Using buckets
  • PDF

Using buckets

  • PDF

It is available in a Classic/VPC environment.

A bucket is a space to store objects. To use Object Storage, at least one bucket must be created. You can create buckets easily and manage them conveniently in the NAVER Cloud Platform console.

Create bucket

The following describes how to create a bucket after completing the subscription request to Object Storage.

  1. Click the Services > Storage > Object Storage menus in order in the NAVER Cloud Platform console.
  2. Click the [Create bucket] button.
  3. Enter the name of the bucket you're going to create, and then click the [Next] button.
    • You can enter 3 to 63 characters, and lowercase alphabet characters or numbers must be entered as the first and last character.
    • A period (.) and a hyphen (-) are allowed, but the name in the form of an IP address can't be used.
    • You can't change the name of the bucket once it is created. Choose carefully since it will be used as the domain for your object.
    • The bucket name must be unique within the region.
  4. Select whether to lock the bucket, if necessary.
    • If you lock your bucket, you can prevent it from being modified or deleted for the set period. However, mid-term cancellation and membership cancellation are also prohibited, so please decide carefully.
    • The bucket is unlocked by default. If you're an individual customer and want to request for lock, request through Customer inquiry.
    • If you have activated lock, set the following items.
      • Maximum retention period: This is the maximum retention period allowed by the bucket. 0 to 365 days can be set.
      • Default retention period: This is the default retention period applied when objects are stored in the bucket. 0 to 365 days can be set.
        • A retention period can be set for each file when saving objects later.
  5. If necessary, select the bucket encryption status and click the [Next] button.
    • For details about encryption setting, refer to Encryption setting (KMS).
    • By default, no encryption is set. The individual customer can apply for encryption through Customer inquiry.
    • If you have activated encryption, set the following items.
      • KMS master key: AES256 or RSA-2048 type created by Key Management Service can be used.
  6. Select whether to make the bucket disclosed.
    • When Disclosure is selected, the list of folders/files stored in the bucket is disclosed. Whether to disclose each file can be set when uploading the file.
  7. If necessary, grant the bucket use permissions to other accounts and click the [Next] button.
    • Only the account that completed the Object Storage subscription request can be added.
    • You can optionally grant bucket list view, file upload, and access control list (ACL) view and edit permission.
  8. Check the entered information, click the [Create bucket] button.

Encryption setting (KMS)

If you set bucket encryption, you can control access to the bucket and protect stored objects by linking with Key Management Service of NAVER Cloud Platform.
Once encryption is set, it can't be canceled, and the following features can't be used.

  • Lock setting
  • Static website hosting
  • Disclosure status setting
  • Granting permissions to other accounts
  • Lifecycle Management setting

Currently, encryption setting is provided in the form of CBT and a subscription must be requested through Customer inquiry. Encryption can be set when creating a bucket with the console, API or CLI after requesting for the subscription.

Note

There are following limitations when setting bucket encryption using API or CLI.

  • Buckets with the encryption in place can only be created from the console.
  • The API key of the main account can't be used when performing a function for the bucket object with encryption setting. A new sub-account has to be created, or the API Key of an existing sub-account has to be used.

Bucket management

While operating the created bucket, you may encounter situations where you need to change the bucket options set during creation. Object Storage enables you to change the settings of the created bucket conveniently.
The following describes how to manage the bucket that was created and is in use.

  1. Click the Services > Storage > Object Storage menus in order in the NAVER Cloud Platform console.

  2. Place the mouse cursor on i-objectstorage_option besides the bucket name.

  3. Click the necessary management task.
    objectstorage-use-bucket_options_ko

    Note

    Some items may not be displayed in the list, depending on the region or platform.

Bucket information

When the bucket information page is displayed, you can view the bucket details or set the bucket using feature buttons.
The available features and the information displayed in the list are as follows.

