Overview of Object Storage
Oracle Cloud Infrastructure offers two distinct storage class tiers to address the need for both performant, frequently accessed "hot" storage, and less frequently accessed "cold" storage. Storage tiers help you maximize performance where appropriate and minimize costs where possible.
- Use Object Storage for data to which you need fast, immediate, and frequent access. Data accessibility and performance justifies a higher price point to store data in the Object Storage tier.
- Use Archive Storage for data to which you seldom or rarely access, but that must be retained and preserved for long periods of time. The cost efficiency of the Archive Storage tier offsets the long lead time required to access the data. For more information, see Overview of Archive Storage.
About Object Storage
The Oracle Cloud Infrastructure Object Storage service is an internet-scale, high-performance storage
platform that offers reliable and cost-efficient data durability. The Object Storage service can store an unlimited amount of unstructured data of any content type, including analytic data and rich content, like images and videos.
With Object Storage, you can safely and securely
store or retrieve data directly from the internet or from within the cloud platform. Object Storage offers multiple management interfaces that let you easily manage storage at scale.
The elasticity of the platform lets you start small and scale seamlessly, without
experiencing any degradation in performance or service reliability.
Object Storage is a regional service and is not
tied to any specific compute instance. You can access data from anywhere inside or
outside the context of the Oracle Cloud Infrastructure, as long you
have internet connectivity and can access one of the Object Storage endpoints. Authorization and resource limits are discussed later in this topic.
Object Storage also supports private access from Oracle Cloud Infrastructure resources in a VCN through a service gateway. A service gateway allows connectivity to the Object Storage public endpoints from private IP addresses in private subnets. For example, you can back up DB systems to an Object Storage bucket over the Oracle Cloud Infrastructure backbone instead of over the internet. You can optionally use IAM policies to control which VCNs or ranges of IP addresses can access Object Storage. See Access to Oracle Services: Service Gateway for details.
Object Storage is Always Free eligible. For more information about Always Free resources, including additional capabilities and limitations, see Oracle Cloud Infrastructure's Free Tier.
The following list summarizes some of the ways that you can use Object Storage.
- Hadoop/big data support
- You can use Object Storage as the primary data
repository for big data. Object Storage offers a scalable storage platform that
lets you store large datasets and operate seamlessly on those datasets. The HDFS connector provides
connectivity to various big data analytic engines like Apache Spark and MapReduce. This connectivity enables the
analytics engines to work directly with data stored in Object Storage. For more information, see Hadoop Support.
- You can use Object Storage to preserve backup and archive data that must be stored for an extended duration to adhere to various compliance mandates.
- content repository
- You can use Object Storage as your primary content repository for data,
images, logs, and video. You can reliably store and preserve this data for a long time, and serve this content
directly from Object Storage. The
storage scales as your data storage needs scale.
- log data
- You can use Object Storage to preserve application log data so that you can retroactively analyze this data to determine usage pattern and debug issues.
- large datasets
- You can use Object Storage to store generated application data that needs to be preserved for future use. Pharmaceutical trials data, genome data, and Internet of Things (IoT) data are examples of generated application data that you can preserve using Object Storage.
Object Storage Resources
The following summarizes the Object Storage resources. Authorization and resource limits are discussed later in this topic.
- Any type of data, regardless of content type, is stored as an object. The object is
composed of the object itself and metadata about the object. Each object is stored
in a bucket.
- A logical container for storing objects. Users or systems create buckets as
needed within a region. A bucket is associated with a single compartment that has
that determine what actions a user can perform on a bucket and on all the objects in the
- A logical entity that serves as a top-level container for all buckets and objects, allowing you to control bucket naming within your tenancy. Each Oracle Cloud Infrastructure tenant is assigned one unique and uneditable Object Storage namespace that spans all compartments within a region. Bucket names must be unique within each region. Within an Object Storage namespace, buckets and objects exist in
flat hierarchy, but you can simulate a directory structure to help navigate a large set of objects (for example,
If your namespace was created based on your tenancy name, your namespace uses all lower-case letters (regardless of the presence of capital letters in your tenancy name). When using the API, CLI, or SDKs, do not use capital letters in your namespace string.
- Primary building block used to organize your cloud resources. When your tenancy is provisioned, a root compartment is created for you. You can then create compartments under your root compartment to organize your resources. You control access by creating policies that specify what actions groups of users can take on the resources in those compartments. An Object Storage bucket can only
exist in one compartment.
