Create an Object Storage key

Provisions a new Object Storage key for authenticating to the Object Storage S3 API. A successful request triggers an obj_access_key_create event.

📘

Accounts with negative balances can't access this operation.

The regions and region parameters

When creating an Object Storage key, specify one or more data centers (regions) where you want to create and manage Object Storage buckets.

  • The regions array. Populate it with regionId values. The resulting Object Storage key grants access to list and create new buckets in these regions. This doesn't give access to manage content in these buckets. To address this, you can:

    • Use the bucket_access array instead to grant management access, per bucket.

    • Use bucket policies to change the access for this key.

  • The bucket_access array. This optional array lets you set up limited keys. Include individual objects naming a regionId, the target bucket_name, and the permissions for the Object Storage key. Use the resulting key to manage content in the bucket_name, based on the permission level set. You can also use the key to create new buckets in the named region. However, the key doesn't have access to manage content in the newly created bucket. You can grant it this access using bucket policies.

  • Combine the two to apply varying levels of access in the key. For example, set regions to us-west to give the key bucket list and create access in that region. Then, set up the bucket_access array to give access to a specific bucket_name in the us-east region. The key has access to manage content in that bucket_name and list and create buckets in the us-east region, too. If you include the same region in both, the settings applied in the bucket_access array take precedence. For example, assume you include us-east in the regions array, expecting to only give bucket list and creation access to that region. If you also set us-east as a region in the bucket_access array, the Object Storage key gives access to manage content in the specified bucket_name, and lets you list and create buckets in that region.

The cluster parameter (legacy)

For backward compatibility, include the cluster parameter to create an Object Storage key. Use the clusterId equivalent (us-west-1) instead of the regionId (us-west). Leave the regions array out. If including the bucket_access array to limit access, omit region from each object. Use the resulting key in clusters in all supported regions.

📘

While the API supports this method, you should use the regions parameters, instead.

  • Unlimited access. Omit the bucket_access array. The Object Storage key has unlimited cluster access to all buckets, with all permissions.

  • Limited access. Include the bucket_access array. Set the target bucket_name and the level of permissions for access to that bucket. Use the resulting key to manage content in the named bucket. A limited Object Storage key can list all buckets and create a new bucket. However, you can't use the key to perform any actions on a bucket, unless the key has access to it. You can use bucket policies to modify a key's access.

linode-cli object-storage keys-create \
  --label "my-object-storage-key" \
  --bucket_access '[{"region": "ap-south", "bucket_name": "bucket-example-1", "permissions": "read_write" }]'

<https://techdocs.akamai.com/cloud-computing/docs/getting-started-with-the-linode-cli>
object_storage:read_write

<https://techdocs.akamai.com/linode-api/reference/get-started#oauth>
Language
Credentials
Click Try It! to start a request and see the response here!