Contact UsTry it for free
© 2026 Direct Cursus Technology L.L.C.

Connecting a bucket as a disk in Windows

Written by
Improved by
Updated at January 16, 2026

In this tutorial, you will use rclone to set up data synchronization between an Yandex Object Storage bucket and your local desktop. You will mount the bucket as a disk in Windows.

Note

This section describes how to connect a bucket in Windows. When connecting with other OSs, see this rclone guide. For rclone configuring and bucket mounting, the steps are identical to those for Windows.

To mount your bucket as a disk:

  1. Get your cloud ready.
  2. Set up the runtime environment.
  3. Create a service account.
  4. Create a static access key.
  5. Create a bucket.
  6. Set up a connection to Object Storage.
  7. Mount your bucket.
  8. Set up automatic mounting.

If you no longer need the resources you created, delete them.

Getting started

Sign up for Yandex Cloud and create a billing account:

  1. Navigate to the management console and log in to Yandex Cloud or create a new account.
  2. On the Yandex Cloud Billing page, make sure you have a billing account linked and it has the ACTIVE or TRIAL_ACTIVE status. If you do not have a billing account, create one and link a cloud to it.

If you have an active billing account, you can navigate to the cloud page to create or select a folder for your infrastructure.

Learn more about clouds and folders here.

The cost for bucket support includes:

Set up the runtime environment

  1. Download and install the winfsp distribution from the winfsp website.

  2. Download the sysinternals suite utilities archive from the Microsoft website and unpack it to your local working folder.

  3. Download the Windows Service Wrapper (WinSW) executable depending on your OS configuration and save it to a dedicated folder.

  4. Download the rclone utility archive from the rclone website and unpack it to your local working folder.

  5. Add the folders containing the utilities and the distribution to the PATH variable. Proceed as follows:

    1. Click Start and type Change system environment variables in the Windows search bar.
    2. Click Environment Variables... at the bottom right.
    3. In the window that opens, find the PATH parameter and click Edit.
    4. Add your folder path to the list.
    5. Click OK.

Create a service account

  1. In the management console, select the folder where you want to create a service account.
  2. In the list of services, select Identity and Access Management.
  3. Click Create service account.
  4. In the Name field, specify sa-win-disk-connect.
  5. Click Add role and select the storage.editor role.
  6. Click Create service account.

If you do not have the Yandex Cloud CLI installed yet, install and initialize it.

By default, the CLI uses the folder specified when creating the profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also set a different folder for any specific command using the --folder-name or --folder-id parameter.

  1. Create a service account named sa-win-disk-connect:
yc iam service-account create --name sa-win-disk-connect

The naming requirements are as follows:

  • It must be from 2 to 63 characters long.
  • It can only contain lowercase Latin letters, numbers, and hyphens.
  • It must start with a letter and cannot end with a hyphen.

For more information about the yc iam service-account create command, see the CLI reference.

  1. Assign the storage.editor role to the service account:
yc resource-manager folder add-access-binding <folder_ID> \
  --role storage.editor \
  --subject serviceAccount:<service_account_ID>

For more information about the yc resource-manager folder add-access-binding command, see the CLI reference.

  1. To create a service account, use the create method for the ServiceAccount resource.

  2. Assign the storage.editor role to the service account.

To work with objects in an encrypted bucket, a user or service account must have the following roles for the encryption key in addition to the storage.configurer role:

  • kms.keys.encrypter: To read the key, encrypt and upload objects.
  • kms.keys.decrypter: To read the key, decrypt and download objects.
  • kms.keys.encrypterDecrypter: This role includes the kms.keys.encrypter and kms.keys.decrypter permissions.

For more information, see Key Management Service service roles.

Create a static access key

  1. In the management console, navigate to the folder the service account belongs to.
  2. From the list of services, select Identity and Access Management.
  3. In the left-hand panel, select Service accounts.
  4. In the list that opens, select sa-win-disk-connect.
  5. In the top panel, click Create new key.
  6. Select Create static access key.
  7. Specify the key description and click Create.
  8. Save the ID and secret key. After you close this dialog, the key value will no longer be available.

  1. Create an access key for the sa-win-disk-connect service account:

    yc iam access-key create --service-account-name sa-win-disk-connect

    Result:

    access_key:
  id: aje6t3vsbj8l********
  service_account_id: ajepg0mjt06s********
  created_at: "2022-07-18T14:37:51Z"
  key_id: 0n8X6WY6S24N7Oj*****
secret: JyTRFdqw8t1kh2-OJNz4JX5ZTz9Dj1rI9hx*****

    For more information about the yc iam access-key create command, see the CLI reference.

  2. Save key_id and secret. You will not be able to get the secret key again.

To create an access key, use the create method for the AccessKey resource.

As a result, you will get the static access key data. To authenticate in Object Storage, you will need the following:

  • key_id: Static access key ID
  • secret: Secret key

Save key_id and secret: you will not be able to get the key value again.

