Here, we'll create a new Object Storage authentication key that limits access to specific buckets in specific regions.

The workflow

1. Run the List Object Storage buckets operation and store the label and the region for each bucket you want to add to the key.

   {
     "data": [
       {
         "cluster": "us-east-1",
         "created": "2023-01-05T01:23:45",
         "endpoint_type": "E1",
         "hostname": "primary-bucket-1.us-east-12.linodeobjects.com",
         "label": "primary-bucket", <== Store this.
         "objects": 4,
         "region": "us-east", <== Store this.
         ...
       },
       {
         "cluster": "us-iad-1",
         "created": "2024-01-01T11:45:37",
         "endpoint_type": "E1",
         "hostname": "primary-bucket-1.us-east-12.linodeobjects.com",
         "label": "backup-bucket", <== Store this.
         "objects": 4,
         "region": "us-iad", <== Store this.
         ...
       },
     ],
     "page": 1,
     "pages": 1,
     "results": 2
   }
   

2. Run the Create an Object Storage key operation including this content in the request:

   {
     "label": "Limited OBJ Access - Primary and Backup",
     "bucket_access": [
       {
         "bucket_name": "primary-bucket",
         "permissions": "read_write",
         "region": "us-west"
       },
       {
         "bucket_name":"backup-bucket",
         "permissions": "read_only",
         "region": "us-iad"
       )
     ]
   }
   

   • label. Give the key an easily recognizable name.

   • bucket_access. Include individual objects that cover each bucket the key can access:

     • bucket_name. The label for a bucket you stored in step 1.

     • permissions. The level of access the key grants to the bucket_name. Keys with read_write access can manage content in the bucket_name, while read_only can be used to view content.

     • region. The stored region where the bucket_name you want the key to access is located.

3. The parent-level regions array isn't required for a limited access key. So, leave it out for this workflow.

4. After you run the operation, store the secret_key from the response. This value is only revealed in the response for this operation.

The end result

You can use the key to access and manage content in the specified bucket_name buckets, based on the permissions set for each. This key also lets you list and create new buckets in eachregion you included in the bucket_access array.

👍

You can also set up bucket policies for fine-grained control of access and permissions for your buckets.