Object Storage API, REST: Bucket.Create

Field

Description

name

string

Required field. Name of the bucket.
The name must be unique within the platform. For naming limitations and rules, see
documentation.

folderId

string

Required field. ID of the folder to create a bucket in.
To get the folder ID, make a yandex.cloud.resourcemanager.v1.FolderService.List request.

The maximum string length in characters is 50.

defaultStorageClass

string

Default storage class for objects in the bucket. Supported classes are standard storage (STANDARD), cold storage
(COLD, STANDARD_IA, NEARLINE all synonyms), and ice storage (ICE and GLACIER are synonyms).
For details, see documentation.

maxSize

string (int64)

Maximum size of the bucket.
For details, see documentation.

anonymousAccessFlags

AnonymousAccessFlags

Flags for configuring public (anonymous) access to the bucket's content and settings.
For details, see documentation.

acl

ACL

Access control list (ACL) of the bucket.
For details, see documentation.

tags[]

Tag

List of tags for the bucket.
For details, see documentation.

encryption

Encryption

Configuration for bucket's encryption.
For details, see documentation.

versioning

enum (Versioning)

Bucket versioning status.
For details, see documentation.

• VERSIONING_DISABLED: The bucket is unversioned, i.e. versioning has never been enabled for the bucket, including at its creation.
  Objects that are stored in the bucket have a version ID of null.
  To enable versioning, change status to VERSIONING_ENABLED via a BucketService.Update request. Note that this
  action is irreversible, and a bucket with versioning enabled can never return to VERSIONING_DISABLED state.
• VERSIONING_ENABLED: Bucket versioning is enabled, i.e. all new objects are versioned and given a unique version ID, and objects that
  already existed at the time versioning was enabled will be versioned and given a unique version ID when modified
  by future requests.
  To suspend versioning, change status to VERSIONING_SUSPENDED via a BucketService.Update request. You cannot
  disable versioning altogether for a bucket that already had it enabled; objects that had version IDs will keep
  them.
• VERSIONING_SUSPENDED: Bucket versioning is suspended, i.e. new objects are not versioned, but objects that already existed at the time
  versioning was suspended are still versioned and keep their version IDs.
  To resume versioning, change status to VERSIONING_ENABLED via a BucketService.Update request.

allowedPrivateEndpoints

BucketAllowedPrivateEndpoints

Configuration for bucket's allowed private endpoints.
requires permission s3:PutBucketAllowedPrivateEndpoints

disabledStatickeyAuth

boolean

An option to disable static key auth for a bucket.
requires permission s3:UpdateBucketStaticKeyAuthSettings

Field

Description

read

boolean

Specifies whether public (anonymous) access to read objects in the bucket is enabled.

list

boolean

Specifies whether public (anonymous) access to the list of objects in the bucket is enabled.

configRead

boolean

Specifies whether public (anonymous) access to read CORS,
static website hosting, and
object lifecycles settings of the bucket is enabled.

Field

Description

grants[]

Grant

List of permissions granted and the grantees.

Field

Description

permission

enum (Permission)

Required field. Permission granted by the grant.

• PERMISSION_FULL_CONTROL: Allows grantee the PERMISSION_WRITE, PERMISSION_WRITE_ACP, PERMISSION_READ, and PERMISSION_READ_ACP
  on the bucket.
  Maps to x-amz-grant-full-control header for bucketPutAcl method of
  Amazon S3-compatible HTTP API.
• PERMISSION_WRITE: Allows grantee to create new objects in the bucket. For the bucket and object owners of existing objects, also
  allows deletions and overwrites of those objects.
  Maps to x-amz-grant-write header for bucketPutAcl method of Amazon
  S3-compatible HTTP API.
• PERMISSION_WRITE_ACP: Allows grantee to write the ACL for the bucket.
  Maps to x-amz-grant-write-acp header for bucketPutAcl method of
  Amazon S3-compatible HTTP API.
• PERMISSION_READ: Allows grantee to list the objects in the bucket.
  Maps to x-amz-grant-read header for bucketPutAcl method of Amazon
  S3-compatible HTTP API.
• PERMISSION_READ_ACP: Allows grantee to read the bucket ACL
  Maps to x-amz-grant-read-acp header for bucketPutAcl method of
  Amazon S3-compatible HTTP API.

grantType

enum (GrantType)

Required field. The grantee type for the grant.

