Operations on buckets include: deleting, renaming, and logging buckets as well as cross-origin resource sharing (CORS) support, lifecycle policy, object locking, and compliance.
By default, public use of a bucket, folder, or file is allowed only by certain paid (not trial) accounts. If your account does not have access to this feature, contact Wasabi Support at support@wasabi.com for assistance.
Maximum Number of Buckets
Standard AWS S3 supports only 100 buckets.
Wasabi allows for a maximum of 1000 buckets per account, and this number may be increased by contacting Wasabi Customer Support.
Bucket Logging
Wasabi supports bucket logging, which creates a text log file of all access to a bucket. The format of the log file is identical to the AWS S3 log file.
Wasabi bucket logging does not require any ACL permission settings to store logs in a target bucket. Although you can give permission settings in the logging request or in an ACL, they are not required for logging to work in Wasabi. However, the bucket that is a target for log files must be inside the same account as the bucket being logged.
Deleting a Bucket
DELETE BUCKET force_delete=true Option
AWS S3 will not allow you to delete a bucket if it contains objects that have not been deleted.
Wasabi provides a force_delete=true option that first deletes all objects in the bucket and then deletes the bucket. The deletion of objects is subject to policy and compliance requirements on the bucket.
To specify the force_delete=true option, add it as a query string. For example:
DELETE http://s3.wasabisys.com/my-bucket?force_delete=true HTTP/1.1Renaming a Bucket
AWS S3 does not support renaming of buckets. It only supports renaming of objects in a bucket.
Wasabi supports the renaming of buckets. The new bucket name must not be in use for the rename to be successful. The caller must have the s3:CreateBucket policy permission to rename a bucket.
To rename a bucket, use the HTTP method MOVE along with the header field “Destination” to give the new bucket name. For example:
MOVE http://s3.wasabisys.com/my_old_bucket HTTP/1.1
Destination: my_new_bucketMFA (Multi-Factor Authentication) Delete
Wasabi supports the “x-amz-mfa” header while:
configuring versioning on a bucket, or
deleting objects with delete object requests compatible with AWS S3.
Wasabi does not require the “x-amz-mfa” header if the user's access credentials signing the request were authenticated with MFA. Wasabi only supports virtual MFA devices.
(Refer also to Workflow for Lifecycle Rule Implementation.)
Checking MFA-Delete Status for an S3 Bucket
To determine whether MFA-Delete is enabled for your S3 bucket, use the get-bucket-versioning command in the AWS CLI:
aws s3api get-bucket-versioning --bucket BUCKETNAME --profile WASABIPROFILE --endpoint-url=https://s3.BUCKETREGION.wasabisys.comThe output will indicate the versioning status and whether MFA-Delete is enabled. For example:
{
"Status": "Enabled",
"MFADelete": "Enabled"
} Status: Enabled indicates that versioning is active.
MFADelete: Enabled confirms that MFA-Delete is enabled for the bucket
Managing MFA-Delete Using the AWS CLI
The following are prerequisites for managing MFA-Delete using the AWS CLI:
Versioning is enabled on the bucket.
Root account credentials are configured with MFA.
AWS CLI v2 is installed.
Use this command to enable MFA-Delete:
aws s3api put-bucket-versioning --bucket BUCKETNAME --versioning-configuration MFADelete=Enabled,Status=Enabled --mfa "arn:aws:iam::ACCOUNTID:mfa/root-account-mfa-device MFACODE” --endpoint-url=https://s3.BUCKETREGION.wasabisys.com –profile WASABIPROFILEUse this command to disable MFA-Delete:
aws s3api put-bucket-versioning --bucket BUCKETNAME --versioning-configuration MFADelete=Disabled,Status=Enabled --mfa "arn:aws:iam::ACCOUNTID:mfa/root-account-mfa-device MFACODE” --endpoint-url=https://s3.BUCKETREGION.wasabisys.com –profile WASABIPROFILEBucket Cross-Origin Resource Sharing (CORS) Support
For compatibility with browser access to Wasabi as a web server, the Wasabi server will return CORS headers when the header “Origin” is given in an HTTP request. Additionally, the server supports the HTTP method OPTIONS on either buckets or objects to return the CORS headers needed for a browser pre-flight test before accessing Wasabi.
