Uploading an object
You can create folders within a bucket and upload objects to them. Keep in mind that in the SDK and HTTP API, an object key is the entire path to the object from the bucket root. For more information, see Objects.
Note
You can upload objects of up to 5 GB via the management console (see Quotas and limits in Object Storage). When uploading via the console, you cannot specify content-type
or other headers. To upload larger objects or specify object headers, use other tools.
You can use tools that support Object Storage and signed URLs to upload objects into a bucket.
Regular uploads
To work with objects in an encrypted bucket, a user or service account must have the following roles for the encryption key in addition to the storage.configurer
role:
kms.keys.encrypter
: To read the key, encrypt, and upload objects.kms.keys.decrypter
: To read the key, decrypt, and download objects.kms.keys.encrypterDecrypter
: Includes thekms.keys.encrypter
andkms.keys.decrypter
permissions.
For more information, see Key Management Service service roles.
- In the management console
, select Object Storage from the list of services and go to the bucket you want to upload your object to. - In the left-hand panel, select
Objects. - If you want to upload an object to the bucket for the first time, click Upload objects.
- If you want to upload the object to a specific folder, navigate to that folder by clicking its name. If you need to create a new folder, click Create folder.
- Within the folder you need, click
Upload on the top panel. - In the window that opens, select the files and click Open.
- The management console will display all the objects you selected for uploading and prompt you to select a storage class. The bucket configuration determines the default storage class.
- Click Upload.
- Refresh the page.
In the management console, the information about the number of objects and storage space used in the bucket is updated with a few minutes' delay.
If you do not have the Yandex Cloud CLI yet, install and initialize it.
The folder specified in the CLI profile is used by default. You can specify a different folder through the --folder-name
or --folder-id
parameter.
-
See the description of the CLI command for uploading a file to a bucket:
yc storage s3api put-object --help
-
Get a list of buckets in the default folder:
yc storage bucket list
Result:
+------------------+----------------------+-------------+-----------------------+---------------------+ | NAME | FOLDER ID | MAX SIZE | DEFAULT STORAGE CLASS | CREATED AT | +------------------+----------------------+-------------+-----------------------+---------------------+ | first-bucket | b1gmit33ngp6******** | 53687091200 | STANDARD | 2022-12-16 13:58:18 | +------------------+----------------------+-------------+-----------------------+---------------------+
-
Run this command:
yc storage s3api put-object \ --body <local_file_path> \ --bucket <bucket_name> \ --key <object_path>
Where:
--body
: Path to the file you need to upload to the bucket.--bucket
: Name of your bucket.--key
: Key to use for storing the object in the bucket.
Result:
etag: '"d41d8cd98f00b204e980099********"' request_id: 3f2705f********
-
If you do not have the AWS CLI yet, install and configure it.
-
To upload a single object, run this command:
aws --endpoint-url=https://storage.yandexcloud.net/ \ s3 cp <local_file_path> s3://<bucket_name>/<object_key>
Where:
--endpoint-url
: Object Storage endpoint.s3 cp
: Command to upload an object. To upload an object, in the first part of the command, provide the path to the local file you want to upload, and in the second part, the name of your bucket and the object storage key.
To load all objects from the local directory, use the following command:
aws --endpoint-url=https://storage.yandexcloud.net/ \ s3 cp --recursive <path_to_local_directory>/ s3://<bucket_name>/<prefix>/
Where:
--endpoint-url
: Object Storage endpoint.s3 cp --recursive
: Command to upload all objects stored in a local directory, including the nested ones. To upload objects, in the first part of the command, provide the path to the folder from which you want to copy the files to the bucket, and in the second part, the name of your bucket and storage folder ID.
aws s3 cp
is a high-level command providing limited features. For more information, see the AWS CLI reference
Note
Terraform uses a service account to interact with Object Storage. Assign to the service account the required role, e.g., storage.admin
, for the folder where you are going to create resources.
With Terraform
Terraform is distributed under the Business Source License
For more information about the provider resources, see the documentation on the Terraform
If you don't have Terraform, install it and configure the Yandex Cloud provider.
Before you start, retrieve the static access keys: a secret key and key ID used for Object Storage authentication.
To create an object in an existing bucket:
-
In the configuration file, define the parameters of the resources you want to create:
resource "yandex_iam_service_account" "sa" { name = "<service_account_name>" } // Assigning a role to a service account resource "yandex_resourcemanager_folder_iam_member" "sa-admin" { folder_id = "<folder_ID>" role = "storage.admin" member = "serviceAccount:${yandex_iam_service_account.sa.id}" } // Creating a static access key resource "yandex_iam_service_account_static_access_key" "sa-static-key" { service_account_id = yandex_iam_service_account.sa.id description = "static access key for object storage" } resource "yandex_storage_object" "test-object" { access_key = yandex_iam_service_account_static_access_key.sa-static-key.access_key secret_key = yandex_iam_service_account_static_access_key.sa-static-key.secret_key bucket = "<bucket_name>" key = "<object_name>" source = "<path_to_file>" }
Where:
-
access_key
: Static access key ID. -
secret_key
: Secret access key value. -
bucket
: Name of the bucket where to add the object. This is a required parameter. -
key
: Name of the object in the bucket. This is a required parameter. The name should match the following format:- It must be 2 to 63 characters long.
