Object Storage - Gerenciamento de identidade e acesso (EN)

Last updated September 27th 2022

Objective

The purpose of this guide is to show you how to manage your identities and access your S3 Object Storage resources.

Requirements

Instructions

Log in to the OVHcloud Control Panel, go to the Public Cloud section, and select the Public Cloud project concerned. Then click on Object Storage in the left-hand menu.

Creating a user

Click Create User.

If you already have OpenStack users, you can select one of these:

Add S3 user

then

Add S3 user

If you choose to select an existing user, ensure that the user has an ObjectStore operator or Administrator role.

Otherwise, create a new user:

Add S3 user

Once your user has been created, you will see the credentials:

Credentials

By clicking on the ... at the end of a user's line, you can, among other things, download the rclone configuration file, see the user's secret key, delete the user.

Manage access to a bucket via a profile

You can define access to your buckets via predefined profiles.

Click on the ... at the end of your bucket line, then Add a user to a container.

Add a user to a container

Select the user to add to your bucket and click Next.

Add a user to my container

Set access to your bucket for this user and click on Confirm.

Add a user to my container - Role

Manage access to an object via a profile

You can also set access to your objects via predefined profiles.

Click on the ... at the end of your object line, then Add user to my object.

object menu

Select the user and click Next.

add user to my object

Select the access profile for this user and click Confirm.

add role to my object

Advanced resource access management

You can refine your permissions by importing a JSON configuration file. To do this, go to the S3 Policy Users tab.

S3 users

Click on the ... at the end of your user's line, then Import JSON file.

If you want to change a user's rights, you may need to download the JSON configuration file in advance by selecting Download JSON File.

Some examples of JSON configuration files:

Read/write access to a bucket and its objects

{
  "Statement":[{
    "Sid": "RWContainer",
    "Effect": "Allow",
    "Action":["s3:GetObject", "s3:PutObject", "s3:DeleteObject", "s3:ListBucket", "s3:ListMultipartUploadParts", "s3:ListBucketMultipartUploads", "s3:AbortMultipartUpload", "s3:GetBucketLocation"],
    "Resource":["arn:aws:s3:::hp-bucket", "arn:aws:s3:::hp-bucket/*"]
  }]
}

Read-only access to a bucket and its objects

{
  "Statement":[{
    "Sid": "ROContainer",
    "Effect": "Allow",
    "Action":["s3:GetObject", "s3:ListBucket", "s3:ListMultipartUploadParts", "s3:ListBucketMultipartUploads"],
    "Resource":["arn:aws:s3:::hp-bucket", "arn:aws:s3:::hp-bucket/*"]
  }]
}

Allow all operations on all project resources

{
  "Statement":[{
    "Sid": "FullAccess",
    "Effect": "Allow",
    "Action":["s3:*"],
    "Resource":["*"]
  }]
}

Read/write access to all objects in a specific folder (/home/user2) in a specific bucket (companybucket)

{
  "Statement":[{
    "Sid": "RWContainer",
    "Effect": "Allow",
    "Action":["s3:GetObject", "s3:PutObject", "s3:DeleteObject", "s3:ListBucket", "s3:ListMultipartUploadParts", "s3:ListBucketMultipartUploads", "s3:AbortMultipartUpload", "s3:GetBucketLocation"],
    "Resource":["arn:aws:s3:::companybucket", "arn:aws:s3:::companybucket/home/user2/*"]
  }]
}

List of supported actions

Action Scope
s3:AbortMultipartUpload Object
s3:CreateBucket Bucket
s3:DeleteBucket Bucket
s3:DeleteObject Object
s3:GetBucketLocation Bucket
s3:GetObject Object
s3:ListBucket Bucket
s3:ListBucketMultipartUploads Bucket
s3:ListMultipartUploadParts Object
s3:PutObject Object

Go further

Join our community of users on https://community.ovh.com.


Esta documentação foi-lhe útil?

Não hesite em propor-nos sugestões de melhoria para fazer evoluir este manual.

Imagens, conteúdo, estrutura... Não hesite em dizer-nos porquê para evoluirmos em conjunto!

Os seus pedidos de assistência não serão tratados através deste formulário. Para isso, utilize o formulário "Criar um ticket" .

Obrigado. A sua mensagem foi recebida com sucesso.


Estes manuais também podem ser úteis...

OVHcloud Community

Aceda ao seu espaço comunitário. Coloque as suas questões, procure informações e interaja com outros membros do OVHcloud Community.

Discuss with the OVHcloud community

Em conformidade com a alteração à Diretiva 2006/112/CE, os preços com IVA podem variar de acordo com o país de residência do cliente
(por defeito, os preços com IVA apresentados incluem o IVA português em vigor).