FAQ about Object Storage

What is Yandex Object Storage?What is Yandex Object Storage?

Yandex Object Storage is a universal scalable solution for data storage. It is equally effective for high-load services requiring reliable and fast access to data as well as for projects that do not need any complex storage infrastructure.

What can I do with Yandex Object Storage?What can I do with Yandex Object Storage?

With Object Storage, you can:

• Store your project (website or server app) files in Object Storage with public or private access to them. The files can be of any format.
• Store large archive data (up to 5 TB per file) and make them available based on access permissions.
• Enable shared work with data inside a distributed organization.
• Make your data accessible from anywhere in the world where there is internet.

How do I get started with Yandex Object Storage?How do I get started with Yandex Object Storage?

To get started with Object Storage:

1. Sign up for Yandex Cloud.
2. Create a folder.
   At this step, you can already use Object Storage via the Yandex Cloud management console. You can create and delete buckets, as well as upload objects to and download them from buckets.
3. Get static keys to use the Object Storage HTTP API or ready-made SDKs and apps.

You can find a more detailed guide in Getting started with Yandex Object Storage and How to use the S3 API.

What data formats can I store?What data formats can I store?

You can store data in any format. Yandex Object Storage saves data in its original form without any modification.

How can I leave feedback on Yandex Object Storage?How can I leave feedback on Yandex Object Storage?

Use the feedback form in the support center.

How do I contact support? {qa-support-channels}How do I contact support?

You can contact technical support from the management console in the Support section.

How much data can I store?How much data can I store?

See Quotas and limits in Object Storage.

How can I delete multiple objects at a time?How can I delete multiple objects at a time?

You can delete multiple objects via the Yandex Cloud management console or the API using the deleteMultipleObjects method.

A service account cannot access a bucket, why is that?A service account cannot access a bucket, why is that?

Make sure the service account has the role that allows accessing the bucket.

If encryption is enabled for the bucket, assign the service account the kms.keys.encrypterDecrypter role for the KMS key used to encrypt the bucket. You can do this, for example, using the following CLI command:

yc kms symmetric-key add-access-binding \
  --id <key_ID> \
  --service-account-id <service_account_ID> \
  --role kms.keys.encrypterDecrypter

Where:

• --id: KMS key ID.
• --service-account-id: Service account ID.

What does Yandex Cloud do with the data I store in Yandex Object Storage?What does Yandex Cloud do with the data I store in Yandex Object Storage?

The data is saved in the original form as transmitted by the user.

Does Yandex use Object Storage to store its own data?Does Yandex use Object Storage to store its own data?

Yes. Object Storage is used in the Yandex infrastructure. A number of Yandex services store their websites' static data in Object Storage.

What data consistency model does Yandex Object Storage use?What data consistency model does Yandex Object Storage use?

For overwritable (PUT) and removable (DELETE) objects, the strong consistency model is used.

What AWS S3 features does Yandex Object Storage support?What AWS S3 features does Yandex Object Storage support?

Object Storage supports:

• Authorization using static tokens.
• Some HTTP API methods. For a full list of supported methods, see the API reference.

Where is my data stored?Where is my data stored?

Data is stored in several geographically distributed data centers located in Russia. For more information, see Availability zones.

How is my data protected in Yandex Object Storage?How is my data protected in Yandex Object Storage?

Physical media are located in Yandex Cloud data centers, which are high-security facilities.

Data is stored in an encrypted format and none of those who have access to the physical media can read the data.

By default, the storage is accessed via HTTPS.

How do you guarantee the performance of Yandex Object Storage?How do you guarantee the performance of Yandex Object Storage?

Object Storage has internal SLAs and SLOs that guarantee a specific speed of sending data to the customer, which, among other things, depend on the storage class.

The Object Storage response time depends on multiple factors:

• Client-side performance (network speed, CPU load, or disk subsystem load).
• Speed of trunks, connections between data centers, or client-server connections.
• Performance of Object Storage itself.

This is why we cannot specify a particular response time value. However, we keep track of spikes in the response time and dips in the speed of sending data, and strive to improve the Object Storage performance.

Does the service meet the requirements under Russian Federation Federal Law No. 152-FZ on Personal Data?Does the service meet the requirements under Russian Federation Federal Law No. 152-FZ on Personal Data?

Yes, it does. You can read the full security audit conclusion.

Can I get logs of my operations with services?Can I get logs of my operations with services?

Yes, you can request information about operations with your resources from Yandex Cloud logs. For more information, see Data requests.

How do I add my own domain to an Object Storage bucket?How do I add my own domain to an Object Storage bucket?

To add your domain to a bucket:

1. Create a bucket with the same name as your domain.

2. Configure the bucket as hosting.

3. On your DNS server, create a CNAME record to link your domain to the bucket.

4. (Optional) Add your own certificate to Certificate Manager or issue a free-of-charge Let's Encrypt certificate.

5. Configure HTTPS by linking a Certificate Manager certificate to your bucket or uploading your own.

Once you successfully complete all the steps, you will have access to objects via links in <domain_name>/<object_key> format.

Why did I lose access to the bucket after creating/updating a bucket policy?Why did I lose access to the bucket after creating/updating a bucket policy?

The possible causes include:

• Bucket policies treat objects within a bucket and the bucket itself as different resources. For a bucket policy rule to apply both to the bucket and the objects in it, specify them as separate resources, e.g., samplebucket and samplebucket/*.

• If a bucket policy with no rules is applied to the bucket, access is denied to all users. To disable request verification for a bucket policy, delete it.

• If a Hive Metastore or Yandex Managed Service for Apache Airflow™ cluster uses a bucket with the bucket policy configured, the cluster cannot write data to or read data from that bucket without a service account with the appropriate role. For more information, see these guides for Metastore and Managed Service for Apache Airflow™.

How do I get access to Object Storage from a Virtual Private Cloud cloud network?How do I get access to Object Storage from a Virtual Private Cloud cloud network?

For resources hosted in a VPC cloud network and having neither public IP address nor access to the internet, you can set up a connection to Object Storage via an API endpoint. The FQDN of the endpoint will be translated to a public IP address using DNS.