Create an Object Storage key

Provisions a new Object Storage key for authentication. A successful request triggers an obj_access_key_create event.

📘

Accounts with negative balances can't access this operation.

Call out specific regions

When creating an Object Storage key, name the specific data centers (regions) where you want to create and manage Object Storage buckets.

  • The regions array. Populate it with regionId values. Run the List regions operation, verify that the desired region includes "Object Storage" amongst its capabilities, and store its id for use as the regionId. The resulting Object Storage key grants access to list and create new buckets in each region. This doesn't give access to manage content in these buckets. To address this, you can:

    • Use the bucket_access array instead to grant management access, per bucket.

    • Use bucket policies to change the access for this key.

  • The bucket_access array. This optional array lets you set up limited keys. Include individual objects naming a regionId where the bucket exists, the target bucket_name to access, and the permissions for the Object Storage key. Use the resulting key to manage content in the bucket_name, based on the permission level set. You can also use the key to create new buckets in the named region. The key doesn't have access to manage content in a newly created bucket. You can grant it this access using bucket policies.

  • Combine the two to apply varying levels of access in the key. For example, set regions to us-west to give the key bucket list and create access in that region. Then, set up the bucket_access array to give access to a specific bucket_name in the us-east region. The key has access to manage content in that bucket_name and list and create buckets in the us-east region, too. If you include the same region in both, the settings applied in the bucket_access array take precedence. For example, assume you include us-east in the regions array, expecting to only give bucket list and creation access to that region. If you also set us-east as a region in the bucket_access array, the Object Storage key gives access to manage content in the specified bucket_name, and lets you list and create buckets in that region.

Call out specific clusters (deprecated)

For backward compatibility, you can still target specific clusters where you want to create and manage Object Storage buckets. In this case, you include the cluster parameter and populate it with clusterId equivalents (us-west-1) instead of the regionId (us-west). Run the List clusters operation and store the id for the desired cluster. Leave the regions array out. If you include the bucket_access array to limit access, omit region from each object. Use the resulting key in clusters in all supported regions.

📘

The cluster parameter has been deprecated. You should use the regions parameter instead. You can't include both parameters in the same operation.

  • Unlimited access. Omit the bucket_access array. The Object Storage key has unlimited cluster access to all buckets, with all permissions.

  • Limited access. Include the bucket_access array. Set the target bucket_name and the level of permissions for access to that bucket. Use the resulting key to manage content in the named bucket. A limited Object Storage key can list all buckets and create a new bucket. However, you can't use the key to perform any actions on a bucket, unless the key has access to it. You can use bucket policies to modify a key's access.

linode-cli object-storage keys-create \
  --label "my-object-storage-key" \
  --bucket_access '[{"region": "ap-south", "bucket_name": "bucket-example-1", "permissions": "read_write" }]'

<https://techdocs.akamai.com/cloud-computing/docs/getting-started-with-the-linode-cli>
object_storage:read_write

<https://techdocs.akamai.com/linode-api/reference/get-started#oauth>
Language
Credentials
Click Try It! to start a request and see the response here!