General information#

CROC Cloud object storage supports RESTful API compatible with AWS S3. To employ Simple Storage Service API, we recommend using AWS CLI or S3cmd.

Supported actions#

Bucket operations#

The following table lists the bucket operations supported in AWS S3 and their support status in CROC Cloud:

Feature

Status

Remarks

CreateBucket

Supported

With restrictions

DeleteBucket

Supported

DeleteBucketAnalyticsConfiguration

Not Supported

DeleteBucketCors

Supported

DeleteBucketEncryption

Supported

With restrictions

DeleteBucketInventoryConfiguration

Not Supported

DeleteBucketLifecycleConfiguration

Supported

DeleteBucketMetricsConfiguration

Not Supported

DeleteBucketOwnershipControls

Not Supported

DeleteBucketPolicy

Supported

DeleteBucketReplication

Not Supported

DeleteBucketWebsite

Supported

DeletePublicAccessBlock

Not Supported

GetBucketAccelerateConfiguration

Not Supported

GetBucketAcl

Supported

GetBucketAnalyticsConfiguration

Not Supported

GetBucketCors

Supported

GetBucketEncryption

Supported

With restrictions

GetBucketInventoryConfiguration

Not Supported

GetBucketLifecycleConfiguration

Supported

GetBucketLocation

Supported

With restrictions

GetBucketLogging

Not Supported

GetBucketMetricsConfiguration

Not Supported

GetBucketNotificationConfiguration

Not Supported

GetBucketOwnershipControls

Not Supported

GetBucketPolicy

Supported

S3GetBucketPolicyStatus

Not Supported

GetBucketReplication

Not Supported

GetBucketRequestPayment

Supported

With restrictions

GetBucketTagging

Not Supported

GetBucketVersioning

Supported

GetBucketWebsite

Supported

GetPublicAccessBlock

Not Supported

GetObjectLockConfiguration

Not Supported

HeadBucket

Supported

ListBuckets

Supported

ListBucketAnalyticsConfigurations

Not Supported

ListBucketInventoryConfigurations

Not Supported

ListBucketmetricsConfigurations

Not Supported

ListMultipartUploads

Supported

ListObjects

Supported

ListObjectsV2

Supported

ListObjectVersions

Supported

PutBucketAccelerateConfiguration

Not Supported

PutBucketAcl

Supported

PutBucketAnalyticsConfiguration

Not Supported

PutBucketCors

Supported

PutBucketEncryption

Supported

With restrictions

PutBucketInventoryConfiguration

Not Supported

PutBucketLifecycleConfiguration

Supported

With restrictions

PutBucketLogging

Not Supported

PutBucketMetricsConfiguration

Not Supported

PutBucketNotificationConfiguration

Not Supported

PutBucketOwnershipControls

Not Supported

PutBucketPolicy

Supported

With restrictions

PutBucketReplication

Not Supported

PutBucketRequestPayment

Supported

With restrictions

PutBucketTagging

Not Supported

PutBucketVersioning

Supported

PutBucketWebsite

Supported

PutObjectLockConfiguration

Not Supported

PutPublicAccessBlock

Not Supported

Object operations#

The following table lists the object operations supported in AWS S3 and their support status in CROC Cloud:

Feature

Status

Remarks

AbortMultipartUpload

Supported

CompleteMultipartUpload

Supported

CreateMultipartUpload

Supported

CopyObject

Supported

DeleteObject

Supported

DeleteObjects

Supported

DeleteObjectTagging

Supported

GetObject

Supported

GetObjectAcl

Supported

GetObjectLegalHold

Not Supported

GetObjectRetention

Not Supported

GetObjectTagging

Supported

GetObjectTorrent

Not Supported

HeadObject

Supported

ListParts

Supported

PostObject

Supported

PutObject

Supported

With restrictions

PutObjectAcl

Supported

PutObjectLegalHold

Not Supported

PutObjectRetention

Not Supported

PutObjectTagging

Supported

With restrictions

RestoreObject

Not Supported

SelectObjectContent

Not Supported

UploadPart

Supported

S3UploadPartCopy

Supported

Restrictions on the supported actions#

Restrictions for Server Side Encryption#

AWS S3 supports the following specifications of Server Side encryption (SSE):

  • SSE-KMS

  • SSE-C

CROC Cloud supports the SSE-C specification only (see an example of relevant object encryption).

The Get/Put/DeleteBucketEncryption` methods refer to the SSE-KMS specification, which has not supported yet. Technically, methods will work, but encryption won’t be applied.

Restrictions of Bucket Location#

Setting location by LocationConstraint is unsupported. The GetBucketLocation action always returns null.

Restrictions for Bucket Request Payment#

This approach is not supported. Technically, the Get/PutBucketRequestPayment methods will work, but you will not be able to take advantage of this feature yet.

Restrictions for Bucket Lifecycle#

Only rules for deleting objects and their versions are supported. Rules for moving objects between storage classes are not supported.

Restrictions for Bucket Policy#

Objects’ tags are not supported in Bucket Policy.

