Skip to main content
Customize object storage after upgrade
Last update:

Customize object storage after upgrade

On 09/29/2023, a major update to object storage was released. If you had containers created before the object store upgrade, transfer them to project to continue working with the store in the dashboard.

The most significant changes in the operation of the repository:

  • new authorization to all storage APIs and new endpoints for access;
  • new container public domain (domain of the form <uuid> This domain will replace the account's personal domain (a domain of the form *****, which will be disabled later. We will give advance notice of the shutdown;
  • moving object storage to cloud platform projects;
  • new [access control] model(/cloud/object-storage/manage/manage-access.mdx): full support for the role model and the introduction of container access policies.

Previously created users, API method calls, etc. suburban settlement will continue to operate for a while — we will notify you of the shutdown in advance. We recommend change storage settings now and use the updated settings for new containers.

Transfer containers to the project

Without moving to project, you will not be able to work with the storage in the dashboard.

You can migrate a repository once and as a whole (to one project). It is not possible to distribute old containers to different projects. It will be possible to create new containers in different projects.

If you already have a cloud platform project, you can move containers to it or create a new one.

  1. In Control Panel, go to Object Storage. The first time you navigate to the section after 9/29/2023, a page will open to transfer containers.
  2. Specify Use an existing project.
  3. Select the project to which you want to migrate the containers and click Move.

Customize object storage

  1. Configure storage access for users.
  2. Configure container access policy.
  3. If you are using API or FTP, update access keys and URL.
  4. If you are using a CDN, change CDN-resource.
  5. Check that you have replaced the domains with new ones.
  6. Delete old storage users.

1. Configure storage access for {#configure-storage-access-for-users}users

Object storage now supports role model:

  • access to the repository via the dashboard will be for dashboard users whose role allows access to the entire account or project to which the containers have been migrated;
  • API is accessed through service users instead of storage users (created in Object StorageUsers). Old users will continue to work and will be disconnected at a later date. You can no longer create new users of this type.

Add new users can be added under User Management.

For users with the Object Store User role, access is determined solely by the access policy — if it is not configured, the user will not have access to the container. See the Manage access in object storage instructions for more information on how different roles work in storage.

2. Configure the container access policy

Create a container access policy can be created through the control panel. To create an access policy through the API, use AWS S3 documentation.

Consider role-model accesses when configuring the policy, see the Manage Object Storage Access instructions for details.

See Access Policy for details on how access policies work.

3. Update access keys and URL

See S3 API documentation for more information on authorization.

  1. Issue S3-key to the service user. You can also issue a key via the IAM API.

  2. In the requests, replace the URL and use the key to authenticate with the new scheme:

    • AWS_ACCESS_KEY_ID is the value of the Access key field from S3-key;
    • AWS_SECRET_KEY is the value of the Secret key field from S3-key;
    • The URL is, where ru-1 is the pool where the object storage resides.

4. Modify CDN resource

If you are using object storage as a CDN content source, change the CDN resource. For more information about connecting storage to CDN, see the Connect CDN to object storage instructions.

  1. In Control Panel, go to CDNCDN Resources.
  2. Open the CDN resource page → General tab.
  3. Click Edit Source.
  4. Replace the domain with container public domain of the form <uuid>
  5. In the Host Header Override field, specify the public domain of the container.

5. Check domains

Make sure you use the new domains everywhere. The old domains will continue to work for a while and will be disabled later. We will notify you in advance of the outage.

More information about domains in the Domains instructions.

What it is used forOld domainNew domain
Public access*****<uuid>
  •<container_name> (Path-Style)
  • <container_name> (Virtual Hosted)
  •<container_name> (Path-Style)
  • <container_name> (Virtual Hosted)
Domain for DNS records*****

6. Delete old users of the {#delete-legacy-users}repository

  1. In Control Panel, go to Object StorageUsers.
  2. In the user card, click Delete.