--- title: Object Storage quick start summary: null url: >- https://www.fastly.com/documentation/guides/platform/object-storage/object-storage-quick-start --- Welcome! This guide helps new Object Storage users like you get started with Fastly Object Storage as quickly as possible. Fastly Object Store is an S3-compatible storage solution that can be used as a private origin for your Fastly services. ## Before you begin Make sure to review all [prerequisites](https://www.fastly.com/documentation/guides/platform/object-storage/about-object-storage#prerequisites), [limitations](https://www.fastly.com/documentation/guides/platform/object-storage/about-object-storage#limitations-and-considerations), and [considerations](https://www.fastly.com/documentation/guides/platform/object-storage/about-object-storage#limitations-and-considerations) for using Fastly Object Storage. ## Create an access key and secret key Follow the instructions below to use the Fastly web interface or CLI to create an access key and secret key: > **HINT:** You can also create an access key and secret key using the Fastly API. ### Fastly Control Panel 1. Log in to the [Fastly control panel](https://manage.fastly.com). 2. Go to **Resources** > [**Object Storage**](https://manage.fastly.com/resources/object-storage). 3. Click **Create key**. 4. In the **Description** field, enter a description of the key. 5. In the **Bucket access** field, select **Full access** 6. In the **Scope** field, select **Read and write**. 7. Click **Create**. 8. Note the access key and secret key details. Record the secret key in a secure location because you won't be able to see it again. ### Fastly Cli ```term fastly object-storage access-keys create --permission=read-write-admin --description="description of the key" ``` ## Install and configure the AWS CLI > **WARNING:** The following steps will store your Fastly Object Storage credentials in plaintext in a file on disk. This is not recommended in a production environment. Instead, use one of the methods supported by AWS CLI for providing credentials such as through [environment variables](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-envvars.html#envvars-list) or from [external tooling such as a password manager](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sourcing-external.html). 1. Install and configure AWS CLI v2 following the instructions in the [AWS documentation](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html). 2. Update `.aws/config` by adding each Fastly Object Storage region as an individual [profile](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html) for AWS CLI: ```text [profile fastly-us-west-1] region = us-west-1 endpoint_url = https://us-west-1.object.fastlystorage.app request_checksum_calculation = when_required [profile fastly-us-central-1] region = us-central-1 endpoint_url = https://us-central-1.object.fastlystorage.app request_checksum_calculation = when_required [profile fastly-us-east-1] region = us-east-1 endpoint_url = https://us-east-1.object.fastlystorage.app request_checksum_calculation = when_required [profile fastly-uk-east-1] region = uk-east-1 endpoint_url = https://uk-east-1.object.fastlystorage.app request_checksum_calculation = when_required [profile fastly-eu-west-1] region = eu-west-1 endpoint_url = https://eu-west-1.object.fastlystorage.app request_checksum_calculation = when_required [profile fastly-eu-central] region = eu-central endpoint_url = https://eu-central.object.fastlystorage.app request_checksum_calculation = when_required [profile fastly-eu-south-1] region = eu-south-1 endpoint_url = https://eu-south-1.object.fastlystorage.app request_checksum_calculation = when_required [profile fastly-jp-central-1] region = jp-central-1 endpoint_url = https://jp-central-1.object.fastlystorage.app request_checksum_calculation = when_required [profile fastly-au-east-1] region = au-east-1 endpoint_url = https://au-east-1.object.fastlystorage.app request_checksum_calculation = when_required ``` 3. Update `.aws/credentials` with the generated keys: ```text [fastly-us-west-1] aws_access_key_id = aws_secret_access_key = [fastly-us-central-1] aws_access_key_id = aws_secret_access_key = [fastly-us-east-1] aws_access_key_id = aws_secret_access_key = [fastly-uk-east-1] aws_access_key_id = aws_secret_access_key = [fastly-eu-west-1] aws_access_key_id = aws_secret_access_key = [fastly-eu-central] aws_access_key_id = aws_secret_access_key = [fastly-eu-south-1] aws_access_key_id = aws_secret_access_key = [fastly-jp-central-1] aws_access_key_id = aws_secret_access_key = [fastly-au-east-1] aws_access_key_id = aws_secret_access_key = ``` ## Create buckets and upload content With the AWS CLI configured, you can now create buckets and upload files. Both commands require the use of the `--profile` flag to choose which Fastly Object Storage region to perform commands against. The following command creates a bucket named `my-bucket` in the `us-east` region: ```term aws s3 mb s3://my-bucket --profile fastly-us-east ``` > **IMPORTANT:** Bucket names must be unique. The following command uploads a file called `my-photo.jpg` to the bucket: ```term aws s3 cp my-photo.jpg s3://my-bucket/my-photo.jpg --profile fastly-us-east ``` ## Configure your Fastly service Now that you've created your buckets and uploaded files, you can create and configure a Fastly service to serve content from the bucket: 1. Follow the steps to [create a Fastly CDN service](https://www.fastly.com/documentation/guides/getting-started/services/working-with-cdn-services) and add a [domain](https://www.fastly.com/documentation/guides/getting-started/domains/working-with-domains/working-with-domains#creating-a-domain-for-the-first-time). 