Getting started with the AWS CLI in Yandex Object Storage
The AWS CLI is one of the most popular Object Storage tools. In this section, you will learn how to use the service with the help of this tool. For guidelines on using the management console, see Getting started with Yandex Object Storage.
To get started with the AWS CLI:
- Prepare your cloud.
- Set up a service account.
- Install and configure the AWS CLI.
- Create a bucket.
- Upload an object to the bucket.
- Get a download link for the file.
Prepare your cloud
-
Go to the management console
and log in to Yandex Cloud or sign up if not signed up yet. -
On the Yandex Cloud Billing
page, make sure you have a billing account linked and it has theACTIVE
orTRIAL_ACTIVE
status. If you do not have a billing account, create one. -
On the Access bindings
page, make sure you have the following minimum roles:- To create a service account and get access keys for it: iam.serviceAccounts.admin for a folder. If you want to use an existing service account, the
iam.serviceAccounts.admin
role for that service account will be enough. - To assign a role to a service account: storage.admin for a bucket or folder.
If you have a primitive admin role for a folder, you do not need to assign any additional roles.
- To create a service account and get access keys for it: iam.serviceAccounts.admin for a folder. If you want to use an existing service account, the
Set up a service account
-
Create a service account:
-
Go to the management console
. -
On the left side of the screen, click the line with the name of the folder where you want to create a service account.
-
In the list of services, select Identity and Access Management.
-
Click Create service account.
-
Enter a name for the service account.
The name format requirements are as follows:
- The name must be from 3 to 63 characters long.
- It may contain lowercase Latin letters, numbers, and hyphens.
- The first character must be a letter and the last character cannot be a hyphen.
Make sure the service account name is unique within your cloud.
-
Click Create.
You can also use an existing service account.
For more information, see Creating a service account.
-
-
Assign a role, e.g., storage.editor, for a folder to a service account:
- In the management console
, select the cloud or folder. - Go to the Access bindings tab.
- Click Configure access.
- In the window that opens, select Service accounts.
- Select the required service account from the list or use the search.
- Click
Add role and select the role from the list or use the search bar. - Click Save.
For more information, see Assigning roles to a service account.
Note
A service account is only allowed to view a list of buckets in the folder it was created in.
A service account can perform actions with objects in buckets that are created in folders different from the service account folder. To enable this, assign the service account roles for the appropriate folder or its bucket.
- In the management console
-
Create a static access key
-
In the management console
, navigate to the folder the service account belongs to. -
In the list of services, select Identity and Access Management.
-
In the left-hand panel, select
Service accounts. -
In the list that opens, select the service account.
-
Click Create new key in the top panel.
-
Select Create static access key.
-
Specify the key description and click Create.
-
Save the ID and private key.
Alert
After you close the dialog, the private key value will become unavailable.
For more information, see Creating static access keys.
-
Install and configure the AWS CLI
-
Install the AWS CLI:
LinuxmacOSWindows-
In the terminal, run this command:
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" --output "awscliv2.zip" unzip awscliv2.zip sudo ./aws/install
-
After installation is complete, restart the terminal.
-
In the terminal, run this command:
curl "https://awscli.amazonaws.com/AWSCLIV2.pkg" --output "AWSCLIV2.pkg" sudo installer -pkg AWSCLIV2.pkg -target /
-
After installation is complete, restart the terminal.
- Download the AWS CLI installation file
. - Open the file and follow the installer's instructions.
For more information about installing the AWS CLI, see the AWS documentation
. -
-
Set up the AWS CLI:
AWS CLI-
To configure the AWS CLI, enter this command in the terminal:
aws configure
-
Enter the values for these parameters:
-
AWS Access Key ID
: Previously obtained static key ID. -
AWS Secret Access Key
: Previously obtained secret key. -
Default region name
:ru-central1
.To work with Object Storage, always specify
ru-central1
as the region. A different region value may lead to an authorization error.
Leave the other parameter values unchanged.
You can safely store an Object Storage static access key in Yandex Lockbox. For more information, see Using a Yandex Lockbox secret to store a static access key.
-
-
Set the Object Storage endpoint:
aws configure set endpoint_url https://storage.yandexcloud.net/
Examples of the resulting configuration files
-
~/.aws/config
:[default] region = ru-central1 endpoint_url = https://storage.yandexcloud.net/
-
~/.aws/credentials
:[default] aws_access_key_id = <static_key_ID> aws_secret_access_key = <secret_key>
-
-
For more information about setting up the AWS CLI, see the AWS documentation
Note
Give consideration to the special aspects of using the AWS CLI with Object Storage.
Create a bucket
In the terminal, run the command below stating the bucket name:
aws s3 mb s3://<bucket_name>
For more information, see Creating a bucket.
Upload an object to the bucket
To upload an object, run the command below stating the path to the local file you need to upload, bucket name, and the key you will use to store the object in the bucket:
aws s3 cp <local_file_path>/ s3://<bucket_name>/<object_key>
For more information, see Uploading an object.
Get a download link for the object
In the terminal, run the command below stating the bucket name, object key, and link lifetime in seconds:
aws s3 presign s3://<bucket_name>/<object_key> --expires-in <lifetime>
You can share the received link or use it in your service to access the file.
For more information, see Getting a download link.