-read-acp URI=http://acs.amazonaws.com/groups/s3/LogDelivery \
--endpoint-url https://s3.eu-central-2.ionoscloud.comAfter that, you can enable Logging for a bucket:
aws s3api put-bucket-logging \
--bucket MY-BUCKET \
--bucket-logging-status file://logs-acl.json \
--endpoint-url https://s3.eu-central-2.ionoscloud.comContents of logs-acl.json:
Retrieve bucket logging settings:
aws s3api get-bucket-logging \
--bucket MY-BUCKET \
--endpoint-url https://s3.eu-central-2.ionoscloud.comDisable logging for a bucket:
aws s3api put-bucket-logging \
--bucket MY-BUCKET \
--bucket-logging-status '{}' \
--endpoint-url https://s3.eu-central-2.ionoscloud.com