Oracle Cloud Infrastructure Documentation

Designating Compartments for the Amazon S3 Compatibility and Swift APIs

In the Oracle Cloud Infrastructure Object Storage service, a bucket is a container for storing objects in a A collection of related resources that can be accessed only by certain groups that have been given permission by an administrator in your organization. within an Object Storage namespace. A bucket is associated with a single compartment and data is stored as objects in buckets.

In addition to the native Object Storage APIs, Object Storage provides API support for both Amazon S3 Compatibility API and Swift API. However these APIs do not understand the Oracle Cloud Infrastructure concept of a compartment. By default, buckets created using the Amazon S3 Compatibility API or the Swift API are created in the root compartment of the Oracle Cloud Infrastructure tenancy. Instead, you can designate a different compartment for the Amazon S3 Compatibility API or Swift API to create buckets in.

When you designate a different compartment to use for the Amazon S3 Compatibility API or Swift API, any new buckets you create using the Amazon S3 Compatibility API or the Swift API are created in this newly designated compartment. Buckets previously created in a different compartment are not automatically moved to the newly designated compartment. See Managing Buckets if you want to move previously created buckets to this newly designated compartment.

Required IAM Policy

To use Oracle Cloud Infrastructure, you must be given the required type of access in a An IAM document that specifies who has what type of access to your resources. It is used in different ways: to mean an individual statement written in the policy language; to mean a collection of statements in a single, named "policy" document (which has an Oracle Cloud ID (OCID) assigned to it); and to mean the overall body of policies your organization uses to control access to resources. written by an administrator, whether you're using the Console or the REST API with an SDK, CLI, or other tool. If you try to perform an action and get a message that you don’t have permission or are unauthorized, confirm with your administrator the type of access you've been granted and which A collection of related resources that can be accessed only by certain groups that have been given permission by an administrator in your organization. you should work in.

Compartments have An IAM document that specifies who has what type of access to your resources. It is used in different ways: to mean an individual statement written in the policy language; to mean a collection of statements in a single, named "policy" document (which has an Oracle Cloud ID (OCID) assigned to it); and to mean the overall body of policies your organization uses to control access to resources. that indicate what actions a user can perform on a bucket and all the objects in the bucket.

For administrators:

  • To change the default compartments for Amazon S3 Compatibility API and Swift API, a user must belong to a group with NAMESPACE_UPDATE permissions.
  • To see the current default compartments for Amazon S3 Compatibility API and Swift API, a user must belong to a group with NAMESPACE_READ permissions.
  • To move a bucket to a different compartment, a user must belong to a group with BUCKET_UPDATE and BUCKET_CREATE permissions in the source compartment, and BUCKET_CREATE permissions in the target compartment.

If you're new to policies, see Getting Started with Policies and Common Policies. If you want to dig deeper into writing policies for buckets and objects, see Details for Object Storage, Archive Storage, and Data Transfer.

Viewing and Specifying Designated Compartments

You can view the current default compartment designations for Amazon S3 Compatibility API and Swift API data. If your permissions allow, you can also change the Amazon S3 Compatibility API and Swift API compartment designations.

Designated compartment names:

  • Must be unique across all the compartments in your tenancy.
  • Can be from 1 to 100 characters in length.
  • Must not contain confidential information.
  • Valid are letters (upper or lower case), numbers, hyphens, and underscore.

Using the Console

To view your Amazon S3 Compatibility API and Swift API compartment designations
To edit your tenancy's Amazon S3 Compatibility API and Swift API compartment designations

Using the Command Line Interface (CLI)

For information about using the CLI, see Command Line Interface (CLI). For a complete list of flags and options available for CLI commands, see CLI Help.

To get your tenancy's Amazon S3 Compatibility API and Swift API compartment designations
To update your tenancy's Amazon S3 Compatibility API compartment designation
To update your tenancy's Swift API compartment designations

Using the API

For information about using the API and signing requests, see REST APIs and Security Credentials. For information about SDKs, see Software Development Kits and Command Line Interface.

Use the following operation to get your default Amazon S3 Compatibility API and Swift API compartment designations, and change those compartment designations: