Jump toUpdate content

Concepts

Access control list (ACL)

Access control lists (ACL) are subresources attached to buckets and objects. They define which Scaleway users have access to the attached object/bucket, and the type of access they have. Whenever a user makes a request against a resource, s3 checks its ACL and verifies that they have permission to carry out the request.

Bucket

A group of objects sharing a common denominator. It can contain as many objects as you want.

Bucket policy

A resource-based policy option. It allows users to grant access to buckets to other Scaleway projects and organizations. By default, all S3 resources in a project are private and can be accessed only by users of the project. To grant access to outside users, a policy file can be added to a bucket via an API call or the AWS-CLI.

Bucket website

A feature that allows you to host static websites on buckets.

A legal hold provides the same protection as a retention period, but it has no expiration date. It takes the form of an ON/OFF switch that can be applied to every object in a locked bucket, independently from the lock configuration, the object retention or the object age. It can be applied to objects which are locked. A legal hold remains in place until you explicitly remove it.

Lifecycle configuration

A lifecycle configuration is a set of rules that defines actions applied to a group of objects stored on Object Storage. Currently, only the expiration and transition actions are supported on the platform:

  • Expiration defines when objects expire, to delete objects automatically on your behalf.
  • Transition defines when objects change their storage class.

Find out more in our how-to on managing lifecycle rules from the console.

Metrics

A feature that allows you to monitor your Object Storage consumption with a graphical interface from your Scaleway console. Object Storage Metrics provide information about:

  • the number of objects in a bucket
  • the storage used
  • the outgoing bandwidth usage of a bucket

Multipart uploads

Allows you to upload large files to the Object Storage platform in multiple parts. It is possible to store objects up to 5TB in size on the platform.

A multipart upload consists of three steps:

  • The client initiates the upload to a specific bucket
  • The different parts are uploaded
  • Object Storage constructs the object from the uploaded parts

Objects

An object is a file and the metadata that describes it.

Object lock

An S3 API feature that allows users to lock objects to prevent them from being deleted or overwritten. Objects can be put on lock for a specific amount of time or indefinitely. The lock period is defined by the user.

The feature uses a write-once-read-many (WORM) data protection model. This model is generally used in cases where data cannot be altered once it has been written. It provides regulatory compliance and protection against ransomware, and malicious or accidental deletion of objects.

Object Storage

A storage service based on the S3 protocol. It allows you to store different types of objects (documents, images, videos, etc.) and to distribute them instantly, anywhere in the world. You can upload, download and visualize stored objects.

Contrary to other storage types (block devices, file-systems…), Object Storage bundles the data itself along with metadata tags and a unique identifier (instead of a file name and a file path). These unique identifiers are arranged in a flat address space which makes it easier to locate and retrieve your data across regions. This flat address space also helps with scalability.

Parts

Parts are the chunks of data that compose multipart objects.

Region and Endpoint

A region refers to the geographical location in which your bucket will be created. Scaleway Object Storage is currently available in three Availability Zones (AZ/Region). The Endpoint to use differs depending on the geographical location of the object storage platform:

  • Amsterdam, The Netherlands
    • Region: nl-ams
    • Endpoint: https://s3.nl-ams.scw.cloud/
  • Paris, France
    • Region: fr-par
    • Endpoint: https://s3.fr-par.scw.cloud/
  • Warsaw, Poland
    • Region: pl-waw
    • Endpoint: https://s3.pl-waw.scw.cloud/

Retention modes

Object Lock provides two modes to manage object retention, Compliance and Governance. It allows retention settings on individual objects in addition to default retention settings for all objects within a bucket.

  • Compliance: When this mode is set, an object version cannot be overwritten or deleted by any user. If the Compliance mode is configured for an object, then its retention mode cannot be changed, and its retention period can’t be shortened. In other words, it ensures that an object version cannot be overwritten or deleted for the duration of the retention period.

    Note: When the compliance mode is enabled, it is only possible to overwrite it or delete an object once the Object Lock expires or upon deleting your Scaleway account.

  • Governance: When this mode is set, all users can alter lock settings. As Scaleway currently does not handle permissions via IAM, this permission is by default for all S3 users.

    Note: The Governance mode nonetheless offers some extra protection before any alterations or deletions can be carried out. Indeed, an object can be permanently deleted only if:

  • A retention rule is applied, the governance retention date must be anterior to the present time
  • The object does not have a Legal Hold in place. If it does, the Legal Hold Status Token must be set to OFF before deletion.
  • When the above criteria are met, you’ll be able to use delete-object —version-id to permanently delete an object.

Retention period

A retention period specifies a fixed period of time for which an object remains locked. During this period, your object is WORM-protected and can’t be overwritten or deleted.

S3

S3 is the de facto object storage protocol. Scaleway Object Storage officially supports a subset of S3. The list of supported features are described in the Object Storage API documentation.

Signature V2, Signature V4

When you send HTTP requests to Object Storage, you sign the requests so that we can identify who sent them. You sign requests with your Scaleway access key, which consists of an access key and secret key. The two main s3 protocols for authentication are Signature v2 and Signature v4. Signature v4 is more recent and it is the recommended version.

Storage class

You can choose a storage class depending on your use-case:

  • Standard: The Standard class for any upload; is suitable for on-demand content like streaming or CDN.
  • Glacier: Archived storage; prices are lower, but it needs to be restored first to be accessed.

Visibility

Bucket Visibility specifies whether the list of objects in a bucket is publicly visible or not. It does not affect the visibility of objects themselves.

Versioning

Versioning allows you to keep multiple variants of an object in the same bucket. When enabled, you can list archived versions of an object or permanently delete an archived version.