Item Description
Feature buttons
  • [Delete bucket]: Deletes the selected bucket.
  • [Cancel bucket deletion]: Cancel bucket deletion that is in progress.
  • [Access control]: Defines the server that allows bucket access (displayed in the VPC environment only).
  • [Manage permissions]: Set bucket disclosure status and grant use permissions to other accounts.
  • [Manage lock]: Set object lock.
  • [Manage logs]: Set to save bucket access logs.
Bucket list Change settings by selecting a bucket and viewing its details, and then clicking i-objectstorage_enlargement in each area.
  • Name/Bucket name: name of the bucket
  • Size: capacity of the bucket
  • Created(uploaded) date: date when the bucket is created first
  • Manage events: list of event notifications set in the bucket
  • Access control: list of servers that allow bucket access (displayed in the VPC environment only)
  • Manage permissions: bucket disclosure status and the list of other accounts that can use the bucket
  • Manage lock: bucket locking status
  • Manage encryption: encryption status of the object saved in the bucket
  • Manage logs: setting information of the bucket access log
  • Static website hosting: static website hosting setting status and endpoint information

Delete bucket

The following describes how to delete a created bucket.

  1. If the bucket is linked with another service, the list of linked services is displayed in the Delete bucket pop-up window. Click the [Next] button to view the linked service and continue to proceed.
  2. Enter the name of the bucket to delete and click the [OK] button.
  3. Check whether the task is completed in the Delete pop-up window and close the window.
Note

You can cancel the Object Storage subscription after deleting all buckets.

Cancel bucket deletion

When bucket deletion is executed, the Cancel bucket deletion menu appears so that you can cancel the deletion.
To cancel bucket cancellation, click the [Save] button in the Cancel bucket deletion pop-up window.

Access control (VPC)

When using Object Storage in the VPC environment, you can set bucket access from a specific server only. The following describes how to configure settings.

  1. When the Access control pop-up window is displayed, click i-objectstorage_toggle in the access control setting items to activate the feature.
  2. Select a server to allow access among the servers displayed in the VPC server list, and then click i-objectstorage_arrow_right.
    • The selected server moves to the ACL setting information list.
    • To cancel the selection, click i-objectstorage_arrow_left.
    • You can set the server in your VPC.
  3. When the selection is complete, click the [OK] button.
    • You can view the list of access-allowed servers through the i-objectstorage_option > Bucket information menu.
Note
  • Once access control is applied, CDN+ and Global CDN can't be used.
  • The communication between the bucket that applied access control and the VPC server is available using kr.object.private.ncloudstorage.com, a private domain.

Manage permissions

You can disclose a bucket to the world and grant the bucket use permission to other users of NAVER Cloud Platform. The following describes how to configure settings.

  1. When the Manage permissions pop-up window is displayed, select the disclosure status in the Manage disclosure item.
    • No disclosure: Folders/files in a bucket are not disclosed.
    • Disclosure: Discloses the list of folders/files stored in a bucket to anyone in the world. Disclosure status of each file is set when uploading the file.
  2. Enter the account to grant use permissions in Other account permissions item and click the [Add] button.
    • Only the account that completed the Object Storage subscription request can be added.
    • You can optionally grant bucket list view, file upload, and access control list (ACL) view and edit permission.
  3. Click the [OK] button.

Log management

With bucket access log management, you can save a history of requests that accessed a bucket. When access log management is set, the log for the previous hour is created at 25 to 35 minutes every hour. ( Access logs from 17:00:00 to 17:59:59 are created at 18:25 to 18:35.)

The following describes how to set access log management.

  1. When the Log management pop-up window is displayed, select a bucket to save logs, enter the prefix of the access log save in the bucket, and then click the [Add] button.
    • You can only set this for your bucket.
    • Only one prefix can be set per bucket.
    • Click the [Delete] button to cancel prefix input.
  2. Click the [OK] button.
    • Use the i-objectstorage_option > Bucket information menus to view the access log setting details.

Access log example

The details for all requests executed on Object Storage are saved in the JSON format.
The following is the log example of when searching an object of Object Storage.

