Provisions a new Object Storage key for authentication. A successful request triggers an obj_access_key_create event.
Accounts with negative balances can't access this operation.
Call out specific regions
When creating an Object Storage key, name the specific data centers (regions) where you want to create and manage Object Storage buckets.
-
The
regionsarray. Populate it withregionIdvalues. Run the List regions operation, verify that the desired region includes"Object Storage"amongst itscapabilities, and store itsidfor use as theregionId. The resulting Object Storage key grants access to list and create new buckets in each region. This doesn't give access to manage content in these buckets. To address this, you can:-
Use the
bucket_accessarray instead to grant management access, per bucket. -
Use bucket policies to change the access for this key.
-
-
The
bucket_accessarray. This optional array lets you set up limited keys. Include individual objects naming aregionIdwhere the bucket exists, the targetbucket_nameto access, and thepermissionsfor the Object Storage key. Use the resulting key to manage content in thebucket_name, based on the permission level set. You can also use the key to create new buckets in the named region. The key doesn't have access to manage content in a newly created bucket. You can grant it this access using bucket policies. -
Combine the two to apply varying levels of access in the key. For example, set
regionstous-westto give the key bucket list and create access in that region. Then, set up thebucket_accessarray to give access to a specificbucket_namein theus-eastregion. The key has access to manage content in thatbucket_nameand list and create buckets in theus-eastregion, too. If you include the same region in both, the settings applied in thebucket_accessarray take precedence. For example, assume you includeus-eastin theregionsarray, expecting to only give bucket list and creation access to that region. If you also setus-eastas aregionin thebucket_accessarray, the Object Storage key gives access to manage content in the specifiedbucket_name, and lets you list and create buckets in that region.
Call out specific clusters (deprecated)
For backward compatibility, you can still target specific clusters where you want to create and manage Object Storage buckets. In this case, you include the cluster parameter and populate it with clusterId equivalents (us-west-1) instead of the regionId (us-west). Run the List clusters operation and store the id for the desired cluster. Leave the regions array out. If you include the bucket_access array to limit access, omit region from each object. Use the resulting key in clusters in all supported regions.
The
clusterparameter has been deprecated. You should use theregionsparameter instead. You can't include both parameters in the same operation.
-
Unlimited access. Omit the
bucket_accessarray. The Object Storage key has unlimited cluster access to all buckets, with all permissions. -
Limited access. Include the
bucket_accessarray. Set the targetbucket_nameand the level ofpermissionsfor access to that bucket. Use the resulting key to manage content in the named bucket. A limited Object Storage key can list all buckets and create a new bucket. However, you can't use the key to perform any actions on a bucket, unless the key has access to it. You can use bucket policies to modify a key's access.
linode-cli object-storage keys-create \
--label "my-object-storage-key" \
--bucket_access '[{"region": "ap-south", "bucket_name": "bucket-example-1", "permissions": "read_write" }]'
<https://techdocs.akamai.com/cloud-computing/docs/getting-started-with-the-linode-cli>
object_storage:read_write
<https://techdocs.akamai.com/linode-api/reference/get-started#oauth>