In this guide, you will learn how to use the AWS CLI with a custom S3 endpoint such as https://a1.storagecenter.ch.
Install AWS CLI
Ensure that the AWS CLI is installed on your system. If not, download it from the official AWS website:
AWS CLI Installation
Verify the installation with:
aws --version
Provide Access Credentials
You will need an Access Key and a Secret Key to connect to the S3-compatible service. These are provided by your storage provider.
Start Configuration
Run the following command to configure the AWS CLI:
aws configure
Enter Access Credentials
Provide the following information:
ch-north). This is required even if you are using a custom endpoint.json, text, or table).To send commands to the custom endpoint https://a1.storagecenter.ch, use the --endpoint-url parameter.
Please use your own bucket names. Bucket names are unique and cannot be reused.
Create a new bucket with the following command:
aws --endpoint-url=https://a1.storagecenter.ch s3api create-bucket --bucket my-bucket-name
my-bucket-name with a unique name for your bucket.Upload a file to the bucket:
aws --endpoint-url=https://a1.storagecenter.ch s3api put-object --bucket my-bucket-name --key path/to/file.txt --body local/file.txt
--key specifies the path and filename in the bucket.--body specifies the path to the local file.Download a file from the bucket:
aws --endpoint-url=https://a1.storagecenter.ch s3api get-object --bucket my-bucket-name --key path/to/file.txt local/file.txt
List all buckets:
aws --endpoint-url=https://a1.storagecenter.ch s3api list-buckets
List all objects in a bucket:
aws --endpoint-url=https://a1.storagecenter.ch s3api list-objects --bucket my-bucket-name
If you want to use multiple configurations, you can create profiles. Add a new profile:
aws configure --profile my-profile
Then use the profile in your commands:
aws --endpoint-url=https://a1.storagecenter.ch --profile my-profile s3api list-buckets
Show Help
aws s3api help
Enable Debug Mode
aws --endpoint-url=https://a1.storagecenter.ch --debug s3api list-buckets
You can also specify the endpoint in the configuration file (~/.aws/config) to avoid specifying it every time:
[profile my-profile]
region = eu-central-1
output = json
s3 =
endpoint_url = https://a1.storagecenter.ch
Afterward, you can run commands as usual:
aws --profile my-profile s3api list-buckets
With this guide, you can use the AWS CLI to access a custom S3 endpoint like https://a1.storagecenter.ch. You can create buckets, upload and download files, and perform other S3 operations.
For more information, consult the official AWS CLI documentation:
AWS CLI Documentation
Object Lock is a feature in Amazon S3 that allows you to protect objects in a bucket from deletion or overwriting. This is particularly useful for compliance requirements where data must remain immutable for a specific period. There are two modes:
In this guide, you will learn how to enable and configure Object Lock using the AWS CLI.
AWS CLI Installed and Configured
Ensure that the AWS CLI is installed and configured with your access credentials.
Bucket Versioning Enabled
Object Lock requires bucket versioning to be enabled. If it is not enabled, it will be automatically enabled when Object Lock is activated.
Object Lock must be enabled when creating a bucket. It cannot be enabled afterward.
Use the following command to create a new bucket with Object Lock enabled:
aws s3api create-bucket --bucket my-bucket-name --region eu-central-1 --object-lock-enabled-for-bucket
my-bucket-name with the name of your bucket.eu-central-1 with your desired AWS region.After the bucket is created, you need to configure the Default Object Lock settings. These settings apply to all new objects uploaded to the bucket unless specific retention settings are provided.
Use the following command to set Compliance Mode with a retention period of 30 days:
aws s3api put-object-lock-configuration --bucket my-bucket-name --object-lock-configuration '{
"ObjectLockEnabled": "Enabled",
"Rule": {
"DefaultRetention": {
"Mode": "COMPLIANCE",
"Days": 30
}
}
}'
my-bucket-name with the name of your bucket."Mode": "COMPLIANCE" enables Compliance Mode."Days": 30 sets the retention period to 30 days.You can verify the Object Lock configuration of the bucket to ensure it is set correctly:
aws s3api get-object-lock-configuration --bucket my-bucket-name
The output should look like this:
{
"ObjectLockConfiguration": {
"ObjectLockEnabled": "Enabled",
"Rule": {
"DefaultRetention": {
"Mode": "COMPLIANCE",
"Days": 30
}
}
}
}
When you upload an object to the bucket, the default Object Lock configuration will be applied. However, you can also specify custom retention settings for an individual object:
aws s3api put-object --bucket my-bucket-name --key path/to/file.txt --body local/file.txt --object-lock-mode COMPLIANCE --object-lock-retain-until-date "2023-11-01T00:00:00Z"
--object-lock-mode COMPLIANCE enables Compliance Mode for this object.--object-lock-retain-until-date specifies the date until which the object is locked (in ISO-8601 format).Object Lock Cannot Be Disabled
Once Object Lock is enabled for a bucket, it cannot be disabled.
Compliance Mode is Strict
In Compliance Mode, no user (including root users) can delete or overwrite an object until the retention period expires.
Versioning is Required
Object Lock requires bucket versioning to be enabled. If it is not enabled, it will be automatically enabled when Object Lock is activated.
With these steps, you have:
Object Lock is a powerful feature to protect data from accidental or malicious deletion. For more information, refer to the official AWS documentation:
AWS Object Lock Documentation