Contact UsGet started

Getting started with the AWS CLI in Yandex Object Storage

Written by
Improved by
Updated at April 22, 2025

The AWS CLI is one of the most popular tools for working with Object Storage. In this section, you will learn how to use the service with the help of this tool. For guidelines on using the management console, see Getting started with Yandex Object Storage.

To get started with the AWS CLI:

  1. Get your cloud ready.
  2. Set up a service account.
  3. Install and configure the AWS CLI.
  4. Create a bucket.
  5. Upload an object to the bucket.
  6. Get a download link for the file.

Get your cloud ready

  1. Go to the management console and log in to Yandex Cloud or sign up if not signed up yet.

  2. On the Yandex Cloud Billing page, make sure you have a billing account linked and its status is ACTIVE or TRIAL_ACTIVE. If you do not have a billing account, create one.

  3. Assign these minimum roles to your Yandex Cloud account:

    If you have a primitive admin role for a folder, you do not need to assign any additional roles.

    Note

    If you are unable to manage roles, contact your cloud or organization administrator.

Set up a service account

  1. Create a service account:

    1. Go to the management console.

    2. On the left side of the screen, click the line with the name of the folder where you want to create a service account.

    3. In the list of services, select Identity and Access Management.

    4. Click Create service account.

    5. Enter a name for the service account.

      The name format requirements are as follows:

      • It must be from 2 to 63 characters long.
      • It may contain lowercase Latin letters, numbers, and hyphens.
      • It must start with a letter and cannot end with a hyphen.

      Make sure the service account name is unique within your cloud.

    6. Click Create.

    You can also use an existing service account.

    For more information, see Creating a service account.

  2. Assign a role, e.g., storage.editor, for a folder to a service account:

    1. In the management console, select the cloud or folder.
    2. Navigate to the Access bindings tab.
    3. Click Configure access.
    4. In the window that opens, select Service accounts.
    5. Select the service account from the list or use the search bar.
    6. Click Add role and select the role from the list or use the search bar.
    7. Click Save.

    For more information, see Assigning roles to a service account.

    Note

    A service account is only allowed to view a list of buckets in the folder it was created in.

    A service account can perform actions with objects in buckets that are created in folders different from the service account folder. To enable this, assign the service account roles for the appropriate folder or its bucket.

  3. Create a static access key

    1. In the management console, navigate to the folder the service account belongs to.

    2. From the list of services, select Identity and Access Management.

    3. In the left-hand panel, select Service accounts.

    4. In the list that opens, select the service account you need.

    5. Click Create new key in the top panel.

    6. Select Create static access key.

    7. Specify the key description and click Create.

    8. Save the ID and secret key.

      Alert

      After you close this dialog, the key value will not be shown again.

    For more information, see Creating a static access key.

Install and configure the AWS CLI

  1. Install the AWS CLI:

    1. In the terminal, run this command:

      curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" --output "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install

    2. After installation is complete, restart the terminal.

    1. In the terminal, run this command:

      curl "https://awscli.amazonaws.com/AWSCLIV2.pkg" --output "AWSCLIV2.pkg"
sudo installer -pkg AWSCLIV2.pkg -target /

    2. After installation is complete, restart the terminal.

    1. Download the AWS CLI installation file.
    2. Open the file and follow the installer's instructions.

    For more information about installing the AWS CLI, see the AWS documentation.

  2. Configure the AWS CLI:

    1. To configure the AWS CLI, enter this command in the terminal:

      aws configure

    2. Enter the values for these parameters:

      • AWS Access Key ID: Previously obtained static key ID.

      • AWS Secret Access Key: Previously obtained secret key.

      • Default region name: ru-central1.

        To work with Object Storage, always specify the ru-central1. A different region value may lead to an authorization error.

      Leave the other parameters unchanged.

      You can use Yandex Lockbox to safely store the static key for access to Object Storage. For more information, see Using a Yandex Lockbox secret to store a static access key.

    3. Set the Object Storage endpoint:

      aws configure set endpoint_url https://storage.yandexcloud.net/
      Examples of final configuration files

      • ~/.aws/config:

        [default]
region = ru-central1
endpoint_url = https://storage.yandexcloud.net/

      • ~/.aws/credentials:

        [default]
aws_access_key_id = <static_key_ID>
aws_secret_access_key = <secret_key>

For more information about setting up the AWS CLI, see the AWS documentation.

Note

Take note of the AWS CLI features when used with Object Storage.

Create a bucket

In the terminal, run the command below stating the bucket name:

aws s3 mb s3://<bucket_name>

For more information, see Creating a bucket.

Upload an object to the bucket

To upload an object, run the command below stating the path to the local file you need to upload, bucket name, and the key you will use to store the object in the bucket:

aws s3 cp <local_file_path>/ s3://<bucket_name>/<object_key>

For more information, see Uploading an object.

In the terminal, run the command below stating the bucket name, object key, and link lifetime in seconds:

aws s3 presign s3://<bucket_name>/<object_key> --expires-in <lifetime>

You can share the obtained link or use it in your service to access the file.

For more information, see Getting a download link.

Previous
Getting started with Object Storage
Next
All tutorials