Part 3: Using Object Storage S3 Compatible API – Oracle Cloud

I hope you are now having fun with Oracle Cloud Infrastructure blog series. In Part 2, Abeer Alotaibi has explained how to use security-list module to add security rules to your newly created VCN.

In this blog, you will learn how to use the object-storage module to create objects bucket and use it with aws s3 command.

The Oracle Object Storage is simple to create, and it does not require Virtual Cloud Network. Fire up your favorite editor, and lets get started.

Note: OCI S3 API does not support Virtual host-style access. It only supports path-based access.

Creating Object Storage

As explained in part 1, you will need to create 4 files for the module to work, They all can be found here.

• provider.tf
• .auto.tfvars
• variables.tf
• configurations.tf

Let’s investigate object-storage module. We can makeup the structure for the module from its variables.tf file. The module accepts a single input, bukets , which is a map of object, pretty straightforward.

variable "buckets" {
  type = map(object({
    name           = string
    compartment_id = string
    storage_tier   = string
    is_public      = bool
    optionals      = any # map(any)
    # The followings are the keys for the optionals with defaults in brackets
    # object_events_enabled = bool - false
    # versioning_enabled    = bool - false
  }))
}

We will create two buckets:

1. a-bucket: publicly accessible buckets for read actions
2. c-bucket: private bucket, requires a form of authentication to read objects stored in it.

Create your main.tf file as following:

module "buckets" {
  source  = "github.com/Binsabbar/oracle-cloud-terraform//modules/object-storage?ref=v1.1"
  buckets = {
    "public-bucket" = {
      name           = "a-bucket"
      compartment_id = var.tenancy_ocid
      storage_tier   = "Standard"
      is_public      = true
      optionals      = {
        object_events_enabled = false 
        versioning_enabled = true
      }
    }
    "private-bucket" = {
      name           = "c-bucket"
      compartment_id = var.tenancy_ocid
      storage_tier   = "Standard"
      is_public      = false
      optionals      = {
          versioning_enabled = true 
      }
    }
  }
}
output "buckets" {
}

Run terraform init && terraform plan you should see similar output:

Terraform output

Now run terraform apply --auto-approve

output of terraform apply showing two buckets are created

To see the full url for your bucket, add output.tf file with the following content

output "buckets" {
  value = module.buckets.buckets
}

Run terraform apply --auto-approve again.

urls of the newly created buckets containing the namespace of tenancy

The main.tf and output.tf can be found here.

Using S3 Compatible API

You need to install awscli tool in order to work with S3 API. In order to work with awscli we need to generate two keys, ACCESS_KEY_ID and ACCESS_SECRET_KEY .

1. Login to your OCI Console, then navigate to your user to Customer Secret Keys.
2. Generate a Secret key and keep it somewhere, once you click Close you can’t get the secret key again.

Generating Access and Secret Keys

In your terminal run aws configure then enter you Access Key and Secret Key when prompted.

Here is how to use OCI S3 Compatible API

aws s3api --endpoint NAMESPACE.compat.objectstorage.REGION.oracle.com list-buckets (note the bucket names above)

awscli output for listing buckets

Now you created an object storage bucket and know how to use it and even access it as S3 bucket. Terraform model V2 supports Object Storage Policy, V2 will be released end of 2021, you can start using it now while it is in development.

That’s it!

Come back to learn about managed K8s cluster by oracle in Part 4 of this 5 series blog by Abeer Alotaibi

Binsabbar