Designating Compartments for the Amazon S3 Compatibility and Swift APIs
In the Oracle Cloud Infrastructure Object Storage service, a bucket is a container for storing objects in a compartment within an Object Storage namespace. A bucket is associated with a single compartment and data is stored as objects in buckets.
In addition to the native Object Storage APIs, Object Storage provides API support for both Amazon S3 Compatibility API and Swift API. However these APIs do not understand the Oracle Cloud Infrastructure concept of a compartment. By default, buckets created using the Amazon S3 Compatibility API or the Swift API are created in the root compartment of the Oracle Cloud Infrastructure tenancy. Instead, you can designate a different compartment for the Amazon S3 Compatibility API or Swift API to create buckets in.
When you designate a different compartment to use for the Amazon S3 Compatibility API or Swift API, any new buckets you create using the Amazon S3 Compatibility API or the Swift API are created in this newly designated compartment. Buckets previously created in a different compartment are not automatically moved to the newly designated compartment. See Object Storage Buckets if you want to move previously created buckets to this newly designated compartment.
Required IAM Policy
To use Oracle Cloud Infrastructure, you must be granted security access in a policy by an administrator. This access is required whether you're using the Console or the REST API with an SDK, CLI, or other tool. If you get a message that you don’t have permission or are unauthorized, verify with your administrator what type of access you have and which compartment to work in.
Compartments have policies that indicate what actions a user can perform on a bucket and all the objects in the bucket.
- To change the default compartments for Amazon S3 Compatibility API and Swift API, a user must belong to a group with
- To see the current default compartments for Amazon S3 Compatibility API and Swift API, a user must belong to a group with
- To move a bucket to a different compartment, a user must belong to a group with
BUCKET_CREATEpermissions in the source compartment, and
BUCKET_CREATEpermissions in the target compartment.
If you're new to policies, see Getting Started with Policies and Common Policies. If you want to dig deeper into writing policies for buckets and objects, see Details for Object Storage, Archive Storage, and Data Transfer.