- It may contain lowercase Latin letters, numbers, and hyphens.
- It must start with a letter and cannot end with a hyphen.
-
source
: Relative or absolute path to the file you need to upload to the bucket.
For more information about the resources you can create with Terraform, see this provider reference
. -
-
Make sure the configuration files are correct.
-
In the command line, go to the directory where you created the configuration file.
-
Run a check using this command:
terraform plan
If you described the configuration correctly, the terminal will display a list of the resources being created and their parameters. If the configuration contains any errors, Terraform will point them out.
-
-
Deploy the cloud resources.
-
If the configuration does not contain any errors, run this command:
terraform apply
-
Confirm creating the resources: type
yes
in the terminal and press Enter.This will create all the resources you need in the specified folder. You can check the new resources and their settings using the management console
.
-
To upload an object, use the upload S3 API method.
Uploading an object version with an object lock
For a bucket with enabled versioning and object lock, you can define object lock settings (disable deleting or overwriting) when uploading an object version.
- In the management console
, select Object Storage from the list of services and go to the bucket you want to upload your object to. - In the left-hand panel, select
Objects. - If you want to upload an object to the bucket for the first time, click Upload objects.
- If you want to upload the object to a specific folder, navigate to that folder by clicking its name. If you want to create a new folder, click Create folder on the top panel.
- Within the folder you need, click
Upload on the top panel. - In the window that opens, select the files and click Open.
- The management console will display all the objects you selected for uploading and prompt you to select a storage class. The bucket configuration determines the default storage class.
- To configure locks for the objects you are uploading, select the lock type from the Object version lock drop-down list:
- Legal hold: Indefinitely prohibits deleting or overwriting the object version, while you still can upload new versions of the object. A user with the
storage.uploader
role can set and remove legal hold. There is no way to bypass this type of lock. When combined with retention, legal hold takes priority. - Retention: Prohibits deleting or overwriting the object version for a specified period of time, while you still can upload new versions of the object. A user with the
storage.uploader
role can set a retention period. When combined with legal hold, retention takes no priority.
- Legal hold: Indefinitely prohibits deleting or overwriting the object version, while you still can upload new versions of the object. A user with the
- If you selected Retention, specify Default lock type:
- Governance: User with the
storage.admin
role can bypass the lock, change its expiration date, or remove it. - Compliance: User with the
storage.admin
role can only extend the retention period. Such locks cannot be bypassed, shortened, or removed until they expire.
- Governance: User with the
- Specify Default lock period in days or years. It starts from the moment you upload the object version to the bucket.
- Click Upload and refresh the page.
In the management console, the information about the number of objects and storage space used in the bucket is updated with a few minutes' delay.
If you do not have the Yandex Cloud CLI yet, install and initialize it.
The folder specified in the CLI profile is used by default. You can specify a different folder through the --folder-name
or --folder-id
parameter.
-
See the description of the CLI command for uploading a file to a bucket:
yc storage s3api put-object --help
-
Get a list of buckets in the default folder:
yc storage bucket list
Result:
+------------------+----------------------+-------------+-----------------------+---------------------+ | NAME | FOLDER ID | MAX SIZE | DEFAULT STORAGE CLASS | CREATED AT | +------------------+----------------------+-------------+-----------------------+---------------------+ | first-bucket | b1gmit33ngp6******** | 53687091200 | STANDARD | 2022-12-16 13:58:18 | +------------------+----------------------+-------------+-----------------------+---------------------+
-
Run this command:
yc storage s3api put-object \ --body <local_file_path> \ --bucket <bucket_name> \ --key <object_key> \ --object-lock-mode <retention_type> \ --object-lock-retain-until-date <retention_end_date_and_time> \ --object-lock-legal-hold-status <legal_hold_status>
Where:
-
--body
: Path to the file you need to upload to the bucket. -
--bucket
: Name of your bucket. -
--key
: Key to use for storing the object in the bucket. -
--object-lock-mode
: Type of retention:GOVERNANCE
: Governance-mode retention.COMPLIANCE
: Compliance-mode retention.
-
--object-lock-retain-until-date
: Retention end date and time in any format described in the HTTP standard , e.g.,2025-01-02T15:04:05Z
. You can only specify it together with the--object-lock-mode
parameter. -
--object-lock-legal-hold-status
: Legal hold status:ON
: Enabled.OFF
: Disabled.