{
  "container_id": "3aaae999-89b8-1234-abb6-5c106e4f436d",
  "container_name": "ncp-bucket",
  "container_region": "Korea",
  "credential_type": "hmac",
  "delete_marker": false,
  "e_tag": "2a158d5ab989430a11ba4f12345e357",
  "format": 1,
  "headers": {
    "Accept-Encoding": [
      "identity"
    ],
    "Authorization": [
      "AWS4-HMAC-SHA256 Credential=ABCDEFJqzABCDJ6cGS/20211109/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=1cc5b591e1f4c313a9bbf7471bd1d5b7f5d32033e4dec3bcaf1a329ef9b57e8"
    ],
    "Host": [
      "kr.object.ncloudstorage.com"
    ],
    "User-Agent": [
      "aws-cli/1.15.85 Python/2.7.9 Windows/8 botocore/1.10.84"
    ],
    "X-Amz-Content-SHA256": [
      "e3b0c44298fc1c149afbf4c8996fb92427ae41e464911234ca495991b7852b855"
    ],
    "X-Amz-Date": [
      "20211109T094038Z"
    ]
  },
  "https": {
    "cipher_suite": "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
    "protocol": "TLSv1.2"
  },
  "interface_type": "s3",
  "is_secure": true,
  "last_changed": "2021-10-21T08:40:00.283Z",
  "last_modified": "2021-10-21T05:23:31.432Z",
  "object_length": "160",
  "object_name": "index.html",
  "principals": {
    "aws": "ABCDEFJqzABCDJ6cGS",
    "identity": "ncp-1234567-0@00000000-0000-0000-0000-000000000002"
  },
  "protocol": "HTTP/1.1",
  "proxy_enabled": false,
  "region": "KR",
  "remote_address": "123.45.123.45",
  "remote_user": "ABCDEFJqzABCDJ6cGS",
  "request_id": "76d34a72-2da0-400a-aac3-9861ec1040ad",
  "request_latency": "2",
  "request_method": "GET",
  "request_type": "REST.GET.OBJECT",
  "request_uri": "/ncp-bucket/object.txt",
  "response_length": "160",
  "server_name": "kr.object.ncloudstorage.com",
  "stat": {
    "client_wait": 0.056,
    "post_transfer": 0.011,
    "pre_transfer": 1.096,
    "storage_wait": 0.046,
    "total_transfer": 0.109,
    "turn_around_time": 1.14
  },
  "status": 200,
  "storage_account_id": "ncp-1234567-0",
  "storage_location_id": "24d02d1a-a0b5-7240-10b7-00655729e065",
  "time_finish": "09/Nov/2021:09:40:38 +0000",
  "time_start": "09/Nov/2021:09:40:38 +0000",
  "timestamp_finish": "1636450838774",
  "timestamp_start": "1636450838773",
  "type": "http",
  "user_agent": "aws-cli/1.15.85 Python/2.7.9 Windows/8 botocore/1.10.84",
  "version_name": "ef6dc25a-bda2-4378-9279-b3050b8da577",
  "version_transient": true
}

The following describes log fields.

