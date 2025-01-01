Working with Object Storage English English

When working with Fastly Object Storage, you can use the Fastly control panel to create, view, and delete access keys. An access key is used when sending requests to the S3-compatible API from your Fastly services as a way to provide authentication to your bucket interactions. Access keys define which S3 buckets can be accessed and the scope of access, either read or read and write.

Before you begin

Make sure to review all prerequisites, limitations, and considerations for using Fastly Object Storage.

Getting started

To get started with Fastly Object Storage, create an access key. The first key you create must have full access to buckets in the account and the ability to read and write to the buckets.

Once you have a key created meeting these properties, use the S3-compatible API to create a bucket, using the key details to provide authentication in the API. Then, use the same key to interact with buckets using other compatible bucket operations or create additional keys and buckets.

Although an account-level key (full bucket access and read and write scope) is required to create buckets, other bucket operations can be performed by keys with more limited access. Once you have buckets created, you may choose to provide certain people or tools with keys that have limited access to only specific buckets or read-only access.

Working with access keys

Access keys are used to authenticate requests to buckets using the S3-compatible API to perform various bucket operations. The level of access you have to work with these operations depends on the combination of access key properties you select.

The first access key you create must have Full access and Read and write scope as this is the only way you can create buckets. Only after this first key is created and used to create a bucket with the S3-compatible API can you create access keys with limited access or scope.

Access key properties Access granted Considerations Full access + Read and write scope Access to all current and future buckets in the account and the ability to read and modify those buckets Only key type that enables creating buckets Full access + Read scope Access to all current and future buckets in the account and the ability to read those buckets Limited access + Read and write scope Access to specific buckets and the ability to read and modify the contents of those buckets Buckets must already be created Limited access + Read scope Access to specific buckets and the ability to read the contents of those buckets. Buckets must already be created

Creating an Object Storage access key

To create an Object Storage access key:

Log in to the Fastly control panel. Go to Resources > Object Storage. Click Create key. In the Description field, enter a description of the key. In the Bucket access field, select whether to give the key Full access to current and future buckets or Limited access to certain buckets. Full access: grants access to all current and future buckets.

grants access to all current and future buckets. Limited access: grants access to select buckets. If you choose this option, use the menu to select specific buckets the key has access to. In the Scope field, select the level of access you want available to the key. The first key you create must have read and write access. Read: access to read existing and future buckets.

access to read existing and future buckets. Read and write: access to read and write to existing and future buckets. Click Create. Note the access key and secret key details. Record the secret key in a secure location because you won't be able to see it again.

Viewing Object Storage keys

Once at least one Object Storage access key is created, you can view details on all Object Storage access keys created on your account from Resources > Object Storage. The Object Storage page displays the following details:

Access Key ID: the access key ID returned from the S3-compatible API.

the access key ID returned from the S3-compatible API. Description: a description of the access key.

a description of the access key. Scope: the level of access available to the access key.

the level of access available to the access key. Buckets: the buckets the key grants access to.

the buckets the key grants access to. Created on: the date on which the access key was created.

Deleting Object Storage access keys

You can delete an Object Storage access key at any time. If the access key is being used by an active application, deleting it can cause unexpected behavior.

Log in to the Fastly control panel. Go to Resources > Object Storage. Click the trash Click Confirm and delete.

Working with the S3-compatible API

Use the S3-compatible API to create and interact with buckets that store your data. The access key is used to provide authentication.

In order to work with S3-compatible API, you must use an access key with full access to all buckets and read and write scope.

Send requests to one of the following regional Object Storage endpoints, including the matching region in the credential scope portion of the SigV4 signature:

us-east.object.fastlystorage.app

us-west.object.fastlystorage.app

eu-central.object.fastlystorage.app The regional Object Storage endpoints are different from AWS regions. Make sure you set all region options, like LocationConstraint , to the correct Object Storage region name or you may receive an InvalidRequest error.

Interact with your buckets by including the bucket name as part of the request path. For example, to access a bucket named my-bucket in the us-east region, you'd use the request path https://us-east.object.fastlystorage.app/my-bucket .

Object Storage doesn't support using bucket names in the hostname (i.e., https://my-bucket.us-east.object.fastlystorage.app ).

Compatible bucket operations

Object Storage supports the following processing operations for the S3-compatible API. These operations are categorized into two groups, each with differing prices. Refer to the Object Storage product description for more information on how operations are billed.

Class A operations

Class B operations

