Skip to main content

Getting Started Guide

Cloud Temple Object Storage is a highly secure, SecNumCloud-certified object storage service based on the Amazon S3 protocol. It enables you to store all types of data, including the most sensitive, in compliance with the highest security standards. You can manage your storage directly from the Cloud Temple console and integrate with numerous existing libraries or CLI clients for programmatic usage.

Before You Begin

To perform the actions described below, you need:

  • A Cloud Temple account connected to the console
  • 'Owner' status or IAM permissions that allow you to perform actions on the target organization's tenant.

List all S3 buckets in your tenant

You can access all your buckets via the 'Object Storage' menu in the Cloud Temple console:

You can view all accounts created on your tenant and authorized to access the S3 service via the 'Storage Accounts' tab.

Browse an S3 Bucket

When you click on a bucket's name, you first access the 'Files' tab to view its contents:

In the 'Settings' tab, you can see detailed information about your S3 bucket:

Important note: The 'Delete Protection' feature refers to the data retention period, not a scheduled deletion. Data remains accessible throughout the configured period. To automatically delete data after the retention period ends, you must define a lifecycle policy (lifecycle).

Example lifecycle policy (lifecycle.json):

Prerequisites:

  • The 'global access key' storage account must be used, as it requires the 's3:PutLifecycleConfiguration' and 's3:GetLifecycleConfiguration' permissions on the bucket.
{
  "Rules": [
    {
      "ID": "DeleteOldObjects",
      "Prefix": "",  // "" = entire bucket, otherwise specify a prefix
      "Status": "Enabled",
      "Expiration": {
        "Days": 30  // delete after 30 days
      },
      "NoncurrentVersionExpiration": {
        "NoncurrentDays": 7  // delete old versions 7 days after a new version is created
      }
    }
  ]
}

If using AWS CLI:

aws --endpoint-url https://<ecs-endpoint> \
s3api put-bucket-lifecycle-configuration \
--bucket <bucket-name> \
--lifecycle-configuration file://lifecycle.json

Write a file to a bucket (upload)

❯ mc cp ./version.txt cloudtemple-fr1/demo-app/
`./version.txt` -> `cloudtemple-fr1/demo-app/version.txt`

Download a file from a bucket

❯ mc cp cloudtemple-fr1/demo-app/app.tar.gz .
`cloudtemple-fr1/demo-app/app.tar.gz` -> `./app.tar.gz`

Remove a file from a bucket

❯ mc rm cloudtemple-fr1/demo-app/version.txt
Removed `cloudtemple-fr1/demo-app/version.txt`.

Creating a New Storage Account

To create a storage account in your tenant, click the 'New Storage Account' button in the top-right corner under the 'Storage Accounts' tab:

The platform then provides you with the access key and secret key for your bucket:

WARNING: The secret key and access key are displayed only once. After this initial display, it will no longer be possible to view the secret key again. It is therefore essential to record these credentials immediately; otherwise, you will need to generate a new key pair. To regenerate the keys, go to the key options and select the "Reset Access Key" option.

Creating an S3 bucket

To create a new bucket, click the 'New bucket' button in the top right corner of the screen:

A window then appears, where you must fill in:

  1. The region where you want to create your bucket,
  2. The type of bucket: performance or archive,
  3. The name of your bucket (it must be unique).

Deleting an S3 Bucket

To delete a bucket, go to the actions associated with the bucket and select the 'Delete' option.

WARNING: Deletion is permanent and there is no way to recover the data.

Access Policy Management

Account associations with buckets and access restriction configurations are performed in the 'Policies' tab of the bucket.

This interface allows you to grant storage account access to the bucket according to four predefined roles (read_only, read_write, write_only, maintainer).