2. From the Fastly service configuration, go to **Origins** > **Hosts**. 3. In the **Hostname** field, enter the name of the Fastly Object Storage regional endpoint (e.g., `us-east.object.fastlystorage.app`). 4. Click **Add**. 5. Click the pencil Pencil icon to edit the host. 6. In the **Override host** field, enter the same Fastly Object Storage regional endpoint (e.g., `us-east.object.fastlystorage.app`). 7. Click **Update**. 8. Go to **VCL** and click **VCL snippets**. 9. Click **Add snippet**. 10. Fill out the **Add VCL snippet** fields as follows: - Using the **Type** controls, select **Regular** to create a regular VCL snippet. - Enter a name for the VCL snippet. - From the **Placement** controls, select **Within subroutine** - From the **Subroutine** menu, select **miss `(vcl_miss)`**. - Leave the **Priority** field set to the default. - In the VCL editor area, paste the following code, which generates the required AWS V4 signature to authenticate requests to your private Fastly Object Storage origin. > **IMPORTANT:** Be sure to replace the placeholder variables `var.fosAccessKey`, `var.fosSecretKey`, `var.fosBucket`, and `var.fosRegion` with your own values. ```vcl # vcl_miss # This snippet signs the backend request to your private Fastly Object Store. declare local var.fosAccessKey STRING; declare local var.fosSecretKey STRING; declare local var.fosBucket STRING; declare local var.fosRegion STRING; declare local var.fosHost STRING; declare local var.canonicalHeaders STRING; declare local var.signedHeaders STRING; declare local var.canonicalRequest STRING; declare local var.canonicalQuery STRING; declare local var.stringToSign STRING; declare local var.dateStamp STRING; declare local var.signature STRING; declare local var.scope STRING; # --- UPDATE THESE VALUES --- set var.fosAccessKey = "YOUR_FOS_ACCESS_KEY"; set var.fosSecretKey = "YOUR_FOS_SECRET_KEY"; set var.fosBucket = "my-fos-bucket"; # The name of your bucket set var.fosRegion = "us-east-1"; # The Fastly Object Storage region to send requests # -------------------------- set var.fosHost = var.fosRegion ".object.fastlystorage.app"; if (req.method == "GET" && !req.backend.is_shield) { set bereq.http.x-amz-content-sha256 = digest.hash_sha256(""); set bereq.http.x-amz-date = strftime({"%Y%m%dT%H%M%SZ"}, now); set bereq.http.host = var.fosHost; # The request to FOS must include the bucket name in the path. set bereq.url = "/" var.fosBucket bereq.url; set bereq.url = querystring.remove(bereq.url); set bereq.url = regsuball(urlencode(urldecode(bereq.url.path)), {"%2F"}, "/"); set var.dateStamp = strftime({"%Y%m%d"}, now); set var.canonicalHeaders = "" "host:" bereq.http.host LF "x-amz-content-sha256:" bereq.http.x-amz-content-sha256 LF "x-amz-date:" bereq.http.x-amz-date LF ; set var.canonicalQuery = ""; set var.signedHeaders = "host;x-amz-content-sha256;x-amz-date"; set var.canonicalRequest = "" "GET" LF bereq.url.path LF var.canonicalQuery LF var.canonicalHeaders LF var.signedHeaders LF digest.hash_sha256("") ; set var.scope = var.dateStamp "/" var.fosRegion "/s3/aws4_request"; set var.stringToSign = "" "AWS4-HMAC-SHA256" LF bereq.http.x-amz-date LF var.scope LF regsub(digest.hash_sha256(var.canonicalRequest),"^0x", "") ; set var.signature = digest.awsv4_hmac( var.fosSecretKey, var.dateStamp, var.fosRegion, "s3", var.stringToSign ); set bereq.http.Authorization = "AWS4-HMAC-SHA256 " "Credential=" var.fosAccessKey "/" var.scope ", " "SignedHeaders=" var.signedHeaders ", " "Signature=" + regsub(var.signature,"^0x", "") ; # Unset headers not needed by the origin unset bereq.http.Accept; unset bereq.http.Accept-Language; unset bereq.http.User-Agent; unset bereq.http.Fastly-Client-IP; } ``` 11. Click **Add** to create the VCL snippet. ## Activate and Test Once you've configured your service with the VCL snippet, **Activate** it. Then test that you can retrieve your object through the Fastly CDN by opening a web browser and navigating to the URL for your object. The path for the object should be `https:///`. For example, `https://example.com/my-photo.jpg`. If successful, you'll see your image served from the Fastly edge. ## What's next Check out our [On-Demand Migration for Fastly Object Storage](https://www.fastly.com/documentation/guides/platform/object-storage/on-demand-migration-for-object-storage/) guide to learn how you can migrate only your required working set of data to reduce egress charges from your source provider.