Contact UsGet started

Uploading an object

Written by
Improved by
Updated at February 21, 2025

You can create folders within a bucket and upload objects to them. Keep in mind that in the SDK and HTTP API, an object key is the entire path to the object from the bucket root. For more information, see Objects.

Note

You can upload objects of up to 5 GB via the management console (see Quotas and limits in Object Storage). When uploading via the console, you cannot specify content-type or other headers. To upload larger objects or specify object headers, use other tools.

You can use tools that support Object Storage and signed URLs to upload objects into a bucket.

Regular uploads

To work with objects in an encrypted bucket, a user or service account must have the following roles for the encryption key in addition to the storage.configurer role:

  • kms.keys.encrypter: To read the key, encrypt, and upload objects.
  • kms.keys.decrypter: To read the key, decrypt, and download objects.
  • kms.keys.encrypterDecrypter: Includes the kms.keys.encrypter and kms.keys.decrypter permissions.

For more information, see Key Management Service service roles.

  1. In the management console, select Object Storage from the list of services and go to the bucket you want to upload your object to.
  2. In the left-hand panel, select Objects.
  3. If you want to upload an object to the bucket for the first time, click Upload objects.
  4. If you want to upload the object to a specific folder, navigate to that folder by clicking its name. If you need to create a new folder, click Create folder.
  5. Within the folder you need, click Upload on the top panel.
  6. In the window that opens, select the files and click Open.
  7. The management console will display all the objects you selected for uploading and prompt you to select a storage class. The bucket configuration determines the default storage class.
  8. Click Upload.
  9. Refresh the page.

In the management console, the information about the number of objects and storage space used in the bucket is updated with a few minutes' delay.

If you do not have the Yandex Cloud CLI yet, install and initialize it.

The folder specified in the CLI profile is used by default. You can specify a different folder through the --folder-name or --folder-id parameter.

  1. See the description of the CLI command for uploading a file to a bucket:

    yc storage s3api put-object --help

  2. Get a list of buckets in the default folder:

    yc storage bucket list

    Result:

    +------------------+----------------------+-------------+-----------------------+---------------------+
|       NAME       |      FOLDER ID       |  MAX SIZE   | DEFAULT STORAGE CLASS |     CREATED AT      |
+------------------+----------------------+-------------+-----------------------+---------------------+
| first-bucket     | b1gmit33ngp6******** | 53687091200 | STANDARD              | 2022-12-16 13:58:18 |
+------------------+----------------------+-------------+-----------------------+---------------------+

  3. Run this command:

    yc storage s3api put-object \
  --body <local_file_path> \
  --bucket <bucket_name> \
  --key <object_path>

    Where:

    • --body: Path to the file you need to upload to the bucket.
    • --bucket: Name of your bucket.
    • --key: Key to use for storing the object in the bucket.

    Result:

    etag: '"d41d8cd98f00b204e980099********"'
request_id: 3f2705f********

  1. If you do not have the AWS CLI yet, install and configure it.

  2. To upload a single object, run this command:

    aws --endpoint-url=https://storage.yandexcloud.net/ \
  s3 cp <local_file_path> s3://<bucket_name>/<object_key>

    Where:

    • --endpoint-url: Object Storage endpoint.
    • s3 cp: Command to upload an object. To upload an object, in the first part of the command, provide the path to the local file you want to upload, and in the second part, the name of your bucket and the object storage key.

    To load all objects from the local directory, use the following command:

    aws --endpoint-url=https://storage.yandexcloud.net/ \
  s3 cp --recursive <path_to_local_directory>/ s3://<bucket_name>/<prefix>/

    Where:

    • --endpoint-url: Object Storage endpoint.
    • s3 cp --recursive: Command to upload all objects stored in a local directory, including the nested ones. To upload objects, in the first part of the command, provide the path to the folder from which you want to copy the files to the bucket, and in the second part, the name of your bucket and storage folder ID.

aws s3 cp is a high-level command providing limited features. For more information, see the AWS CLI reference. All upload features Object Storage supports can be used when running the aws s3api put-object command (see examples of using object locks below).

