Object Storage - Concepts
Access control list (ACL)
Access control lists (ACL) are subresources attached to buckets and objects. They define which Scaleway users have access to the attached object/bucket, and the type of access they have. Whenever a user makes a request against a resource, s3 checks its ACL and verifies that they have permission to carry out the request.
Bucket
A group of objects sharing a common denominator. It can contain as many objects as you want.
Bucket policy
A bucket policy is a resource-based policy option. It allows you to grant more granular access to Object Storage resources.
By default, all Object Storage resources in a Project are private and can be accessed only by users or applications with IAM permissions. Adding a bucket policy to a bucket allows you to specify who can perform which actions on a bucket and the objects it contains. You can combine the different elements of a bucket policy to tailor your permissions according to your use case.
Bucket policies are assigned to principals, who will be allowed or denied access to resources and actions. They can be created and applied using the CLI or via the Scaleway console.
Bucket website
A feature that allows you to host static websites on buckets.
Edge Services
A feature that allows you to create a cache and a custom domain for your buckets. See our dedicated documentation.
Endpoint
An endpoint represents one end of a communication channel. In the case of Object Storage, your bucket endpoint is a URL e.g. https://my-bucket.s3.nl-ams.scw.cloud
which you use when connecting to your bucket. Note that https://my-bucket.s3.nl-ams.scw.cloud
represents a virtual-host style endpoint, and https://s3.nl-ams.scw.cloud/my-bucket
represents a path-style endpoint. Both formats are valid and work with any up-to-date SDK or CLI, though the virtual-host style is generally preferred. The endpoint to use differs depending on the geographical location of the Object Storage platform.
- Amsterdam, The Netherlands
- Region:
nl-ams
- Endpoint:
https://s3.nl-ams.scw.cloud/
- Region:
- Paris, France
- Region:
fr-par
- Endpoint:
https://s3.fr-par.scw.cloud/
- Region:
- Warsaw, Poland
- Region:
pl-waw
- Endpoint:
https://s3.pl-waw.scw.cloud/
- Region:
Legal hold
A legal hold provides the same protection as a retention period, but it has no expiration date. It takes the form of an ON/OFF switch that can be applied to every object in a locked bucket, independently of the lock configuration, or the object retention or its age. It can be applied to objects which are locked. A legal hold remains in place until you explicitly remove it.
Lifecycle configuration
A lifecycle configuration is a set of rules that defines actions applied to a group of objects stored on Object Storage. Currently, only the expiration and transition actions are supported on the platform:
- Expiration defines when objects expire, to delete objects automatically on your behalf.
- Transition defines when objects change their storage class.
Find out more in our how-to on managing lifecycle rules from the console.
Metrics
A feature that allows you to monitor your Object Storage consumption with a graphical interface from your Scaleway console. Object Storage Metrics provide information about:
- the number of objects in a bucket
- the storage used
- the outgoing bandwidth usage of a bucket
Multipart uploads
Allows you to upload large files to the Object Storage platform in multiple parts. It is possible to store objects up to 5 TB in size on the platform.
A multipart upload consists of three steps:
- The client initiates the upload to a specific bucket
- The different parts are uploaded
- Object Storage constructs the object from the uploaded parts
Object
An object is a file and the metadata that describes it. Each object has a key name, which is a unique identifier (such as images/photo01.jpg
) within a bucket.
Object lock
An S3 API feature that allows users to lock objects to prevent them from being deleted or overwritten. Objects can be put on lock for a specific amount of time or indefinitely. The lock period is defined by the user.
The feature uses a write-once-read-many (WORM) data protection model. This model is generally used in cases where data cannot be altered once it has been written. It provides regulatory compliance and protection against ransomware and malicious or accidental deletion of objects.
Object Storage
A storage service based on the S3 protocol. It allows you to store different types of objects (documents, images, videos, etc.) and distribute them instantly, anywhere in the world. You can upload, download, and visualize stored objects.