Create a bucket

  1. In the management console, select the folder where you want to create a bucket.
  2. In the list of services, select Object Storage.
  3. At the top right, click Create bucket.
  4. In the ** Name** field, enter a name for the bucket consistent with the naming requirements.
  5. In the Read objects, Read object list, and Read settings fields, select With authorization.
  6. Click Create bucket.

  1. If you do not have the AWS CLI yet, install and configure it.

  2. Create a bucket by entering its name following the naming requirements:

    aws --endpoint-url https://storage.yandexcloud.net \
  s3 mb s3://<bucket_name>

    Result:

    make_bucket: <bucket_name>

Note

Terraform uses a service account to interact with Object Storage. Assign to the service account the required role, e.g., storage.admin, for the folder where you are going to create resources.

If you do not have Terraform yet, install it and configure the Yandex Cloud provider.

  1. Describe the properties for creating a service account and access key in the configuration file:

    ...
// Creating a service account
resource "yandex_iam_service_account" "sa" {
  name = "<service_account_name>"
}

// Assigning a role to a service account
resource "yandex_resourcemanager_folder_iam_member" "sa-admin" {
  folder_id = "<folder_ID>"
  role      = "storage.admin"
  member    = "serviceAccount:${yandex_iam_service_account.sa.id}"
}

// Creating a static access key
resource "yandex_iam_service_account_static_access_key" "sa-static-key" {
  service_account_id = yandex_iam_service_account.sa.id
  description        = "static access key for object storage"
}

  2. Add a section with bucket properties to the configuration file and enter the bucket name following the naming requirements:

    resource "yandex_storage_bucket" "<bucket_name>" {
  access_key = yandex_iam_service_account_static_access_key.sa-static-key.access_key
  secret_key = yandex_iam_service_account_static_access_key.sa-static-key.secret_key
  bucket     = "<bucket_name>"
}

    For more information about the yandex_storage_bucket resource, see this Terraform provider guide.

  3. Make sure the configuration files are correct.

    1. In the command line, navigate to the directory where you created the configuration file.

    2. Run a check using this command:

      terraform plan

    If the configuration description is correct, the terminal will display a list of the resources being created and their settings. If the configuration contains any errors, Terraform will point them out.

  4. Deploy the cloud resources.

    1. If the configuration does not contain any errors, run this command:

      terraform apply

    2. Confirm creating the resources: type yes in the terminal and press Enter.

Use the create REST API method for the Bucket resource, the BucketService/Create gRPC API call, or the create S3 API method.

Set up a connection to Object Storage

  1. Launch the PowerShell command line, navigate to the folder with the rclone utility and run its configuration session:

    ./rclone.exe config

  2. Follow the prompts to create a new connection profile:

    1. Start creating a new profile by entering n in the terminal.
    2. Enter the connection name: s3-connect.
    3. Select the storage type by entering 4 in the terminal.
    4. Select the provider by entering 1 in the terminal.
    5. Select manual entry of credentials by entering 1 in the terminal.
    6. In the terminal, enter the secret key ID you got previously.
    7. In the terminal, enter the secret key value you got previously.
    8. Specify the region by entering ru-central1 in the terminal.
    9. Specify the endpoint by entering storage.yandexcloud.net in the terminal.
    10. You can leave all other settings at their defaults by pressing Enter to skip them.

Note

You can perform advanced connection setup if required. To do this, type y at the Edit advanced config? step. For more information about advanced settings, see the rclone documentation.

Mount a bucket

  1. Check your connection to the bucket. In the same command line window you used to configure the connection, run the following command with the bucket name specified:

    ./rclone.exe ls s3-connect:<bucket_name>

    If your configuration is correct, you will see a list of objects in the bucket.

  2. Mount your bucket to the file system specifying the bucket name and an available drive letter in the file system:

    ./rclone.exe mount s3-connect:<bucket_name> <disk_letter>: --vfs-cache-mode full --file-perms 0777 --dir-perms 0777

    You will see a new disk with the objects from the bucket in Windows Explorer.

  3. To unmount the bucket, press Ctrl + C.

Set up automatic mounting

For the bucket to mount automatically when the user logs in, create a VBScript launch script and add it to the system registry.

  1. In the working folder on your local PC, create a file named bucket_mount.vbs and paste the following code into it:

    Set WshShell = CreateObject("WScript.Shell")
command = "<path_to_rclone_folder>\rclone.exe mount s3-connect:<bucket_name> <drive_letter>: --vfs-cache-mode full --file-perms 0777 --dir-perms 0777"
WshShell.Run command, 0, False

    In the file, specify the bucket name, drive letter, and full path to rclone.exe. For example, C:\bucket-mounter\rclone\rclone.exe.

  2. Open your system registry editor, regedit.exe, and proceed as follows in the window that opens:

    1. Go to the HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run branch and create a string parameter named bucket-mounter in it.
    2. Change the bucket-mounter parameter value to full path to the VBS script file created earlier. For example: C:\bucket-mounter\bucket_mount.vbs

From now on, your bucket will automatically mount into the OS each time the user logs on to the PC.

How to delete the resources you created

To stop paying for the resources you created:

Previous
Deploying Remote Desktop Gateway
Next
All tutorials