For an object version, you can use either retention (the
object-lock-mode
andobject-lock-retain-until-date
parameters), legal hold (object-lock-legal-hold-status
), or both. For more information about their combined use, see Object lock types.Result:
etag: '"d41d8cd98f00b204e9800998********"' request_id: e19afe50******** version_id: 0006241E********
-
-
If you do not have the AWS CLI yet, install and configure it.
-
Run this command:
aws --endpoint-url=https://storage.yandexcloud.net/ \ s3api put-object \ --body <local_file_path> \ --bucket <bucket_name> \ --key <object_key> \ --object-lock-mode <retention_type> \ --object-lock-retain-until-date <retention_end_date_and_time> \ --object-lock-legal-hold-status <legal_hold_status>
Where:
--endpoint-url
: Object Storage endpoint.s3api put-object
: Command to upload an object version. To upload object versions with an object lock, specify the following parameters:-
--body
: Path to the file you need to upload to the bucket. -
--bucket
: Name of your bucket. -
--key
: Key to use for storing the object in the bucket. -
--object-lock-mode
: Type of retention:GOVERNANCE
: Governance-mode retention.COMPLIANCE
: Compliance-mode retention.
-
--object-lock-retain-until-date
: Retention end date and time in any format described in the HTTP standard , e.g.,Mon, 12 Dec 2022 09:00:00 GMT
. You can only specify it together with the--object-lock-mode
parameter. -
--object-lock-legal-hold-status
: Legal hold status:ON
: Enabled.OFF
: Disabled.
-
For an object version, you can use either retention (the
object-lock-mode
andobject-lock-retain-until-date
parameters), legal hold (object-lock-legal-hold-status
), or both. For more information about their combined use, see Object lock types.
To upload an object version with a lock, use the upload S3 API method with the X-Amz-Object-Lock-Mode
and X-Amz-Object-Lock-Retain-Until-Date
headers to apply a retention period and X-Amz-Object-Lock-Legal-Hold
to put a legal hold.
If your bucket already has default retention periods configured, specify the relevant MD5 hash
If you do not have the Yandex Cloud CLI yet, install and initialize it.
The folder specified in the CLI profile is used by default. You can specify a different folder through the --folder-name
or --folder-id
parameter.
-
Determine the file’s MD5 hash and encode it with Base64
:md5=($(md5sum <local_file_path>)) md5_base64=$(echo $md5 | base64)
-
See the description of the CLI command for uploading a file to a bucket:
yc storage s3api put-object --help
-
Get a list of buckets in the default folder:
yc storage bucket list
Result:
+------------------+----------------------+-------------+-----------------------+---------------------+ | NAME | FOLDER ID | MAX SIZE | DEFAULT STORAGE CLASS | CREATED AT | +------------------+----------------------+-------------+-----------------------+---------------------+ | first-bucket | b1gmit33ngp6******** | 53687091200 | STANDARD | 2022-12-16 13:58:18 | +------------------+----------------------+-------------+-----------------------+---------------------+
-
Upload an object to the bucket:
yc storage s3api put-object \ --body <local_file_path> \ --bucket <bucket_name> \ --key <object_key> \ --content-md5 $md5_base64
Where:
--body
: Path to the file you need to upload to the bucket.--bucket
: Name of your bucket.--key
: Key to use for storing the object in the bucket.--content-md5
: Object's encoded MD5 hash.
You can also add the following parameters to the command:
--object-lock-mode
and--object-lock-retain-until-date
to set a retention period for an object version that overrides the bucket's default retention settings.--object-lock-legal-hold-status
to set a legal hold on an object version.
For more information about these parameters, see the steps above.
-
Determine the file’s MD5 hash and encode it with Base64
:md5=($(md5sum <local_file_path>)) md5_base64=$(echo $md5 | base64)
-
If you do not have the AWS CLI yet, install and configure it.
-
Upload an object to the bucket:
aws --endpoint-url=https://storage.yandexcloud.net/ \ s3api put-object \ --body <local_file_path> \ --bucket <bucket_name> \ --key <object_key> \ --content-md5 $md5_base64
Where:
--endpoint-url
: Object Storage endpoint.s3api put-object
: Command to upload an object version. To upload object versions, specify the following parameters:--body
: Path to the file you need to upload to the bucket.--bucket
: Name of your bucket.--key
: Key to use for storing the object in the bucket.--content-md5
: Object's encoded MD5 hash.
You can also add the following parameters to the command:
--object-lock-mode
and--object-lock-retain-until-date
to set a retention period for an object version that overrides the bucket's default retention settings.--object-lock-legal-hold-status
to set a legal hold on an object version.
For more information about these parameters, see the steps above.
To upload an object version with a default retention period, use the upload S3 API method with the Content-MD5
header.