Provisions a new Object Storage key for authentication. A successful request triggers an obj_access_key_create
event.
Accounts with negative balances can't access this operation.
Call out specific regions
When creating an Object Storage key, name the specific data centers (regions) where you want to create and manage Object Storage buckets.
-
The
regions
array. Populate it withregionId
values. Run the List regions operation, verify that the desired region includes"Object Storage"
amongst itscapabilities
, and store itsid
for use as theregionId
. The resulting Object Storage key grants access to list and create new buckets in each region. This doesn't give access to manage content in these buckets. To address this, you can:-
Use the
bucket_access
array instead to grant management access, per bucket. -
Use bucket policies to change the access for this key.
-
-
The
bucket_access
array. This optional array lets you set up limited keys. Include individual objects naming aregionId
where the bucket exists, the targetbucket_name
to access, and thepermissions
for the Object Storage key. Use the resulting key to manage content in thebucket_name
, based on the permission level set. You can also use the key to create new buckets in the named region. The key doesn't have access to manage content in a newly created bucket. You can grant it this access using bucket policies. -
Combine the two to apply varying levels of access in the key. For example, set
regions
tous-west
to give the key bucket list and create access in that region. Then, set up thebucket_access
array to give access to a specificbucket_name
in theus-east
region. The key has access to manage content in thatbucket_name
and list and create buckets in theus-east
region, too. If you include the same region in both, the settings applied in thebucket_access
array take precedence. For example, assume you includeus-east
in theregions
array, expecting to only give bucket list and creation access to that region. If you also setus-east
as aregion
in thebucket_access
array, the Object Storage key gives access to manage content in the specifiedbucket_name
, and lets you list and create buckets in that region.
Call out specific clusters (deprecated)
For backward compatibility, you can still target specific clusters where you want to create and manage Object Storage buckets. In this case, you include the cluster
parameter and populate it with clusterId
equivalents (us-west-1) instead of the regionId
(us-west). Run the List clusters operation and store the id
for the desired cluster. Leave the regions
array out. If you include the bucket_access
array to limit access, omit region
from each object. Use the resulting key in clusters in all supported regions.
The
cluster
parameter has been deprecated. You should use theregions
parameter instead. You can't include both parameters in the same operation.
-
Unlimited access. Omit the
bucket_access
array. The Object Storage key has unlimited cluster access to all buckets, with all permissions. -
Limited access. Include the
bucket_access
array. Set the targetbucket_name
and the level ofpermissions
for access to that bucket. Use the resulting key to manage content in the named bucket. A limited Object Storage key can list all buckets and create a new bucket. However, you can't use the key to perform any actions on a bucket, unless the key has access to it. You can use bucket policies to modify a key's access.
linode-cli object-storage keys-create \
--label "my-object-storage-key" \
--bucket_access '[{"region": "ap-south", "bucket_name": "bucket-example-1", "permissions": "read_write" }]'
<https://techdocs.akamai.com/cloud-computing/docs/getting-started-with-the-linode-cli>
object_storage:read_write
<https://techdocs.akamai.com/linode-api/reference/get-started#oauth>