Designating Compartments for the Amazon S3 Compatibility and Swift APIs

In the Oracle Cloud Infrastructure Object Storage service, a bucket is a container for storing objects in a compartment  within an Object Storage namespace. A bucket is associated with a single compartment and data is stored as objects in buckets.

In addition to the native Object Storage APIs, Object Storage provides API support for both Amazon S3 Compatibility API and Swift API. However these APIs don't understand the Oracle Cloud Infrastructure concept of a compartment. By default, buckets created using the Amazon S3 Compatibility API or the Swift API are created in the root compartment of the Oracle Cloud Infrastructure tenancy. Instead, you can designate a different compartment for the Amazon S3 Compatibility API or Swift API to create buckets in.

When you designate a different compartment to use for the Amazon S3 Compatibility API or Swift API, any new buckets you create using the Amazon S3 Compatibility API or the Swift API are created in this compartment. Buckets created earlier in a different compartment aren't automatically moved to the newly-designated compartment. See Object Storage Buckets to move buckets you created earlier to this compartment.

Required IAM Policy

To use Oracle Cloud Infrastructure, you must be granted security access in a policy  by an administrator. This access is required whether you're using the Console or the REST API with an SDK, CLI, or other tool. If you get a message that you don’t have permission or are unauthorized, verify with your administrator what type of access you have and which compartment  to work in.

Compartments have policies  that indicate what actions a user can perform on a bucket and all the objects in the bucket.

For administrators:

  • To change the default compartments for Amazon S3 Compatibility API and Swift API, a user must belong to a group with OBJECTSTORAGE_NAMESPACE_UPDATE permissions.
  • To see the current default compartments for Amazon S3 Compatibility API and Swift API, a user must belong to a group with OBJECTSTORAGE_NAMESPACE_READ permissions.
  • To move a bucket to a different compartment, a user must belong to a group with BUCKET_UPDATE and BUCKET_CREATE permissions in the source compartment, and BUCKET_CREATE permissions in the target compartment.

If you're new to policies, see Getting Started with Policies and Common Policies. To dig deeper into writing policies for buckets and objects, see Details for Object Storage, Archive Storage, and Data Transfer.