8.7. Managing S3 buckets¶
All objects in an Amazon S3-like storage are stored in containers called buckets. Buckets are addressed by names that are unique in the given object storage, so an S3 user of that object storage cannot create a bucket that has the same name as a different bucket in the same object storage. Buckets are used to:
- Group and isolate objects from those in other buckets
- Provide ACL management mechanisms for objects in them
- Set per-bucket access policies for tasks such as versioning in the bucket
In the current version of Acronis Cyber Infrastructure, you can enable and disable Acronis Notary for object storage buckets and monitor the space used by them on the Storage services > S3 > Buckets screen. You cannot create and manage object storage buckets from Acronis Cyber Infrastructure admin panel. However, you can do it via the Acronis Cyber Infrastructure user panel or by using a third-party application.
To access the buckets from the user panel, open the Storage services > S3 > Users screen, select a user, and then click Browse. The SSL certificate will be used for logging in, so make sure it is valid or add it to the browser’s exceptions if it is a self-signed one.
In addition, the applications listed below allow you to perform the following actions:
- CyberDuck: create and manage buckets, and their contents.
- MountainDuck: mount an object storage as a disk drive, and manage buckets and their contents.
- Backup Exec: store backups in the object storage.
8.7.1. Listing S3 bucket contents¶
You can list bucket contents with a web browser. To do this, visit the URL that consists of the external DNS name for the S3 endpoint that you specified when creating the S3 cluster and the bucket name. For example, s3.example.com/mybucket
or mybucket.s3.example.com
(depending on DNS configuration).
You can also copy the link to the bucket contents by right-clicking it in CyberDuck, and then selecting Copy URL.
8.7.2. Managing geo-replication in S3 buckets¶
After you enable geo-replication between the clusters, you can replicate their content per bucket.
To replicate a bucket, select it on the Storage services > S3 > Buckets screen, and then click Enable geo-replication on the right pane. Then, the Geo-replication column for this bucket will display Enabled. The bucket will be copied to the connected cluster.
To disable geo-replication of a bucket, select it on the Storage services > S3 > Buckets screen, and then click Disable geo-replication on the right pane. Then, the Geo-replication column for this bucket will display Disabled. After geo-replication is disabled for a bucket, the data copied beforehand will remain, but the changes to it will no longer be replicated to the other S3 cluster.
8.7.3. Managing Acronis Notary in S3 buckets¶
Acronis Cyber Infrastructure offers integration with the Acronis Notary service, to leverage blockchain notarization and ensure the immutability of data saved in object storage clusters. To use Acronis Notary in user buckets, you need to set it up in the S3 cluster and enable it for those buckets.
To set up Acronis Notary, do the following:
Get the DNS name and the user key for the notary service from your sales contact.
On the Storage services > S3 screen, click Notary settings.
On the Notary Settings screen, specify the DNS name and user key in the respective fields, and then click Done.
To enable or disable blockchain notarization for a bucket, select a bucket on the Storage services > S3 > Buckets screen, and then click Enable Notary or Disable Notary.
Notarization is disabled for new buckets by default.
Once you enable notarization for a bucket, certificates are created automatically only for the newly uploaded files. The previously uploaded files are left unnotarized. Once a file is notarized, it will remain notarized even if you disable notarization later.