S3 Ceph Object Storage policy
S3 Ceph Object Storage policy allows you to control access to resources in an S3 Ceph Object Storage. It enables specifying permissions for each resource to allow or deny actions requested by users or roles. Additionally, you can use lifecycle policies to protect data confidentiality or cut costs by automatically deleting expired objects.
1. Lifecycle policies for files in a Ceph Object Storage
The S3 lifecycle is configured via a JSON file that contains a set of rules with predefined actions that an S3 Ceph Object Storage should perform on objects during their lifecycle. The policy is defined in the following format:
{
"Rules": [
{
"Expiration": {
"Days": 30
},
"ID": "lifecycle-expiration-rule",
"Status": "Enabled",
"NoncurrentVersionExpiration": {
"NoncurrentDays": 30
},
"AbortIncompleteMultipartUpload": {
"DaysAfterInitiation": 30
}
}
]
}This policy states that files created 30 days ago are subject to expiration and automatic deletion.
| The Days field value cannot be less than 1. To learn more, refer to the AWS documentation: Lifecycle configuration elements. |
To create a lifecycle policy in S3 Ceph Object Storage, you need to upload it to the corresponding bucket using the AWS CLI:
aws --profile <profile-with-access-keys> --endpoint=<S3-bucket-address> s3api get-bucket-versioning --bucket <bucket-name>To check whether the S3 Ceph Object Storage policy exists, use the following command:
aws --profile <profile-with-access-keys> --endpoint=<S3-bucket-address> s3api get-bucket-lifecycle-configuration --bucket <bucket-name>