1. Articles
  2. Public Cloud Services
  3. Object Storage
  4. Getting Started

Articles in this section

Identity and Access Management on OVHcloud Object Storage

Avatar
Michael M.
  • Updated
Follow

Objective

The purpose of this guide is to show you how to manage your identities and access your S3 Object Storage resources.

Requirements

Instructions

Log in to the OVHcloud Control Panel, go to the Public Cloud section, and select the Public Cloud project concerned. Then click on Object Storage on the left-hand sidebar.

Creating a user

Navigate to the S3 users tab and click Add User.

access1.png

Type in the username you have chosen and then click Create. Once your user has been created, you will see the credentials:

access2.png

By clicking on the ... at the end of a user’s line, you can, among other things, download the Rclone configuration file, see the user’s secret key, and delete the user.

Manage access to a container via a profile

You can define access to your containers via pre-defined profiles.

Click on the ... at the end of your container line and then select Add a user to a container from the drop-down menu.

access3.png

Select the user to add to your container and click Next.

access4.png

Set access to your container for this user and click on Confirm.

access5.png

Manage access to an object via a profile

You can also set access to your objects via pre-defined profiles.

Click on the ... at the end of your object line and then select Add user to my object from the drop-down menu.

access6.png

Select the user and click Next.

access7.png

Select the access profile for this user and click Confirm.

access8.png

Advanced resource access management

You can refine your permissions by importing a JSON configuration file. To do this, go to the S3 Users tab.

access9.png

Click on the ... at the end of your user’s line, then Import S3 Policy (JSON).

If you want to change a user’s rights, you may need to download the JSON configuration file in advance by selecting Download S3 Policy (JSON).

Some examples of JSON configuration files:

Read/write access to a container and its objects

{"Statement":[{"Sid":"RWContainer","Effect":"Allow","Action":["s3:GetObject","s3:PutObject","s3:DeleteObject","s3:ListBucket","s3:ListMultipartUploadParts","s3:ListBucketMultipartUploads","s3:AbortMultipartUpload","s3:GetBucketLocation"],"Resource":["arn:aws:s3:::hp-bucket","arn:aws:s3:::hp-bucket/*"]}]}

Read-only access to a container and its objects

{"Statement":[{"Sid":"ROContainer","Effect":"Allow","Action":["s3:GetObject","s3:ListBucket","s3:ListMultipartUploadParts","s3:ListBucketMultipartUploads"],"Resource":["arn:aws:s3:::hp-bucket","arn:aws:s3:::hp-bucket/*"]}]}

Allow all operations on all project resources

{"Statement":[{"Sid":"FullAccess","Effect":"Allow","Action":["s3:*"],"Resource":["*"]}]}

Read/write access to all objects in a specific folder (/home/user2) in a specific container (companybucket)

{"Statement":[{"Sid":"RWContainer","Effect":"Allow","Action":["s3:GetObject","s3:PutObject","s3:DeleteObject","s3:ListBucket","s3:ListMultipartUploadParts","s3:ListBucketMultipartUploads","s3:AbortMultipartUpload","s3:GetBucketLocation"],"Resource":["arn:aws:s3:::companybucket","arn:aws:s3:::companybucket/home/user2/*"]}]}

List of supported actions

access10.png

Related articles