Note

Terraform uses a service account to interact with Object Storage. Assign to the service account the required role, e.g., storage.admin, for the folder where you are going to create resources.

With Terraform, you can quickly create a cloud infrastructure in Yandex Cloud and manage it using configuration files. These files store the infrastructure description written in HashiCorp Configuration Language (HCL). If you change the configuration files, Terraform automatically detects which part of your configuration is already deployed, and what should be added or removed.

Terraform is distributed under the Business Source License. The Yandex Cloud provider for Terraform is distributed under the MPL-2.0 license.

For more information about the provider resources, see the documentation on the Terraform website or mirror website.

If you don't have Terraform, install it and configure the Yandex Cloud provider.

Before you start, retrieve the static access keys: a secret key and key ID used for Object Storage authentication.

To create an object in an existing bucket:

  1. In the configuration file, define the parameters of the resources you want to create:

    resource "yandex_iam_service_account" "sa" {
  name = "<service_account_name>"
}

// Assigning a role to a service account
resource "yandex_resourcemanager_folder_iam_member" "sa-admin" {
  folder_id = "<folder_ID>"
  role      = "storage.admin"
  member    = "serviceAccount:${yandex_iam_service_account.sa.id}"
}

// Creating a static access key
resource "yandex_iam_service_account_static_access_key" "sa-static-key" {
  service_account_id = yandex_iam_service_account.sa.id
  description        = "static access key for object storage"
}

resource "yandex_storage_object" "test-object" {
  access_key = yandex_iam_service_account_static_access_key.sa-static-key.access_key
  secret_key = yandex_iam_service_account_static_access_key.sa-static-key.secret_key
  bucket     = "<bucket_name>"
  key        = "<object_name>"
  source     = "<path_to_file>"
}

    Where:

    • access_key: Static access key ID.

    • secret_key: Secret access key value.

    • bucket: Name of the bucket where to add the object. This is a required parameter.

    • key: Name of the object in the bucket. This is a required parameter. The name should match the following format:

      • It must be 2 to 63 characters long.
      • It may contain lowercase Latin letters, numbers, and hyphens.
      • It must start with a letter and cannot end with a hyphen.

    • source: Relative or absolute path to the file you need to upload to the bucket.

    For more information about the resources you can create with Terraform, see this provider reference.

  2. Make sure the configuration files are correct.

    1. In the command line, go to the directory where you created the configuration file.

    2. Run a check using this command:

      terraform plan

    If you described the configuration correctly, the terminal will display a list of the resources being created and their parameters. If the configuration contains any errors, Terraform will point them out.

  3. Deploy the cloud resources.

    1. If the configuration does not contain any errors, run this command:

      terraform apply

    2. Confirm creating the resources: type yes in the terminal and press Enter.

      This will create all the resources you need in the specified folder. You can check the new resources and their settings using the management console.

To upload an object, use the upload S3 API method.

Uploading an object version with an object lock

For a bucket with enabled versioning and object lock, you can define object lock settings (disable deleting or overwriting) when uploading an object version.

