Contact UsGet started

rclone

Written by
Improved by
Updated at May 14, 2025

rclone is a tool for mounting Object Storage buckets using FUSE on Linux, macOS, and Windows platforms.

In this tutorial, you will use rclone to set up data synchronization between an Yandex Object Storage bucket and your local desktop. You will mount the bucket as a disk in Windows.

Note

This section describes how to connect a bucket in Windows. When connecting with other OSs, see this rclone guide. For rclone configuring and bucket mounting, the steps are identical to those for Windows.

To mount your bucket as a disk:

  1. Get your cloud ready.
  2. Set up the runtime environment.
  3. Create a service account.
  4. Create a static access key.
  5. Create a bucket.
  6. Set up a connection to Object Storage.
  7. Mount the bucket.
  8. Set up the mounting service.

If you no longer need the resources you created, delete them.

Getting started

Sign up in Yandex Cloud and create a billing account:

  1. Navigate to the management console and log in to Yandex Cloud or register a new account.
  2. On the Yandex Cloud Billing page, make sure you have a billing account linked and it has the ACTIVE or TRIAL_ACTIVE status. If you do not have a billing account, create one and link a cloud to it.

If you have an active billing account, you can navigate to the cloud page to create or select a folder for your infrastructure to operate in.

Learn more about clouds and folders.

The cost for bucket support includes:

Set up the runtime environment

  1. Download and install the winfsp distribution from the winfsp website.

  2. Download the sysinternals suite utilities archive from the Microsoft website and unpack it to your local working folder.

  3. Download the Windows Service Wrapper (WinSW) executable depending on your OS configuration and save it to a dedicated folder.

  4. Download the rclone utility archive from the rclone website and unpack it to your local working folder.

  5. Add the folders containing the utilities and the distribution to the PATH variable. To do this:

    1. Click Start and type Change system environment variables in the Windows search bar.
    2. Click Environment Variables... at the bottom right.
    3. In the window that opens, find the PATH parameter and click Edit.
    4. Add your folder path to the list.
    5. Click OK.

Create a service account

  1. In the management console, select the folder where you want to create a service account.
  2. In the list of services, select Identity and Access Management.
  3. Click Create service account.
  4. In the Name field, specify sa-win-disk-connect.
  5. Click Add role and select the storage.editor role.
  6. Click Create service account.

If you do not have the Yandex Cloud (CLI) command line interface yet, install and initialize it.

The folder specified when creating the CLI profile is used by default. To change the default folder, use the yc config set folder-id <folder_ID> command. You can specify a different folder using the --folder-name or --folder-id parameter.

  1. Create a service account named sa-win-disk-connect:
yc iam service-account create --name sa-win-disk-connect

The naming requirements are as follows:

  • It must be from 2 to 63 characters long.
  • It may contain lowercase Latin letters, numbers, and hyphens.
  • It must start with a letter and cannot end with a hyphen.

For more information about the yc iam service-account create command, see the CLI reference.

  1. Assign the storage.editor role to the service account:
yc resource-manager folder add-access-binding <folder_ID> \
  --role storage.editor \
  --subject serviceAccount:<service_account_ID>

For more information about the yc resource-manager folder add-access-binding command, see the CLI reference.

  1. To create a service account, use the create method for the ServiceAccount resource.

  2. Assign the storage.editor role to the service account.

To work with objects in an encrypted bucket, a user or service account must have the following roles for the encryption key in addition to the storage.configurer role:

  • kms.keys.encrypter: To read the key, encrypt and upload objects.
  • kms.keys.decrypter: To read the key, decrypt and download objects.
  • kms.keys.encrypterDecrypter: This role includes the kms.keys.encrypter and kms.keys.decrypter permissions.

For more information, see Key Management Service service roles.

Create a static access key

  1. In the management console, navigate to the folder the service account belongs to.
  2. From the list of services, select Identity and Access Management.
  3. In the left-hand panel, select Service accounts.
  4. From the list that opens, select the sa-win-disk-connect service account.
  5. In the top panel, click Create new key.
  6. Select Create static access key.
  7. Specify the key description and click Create.
  8. Save the ID and secret key. After you close this dialog, the key value will no longer be available.

  1. Create an access key for the sa-win-disk-connect service account:

    yc iam access-key create --service-account-name sa-win-disk-connect

    Result:

    access_key:
  id: aje6t3vsbj8l********
  service_account_id: ajepg0mjt06s********
  created_at: "2022-07-18T14:37:51Z"
  key_id: 0n8X6WY6S24N7Oj*****
secret: JyTRFdqw8t1kh2-OJNz4JX5ZTz9Dj1rI9hx*****

    For more information about the yc iam access-key create command, see the CLI reference.

  2. Save the ID (key_id) and secret key (secret). You will not be able to get the secret key again.

To create an access key, use the create method for the AccessKey resource.

As a result, you will get the static access key data. To authenticate in Object Storage, you will need the following:

  • key_id: Static access key ID
  • secret: Secret key

Save key_id and secret: you will not be able to get the key value again.

Create a bucket

  1. In the management console, select the folder where you want to create a bucket.
  2. From the list of services, select Object Storage.
  3. At the top right, click Create bucket.
  4. In the ** Name** field, enter a name for the bucket consistent with the naming conventions:
  5. In the Object read access, Object listing access, and Read access to settings fields, select Restricted.
  6. Click Create bucket.

