Skip to main content

Create a bucket

Contributors netapp-aoife netapp-aherbin netapp-dbagwell netapp-lenida netapp-manini
PDFs

S3 objects are kept in buckets. They are not nested as files inside a directory inside other directories.

Before you begin

A storage VM containing an S3 server must already exist.

About this task

  • Beginning with ONTAP 9.14.1, automatic resizing has been enabled on S3 FlexGroup volumes when buckets are created on them. This eliminates excessive capacity allocation during bucket creation on existing and new FlexGroup volumes. FlexGroup volumes are resized to a minimum required size based on the following guidelines. The minimum required size is the total size of all the S3 buckets in a FlexGroup volume.

    • Beginning with ONTAP 9.14.1, if an S3 FlexGroup volume is created as part of a new bucket creation, the FlexGroup volume is created with the minimum required size.

    • If an S3 FlexGroup volume was created prior to ONTAP 9.14.1, the first bucket created or deleted subsequent to ONTAP 9.14.1 resizes the FlexGroup volume to the minimum required size.

    • If an S3 FlexGroup volume was created prior to ONTAP 9.14.1, and already had the minimum required size, the creation or deletion of a bucket subsequent to ONTAP 9.14.1 maintains the size of the S3 FlexGroup volume.

  • Storage service levels are predefined adaptive Quality of Service (QoS) policy groups, with value, performance, and extreme default levels. Instead of one of the default storage service levels, you can also define a custom QoS policy group and apply it to a bucket. For more information about storage service definitions, see Storage service definitions. For more information about performance management, see Performance management. Beginning with ONTAP 9.8, when you provision storage, QoS is enabled by default. You can disable QoS or choose a custom QoS policy during the provisioning process or at a later time.

  • If you are configuring local capacity tiering, you create buckets and users in a data storage VM, not in the system storage VM where the S3 server is located.

  • For remote client access, you must configure buckets in an S3-enabled storage VM. If you create a bucket in a storage VM that is not S3-enabled, it will only be available for local tiering.

  • Beginning with ONTAP 9.14.1, you can create a bucket on a mirrored or unmirrored aggregate in a MetroCluster configuration.

  • For the CLI, when you create a bucket, you have two provisioning options:

    • Let ONTAP select the underlying aggregates and FlexGroup components (default)

      • ONTAP creates and configures a FlexGroup volume for the first bucket by automatically selecting the aggregates. It will automatically select the highest service level available for your platform, or you can specify the storage service level. Any additional buckets you add later in the storage VM will have the same underlying FlexGroup volume.

      • Alternatively, you can specify whether the bucket will be used for tiering, in which case ONTAP tries to select low-cost media with optimal performance for the tiered data.

    • You select the underlying aggregates and FlexGroup components (requires advanced privilege command options): You have the option to manually select the aggregates on which the bucket and containing FlexGroup volume must be created, and then specifying the number of constituents on each aggregate. When adding additional buckets:

      • If you specify aggregates and constituents for a new bucket, a new FlexGroup will be created for the new bucket.

      • If you do not specify aggregates and constituents for a new bucket, the new bucket will be added to an existing FlexGroup. See FlexGroup volumes management for more information.

        When you specify aggregates and constituents when creating a bucket, no QoS policy groups, default or custom, are applied. You can do so later with the vserver object-store-server bucket modify command.

        See vserver object-store-server bucket modify for more information.

        Note: If you are serving buckets from Cloud Volumes ONTAP, you should use the CLI procedure. It is strongly recommended that you manually select the underlying aggregates to ensure that they are using one node only. Using aggregates from both nodes can impact performance, because the nodes will be in geographically separated availability zones and hence susceptible to latency issues.

Create S3 buckets with the ONTAP CLI

  1. If you plan to select aggregates and FlexGroup components yourself, set the privilege level to advanced (otherwise, admin privilege level is sufficient): set -privilege advanced

  2. Create a bucket:

    vserver object-store-server bucket create -vserver svm_name -bucket bucket_name [-size integer[KB|MB|GB|TB|PB]] [-comment text] [additional_options]

    The storage VM name can be either a data storage VM or Cluster (the system storage VM name) if you are configuring local tiering.

    If you specify no options, ONTAP creates an 800GB bucket with the service level set to the highest level available for your system.

    If you want ONTAP to create a bucket based on performance or usage, use one of the following options:

    • service level

      Include the -storage-service-level option with one of the following values: value, performance, or extreme.