  1. In the management console, select Object Storage from the list of services and go to the bucket you want to upload your object to.
  2. In the left-hand panel, select Objects.
  3. If you want to upload an object to the bucket for the first time, click Upload objects.
  4. If you want to upload the object to a specific folder, navigate to that folder by clicking its name. If you want to create a new folder, click Create folder on the top panel.
  5. Within the folder you need, click Upload on the top panel.
  6. In the window that opens, select the files and click Open.
  7. The management console will display all the objects you selected for uploading and prompt you to select a storage class. The bucket configuration determines the default storage class.
  8. To configure locks for the objects you are uploading, select the lock type from the Object version lock drop-down list:
    • Legal hold: Indefinitely prohibits deleting or overwriting the object version, while you still can upload new versions of the object. A user with the storage.uploader role can set and remove legal hold. There is no way to bypass this type of lock. When combined with retention, legal hold takes priority.
    • Retention: Prohibits deleting or overwriting the object version for a specified period of time, while you still can upload new versions of the object. A user with the storage.uploader role can set a retention period. When combined with legal hold, retention takes no priority.
  9. If you selected Retention, specify Default lock type:
    • Governance: User with the storage.admin role can bypass the lock, change its expiration date, or remove it.
    • Compliance: User with the storage.admin role can only extend the retention period. Such locks cannot be bypassed, shortened, or removed until they expire.
  10. Specify Default lock period in days or years. It starts from the moment you upload the object version to the bucket.
  11. Click Upload and refresh the page.

In the management console, the information about the number of objects and storage space used in the bucket is updated with a few minutes' delay.

If you do not have the Yandex Cloud CLI yet, install and initialize it.

The folder specified in the CLI profile is used by default. You can specify a different folder through the --folder-name or --folder-id parameter.

  1. See the description of the CLI command for uploading a file to a bucket:

    yc storage s3api put-object --help

  2. Get a list of buckets in the default folder:

    yc storage bucket list

    Result:

    +------------------+----------------------+-------------+-----------------------+---------------------+
|       NAME       |      FOLDER ID       |  MAX SIZE   | DEFAULT STORAGE CLASS |     CREATED AT      |
+------------------+----------------------+-------------+-----------------------+---------------------+
| first-bucket     | b1gmit33ngp6******** | 53687091200 | STANDARD              | 2022-12-16 13:58:18 |
+------------------+----------------------+-------------+-----------------------+---------------------+

  3. Run this command:

    yc storage s3api put-object \
 --body <local_file_path> \
 --bucket <bucket_name> \
 --key <object_key> \
 --object-lock-mode <retention_type> \
 --object-lock-retain-until-date <retention_end_date_and_time> \
 --object-lock-legal-hold-status <legal_hold_status>

    Where:

    • --body: Path to the file you need to upload to the bucket.

    • --bucket: Name of your bucket.

    • --key: Key to use for storing the object in the bucket.

    • --object-lock-mode: Type of retention:

      • GOVERNANCE: Governance-mode retention.
      • COMPLIANCE: Compliance-mode retention.

    • --object-lock-retain-until-date: Retention end date and time in any format described in the HTTP standard, e.g., 2025-01-02T15:04:05Z. You can only specify it together with the --object-lock-mode parameter.

    • --object-lock-legal-hold-status: Legal hold status:

      • ON: Enabled.
      • OFF: Disabled.

    For an object version, you can use either retention (the object-lock-mode and object-lock-retain-until-date parameters), legal hold (object-lock-legal-hold-status), or both. For more information about their combined use, see Object lock types.

    Result:

    etag: '"d41d8cd98f00b204e9800998********"'
request_id: e19afe50********
version_id: 0006241E********

  1. If you do not have the AWS CLI yet, install and configure it.

  2. Run this command:

    aws --endpoint-url=https://storage.yandexcloud.net/ \
  s3api put-object \
  --body <local_file_path> \
  --bucket <bucket_name> \
  --key <object_key> \
  --object-lock-mode <retention_type> \
  --object-lock-retain-until-date <retention_end_date_and_time> \
  --object-lock-legal-hold-status <legal_hold_status>

    Where:

    • --endpoint-url: Object Storage endpoint.
    • s3api put-object: Command to upload an object version. To upload object versions with an object lock, specify the following parameters:

      • --body: Path to the file you need to upload to the bucket.

      • --bucket: Name of your bucket.

      • --key: Key to use for storing the object in the bucket.

      • --object-lock-mode: Type of retention:

        • GOVERNANCE: Governance-mode retention.
        • COMPLIANCE: Compliance-mode retention.

