Creates containers. Uploading objects in an object storage requires one or more containers. If you set encryption, the uploaded object is automatically encrypted and saved.
| Category | Option | Description |
|---|---|---|
| Create Container | Name | Name of a container is limited to 256 characters in English or 85 characters in Korean. |
| Container access policy | PRIVATE: Only permitted users can access objects within a container. | |
| PUBLIC: Anyone with a public URL can access objects within a container. | ||
| Storage class | Standard: This is the default class. | |
| Object lock settings | Object lock | Select whather to use the obejct lock. |
| Lock cycle | Enter the object lock cycle in days. | |
| Encryption settings | Encryption | Select whether to use object encryption. |
| Symmetric key ID | Enter the symmetric key ID managed by the Secure Key Manager service. |
Objects uploaded to the Object Lock container are stored using the WORM (Write-Once-Read-Many) model. For objects uploaded to the object lock container, the lock expiration date is configured. You cannot overwrite or delete objects before the lock expiration date set on each object.
Objects uploaded to encryption containers are encrypted using a symmetric key managed by the NHN Cloud's Secure Key Manager service. Therefore, in order to create an encryption container, you must create a symmetric key in the Secure Key Manager service in advance.
The policies for encryption container are as follows.
[Caution] If you delete the symmetric key configured in an encryption container from Secure Key Manager, the encrypted object cannot be decrypted. You must carefully manage the symmetric key not to delete it accidentally.
Deletes all objects inside the selected container.
[Note] Objects whose lock expiration date has not passed are not deleted. For multipart objects inside the selected container, only the manifest object is deleted. Segment objects located in other containers are not deleted.
[Caution] If you are using the replication setting, objects in the target container might also be deleted. If you upload objects to a container that is undergoing a container emptying operation, they might be deleted.
Deletes selected containers. Check if the containers are empty before deleting them. If any objects are left inside a container, you cannot delete the relevant container.
Checks basic information of the selected containers and manage the settings.
You can view the container's basic and encryption information, and change settings such as access policies, static websites, and cross-origin resource sharing.
Sets the basic access policy and manages role-based access policies for each tenant or user. For more details, refer to ACL Configuration Guide.
| Category | Option | Description |
|---|---|---|
| Basic Access Policy | PRIVATE | Only permitted users can access objects within a container. |
| PUBLIC | Anyone can access objects within a container through a public URL. | |
| Role-Based Access Policy Settings | Selects whether to use an access policy. | |
| Tenant ID | Enter the tenant ID or * to allow access. You can check the tenant ID in the API Endpoint setting dialog box on the console. |
|
| API User ID | Enter the tenant API user ID or * to allow access. You can check the API user ID in the API Endpoint setting dialog on the console. |
|
| Permission | Select access permissions (Read, Write) to allow. |
Manages IP-based access policies. For more details, refer to ACL Configuration Guide.
| Category | Option | Description |
|---|---|---|
| Whitelist | IPv4 | Enter an IP to register in the whitelist. You can enter in IP (192.168.0.1) or CIDR (192.168.0.0/24) format. |
| Access right | Select access rights (Read, Write) to allow. | |
| Blacklist | IPv4 | Enter an IP to register in the blacklist. You can enter in IP (192.168.0.1) or CIDR (192.168.0.0/24) format. |
| Access right | Select access rights not to allow (Read, Write). |
| Category | Option | Description |
|---|---|---|
| Static Website Settings | Index document | Enter index document objects of a static website. If the object is within a folder, the folder path must be included. Up to 256 bytes, only alphanumeric characters and some special characters ( -, _, ., /) are allowed. |
| Error document | Enter the suffix of an error document of a static website. A folder path cannot be included in the suffix of the error document. Up to 256 bytes, only alphanumeric characters and some special characters ( -, _, ., /) are allowed. |
If you set the access policy of a container to PUBLIC and enter the index document and error document, you can host a static website in the container. You can get the URL of the static website by clicking the Copy URL button on the container list.
The name for an object to be used as an index document or error document for a static website must consist of one or more alphanumeric characters, or some special characters(-, _, ., /), and the file extension must be html in hypertext format. If the conditions are not satisfied, you cannot configure the settings or the static website may not work.
The name for an error document of a static website has the form of {error code}{suffix}. For example, if you configure the error document as error.html, the name for an error document to display when a 404 error occurs is 404error.html. You can upload and use error documents for each error situation. If error documents are not defined or error objects that matches error codes do not exist, a default error document of a web browser will be displayed.
To call the Object Storage API directly from the browser, you need to set Cross-Origin Resource Sharing (CORS). You can register the source URLs to allow by clicking the Change button of the cross-origin resource sharing item. The URL must include the protocols (https:// or http://). You can allow all source URLs by entering *.
Set an upload policy based on object names in the container. Upload policy settings allow you to restrict or prevent uploads of objects with certain extensions or keywords in their names.
Upload policies can set up whitelist or blacklist, but not both at the same time. You can set the extension of files to be uploaded, or keywords to be included in the filename. However, for objects that include a path, the policy reflects the object name without the path. The upload policy is applied to newly uploaded objects from the time it is set.
If you set exe and jpg as whitelist, only objects with the extensions can be uploaded. Adding the filename example will allow only objects with both the set filename and extension to be uploaded, such as exe_example.exe, iamge_example.jpg.
For blacklist, setting exe, jpgas blacklist will prevent all objects with .exe, .jpg extensions from being uploaded. Setting the additional filename exmaple will prevent both files with restricted extensions, such as test.exe, image.jpg, and files with restricted keywords, such as text_example.txt, from being uploaded.