Currently, we support only following actions:

  • s3:AbortMultipartUpload

  • s3:CreateBucket

  • s3:DeleteBucketPolicy

  • s3:DeleteBucket

  • s3:DeleteBucketWebsite

  • s3:DeleteObject

  • s3:DeleteObjectVersion

  • s3:GetBucketAcl

  • s3:GetBucketCORS

  • s3:GetBucketLocation

  • s3:GetBucketPolicy

  • s3:GetBucketRequestPayment

  • s3:GetBucketVersioning

  • s3:GetBucketWebsite

  • s3:GetLifecycleConfiguration

  • s3:GetObjectAcl

  • s3:GetObject

  • s3:GetObjectVersion

  • s3:ListAllMyBuckets

  • s3:ListMultipartUploadParts

  • s3:ListBuckets

  • s3:ListBucketVersions

  • s3:ListBucketMultipartUploads

  • s3:ListMultipartUploadParts

  • s3:PutBucketAcl

  • s3:PutBucketCORS

  • s3:PutBucketPolicy

  • s3:PutBucketRequestPayment

  • s3:PutBucketVersioning

  • s3:PutBucketWebsite

  • s3:PutLifecycleConfiguration

  • s3:PutObjectAcl

  • s3:PutObject

  • s3:PutObjectVersionAcl

You can only use “*” as a Principal the Bucket Policy for now.

Bucket Policy supports the following Condition Keys for all requests:

  • aws:CurrentTime

  • aws:EpochTime

  • aws:PrincipalType

  • aws:Referer

  • aws:SecureTransport

  • aws:SourceIp

  • aws:UserAgent

  • aws:username

Condition Keys for bucket-related operations:

Action

Condition Key

s3:createBucket

s3:x-amz-acl
s3:x-amz-grant-<perm>, where <perm> is one of grants read/write/read-acp/write-acp/full-control

s3:ListBuckets
s3:ListBucketVersions

s3:prefix
s3:delimiter
s3:max-keys

s3:PutBucketAcl

s3:x-amz-acl
s3:x-amz-grant-<perm>, where <perm> is one of grants read/write/read-acp/write-acp/full-control

Condition Keys for object-related operations:

Action

Condition Key

s3:PutObject

s3:x-amz-acl
s3:x-amz-grant-<perm>, where <perm> is one of grants read/write/read-acp/write-acp/full-control
s3:x-amz-copy-source
s3:x-amz-metadata-directive

s3:PutObjectAcl
s3:PutObjectVersionAcl

s3:x-amz-acl
s3-amz-grant-<perm>, where <perm> is one of grants read/write/read-acp/write-acp/full-control

Restrictions for Object Tagging#

Object tags are not supported in Bucket Policy and Bucket Lifecycle.

General request structure#

The form of a specific request depends on the operation to be performed and parameters to be passed. Most requests contain common headers; in particular, authenticated requests must include the Authorization header. If requests are made directly inside the code, then you need to generate a signature for the header yourself.

Request sample structure#

{GET|HEAD|PUT|DELETE} /<bucket>/<object key>?<parameter list> HTTP/1.1
Host: storage.cloud.croc.ru
X-Amz-Content-Sha256: <SHA256 request body hash>
X-Amz-Date: <Date in ISO08601 format>
Authorization: <Authorization parameters according to AWS Signature Version 4>

<Request body>

Bucket and host name#

There are two different modes of accessing the buckets. The first (preferred) method identifies the bucket as the virtual bucket host name.

GET / HTTP/1.1

Host: mybucket.storage.cloud.croc.ru

The first (legacy) method identifies the bucket as the top-level directory in the URI.

GET /mybucket HTTP/1.1

Host: storage.cloud.croc.ru

Typical headers#

Typical request headers#

These headers are used in most requests.

Request header

Description

Authorization

Authorization token.

Content-Length

Length of the request body.

Content-Type

MIME type of the request body

Date

Request time and date (in UTC).

Host

The name of the host server.

x-amz-content-sha256

SHA256 hash for the request body (when AWS Signature Version 4 authentication is used)

Typical response headers#

These headers are present in most requests.

Request header

Description

Content-Length

Length of response body, bytes

Content-Type

MIME type of the request body, for example, Application/XML

Date

Response date and time in UTC format

x-amz-request-id

The request ID

Common Response Status#

In case of success, request returns codes 2xx, while in case of failure or error it returns codes 4xx and 500.

HTTP status

Response Code

100

Continue

200

Success

201

Created

202

Accepted

204

NoContent

206

Partial content

304

NotModified

400

BadDigest

400

EntityTooLarge

400

InvalidArgument

400

InvalidBucketName

400

InvalidDigest

400

InvalidObjectName

400

InvalidPart

400

InvalidPartOrder

400

RequestTimeout

400

UnresolvableGrantByEmailAddress

403

AccessDenied

403

QuotaExceeded

403

RequestTimeTooSkewed

403

UserSuspended

404

NoSuchBucket

404

NoSuchKey

404

NoSuchUpload

405

MethodNotAllowed

408

RequestTimeout

409

BucketAlreadyExists

409

BucketNotEmpty

411

MissingContentLength

412

PreconditionFailed

416

InvalidRange

422

UnprocessableEntity

500

InternalError