  1. If you do not have the AWS CLI yet, install and configure it.

  2. Enter the bucket name following the naming conventions:

    aws --endpoint-url https://storage.yandexcloud.net \
  s3 mb s3://<bucket_name>

    Result:

    make_bucket: <bucket_name>

Note

Terraform uses a service account to interact with Object Storage. Assign to the service account the required role, e.g., storage.admin, for the folder where you are going to create resources.

If you do not have Terraform yet, install it and configure its Yandex Cloud provider.

  1. Describe the properties for creating a service account and access key in the configuration file:

    ...
// Creating a service account
resource "yandex_iam_service_account" "sa" {
  name = "<service_account_name>"
}

// Assigning a role to a service account
resource "yandex_resourcemanager_folder_iam_member" "sa-admin" {
  folder_id = "<folder_ID>"
  role      = "storage.admin"
  member    = "serviceAccount:${yandex_iam_service_account.sa.id}"
}

// Creating a static access key
resource "yandex_iam_service_account_static_access_key" "sa-static-key" {
  service_account_id = yandex_iam_service_account.sa.id
  description        = "static access key for object storage"
}

  2. Add a section with bucket properties to the configuration file and enter the bucket name following the naming conventions:

    resource "yandex_storage_bucket" "<bucket_name>" {
  access_key = yandex_iam_service_account_static_access_key.sa-static-key.access_key
  secret_key = yandex_iam_service_account_static_access_key.sa-static-key.secret_key
  bucket     = "<bucket_name>"
}

    For more information about yandex_storage_bucket, see the Terraform provider documentation.

  3. Make sure the configuration files are correct.

    1. In the command line, navigate to the directory where you created the configuration file.

    2. Run a check using this command:

      terraform plan

    If you described the configuration correctly, the terminal will display a list of the resources being created and their settings. If the configuration contains any errors, Terraform will point them out.

  4. Deploy the cloud resources.

    1. If the configuration does not contain any errors, run this command:

      terraform apply

    2. Confirm creating the resources by typing yes in the terminal and pressing Enter.

Use the create REST API method for the Bucket resource, the BucketService/Create gRPC API call, or the create S3 API method.

Set up a connection to Object Storage

  1. Open the command line in your working folder as an admin and run the following command:

    .\psexec -i -s cmd.exe

  2. In the console that opens, run whoami and make sure the session has been started by the system user.

  3. Navigate to the folder with the rclone utility and run its configuration session:

    rclone.exe config

  4. Follow the prompts to create a new connection profile:

    1. Start creating a new profile by entering n in the terminal.
    2. Enter the connection name: s3-connect.
    3. Select the storage type by entering 4 in the terminal.
    4. Select a provider by entering 1 in the terminal.
    5. Select manual entry of credentials by entering 1 in the terminal.
    6. In the terminal, enter the secret key ID you got previously.
    7. In the terminal, enter the secret key value you got previously.
    8. Specify the region by entering ru-central1 in the terminal.
    9. Specify the endpoint by entering storage.yandexcloud.net in the terminal.
    10. You can leave all other settings at their defaults by pressing Enter to skip them.

Note

You can perform advanced connection setup if required. To do this, type y at the Edit advanced config? step. For more information about advanced settings, see the rclone documentation.

Mount a bucket

  1. Check your connection to the bucket. In the same command line you used to configure the connection, run the following command with the bucket name specified:

    rclone.exe ls s3-connect:<bucket_name>

    If your configuration is correct, you will see a list of objects in the bucket.

  2. Mount your bucket to the file system specifying the bucket name and an available drive letter in the file system:

    rclone.exe mount s3-connect:<bucket_name> <disk_letter>: --vfs-cache-mode full

    You will see a new disk with the objects from the bucket in Windows Explorer.

  3. To mount the bucket, press Ctrl + C.

Set up the mounting service

To mount the bucket at your desktop startup, set up mounting on behalf of the system service.

  1. In the WinSW utility folder, create a file named WinSW-x64.xml (WinSW-x86.xml if you have a 32-bit version of Windows) with the following contents:

    <service>
  <id>rclone</id>
  <name>rclone-s3-disk</name>
  <description>This service maps an S3 bucket as a system drive.</description>
  <executable>"<working_folder_location>\rclone.exe"</executable>
  <arguments>mount s3-connect:<bucket_name> <disk_letter>: --vfs-cache-mode full</arguments>
  <log mode="roll" />
  <onfailure action="restart" />
</service>

  2. In the same folder, open the command prompt as an admin and run the following command:

    • If you have a 64-bit version of Windows:

      .\WinSW-x64.exe install .\WinSW-x64.xml

    • If you have a 32-bit version of Windows:

      .\WinSW-x86.exe install .\WinSW-x86.xml

  3. Open the Windows services panel and make sure you can see rclone-s3-disk in the list:

    1. Press Win + R.
    2. In the window that opens, enter services.msc and click OK.
    3. In the list of services, find rclone-s3-disk.

  4. Reboot your desktop and make sure the disk is available.

Note

You can also configure running the service on behalf of a system user (for more information, see Service account in the WinSW utility documentation).

How to delete the resources you created

To stop paying for the resources you created:

Previous
goofys
Next
Docker container for (S)FTP(S)