    • tiering

      Include the -used-as-capacity-tier true option.

    If you want to specify the aggregates on which to create the underlying FlexGroup volume, use the following options:

    • The -aggr-list parameter specifies the list of aggregates to be used for FlexGroup volume constituents.

      Each entry in the list creates a constituent on the specified aggregate. You can specify an aggregate multiple times to have multiple constituents created on the aggregate.

      For consistent performance across the FlexGroup volume, all of the aggregates must use the same disk type and RAID group configurations.

    • The -aggr-list-multiplier parameter specifies the number of times to iterate over the aggregates that are listed with the -aggr-list parameter when creating a FlexGroup volume.

      The default value of the -aggr-list-multiplier parameter is 4.

  3. Add a QoS policy group if needed:

    vserver object-store-server bucket modify -bucket bucket_name -qos-policy-group qos_policy_group

  4. Verify bucket creation:

    vserver object-store-server bucket show [-instance]

Example

The following example creates a bucket for storage VM vs1 of size 1TB and specifying the aggregate:

cluster-1::*> vserver object-store-server bucket create -vserver svm1.example.com -bucket testbucket -aggr-list aggr1 -size 1TB

Create S3 buckets with System Manager

  1. Add a new bucket on an S3-enabled storage VM.

    1. Click Storage > Buckets, then click Add.

    2. Enter a name, select the storage VM, and enter a size.

      • If you click Save at this point, a bucket is created with these default settings:

        • No users are granted access to the bucket unless any group policies are already in effect.

          Note You should not use the S3 root user to manage ONTAP object storage and share its permissions, because it has unlimited access to the object store. Instead, create a user or group with administrative privileges that you assign.

        • A Quality of Service (performance) level that is the highest available for your system.

      • Click Save to create a bucket with these default values.

Configure additional permissions and restrictions

You can click More Options to configure settings for object locking, user permissions, and performance level when you configure the bucket, or you can modify these settings later.

If you intend to use the S3 object store for FabricPool tiering, consider selecting Use for tiering (use low-cost media with optimal performance for the tiered data) rather than a performance service level.

If you want to enable versioning for your objects for later recovery, select Enable Versioning. Versioning is enabled by default if you are enabling object locking on the bucket. For information about object versioning, see the Using versioning in S3 buckets for Amazon.

Beginning with 9.14.1, object locking is supported on S3 buckets. S3 object locking requires a standard SnapLock license. This license is included with ONTAP One. Prior to ONTAP One, the SnapLock license was included in the Security and Compliance bundle. The Security and Compliance bundle is no longer offered but is still valid. Although not currently required, existing customers can choose to upgrade to ONTAP One. If you are enabling object locking on a bucket, you should verify that a SnapLock license is installed. If a SnapLock license is not installed, you must install it before you can enable object locking. When you have verified that the SnapLock license is installed, to protect objects in your bucket from getting deleted or overwritten, select Enable object locking. Locking can be enabled on either all or specific versions of objects, and only when the SnapLock compliance clock is initialized for the cluster nodes. Follow these steps:

  1. If the SnapLock compliance clock is not initialized on any node of the cluster, the Initialize SnapLock Compliance Clock button appears. Click Initialize SnapLock Compliance Clock to initialize the SnapLock compliance clock on the cluster nodes.

  2. Select Governance mode to activate a time-based lock that allows Write once, read many (WORM) permissions on the objects. Even in Governance mode, the objects can be deleted by administrator users with specific permissions.

  3. Select Compliance mode if you want to assign stricter rules of deletion and update on the objects. In this mode of object locking, the objects can be expired only on the completion of the specified retention period. Unless a retention period is specified, the objects remain locked indefinitely.

  4. Specify the retention tenure for the lock in days or years if you want the locking to be effective for a certain period.

    Note Locking is applicable to versioned and non-versioned S3 buckets. Object locking is not applicable to NAS objects.

You can configure protection and permission settings, and performance service level for the bucket.

Note You must have already created user and groups before configuring the permissions.

For information, see Create mirror for new bucket.

Verify access to the bucket

On S3 client applications (whether ONTAP S3 or an external third-party application), you can verify your access to the newly created bucket by entering the following:

  • The S3 server CA certificate.

  • The user's access key and secret key.

  • The S3 server FQDN name and bucket name.