ProfitBricks S3 Object Storage
What is Object Storage?
Object storage is a modern storage technology that can be found in private and public cloud storage applications.
In an object storage architecture, files are not stored and managed in hierarchies or blocks as is the case with file or block storage, but as objects. An object consists of the file itself, customisable metadata, and a unique identifier through which it is addressed.
Object storage is almost indefinitely scalable and can be accessed through APIs and internet protocols, which makes it well-suited for cloud storage solutions. The S3 API (Simple Storage Services) has been established as a global standard for object storage for years and allows for interoperability and compatibility across different object storage systems that adhere to this standard.
Object storage is best used for storing large chunks of unstructured, static data such as videos, images, music, and other files not intended for manipulation by frequent transactions. This includes archives, backups, log files, documents and any file type that you want to keep “as is” for later access.
What does the ProfitBricks S3 Object Storage Offer?
ProfitBricks S3 Object Storage offers you almost limitless cloud storage capacity, which you can manage and use with your ProfitBricks account. You can upload any file type.
Our object storage is currently available in Germany - which you can recognise by the region “de” in the object storage properties. Geo-redundant backups and auto-tiering will be available at a later date.
For information on pricing see our website.
ProfitBricks S3 Object Storage offers the industry’s best compatibility with the S3 API, which guarantees a high level of interoperability with other object storage systems adhering to S3. Apart from the standard operations, which S3 entails, it allows a multitude of additional operations, such as:
- Object encryption,
- Detailed access management by means of access control lists (ACLs),
- Deleting multiple objects automatically,
- Hosting a static website.
ProfitBricks S3 Object Storage:
Websites hosted on the ProfitBricks S3 Object Storage:
Object Storage Management Console
The ProfitBricks object storage is based on S3 so that you can use any client application supporting S3 to access it. In order to make the management and use of our object storage as comfortable as possible, we offer you a graphical user interface - the Object Storage Management Console:
You can access the Object Storage Management Console through the DCD.
The Object Storage Management Console does not support accessing public buckets or content that has been shared with you. We recommend using a third party application for this. The console can only be opened through the DCD and is available in English only.
Buckets are logical containers in which you store all of your objects. Before you can upload objects to your object storage, you need to create a bucket first. The name of a bucket needs to be unique across the ProfitBricks S3 Object Storage, and it needs to meet certain criteria (naming rules). Once created, a bucket cannot be renamed. You can enable versioning and logging for a bucket. Permissions define who can access a bucket or object.
Folders are logical containers in which objects can be stored similar to a hierarchical file system. A bucket can contain multiple folders at more than one level. A folder can contain further folders. A folder does not have any properties. Folders adhere to the same naming rules as objects. Once created, a folder cannot be renamed. Objects already uploaded to the object storage cannot be moved to another folder.
You can store objects, i. e. files, of any format in the ProfitBricks S3 Object Storage. Their format or content are not checked or validated. You can store objects in buckets and folders. The number of objects you can store is unlimited. The name of an object needs to adhere to certain naming rules. Permissions define who can access a bucket or object. Once uploaded, an object cannot be renamed or moved.
NOTE: Please note that the size of a single object you upload using the Object Storage Management Console may not exceed 5 GB. This limit does not apply to uploads through other applications.
You can permit or deny access to a bucket or object by assigning permissions to users or entire user groups. They can have read or write access. Buckets and objects can be private so that the bucket owner alone has access, or they can be shared with the public (literally anyone) or select users. By default, buckets and objects are private.
NOTE: Please note that the content of a bucket can be viewed as a list as soon as the bucket is made public. This applies to all objects in it including private ones.
Object Storage Keys
When you log on to ProfitBricks S3 Object Storage through the DCD, the DCD manages all authentication and authorisation processes which allows you to access your object storage with just one click.
You can only log on to the ProfitBricks S3 Object Storage when you have the privilege to use the object storage and at least one active Object Storage Key. It is available to contract owners and administrators by default, whereas other types of users first need to be granted the privilege and have their object storage key activated.
A bucket owner can generate multiple object storage keys and allow other users (or automated scripts, for that matter) access to the object storage. When users log on to an object storage using another bucket owner’s “additional” object storage key, the bucket owner’s credentials are applied to the logon automatically and they are granted full access as such.
Apart from automation purposes this might be useful if you intend to let other users access your object storage for a limited period of time after which you simply delete the additional key to deny those users further access.
Another feature in the DCD allows contract owners and administrators to access the object storage accounts of their contract members as the respective bucket owners with full access rights.
By default, the ProfitBricks S3 Object Storage is available to contract owners and administrators, whereas other types of users first need to be granted the respective privilege and have their object storage key activated. When you log on to your object storage, you are the bucket owner with full access. Roles and permissions to your buckets and objects make them available to other users.
Providing another user with an object storage key to your object storage allows this user to access your object storage using your credentials, granting this user full access.
Another DCD feature allows contract owners and administrators to access the object storage accounts of their contract members on behalf of them, granting them full access as the bucket owner.
NOTE: Before you delete a user or all of their object storage keys from your ProfitBricks account, please ensure - by applying the appropriate permissions - that anything stored in the user’s ProfitBricks S3 Object Storage is accessible for further use or deletion. Private content that has not been deleted prior to the deletion of the user or all of their object storage keys cannot be accessed and will be charged continually. In this case, please contact our support team.
Depending on the S3 client application you use for accessing your ProfitBricks S3 Object Storage, there are different ways of sharing your bucket contents. Besides using roles and pre-defined access profiles (“canned ACLs”) for managing access to your buckets, you can use “S3 identifiers” (S3 IDs) to share contents with another user (“ACL sharing”, “S3 sharing”). These S3 identifiers are:
- Contract User ID: The contract user ID consists of contract number and user ID (contract number|user UUID). This ID is used for sharing buckets with other users of the ProfitBricks S3 Object Storage (across contracts) through the Object Storage Management Console.
- Canonical User ID: The canonical user ID is the ID the ProfitBricks S3 Object Storage assigns to a user.
- E-Mail Address: Some S3 clients are capable of identifying an S3 object storage user by their e-mail address so that all you need to provide is the user’s e-mail address to share your buckets with them.
- TIP: S3 clients supporting the “display name” function will display the e-mail address of an S3 user for better readability.
See also: Retrieving S3 IDs
Access Control and Permissions
The object storage access management is organised as follows:
- Roles (“Grantees”) - S3-defined user types to which permissions are assigned
- Access rights (“Permissions”) - Access rights that are available for assignment to roles
- Pre-configured access profiles (“canned ACLs”) - a pre-defined set of access rights that can be assigned to roles.
- You can either assign permissions or canned ACLs. By default, newly created buckets and objects are “private”.
Bucket owners always have full access to their buckets and their content.
|Log Delivery (Group)||
|Read access (Readable)||
|Write access (Writable)||
|Read access for permissions (ACP Readable)||
|Write access for permissions (ACP Writable)||
Pre-configured Access Profiles (“Canned ACLs”)
|Public Read Write||
|Log Delivery Write||
|Bucket Owner Read||
|Bucket Owner Full Control||
Your connection to the object storage is SSL-encrypted. Moreover, you can store uploaded objects using server-side encryption. That means, objects can be stored in our object storage in an encrypted form. They are decrypted automatically when they’re downloaded.
S3 allows for a comprehensive access management at the bucket and object level, which allows you to define precisely who may access what. By default, newly created buckets and objects are “private” - only the bucket owner can access them. In order to protect your content from unauthorized access, it is recommended to make only those buckets or objects public that you really wish to share with everybody.