In this demo, we walk you through the key steps of using Leaseweb Object Storage.
Learn how to create buckets, generate access keys, configure a local client using s3cmd, and upload various file types with encryption. We will also show you how to manage security policies for controlling access to your data and demonstrate how to access files via the browser securely.
Watch the full video to see how easy it is to manage and protect your data using Leaseweb Object Storage!
Expand this to see and follow the steps as described in the video:
- Sign in to the StorageGrid Tenant Manager
- Navigate to the “Buckets” creation section and create a bucket name
- Select your region and create the bucket
- See more here
- Now navigate to “My access keys” and click, “Create key”
- Then click “Create Access key”
- Here you can copy your “access key ID” and your “Secret Access key”
- See more here
- Configure the local client to connect to the bucket using the access keys created
- For this example, we will use a client called ‘s3cmd’
- Open the terminal, and if ‘s3cmd’ is not installed, install it
- Run the command
s3cmd --configure s3://tijmen-gives-a-demo - Enter the Access Key, Secret Key, Region, Endpoint, and Bucket name template
- Set an encryption password for client-side encryption
- Next, upload 3 types of files: unencrypted, client-side encrypted, and server-side encrypted
- First, upload an unencrypted file:
s3cmd put file.txt s3://tijmen-gives-a-demo
- Next, upload a client-side encrypted file:
s3cmd put client_side_encrypted_file.txt s3://tijmen-gives-a-demo -e
- Finally, upload a server-side encrypted file:
s3cmd put server_side_encrypted_file.txt s3://tijmen-gives-a-demo --server-side-encryption
- You can list all the files uploaded to the bucket using the below command:
s3cmd ls s3://tijmen-gives-a-demo
- Access the object storage through a browser
- Navigate to
https://tijmen-gives-a-demo.nl.object-storage.ioto see the list of files- Notice that unencrypted and server-side encrypted files can be viewed, while the client-side encrypted file is unreadable
- Navigate to
- Set a security policy to prevent unauthorized access
- Upload
private_access.jsonusing the command:s3cmd setpolicy private_access.json s3://tijmen-gives-a-demo- After setting the security policy, the files are no longer accessible
- Refresh the browser to see an “Access denied” message
- Upload now a policy that allows public access
- Upload `public_access.json` using the command:
s3cmd setpolicy public_access.json s3://tijmen-gives-a-demo- The browser can now list and download files again
- Refresh the browser to see if the files are accessible
- You can also download files using the client
s3cmd get s3://tijmen-gives-a-demo/client_side_encrypted_file.txt download.txt- You can see the downloaded and decrypted files using the configured encryption password
- Set a policy for partial access
- Upload `partial_access.json` using:
vim partial_access.json
- Here you can now see the statement of your partial access policy
- Make sure you verify that your partial access restrictions are in place.
- If we download `server_side_encrypted_file.txt`, you can see it is denied but the `file.txt` is allowed. Now, list the bucket contents.
- Upload `partial_access.json` using:
- Next, remove a file from the bucket