Contrary to other storage types such as block devices or file systems, Object Storage bundles the data itself along with metadata tags and a prefix, rather than a file name and a file path.
Parts
Parts are the chunks of data that compose multipart objects.
Prefix
A prefix is a string of characters at the beginning of the object key name. They are often used to organize your data similarly to directories and to manage object lifecycle. However, prefixes are not directories.
In the context of Scaleway Object Storage, prefixes are used to display folders in the Scaleway console for practical reasons. The /
character in a prefix is used as a delimiter to allow you to organize your objects hierarchically.
As an example, consider the following objects:
images/photo01.jpg
images/photo02.jpg
images/screenshot01.jpg
images/screenshot02.jpg
Creating a lifecycle rule based on the images/
prefix will apply to all objects, whereas a rule based on images/ph
will only apply to the first two objects.
Principal
A principal is the target of a bucket policy. They acquire the rights and permissions defined in the policy. The principal of a bucket policy can be an IAM user or application. Bucket policies can have several principals attached to them.
Region and Availability Zone
A region is a geographical area, such as France (Paris: fr-par
) or the Netherlands (Amsterdam: nl-ams
), in which Scaleway products and resources are located. It can contain multiple Availability Zones.
An Availability Zone refers to the geographical location within a region, such as waw-1
(Warsaw, Poland), in which your Scaleway resource will be created. The latency between multiple AZs of the same region is low, as they have a common network layer.
For an extensive list of which regions and AZ a resource is available in, refer to our Product availability guide.
Retention modes
Object Lock provides two modes to manage object retention, Compliance and Governance. It allows retention settings on individual objects in addition to default retention settings for all objects within a bucket.
- Compliance: When this mode is set, an object version cannot be overwritten or deleted by any user. If the Compliance mode is configured for an object, then its retention mode cannot be changed, and its retention period cannot be shortened. In other words, it ensures that an object version cannot be overwritten or deleted for the duration of the retention period.
Note: When the compliance mode is enabled, it is only possible to overwrite it or delete an object once the Object Lock expires or upon deleting your Scaleway account.
- Governance: When this mode is set, all users can alter lock settings.
Note: The Governance mode nonetheless offers some extra protection before any alterations or deletions can be carried out. Indeed, an object can be permanently deleted only if:
- A retention rule is applied, the governance retention date must be anterior to the present time
- The object does not have a Legal Hold in place. If it does, the Legal Hold Status Token must be set to OFF before deletion.
- When the above criteria are met, you’ll be able to use delete-object —version-id to permanently delete an object.
Retention period
A retention period specifies a fixed period for which an object remains locked. During this period, your object is WORM-protected and cannot be overwritten or deleted.
S3
S3 is the de facto Object Storage protocol. Scaleway Object Storage officially supports a subset of S3. The list of supported features is described in the Object Storage API documentation.
Signature V2, Signature V4
When you send HTTP requests to Object Storage, you sign the requests so that we can identify who sent them. You sign requests with your Scaleway access key, which consists of an access key and a secret key. The two main s3 protocols for authentication are Signature v2 and Signature v4. Signature v4 is more recent and it is the recommended version.
Storage class
You can choose a storage class depending on your use case:
Standard
: the Standard class for any upload; is suitable for on-demand content like streaming or CDN. TheStandard
class is Multi-AZ, and is available in all regions.One Zone - Infrequent Access
: the One Zone - IA class is a good choice for storing secondary backup copies or easily re-creatable data. It is available in all regions.Glacier
: Archived storage - prices are lower, but it needs to be restored first to be accessed. It is available in thefr-par
andnl-ams
regions.
Tags
Tags are key-value pairs you can assign to your buckets and objects to easily sort them, and for fine-grained access control using bucket policies. Both the key and the value can be customized according to your needs.
Visibility
Bucket visibility specifies whether the list of objects in a bucket is publicly visible or not. It does not affect the visibility of objects themselves.
Versioning
Versioning allows you to keep multiple variants of an object in the same bucket. When enabled, you can list archived versions of an object or permanently delete an archived version.