Field name Description Log example
container_id Bucket UUID "3aaae999-89b8-4919-abb6-5c106e4f436d"
container_name Bucket name "ncp-bucket"
container_region Region where bucket is located "Korea"
error_code Error code information when an error occurs "AccessDenied"
delete_marker Deletion marker status false
e_tag Hash value of saved object "2a158d5ab989430a11ba4f349363e357"
format Log format version 1
headers Request header information {
"Host": [
  "kr.object.ncloudstorage.com"
 ],
"User-Agent": [
  "aws-cli/1.15.85 Python/2.7.9 Windows/8 botocore/1.10.84"
 ]
}
https HTTPS request information
  • Composed of the protocol and cipher_suite field
  • {
      "cipher_suite": "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
      "protocol": "TLSv1.2"
    }
    interface_type API used for the request "s3"
    is_secure Secure connection status (HTTPS connection) true
    last_changed Last modification time of object's properties
  • If no properties are modified, then it has the same value as last_modified.
  • "2021-10-21T08:40:00.283Z"
    last_modified Last modification time of object's content
  • If not overwritten, then it has the same value as the created time.
  • "2021-10-21T05:23:31.432Z"
    object_length Size of the requested object
  • Size of the object before deletion, if deletion is requested.
  • 160
    principals Request subject information {
      "aws": "ABCDEFGHqzAFTTJ6cGS",  
      "identity": "ncp-1234567-0@00000000-0000-0000-0000-000000000002"
    }
    protocol Requested protocol information "HTTP/1.1"
    proxy_enabled Proxy activation status false
    referer HTTP referer information "https://console.ncloud.com"
    region NAVER Cloud Platform region code "KR"
    remote_address IP information of the client "123.45.123.45"
    remote_user Log-in information of the authenticated user
  • Returns the access key ID when using the S3 API
  • "ABCDEFSHqzAFTTJ6cGS"
    remote_user_subject Sub Account NRN information "abcd1234-f32a-12ab-98ec-123e98765a38"
    request_id Request ID "5a49a8f9-edff-43ab-8630-6297e11ae1d4"
    request_latency Time elapsed for the request processing (milliseconds) 2
    request_type Request task
  • REST.<HTTP_method>.<resource_type> format
  • "REST.GET.OBJECT"
    request_uri Request URI "/ncp-bucket/object.txt"
    response_length Response size 160
    server_name Requested host name or Object Storage endpoint "kr.object.ncloudstorage.com"
    status Status code returned from the response 200
    storage_account_id Account ID of the bucket owner "ncp-1234567-0"
    storage_location_id Bucket location ID "24d02d1a-a0b5-7240-10b7-001234529e065"
    time_finish Request completion time (ISO 8601) "09/Nov/2021:09:40:40 +0000"
    time_start Request start time (ISO 8601) "09/Nov/2021:09:40:40 +0000"
    timestamp_finish Request completion time (Unix time, milliseconds) "1636450840661"
    timestamp_start Request start time (Unix time, milliseconds) "1636450840660"
    type Log format
  • Access logs always show "http"
  • "http"
    user_agent User agent information "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
    version_name Version ID of the requested object "ef6dc25a-bda2-4378-9279-b3050b8da577"
    version_transient "Transient" information of the version true

    Manage lock

    If you set object lock (WORM: Write Once Read Many) on a bucket, you can protect objects from being changed or deleted within a set period of time. You can prevent unexpected object deformation or deletion by setting object lock when storing an object for a long time.

    • This feature is available for corporate customers. The individual customer can apply for this feature through Customer inquiry.
    • However, mid-term cancellation and membership cancellation are not allowed after setting object lock, so please decide carefully.
    • Object lock can't be canceled during the set period, but the maximum retention period and default retention period can be changed.
    • Object lock can be set when creating a bucket or when the bucket is empty.
    • The Content MD5 value for the bucket with object lock has to be added to the header when uploading a file.

    When the Lock management pop-up window is displayed, the following items can be set.

    • Maximum retention period: This is the maximum retention period allowed by the bucket. 0 to 365 days can be set.
    • Default retention period: This is the default retention period applied when objects are stored in the bucket. 0 to 365 days can be set. A retention period can be set for each file when saving objects later.

    Static website hosting

    There are two types of hosting features available.

    • Static website hosting: Uses the bucket endpoint as web address. All files in the bucket must be set as disclosed in order to be able to access the content of the website endpoint.
    • Redirect requests for files: Redirects requests to another bucket or domain.

    You can host it as follows.

    1. When the Static website hosting pop-up window is displayed, click i-objectstorage_toggle to activate the feature.
    2. Select a hosting type.
    3. Enter the setting content according to the selected type.
      • Set the following items if you have selected static website hosting.
        • Index file: This is the main page for the website, and it is a required field.
        • Error file: Sets the user error page to return when an error occurs.
      • Set the following items if you've chosen to redirect request for files.
        • Host name: This is the host to be redirected. Enter the target bucket website address or personal domain.
        • Protocol: Select either None, http, https according to the environment.
    4. Click the [OK] button.
    5. Check the bucket website endpoint and click the [OK] button.
      • Click i-objectstorage_copy to copy the endpoint address.
    Note

    If you change the settings later, then it may take some time for the changes to take effect.

