Object Storage Buckets

If you're new to policies, see Managing Identity Domains and Common Policies.

The policy Let Object Storage admins manage buckets and objects lets the specified group do everything with buckets and the associated objects. You must be a member of this group to create a bucket.

If you're an Object Storage administrator and want to impose more restrictive policies for buckets, update the policy to include those restrictions. See Details for Object Storage, Archive Storage, and Data Transfer for more information.

Security Zones ensure that your cloud resources comply with Oracle security principles. If any operation on a resource in a security zone compartment violates a policy for that security zone, then the operation is denied.

The following security zone policies affect your ability to manage buckets:

• You can't move a bucket from a security zone to a compartment that isn't in the same security zone, because it might be less secure. For details, see Restrict Resource Movement.
• Buckets in a security zone must be private.
• Buckets in a security zone must use customer-managed master encryption keys in the Vault service.

Pre-authenticated requests provide a way to let you access a bucket or an object without having your own credentials. For example, you can create a request that lets you upload backups to a bucket without owning API keys. See Object Storage Pre-Authenticated Requests for details.

You can enable object versioning to retain previous versions of objects. Object versioning lets you view, retrieve, and recover previous versions of objects and provides protection against accidental or malicious object overwrite or deletion. For information about this feature, see Object Storage Versioning.

Using object lifecycle policies applied at the bucket level, you can automatically manage the archiving and deletion of objects according to a pre-defined schedule. For information about this feature, see Object Storage Object Lifecycle Management.

You can apply retention rules at the bucket level to provide immutable object storage options for data written to Object Storage for governance, regulatory compliance, and legal requirements. For information about this feature, see Object Storage Data Retention Rules.

Using a replication policy for a bucket, you can automatically replicate the objects in one Object Storage bucket to another bucket in the same region or a different region. For information about this feature, see Object Storage Replication.

Apply tags to resources to help organize them according to business needs. Apply tags at the time you create a resource, or update the resource later with the wanted tags. For general information about applying tags, see Resource Tags.

Object Storage supports adding tags to buckets.

You can monitor the health, capacity, and performance of your Oracle Cloud Infrastructure resources by using metrics, alarms, and notifications. For more information, see Monitoring and Notifications.

For information about monitoring buckets, see Object Storage Metrics.

A usage report is a comma-separated value (CSV) file that can be used to get a detailed breakdown of resources in Oracle Cloud Infrastructure for audit or invoice reconciliation. A usage report is generated daily and stored in an Object Storage bucket. For more information, see Cost and Usage Reports Overview and Accessing Cost and Usage Reports.

You can create automation based on state changes for Oracle Cloud Infrastructure resources by using event types, rules, and actions. For more information, see Overview of Events.

Buckets emit events for bucket state changes by default. Events for objects are handled differently than other resources. Objects don't emit events by default. Use the Console, CLI, or API to enable a bucket to emit events for object state changes. You can enable events for object state changes during or after bucket creation. See Enabling or Disabling Emitting Events for Object State Changes for more information.

Bucket names are system generated by default, but you can overwrite the default with a name you specify.

When you create a bucket, you decide which default storage tier is appropriate for storing the objects:

• Use the Standard tier for data to which you need fast, immediate, and frequent access.
• Use the Archive tier for data to which you seldom or rarely access, but that must be retained and preserved for long periods of time.

The storage tier property is then assigned to each object that you upload to a bucket.

For more information, see Object Storage Storage Tiers. To automate the movement of data to the most cost effective tier, see Auto-Tiering.

When you create a bucket, the bucket is considered a private bucket and the access to the bucket and bucket contents requires authentication and authorization. However, Object Storage supports anonymous, unauthenticated access to a bucket that is not in a security zone. You make a bucket public by enabling read access to the bucket.