• GRANT_TYPE_ACCOUNT: A grantee is an account on the platform.
  For this grantee type, you need to specify the user ID in Bucket.acl.grants.granteeId field. To get user ID, see
  instruction.
  Maps to using id="*" value for x-amz-grant-* header (bucketPutAcl
  method of Amazon S3-compatible HTTP API).
• GRANT_TYPE_ALL_AUTHENTICATED_USERS: Grantees are all authenticated users, both from your clouds and other users' clouds. Access
  permission to this group allows any account on the platform to access the resource via a signed (authenticated)
  request.
  Maps to using uri="http://acs.amazonaws.com/groups/global/AuthenticatedUsers" value for x-amz-grant-*
  header (bucketPutAcl method of Amazon S3-compatible HTTP API).
• GRANT_TYPE_ALL_USERS: Grantees are all internet users. Access permission to this group allows anyone in the world access to the
  resource via signed (authenticated) or unsigned (anonymous) requests.
  Maps to using uri="http://acs.amazonaws.com/groups/global/AllUsers" value for x-amz-grant-* header
  (bucketPutAcl method of Amazon S3-compatible HTTP API).

granteeId

string

ID of the account who is a grantee. Required when the grantType is GRANT_TYPE_ACCOUNT.

The maximum string length in characters is 50.

Field

Description

key

string

Key of the bucket tag.

value

string

Value of the bucket tag.

Field

Description

rules[]

EncryptionRule

Rules

Field

Description

kmsMasterKeyId

string

KMS master key ID

sseAlgorithm

string

SSE algorithm

Field

Description

enabled

boolean

if true, private endpoints white list check is enabled
even if private_endpoints list is empty

privateEndpoints[]

string

white list of private endpoints bucket accessible from

forceCloudConsoleAccess

boolean

if true, cloud console will be able to access a bucket
regardless of private_endpoints list

Field

Description

id

string

ID of the operation.

description

string

Description of the operation. 0-256 characters long.

createdAt

string (date-time)

Creation timestamp.

String in RFC3339 text format. The range of possible values is from
0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z, i.e. from 0 to 9 digits for fractions of a second.

To work with values in this field, use the APIs described in the
Protocol Buffers reference.
In some languages, built-in datetime utilities do not support nanosecond precision (9 digits).

createdBy

string

ID of the user or service account who initiated the operation.

modifiedAt

string (date-time)

The time when the Operation resource was last modified.

String in RFC3339 text format. The range of possible values is from
0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z, i.e. from 0 to 9 digits for fractions of a second.

To work with values in this field, use the APIs described in the
Protocol Buffers reference.
In some languages, built-in datetime utilities do not support nanosecond precision (9 digits).

done

boolean

If the value is false, it means the operation is still in progress.
If true, the operation is completed, and either error or response is available.

metadata

object

Service-specific metadata associated with the operation.
It typically contains the ID of the target resource that the operation is performed on.
Any method that returns a long-running operation should document the metadata type, if any.

error

Status

The error result of the operation in case of failure or cancellation.

Includes only one of the fields error, response.

The operation result.
If done == false and there was no failure detected, neither error nor response is set.
If done == false and there was a failure detected, error is set.
If done == true, exactly one of error or response is set.

response

object

The normal response of the operation in case of success.
If the original method returns no data on success, such as Delete,
the response is google.protobuf.Empty.
If the original method is the standard Create/Update,
the response should be the target resource of the operation.
Any method that returns a long-running operation should document the response type, if any.

Includes only one of the fields error, response.

The operation result.
If done == false and there was no failure detected, neither error nor response is set.
If done == false and there was a failure detected, error is set.
If done == true, exactly one of error or response is set.

Field

Description

code

integer (int32)

Error code. An enum value of google.rpc.Code.

message

string

An error message.

details[]

object

A list of messages that carry the error details.