Views the life cycle of objects stored in containers and version control policies.
| Category | Option | Description |
|---|---|---|
| Object life cycle | Enter the object life cycle in days. Life cycle setting will be cleared if it is not filled in. | |
| Object version control policy |
Version control policy | Select whether to use a version control policy. |
| Archive container | Enter a container in which previous versions of an object are stored. | |
| Archiving object life cycle |
Enter the life cycle of previous versions of an object in days. Life cycle setting will be cleared if it is not filled in. |
You can set a life cycle of the uploaded object. Objects that have passed the set life cycle are automatically deleted.
[Note] It is applied only to objects uploaded after the object life cycle is set.
Object version control settings allow you to keep previous versions of objects. Previous versions are kept in the archive container when the object is updated or deleted. If you set the life cycle for previous versions, versions that exceed the set life cycle are automatically deleted.
[Caution] If the archive container is deleted before the original container, an error occurs when updating or deleting objects in the original container. If the archive container has already been deleted, you can solve the issue by creating a new archive container or disabling the original container's version control policy. If you specify an encryption container as the archive container and then delete the symetric key from Secure Key Manager, the object of the original container fails to be uploaded and deleted.
You can check and change the object lock cycle of object lock containers. The object lock cycle can be entered in days, and cannot be turned off.
| Category | Option | Description |
|---|---|---|
| Object lock settings | Objecy lock | Select whether to use the object lock. |
| Lock cycle | Enter the object lock cycle in days. |
[Note] The changed object lock cycle is applied to obejcts uploaded after changing the settings. You cannot change a general container to an object lock container and vice versa. You cannot specify an object lock container as an archive container or replication target containger.
Replication settings allow you to replicate objects in a container to another container in a different region. Replication settings are for disaster recovery, and objects in the source region are replicated to the target region and managed. Replication proceed in the background at regular intervals.
| Category | Option | Description |
|---|---|---|
| Replication settings | Replication | Select whether to use the replication feature. |
| Target region | Select a region to replicate to other than the currently used region. | |
| Target container | Enter the target container for replication. |
The replication policies are as follows:
[Caution] If you specify an encryption container as the replication target container and then delete the symmetric key from Secure Key Manager, the encryption container fails to be replicated.
Create folders. Folders are virtual units to bundle objects within a container into a group. Similar to folders in Windows or directories in Linux, they help users to manage objects hierarchically. Folder names are limited to 256 letters in English or 85 characters in Korean.
[Note] Folder for object storage is different from the directory provided by the file system. It is a pseudo folder provided for user's convenience. When a folder is created, an empty object named
{folder-name}/is created. Objects within the folder will have names in the form of{folder-name}/{object-name}. Objects in the form of{folder-name}/{object-name}can be created directly without generating empty objects in the form of{folder-name}/by using the Copy Object function to copy objects into a new folder. If this copied object is deleted, it will appear as if the folder is also deleted. If you copy the object to a folder that you created in advance, the folder remains even if the object is deleted.
Deletes a folder. Deletes all objects in the folder and the folder object. For multipart objects inside a folder, only the manifest object is deleted; segment objects that are not included in the selection are not deleted.
All objects must be uploaded to containers. One object cannot be larger than 5GB.
[Note] Files exceeding 5GB cannot be uploaded in a web console. If the size of the object to be uploaded exceeds 5GB, it must be split by using a command-line tool such as
split, or the user application must be programmed to divide the object into segments less than 5GB before uploading. For more details, refer to Multipart Upload of the API guide.
Download selected objects. If you have set up the container access policy as PRIVATE at the time of creation, only permitted users can access the objects. If the access policy was set up as PUBLIC, click the Copy URL button on the list to check the public URL of the object. With this URL, it is possible to create a hyperlink of the object or directly download it.
# cat > index.html
<html>
<body> hello world!
<a href="https://kr1-api-object-storage.nhncloudservice.com/v1/{account}/{container}/{object}">Download</a>
</body>
</html>
# python -m http.server
Serving HTTP on :: port 8000 (http://[::]:8000/) ...
Copy objects to create new objects. Create an object with a new name in the container which has an object to copy, or copy objects to another container.
[Note] The maximum length of the path that can be entered depends on the length of the object name. The length of the path to copy plus the object name must be 1024 bytes or less.
{Maximum length of the path} = 1024 - {Length of the object name} - 1Multipart objects larger than 5 GB cannot be copied.
Deletes the selected objects. You can select and delete multiple objects at the same time.
[Note] When you delete a multipart object, only the selected manifest object is deleted. Unselected segment objects are not deleted.
Create a signed URL that allows free access to the specified object for the time you set, regardless of role-based access policies.
[Note] Only single objects can be selected, not folder objects. The validity period can be set in minutes, up to 720 minutes.
[Caution] Signed URLs should be used with caution because if they are exposed, anyone can access the selected object. It is recommended that you set an appropriate validity period for your situation and use it to reduce the damage if your signed URL is exposed.
Check the selected object information and manage the properties.
[Note] If you set both an object expiration date and a lock expiration date, the object expiration date must always be set after the lock expiration date.
You can change the expiration date for selected objects.
You can change the lock expiration date for selected objects. It cannot be changed prior to the previously set expiration date.
If you enter a prefix in the search bar and click the Search button, you can search for containers, folders, and objects that begin with the prefix you entered. You can search for containers in the container list, and search for folders and objects in the object list.
You can obtain credentials required to use Amazon S3 compatible API. S3 API credentials have no expiration date, and up to 3 credentials can be issued per project for each user.
[Caution] If the S3 API credentials key is leaked, anyone can access the object using the leaked key. If the key is leaked, it is recommended to delete the leaked credentials and obtain a new one.