    Manage events

    You can set notification delivery if a specific event occurs in a bucket.

    Note
    • To use the event management feature, the paid service Cloud Functions is required. For details about Cloud Functions, refer to the Service > Compute > Cloud Functions menus in the portal.
    • The event management feature is available in Korea region only.

    The following events can deliver a notification.

    Event type Content
    • All created objects (ObjectCreated:*)
    • Create (ObjectCreated:PUT)
    • Create (ObjectCreated:POST)
    • copy (ObjectCreated:COPY)
    • Completion of multi-part upload (ObjectCreated:COMPLETE_UPLOAD)
    • Events for object creations
    • Completion of multi-part upload occurs by the CompleteMultipartUpload request.
    • No events occur for the failed request.
  • Object deletion (ObjectRemoved:DELETE)
    • Event for object deletion
    • The DeleteMultipleObjects request generates a separate event for each object.
    • No events occur for the failed request.

    Notification settings

    The following describes how to set an event notification.

    1. When the Event management pop-up window is displayed, click the [Create] button.
    2. When the Create bucket event pop-up window is displayed, set the event.
      • Event name: Enter the name of the event.
        • Alphabet letters, numbers, hyphen (-), and underscore (_) can be used, and the first character must be alphabet letters or numbers.
      • Filter: Enter the condition to be used when filtering events for a specific object.
        • Enter the condition as a regular expression. ( prefix images/: ^images/)
        • The filter applies to the object path. Events occur for all objects if no filter is entered.
      • Event type: Select multiple event types desired.
      • Target: Select a destination to deliver an event notification. Only Cloud Functions is supported
        • Select Cloud Functions to display the list of set triggers. If there is no existing trigger, click the [Create trigger] button to create a new one. For more details on trigger creation, refer to the Object Storage Trigger Guide.
      • Note for recursive calls: Mark the checkbox after reading the guide.
    3. Click the [Create] button.

    Event notification example

    The structure of notification messages sent from Object Storage is as follows.

    {
        "container_name": "Bucket name",
        "event_name": "Event name",
        "event_type": "Event type",
        "event_version": "1.0",
        "object_length": "Object size",
        "object_name": "Object key",
        "region": "Region name",
        "remote_address": "Request IP",
        "remote_user_sha256": "SHA256 hash hex value of user access key",
        "remote_user_type": "User type",
        "request_method": "Request method",
        "request_type": "Request type",
        "timestamp_finish": "Time when the request finished processing, UNIX time, milliseconds",
        "timestamp_start": "Time when the request started processing, UNIX time, milliseconds"
    }
    

    If remote_user_type is not user, then null is entered for remote_access and remote_user_sha256.

    An example of a notification message is as follows.

    {
        "container_name": "mybucket",
        "event_name": "testevent",
        "event_type": "ObjectCreated:PUT",
        "event_version": "1.0",
        "object_length": "1000",
        "object_name": "test.png",
        "region": "KR",
        "remote_address": "127.0.0.1",
        "remote_user_sha256": "ef5dd4b34d9de8d98182a9be416576efbd162b9a915d8b302ba8c3fa0c81b764",
        "remote_user_type": "user",
        "request_method": "PUT",
        "request_type": "REST.PUT.OBJECT",
        "timestamp_finish": "1609426801000",
        "timestamp_start": "1609426800000"
    }
    
    Caution
    • When linking to Cloud Functions, you must check whether the action connected to the trigger is using the Object Storage bucket.
    • If the same bucket is used for input and output, there is a risk of generating recursive calls, leading to increase in Cloud Functions usage and expense.

    Was this article helpful?

    What's Next