VMware Cloud Director Object Storage Extension Concepts

The VMware Cloud Director Object Storage Extension API adopts the main concepts used in the AWS S3 API. These concepts are referenced throughout the current document. Understanding these concepts is necessary to work effectively with the VMware Cloud Director Object Storage Extension S3 API.

Bucket

A bucket is a logical unit of storage. Before you start uploading files to VMware Cloud Director Object Storage Extension, you must create a bucket. You can then upload any number of files to the bucket. Buckets are the fundamental containers in VMware Cloud Director Object Storage Extension.

With access control lists, you control the access permissions for buckets.

To aid organize and categorize your buckets, you can add multiple key-value pairs of tags to your buckets. For example, you can create a bucket to store financial reports from the financial department in your organization. You can tag this bucket with the following key-value pairs:


Key	Value
`Department`	`Finance`
`Report`	`Monthly`

Bucket names are globally unique and the namespace is shared between all VMware Cloud Director organizations. After a bucket is created, the name of that bucket cannot be used for another bucket in any of the VMware Cloud Director organizations until that bucket is deleted. Bucket names must adhere to the S3 bucket naming requirements. See Amazon S3 Bucket Naming Requirements.

Object

Objects in VMware Cloud Director Object Storage Extension are the files that you upload to your buckets.

You can categorize objects within a bucket by adding key-value pairs of tags. If you are the bucket owner of the bucket that stores an object, you can add properties to the objects by defining metadata in the form of a key-value pair.

Organization administrators can access and manage the objects that all users in the same organization own. Organization users can access and manage the objects that they own and the objects that are shared with them.

You can preview image, text, PDF, audio, and video files directly in the user interface of VMware Cloud Director Object Storage Extension.

Security Credential

VMware Cloud Director Object Storage Extension supports S3-compatible API and the AWS Signature V4 authentication. Security credentials are used for authenticating S3 API requests and consist of an access key and a secret key. VMware Cloud Director Object Storage Extension supports user and application types of security credentials.

With S3 API requests authenticated with user credentials, you can access and manage buckets and objects that you own or that are shared with you.

With S3 API requests authenticated with application credentials, you can access and manage objects at the bucket level.

Users own and manage their security credentials using the VMware Cloud Director Object Storage Extension user interface. See Working with Security Credentials.

Access Control Lists

With access control lists (ACLs), you manage the access to buckets and objects. With ACLs, you can share objects and buckets with other users from your VMware Cloud Director organization. VMware Cloud Director Object Storage Extension supports a list of predefined, canned ACLs. You can also create custom ACLs.