Object Storage Features
Object Storage provides the following features:
- strong consistency
- When a read request is made, Object Storage
always serves the most recent copy of the data that was written to the system.
- Object Storage is a regional service. Data is stored
redundantly across multiple storage servers.
Object Storage actively monitors data integrity using checksums and automatically detects
and repairs corrupt data. Object Storage actively monitors and ensures data redundancy. If a redundancy loss is detected, Object Storage automatically creates more data copies. For more details about Object Storage durability, see the Oracle Cloud Infrastructure Object Storage FAQ.
- custom metadata
- You can define your own extensive metadata as key-value pairs for any purpose. For
example, you can create descriptive tags for objects, retrieve those tags, and sort
through the data. You can assign custom metadata to objects and buckets using the Oracle Cloud Infrastructure CLI or SDK. See Software Development Kits and Command Line Interface for details.
- Object Storage employs 256-bit Advanced Encryption Standard (AES-256) to encrypt object data on the server. Each object is encrypted with its own data encryption key. Data encryption keys are always encrypted with a master encryption key that is assigned to the bucket. Encryption is enabled by default and cannot be turned off. By default, Oracle manages the master encryption key. However, you can optionally configure a bucket so that it's assigned an Oracle Cloud Infrastructure Vault master encryption key that you control and rotate on your own schedule.
Ways to Access Object Storage
You can access Object Storage using any of the following options, based on your preference and its suitability for the task you want to complete:
- The Console is an easy-to-use, browser-based
interface. To access the Console, you must use a supported browser. You can use the Console link at the top of this page to go to the sign-in page. You are prompted to enter your cloud tenant, your user name, and your password.
- The command line interface (CLI) provides both quick access and full functionality
without the need for programming. For more information, see Using the CLI.
- The REST API provides the most
functionality, but requires programming expertise. API Reference and Endpoints provides endpoint details and links to the available API reference documents. For general information about
using the API, see REST APIs. Object Storage is accessible with the following APIs:
- Object Storage Service API
- Amazon S3 Compatibility API
- Swift API (for use with Oracle RMAN)
- Oracle Cloud Infrastructure provides SDKs that interact with
Object Storage without you having to create a
framework. For general information about using the SDKs, see Software Development Kits and Command Line Interface.
Using Object Storage
If you are ready to use Object Storage, you can find
more information in the following
Authentication and Authorization
Each service in Oracle Cloud Infrastructure integrates with IAM for authentication and authorization, for all interfaces (the Console, SDK or CLI, and REST API). IAM also manages user credentials for things like API signing keys, auth tokens, and customer secret keys for Amazon S3 Compatibility API. See User Credentials for details.
An administrator in your organization needs to set up groups , compartments , and policies that control which users can access which services, which resources, and the type of access. For example, the policies control who can create new users, create and manage the cloud network, launch instances, create buckets, download objects, etc. For more information, see Getting Started with Policies. For specific details about writing policies for each of the different services, see the Policy Reference. For specific details about writing policies for Object Storage, see Details for Object Storage, Archive Storage, and Data Transfer.
If you’re a regular user (not an administrator) who needs to use the Oracle Cloud Infrastructure resources that your company owns, contact your administrator to set up a user ID for you. The administrator can confirm which compartment or compartments you should be using.
Blocking Access to Object Storage Resources from Unauthorized IP Addresses
You can enhance the security of your object storage policies by restricting access to only requests that originate from an allowed IP address. First, you create a network source to specify the allowed IP addresses, then you add a condition to your policy to restrict access to the IP addresses in the network source. An example of a policy that restricts access to only IP addresses in a network source is:
allow group CorporateUsers to manage object-family in tenancy where request.networkSource.name='corpnet'
For information on creating network sources and using them in policy, see Managing Network Sources.
Object Storage IP Addresses
The Oracle Cloud Infrastructure Object Storage service uses the CIDR block IP range 184.108.40.206/17 for all regions.
Limits on Object Storage
See Service Limits for a list of applicable limits and instructions for requesting a limit increase.
Other limits include:
- Number of Object Storage namespaces per root compartment: 1
- Maximum object size: 10 TiB
- Maximum object part size in a multipart upload: 50 GiB
- Maximum number of parts in a multipart upload: 10,000
- Maximum object size allowed by PutObject API: 50 GiB
- Maximum size of object metadata: 2 K