Provisions a new Object Storage key for authenticating to the Object Storage S3 API. A successful request triggers an obj_access_key_create
event.
Accounts with negative balances can't access this operation.
The regions
and region
parameters
When creating an Object Storage key, specify one or more data centers (regions) where you want to create and manage Object Storage buckets.
-
The
regions
array. Populate it withregionId
values. The resulting Object Storage key grants access to list and create new buckets in these regions. This doesn't give access to manage content in these buckets. To address this, you can:-
Use the
bucket_access
array instead to grant management access, per bucket. -
Use bucket policies to change the access for this key.
-
-
The
bucket_access
array. This optional array lets you set up limited keys. Include individual objects naming aregionId
, the targetbucket_name
, and thepermissions
for the Object Storage key. Use the resulting key to manage content in thebucket_name
, based on the permission level set. You can also use the key to create new buckets in the named region. However, the key doesn't have access to manage content in the newly created bucket. You can grant it this access using bucket policies. -
Combine the two to apply varying levels of access in the key. For example, set
regions
tous-west
to give the key bucket list and create access in that region. Then, set up thebucket_access
array to give access to a specificbucket_name
in theus-east
region. The key has access to manage content in thatbucket_name
and list and create buckets in theus-east
region, too. If you include the same region in both, the settings applied in thebucket_access
array take precedence. For example, assume you includeus-east
in theregions
array, expecting to only give bucket list and creation access to that region. If you also setus-east
as aregion
in thebucket_access
array, the Object Storage key gives access to manage content in the specifiedbucket_name
, and lets you list and create buckets in that region.
The cluster
parameter (legacy)
For backward compatibility, include the cluster
parameter to create an Object Storage key. Use the clusterId
equivalent (us-west-1) instead of the regionId
(us-west). Leave the regions
array out. If including the bucket_access
array to limit access, omit region
from each object. Use the resulting key in clusters in all supported regions.
While the API supports this method, you should use the
regions
parameters, instead.
-
Unlimited access. Omit the
bucket_access
array. The Object Storage key has unlimited cluster access to all buckets, with all permissions. -
Limited access. Include the
bucket_access
array. Set the targetbucket_name
and the level ofpermissions
for access to that bucket. Use the resulting key to manage content in the named bucket. A limited Object Storage key can list all buckets and create a new bucket. However, you can't use the key to perform any actions on a bucket, unless the key has access to it. You can use bucket policies to modify a key's access.
linode-cli object-storage keys-create \
--label "my-object-storage-key" \
--bucket_access '[{"region": "ap-south", "bucket_name": "bucket-example-1", "permissions": "read_write" }]'
<https://techdocs.akamai.com/cloud-computing/docs/getting-started-with-the-linode-cli>
object_storage:read_write
<https://techdocs.akamai.com/linode-api/reference/get-started#oauth>