Enabling S3 for projects

In multitenant environments, object storage must ensure that users are isolated from each other while keeping resource consumption predictable. In Virtuozzo Infrastructure, S3 multitenancy is configured per project: you enable the S3 service for a project, create S3 users inside that project, generate access keys for those users, and then create buckets using any S3-compatible tool.

Limitations

By default, buckets are not shared across projects. Bucket names are project-scoped, meaning that the same bucket name can exist in different projects.
Removing the S3 service from a project deletes all S3 users in that project.

Prerequisites

A project is created, as described in Configuring multitenancy.

To enable the S3 service for a project

Use the following command:

vinfra service s3 project enable [--project <project>] [--domain <domain>]

--project <project>: Project name or ID
--domain <domain>: Domain name or ID (required when a project name is specified)

For example, to enable S3 for the project myproject within the domain mydomain, run:

# vinfra service s3 project enable --project myproject --domain mydomain

You can check the project details in the output:

# vinfra service s3 project show --project myproject --domain mydomain
+--------------------------+----------------------------------+
| Field                    | Value                            |
+--------------------------+----------------------------------+
| cluster_id               | 1                                |
| domain_id                | ab8be546a821475fb770df172e74ab85 |
| enabled                  | True                             |
| limit_bandwidth          |                                  |
| limit_ops                |                                  |
| project_id               | 653c050730f24cf585cb175bc0557e86 |
| quota_capacity_gigabytes |                                  |
| s3_cluster_id            | 0100000000000002                 |
+--------------------------+----------------------------------+

To delete the S3 service from a project

Use the following command:

vinfra service s3 project delete [--project <project>] [--domain <domain>]

--project <project>: Project name or ID
--domain <domain>: Domain name or ID (required when a project name is specified)

For example, to delete S3 from the project myproject within the domain mydomain, run:

# vinfra service s3 project delete --project myproject --domain mydomain