      • --object-lock-retain-until-date: Retention end date and time in any format described in the HTTP standard, e.g., Mon, 12 Dec 2022 09:00:00 GMT. You can only specify it together with the --object-lock-mode parameter.

      • --object-lock-legal-hold-status: Legal hold status:

        • ON: Enabled.
        • OFF: Disabled.

    For an object version, you can use either retention (the object-lock-mode and object-lock-retain-until-date parameters), legal hold (object-lock-legal-hold-status), or both. For more information about their combined use, see Object lock types.

To upload an object version with a lock, use the upload S3 API method with the X-Amz-Object-Lock-Mode and X-Amz-Object-Lock-Retain-Until-Date headers to apply a retention period and X-Amz-Object-Lock-Legal-Hold to put a legal hold.

If your bucket already has default retention periods configured, specify the relevant MD5 hash for any object you upload to the bucket:

If you do not have the Yandex Cloud CLI yet, install and initialize it.

The folder specified in the CLI profile is used by default. You can specify a different folder through the --folder-name or --folder-id parameter.

  1. Determine the file’s MD5 hash and encode it with Base64:

    md5=($(md5sum <local_file_path>))
md5_base64=$(echo $md5 | base64)

  2. See the description of the CLI command for uploading a file to a bucket:

    yc storage s3api put-object --help

  3. Get a list of buckets in the default folder:

    yc storage bucket list

    Result:

    +------------------+----------------------+-------------+-----------------------+---------------------+
|       NAME       |      FOLDER ID       |  MAX SIZE   | DEFAULT STORAGE CLASS |     CREATED AT      |
+------------------+----------------------+-------------+-----------------------+---------------------+
| first-bucket     | b1gmit33ngp6******** | 53687091200 | STANDARD              | 2022-12-16 13:58:18 |
+------------------+----------------------+-------------+-----------------------+---------------------+

  4. Upload an object to the bucket:

     yc storage s3api put-object \
  --body <local_file_path> \
  --bucket <bucket_name> \
  --key <object_key> \
  --content-md5 $md5_base64

    Where:

    • --body: Path to the file you need to upload to the bucket.
    • --bucket: Name of your bucket.
    • --key: Key to use for storing the object in the bucket.
    • --content-md5: Object's encoded MD5 hash.

    You can also add the following parameters to the command:

    • --object-lock-mode and --object-lock-retain-until-date to set a retention period for an object version that overrides the bucket's default retention settings.
    • --object-lock-legal-hold-status to set a legal hold on an object version.

    For more information about these parameters, see the steps above.

  1. Determine the file’s MD5 hash and encode it with Base64:

    md5=($(md5sum <local_file_path>))
md5_base64=$(echo $md5 | base64)

  2. If you do not have the AWS CLI yet, install and configure it.

  3. Upload an object to the bucket:

    aws --endpoint-url=https://storage.yandexcloud.net/ \
  s3api put-object \
  --body <local_file_path> \
  --bucket <bucket_name> \
  --key <object_key> \
  --content-md5 $md5_base64

    Where:

    • --endpoint-url: Object Storage endpoint.
    • s3api put-object: Command to upload an object version. To upload object versions, specify the following parameters:
      • --body: Path to the file you need to upload to the bucket.
      • --bucket: Name of your bucket.
      • --key: Key to use for storing the object in the bucket.
      • --content-md5: Object's encoded MD5 hash.

    You can also add the following parameters to the command:

    • --object-lock-mode and --object-lock-retain-until-date to set a retention period for an object version that overrides the bucket's default retention settings.
    • --object-lock-legal-hold-status to set a legal hold on an object version.

    For more information about these parameters, see the steps above.

To upload an object version with a default retention period, use the upload S3 API method with the Content-MD5 header.

See also

Previous
Viewing bucket metrics
Next
Getting information about an object