Different from AWS, Wasabi returns the settings that will allow the browser full access to Wasabi. Hence, Wasabi does not support the AWS functions that allow a PUT and GET on a bucket with the “cors” parameter in the URL. Note that allowing the browser full access to data does not affect the security of access to any objects, and all access policies will still be enforced.
The following are the HTTP headers returned by default when the header “Origin” is given in an HTTP request:
Access-Control-Allow-Headers: *
Access-Control-Allow-Methods: GET, HEAD, POST, PUT, DELETE, MOVE, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: *
Access-Control-Max-Age: 86400Operations on Buckets Not Supported in Wasabi
Operation | Description | Individual Operations |
|---|---|---|
Bucket Accelerate | Wasabi does not have an implementation of the AWS S3 bucket accelerate or similar subresource. | GetBucketAccelerateConfiguration, PutBucketAccelerateConfiguration |
Bucket Analytics | Wasabi does not support bucket analytics configurations. | DeleteBucketAnalyticsConfiguration, GetBucketAnalyticsConfiguration, ListBucketAnalyticsConfigurations, PutBucketAnalyticsConfiguration |
Bucket Encryption | As Wasabi does not support AWS Key Management Service (KMS) keys for encryption, bucket encryption API calls are not supported. | DeleteBucketEncryption, GetBucketEncryption, PutBucketEncryption |
Bucket Intelligent Tiering | Wasabi does not support intelligent tiering configurations. | DeleteBucketIntelligentTieringConfiguration, GetBucketIntelligentTieringConfiguration, ListBucketIntelligentTieringConfigurations, PutBucketIntelligentTieringConfiguration |
Bucket Metadata Table | Wasabi does not support bucket metadata table configurations. | CreateBucketMetadataTableConfiguration, DeleteBucketMetadataTableConfiguration, GetBucketMetadataTableConfiguration |
Bucket Metrics | Wasabi does not support the operations to receive one-minute CloudWatch metrics, set CloudWatch alarms, and access CloudWatch dashboards to view near-real-time operations and performance. | DeleteBucketMetricsConfiguration, GetBucketMetricsConfiguration, ListBucketMetricsConfigurations, PutBucketMetricsConfiguration |
Bucket Ownership Controls | Wasabi does not support bucket ownership controls. | DeleteBucketOwnershipControls, GetBucketOwnershipControls, PutBucketOwnershipControls |
Bucket Request Payment | Wasabi does not support the use of the “requestPayment” subresource for buckets. | PutBucketRequestPayment |
Bucket Website | Website configuration is unavailable in Wasabi. Given the nature of Wasabi as a long-term object store, we do not expect to support website operations on buckets. The header “x-amz-website-redirect-location” is ignored in any object requests. | DeleteBucketWebsite, PutBucketWebsite |
S3 Block Public Access | Wasabi does not support the operation to centrally block existing public access (whether made possible via an ACL or a policy) and make sure newly created items are not inadvertently granted public access. | DeletePublicAccessBlock, GetPublicAccessBlock, PutPublicAccessBlock, GetBucketPolicyStatus |
Object Operations | Wasabi does not support some operations related to individual objects. | GetObjectAttributes, GetObjectTorrent, RestoreObject, WriteGetObjectResponse |
S3 Select | Wasabi does not support the S3 Select API. | SelectObjectContent |
S3 Session | Wasabi currently does not support directory buckets, which means there is no support for CreateSession API as a result. Wasabi supports getting temporary credentials through STS operations. | CreateSession |
Bucket policies do not support use of the “s3:x-amz-server-side-encryption-customer-algorithm” header under the null context key in the condition element. However, this header is supported on an object-level via the S3 API. For more information about supported IAM and STS operations and policy variables, refer to IAM and STS Support With the Wasabi S3 API.