Search barSidebar navigationMain contentFooter
HomeStorageObject StorageHow to
Use Object Storage with Private Networks
Jump toUpdate content

How to use Object Storage with Private Networks

Published on 27 May 2021

The Public Gateway feature of the Private Network allows Instances in your Private Network to reach resources on the Internet without using a public IP address.

In this documentation, you will learn how to create an Instance without a public IP address, create a Private Network with a Public Gateway, and a route from your Instance to an Object Storage bucket.

Security & Identity (IAM):

You may need certain IAM permissions to carry out some actions described on this page. This means:

  • you are the Owner of the Scaleway Organization in which the actions will be carried out, or
  • you are an IAM user of the Organization, with a policy granting you the necessary permission sets
Requirements:

How to create an Instance without a public IP

Follow the instructions for creating an Instance. We create an Instance without a flexible IP, using the following specifications for our Instance:

  • Availability Zone:fr-par-2 (but you can select the AZ of your choice).
  • OS Image:: Ubuntu 20.04 Focal Fossa
  • Instance type:: DEV1-S
  • Advanced options: Untick the flexible IP option
Tip:

You could also use one of the following methods to create your Instance:

  • Use this link to have your Instance automatically configured in the console with the required parameters. Just click Create an Instance to launch the instance creation process.
  • If you have installed the Scaleway CLI tool, create the Instance using the following command: 
    scw instance server create type=DEV1-S zone=fr-par-1 image=ubuntu_bionic root-volume=l:20G name=objectstorage-over-pn ip=none

How to create a Private Network and attach the Instance

  1. Follow the instructions for creating a Private Network. Make sure you select the same Availability Zone as the Instance you previously created.
  2. Click on the name of your new Private Network. The network’s dashboard displays.
  3. Click on the Instances tab.
  4. Add the Instance you created previously to the Private Network by typing its name in the search bar. Validate by clicking Add instance.

How to create a Public Gateway and attach the Private Network

  1. Follow the instructions for creating a Public Gateway:
    • Make sure to select the same availability zone as for your previously created Instance and Private Network.
    • Leave the IP configuration empty to allocate a new IP to your Public Gateway.
    • You can choose a gateway type, name and tags according to your own choice. After creating your Public Gateway, you are directed to a list of this and any other Public Gateways you have previously created.
  2. Click on your new Public Gateway’s name. The gateway’s dashboard displays.
  3. Click the Private Networks tab
  4. Click Create and attach a new Private Network. A pop-up window displays.
  5. Select Select and attach an existing Private Network and choose your Private Network from the drop down list. Enable the DHCP server and set Dynamic NAT to active. Enter an IP-range for your Private Network - in this how-to we use 192.168.42.0/24 but you are free to use any private IP range.
  6. Click Attach a Private Network.

How to set the Object Storage Route

  1. SSH into your machine using the following command:

    ssh root@your_virtual_instance_ip
    Note:

    As your Instance has no public IP address, you have to connect to it using another Instance in your Private Network or assign a temporary public IP to it.

  2. Configure the following route to the Object Storage platform:

    # set this to keep the network on the instance
    $> ip route add 10.0.0.0/8 via `ip route | grep default | awk '{print $3} '` dev ens2
    # dhcp on pn interface
    $> dhclient ens5
    # change default route
    $> ip route del default via `ip route | grep default | awk '{print $3} '` dev ens2
    $> ip route add default via 192.168.42.1 dev ens5 # use the gateway ip in the gateway's description
    $> curl https://s3.fr-par.scw.cloud

Conclusion

You have now configured an Instance with a Private Network to communicate with Scaleway’s Object Storage platform using the Public Gateway feature. The gateway ensures the exchange of data between your Private Network and the public Internet.

See Also
How to set up a static websiteHow to transfer a bucket to the new Object Storage backend